From a93047e6c9fb4d6756ceb89a58a080a604280ce7 Mon Sep 17 00:00:00 2001 From: iTawkins <100447932+iTawkins@users.noreply.github.com> Date: Sun, 13 Nov 2022 14:31:17 +0000 Subject: [PATCH 01/78] Improves usability by clarifying desired action (#1583) --- prefsCleaner.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index da2cfe9..99b8981 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -88,6 +88,7 @@ echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." echo "This will allow inactive preferences to be reset to their default values." echo -e "\nThis Firefox profile shouldn't be in use during the process.\n" +echo -e "\nIn order to proceed, select a command below by entering its corresponding number.\n" [ "$1" == '-s' ] && fStart From 365e76bc9f2c9bf30509ce5f1aec6627ad84c84b Mon Sep 17 00:00:00 2001 From: junoslukan Date: Sun, 13 Nov 2022 14:37:26 +0000 Subject: [PATCH 02/78] Format date and time consistently. (#1580) * Format date and time consistently. Co-authored-by: junos Co-authored-by: earthlng --- prefsCleaner.bat | 11 +++++++---- updater.bat | 9 +++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 616ec28..7591c0e 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.4 +REM ## version: 2.5 CD /D "%~dp0" @@ -13,7 +13,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.4 #### +ECHO #### v2.5 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -30,9 +30,12 @@ IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory. IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) CALL :strlenCheck CALL :FFcheck + CALL :message "Backing up prefs.js..." -SET "_time=%time: =0%" -COPY /B /V /Y prefs.js "prefs-backup-%date:/=-%_%_time::=.%.js" +FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j +SET ldt=%ldt:~0,8%_%ldt:~8,6% +COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js" + CALL :message "Cleaning prefs.js..." CALL :cleanup CALL :message "All done!" diff --git a/updater.bat b/updater.bat index eef06f0..83499c2 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.16 +REM ## version: 4.17 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows -SET v=4.15 +SET v=4.17 VERIFY ON CD /D "%~dp0" @@ -177,8 +177,9 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - SET "_time=!time: =0!" - MOVE /Y user.js "user-backup-!date:/=-!_!_time::=.!.js" >nul + FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j + SET ldt=%ldt:~0,8%_%ldt:~8,6% + MOVE /Y user.js "user-backup-%ldt%.js" >nul ) REN user.js.new user.js CALL :message "Update complete." From 5a366493e029d04103b7f2c25c4eee6dc9b40176 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 19 Nov 2022 04:04:59 +0000 Subject: [PATCH 03/78] dom.disable_open_during_load default true since at least FF60 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1e98e9b..892361f 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 4-November-2022 + Last updated: 19-November-2022 Instructions: - [optional] close Firefox and backup your profile @@ -245,6 +245,7 @@ 'browser.tabs.warnOnClose', 'devtools.chrome.enabled', 'dom.disable_beforeunload', + 'dom.disable_open_during_load', 'dom.netinfo.enabled', 'dom.vr.enabled', 'extensions.formautofill.addresses.supported', From cc0f05388f6c721c358e89372caac604f84fd0d9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 21 Nov 2022 00:36:37 +0000 Subject: [PATCH 04/78] v107 (#1579) --- user.js | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/user.js b/user.js index 6eba484..37c3bd0 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 6 November 2022 -* version: 106 +* date: 21 November 2022 +* version: 107 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -112,8 +112,8 @@ user_pref("geo.provider.use_gpsd", false); // [LINUX] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] /* 0203: disable region updates * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ -user_pref("browser.region.network.url", ""); // [FF78+] user_pref("browser.region.update.enabled", false); // [FF79+] + // user_pref("browser.region.network.url", ""); // [FF78+] Defense-in-depth /* 0204: set search region * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ // user_pref("browser.search.region", "US"); // [HIDDEN PREF] @@ -491,8 +491,8 @@ user_pref("security.remote_settings.crlite_filters.enabled", true); user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ -/* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ -user_pref("security.mixed_content.block_display_content", true); +/* 1241: disable insecure passive content (such as images) on https pages ***/ + // user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244) /* 1244: enable HTTPS-Only mode in all windows [FF76+] * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail) * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") @@ -603,9 +603,6 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2403: block popup windows - * [SETTING] Privacy & Security>Permissions>Block pop-up windows ***/ -user_pref("dom.disable_open_during_load", true); /* 2404: limit events that can cause a popup [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); @@ -624,7 +621,7 @@ user_pref("browser.helperApps.deleteTempFileOnExit", true); user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); -user_pref("browser.uitour.url", ""); + // user_pref("browser.uitour.url", ""); // Defense-in-depth /* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] @@ -648,16 +645,16 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [3] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=punycode+firefox * [4] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); -/* 2620: enforce PDFJS, disable PDFJS scripting [SETUP-CHROME] +/* 2620: enforce PDFJS, disable PDFJS scripting * This setting controls if the option "Display in Firefox" is available in the setting below * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") - * PROS: pdfjs is lightweight, open source, and more secure/vetted than most - * Exploits are rare (one serious case in seven years), treated seriously and patched quickly. + * [WHY] pdfjs is lightweight, open source, and secure: the last exploit was June 2015 [1] * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. - * CONS: You may prefer a different pdf reader for security reasons - * CAVEAT: JS can still force a pdf to open in-browser by bundling its own code - * [SETTING] General>Applications>Portable Document Format (PDF) ***/ + * [NOTE] JS can still force a pdf to open in-browser by bundling its own code + * [SETUP-CHROME] You may prefer a different pdf reader for security/workflow reasons + * [SETTING] General>Applications>Portable Document Format (PDF) + * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ @@ -717,8 +714,8 @@ user_pref("browser.contentblocking.category", "strict"); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] /* 2720: enable APS (Always Partitioning Storage) ***/ -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+} +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -809,7 +806,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist FF58+ - 967895 - spoof canvas and enable site permission prompt (FF58) 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" Block: suppresses the ondevicechange event @@ -925,7 +921,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5005: disable intermediate certificate caching [FF41+] [RESTART] * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. * Saved logins and passwords are not available. Reset the pref and restart to return them ***/ - // user_pref("security.nocertdb", true); // [HIDDEN PREF in FF101 or lower] + // user_pref("security.nocertdb", true); /* 5006: disable favicons in history and bookmarks * [NOTE] Stored as data blobs in favicons.sqlite, these don't reveal anything that your * actual history (and bookmarks) already do. Your history is more detailed, so @@ -1053,6 +1049,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); + // user_pref("dom.disable_open_during_load", ""); // user_pref("extensions.formautofill.available", ""); // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); @@ -1082,8 +1079,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7003: disable non-modern cipher suites [1] * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks * [1] https://browserleaks.com/ssl ***/ - // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); - // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF109+] + // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: false FF109+] // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS @@ -1097,7 +1094,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7005: disable SSL session IDs [FF36+] * [WHY] Passive fingerprinting and perf costs. These are session-only * and isolated with network partitioning (FF85+) and/or containers ***/ - // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF in FF101 or lower] + // user_pref("security.ssl.disable_session_identifiers", true); /* 7006: onions * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 @@ -1146,8 +1143,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] // user_pref("privacy.trackingprotection.fingerprinting.enabled", true); // [DEFAULT: true] /* 7017: disable service workers - * [WHY] Already isolated (FF96+) with TCP (2701) behind a pref (2710) - * or blocked with TCP in 3rd parties (FF95 or lower) ***/ + * [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/ // user_pref("dom.serviceWorkers.enabled", false); /* 7018: disable Web Notifications * [WHY] Web Notifications are behind a prompt (7002) From 5eaa8196e2bb77a8f126781c6f290af93d091070 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 22 Nov 2022 19:00:47 +0000 Subject: [PATCH 05/78] v4.18 - fix backup filename --- updater.bat | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index 83499c2..40a6d10 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.17 +REM ## version: 4.18 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows -SET v=4.17 +SET v=4.18 VERIFY ON CD /D "%~dp0" @@ -178,8 +178,8 @@ IF EXIST user.js.new ( MOVE /Y user.js user.js.bak >nul ) ELSE ( FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j - SET ldt=%ldt:~0,8%_%ldt:~8,6% - MOVE /Y user.js "user-backup-%ldt%.js" >nul + SET ldt=!ldt:~0,8!_!ldt:~8,6! + MOVE /Y user.js "user-backup-!ldt!.js" >nul ) REN user.js.new user.js CALL :message "Update complete." From 6789dc7fefac5594d958a065463b4dc9d265c089 Mon Sep 17 00:00:00 2001 From: earthlng Date: Tue, 22 Nov 2022 19:50:50 +0000 Subject: [PATCH 06/78] fix typo --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 37c3bd0..c3eaab9 100644 --- a/user.js +++ b/user.js @@ -714,7 +714,7 @@ user_pref("browser.contentblocking.category", "strict"); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] /* 2720: enable APS (Always Partitioning Storage) ***/ -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+} +user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+] user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ From 40e8e1acbe55dd266a280ab40ab418ca8d9646ec Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 28 Nov 2022 08:11:40 +0000 Subject: [PATCH 07/78] beacon.enabled, see #1586 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 892361f..3928978 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 19-November-2022 + Last updated: 28-November-2022 Instructions: - [optional] close Firefox and backup your profile @@ -238,6 +238,7 @@ /* REMOVED */ /* 103+ */ + 'beacon.enabled', 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', From 45d23f8d75c4cd23be26cfcb32689e60ebbad072 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 2 Dec 2022 10:19:29 +0000 Subject: [PATCH 08/78] region prefs, #1590 --- scratchpad-scripts/arkenfox-cleanup.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 3928978..fa4409b 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 28-November-2022 + Last updated: 2-December-2022 Instructions: - [optional] close Firefox and backup your profile @@ -242,6 +242,9 @@ 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', + 'browser.region.network.url', + 'browser.region.update.enabled', + 'browser.search.region', 'browser.ssl_override_behavior', 'browser.tabs.warnOnClose', 'devtools.chrome.enabled', From e4a85c30c129cf664cc8a39705bb070fce828d33 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 5 Dec 2022 18:48:51 +0000 Subject: [PATCH 09/78] security.tls.version.enable-deprecated the UI for downgrading was removed in FF94, default is false --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index fa4409b..15f59d7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 2-December-2022 + Last updated: 5-December-2022 Instructions: - [optional] close Firefox and backup your profile @@ -257,6 +257,7 @@ 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', 'network.http.altsvc.oe', + 'security.tls.version.enable-deprecated', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From 12ca83b550866882c338b354de53287664332560 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 10 Dec 2022 14:00:23 +0000 Subject: [PATCH 10/78] v1.6 - autoupdate --- prefsCleaner.sh | 83 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 71 insertions(+), 12 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 99b8981..dee3f70 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,33 +2,54 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.5 +## version: 1.6 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh -currdir=$(pwd) +## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() ) + +readonly CURRDIR=$(pwd) ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) -sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) +SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) ## fallback for Macs without coreutils -if [ -z "$sfp" ]; then sfp=${BASH_SOURCE[0]}; fi +[ -z "$SCRIPT_FILE" ] && SCRIPT_FILE=${BASH_SOURCE[0]} -## change directory to the Firefox profile directory -cd "$(dirname "${sfp}")" + +AUTOUPDATE=true +QUICKSTART=false + +## download method priority: curl -> wget +DOWNLOAD_METHOD='' +if command -v curl >/dev/null; then + DOWNLOAD_METHOD='curl --max-redirs 3 -so' +elif command -v wget >/dev/null; then + DOWNLOAD_METHOD='wget --max-redirect 3 --quiet -O' +else + AUTOUPDATE=false + echo -e "No curl or wget detected.\nAutomatic self-update disabled!" +fi fQuit() { ## change directory back to the original working directory - cd "${currdir}" + cd "${CURRDIR}" [ "$1" -eq 0 ] && echo -e "\n$2" || echo -e "\n$2" >&2 exit $1 } fUsage() { - echo -e "\nUsage: $0 [-s]" + echo -e "\nUsage: $0 [-ds]" echo -e " Optional Arguments: - -s Start immediately" + -s Start immediately + -d Don't auto-update prefsCleaner.sh" +} + +download_file() { # expects URL as argument ($1) + declare -r tf=$(mktemp) + + $DOWNLOAD_METHOD "${tf}" "$1" &>/dev/null && echo "$tf" || echo '' # return the temp-filename or empty string on error } fFF_check() { @@ -40,6 +61,24 @@ fFF_check() { done } +## returns the version number of a prefsCleaner.sh file +get_prefsCleaner_version() { + echo "$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$1")" +} + +## updates the prefsCleaner.sh file based on the latest public version +update_prefsCleaner() { + declare -r tmpfile="$(download_file 'https://raw.githubusercontent.com/arkenfox/user.js/master/prefsCleaner.sh')" + [ -z "$tmpfile" ] && echo -e "Error! Could not download prefsCleaner.sh" && return 1 # check if download failed + + [[ $(get_prefsCleaner_version "$SCRIPT_FILE") == $(get_prefsCleaner_version "$tmpfile") ]] && return 0 + + mv "$tmpfile" "$SCRIPT_FILE" + chmod u+x "$SCRIPT_FILE" + "$SCRIPT_FILE" -s -d + exit 0 +} + fClean() { # the magic happens here prefs="@@" @@ -78,19 +117,37 @@ fStart() { fQuit 0 "All done!" } + +while getopts "sd" opt; do + case $opt in + s) + QUICKSTART=true + ;; + d) + AUTOUPDATE=false + ;; + esac +done + +## change directory to the Firefox profile directory +cd "$(dirname "${SCRIPT_FILE}")" + +[ "$AUTOUPDATE" = true ] && update_prefsCleaner + echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.5 ║" +echo " ║ v1.6 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." echo "This will allow inactive preferences to be reset to their default values." echo -e "\nThis Firefox profile shouldn't be in use during the process.\n" -echo -e "\nIn order to proceed, select a command below by entering its corresponding number.\n" -[ "$1" == '-s' ] && fStart +[ "$QUICKSTART" = true ] && fStart + +echo -e "\nIn order to proceed, select a command below by entering its corresponding number.\n" select option in Start Help Exit; do case $option in @@ -114,3 +171,5 @@ select option in Start Help Exit; do ;; esac done + +fQuit 0 From 7135907b2fe13fa55eb8ebf162603037f83e353c Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 10 Dec 2022 14:35:48 +0000 Subject: [PATCH 11/78] Update prefsCleaner.sh --- prefsCleaner.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index dee3f70..052905e 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -75,7 +75,7 @@ update_prefsCleaner() { mv "$tmpfile" "$SCRIPT_FILE" chmod u+x "$SCRIPT_FILE" - "$SCRIPT_FILE" -s -d + "$SCRIPT_FILE" "$@" -d exit 0 } @@ -132,7 +132,7 @@ done ## change directory to the Firefox profile directory cd "$(dirname "${SCRIPT_FILE}")" -[ "$AUTOUPDATE" = true ] && update_prefsCleaner +[ "$AUTOUPDATE" = true ] && update_prefsCleaner "$@" echo -e "\n\n" echo " ╔══════════════════════════╗" From f5e54b4a709ca3d58e12e7524e71d3cd7f994515 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Jan 2023 17:15:24 +0000 Subject: [PATCH 12/78] revert security.tls.version.enable-deprecated we kept it in the user js --- scratchpad-scripts/arkenfox-cleanup.js | 1 - 1 file changed, 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 15f59d7..6743ca7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -257,7 +257,6 @@ 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', 'network.http.altsvc.oe', - 'security.tls.version.enable-deprecated', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From be376afc1ef9ee6c1eb305768af1da4a3eb1ca1e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 8 Jan 2023 15:20:22 +0000 Subject: [PATCH 13/78] v108 (#1606) --- user.js | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/user.js b/user.js index c3eaab9..6a150db 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 21 November 2022 -* version: 107 +* date: 9 January 2023 +* version: 108 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -110,13 +110,6 @@ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] -/* 0203: disable region updates - * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ -user_pref("browser.region.update.enabled", false); // [FF79+] - // user_pref("browser.region.network.url", ""); // [FF78+] Defense-in-depth -/* 0204: set search region - * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ - // user_pref("browser.search.region", "US"); // [HIDDEN PREF] /* 0210: set preferred language for displaying pages * [SETTING] General>Language and Appearance>Language>Choose your preferred language... * [TEST] https://addons.mozilla.org/about ***/ @@ -268,6 +261,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 + * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, @@ -477,7 +471,7 @@ user_pref("security.OCSP.require", true); user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict - * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE: If you rely on an AV (antivirus) to protect + * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE * your web browsing by inspecting ALL your web traffic, then override to current default ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enable CRLite [FF73+] @@ -565,10 +559,8 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * Firefox uses mDNS hostname obfuscation on desktop (except Windows7/8) and the - * private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after - * you grant device (microphone or camera) access - * [SETUP-HARDEN] Test first. Windows7/8 users only: behind a proxy who never use WebRTC + * Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until + * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access * [TEST] https://browserleaks.com/webrtc * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ @@ -603,7 +595,7 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2404: limit events that can cause a popup [SETUP-WEB] ***/ +/* 2404: limit events that can cause a pop-up [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2600]: MISCELLANEOUS ***/ @@ -611,9 +603,6 @@ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curta /* 2601: prevent accessibility services from accessing your browser [RESTART] * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); -/* 2602: disable sending additional analytics to web servers - * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ -user_pref("beacon.enabled", false); /* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); @@ -829,6 +818,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) + 1422237 - return "srgb" with color-gamut (FF110) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1034,18 +1024,20 @@ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] * In FF96+ these are listed in about:compat * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] -/* 6010: enforce/reset TLS 1.0/1.1 downgrades to session only - * [NOTE] In FF97+ the TLS 1.0/1.1 downgrade UX was removed +/* 6010: enforce no TLS 1.0/1.1 downgrades * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 6011: enforce disabling of Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] -/* 6050: prefsCleaner: reset items removed from arkenfox FF102+ ***/ +/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ + // user_pref("beacon.enabled", ""); // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); + // user_pref("browser.region.network.url", ""); + // user_pref("browser.region.update.enabled", "") // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); @@ -1194,6 +1186,9 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); /* 9003: disable What's New toolbar icon [FF69+] ***/ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); +/* 9004: disable seach terms [FF110+] + * [SETTING] Search > SearchBar > Use the address bar for search and navigation > Show search terms instead of URL... ***/ +user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] From 62a68f08147123b0c2c288ffdecc3f03e4ab1ae8 Mon Sep 17 00:00:00 2001 From: icpantsparti2 <101484718+icpantsparti2@users.noreply.github.com> Date: Sun, 8 Jan 2023 16:48:25 +0000 Subject: [PATCH 14/78] v108 (#1613) nit: add a ';' to the end of line 1040 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 6a150db..6cb9953 100644 --- a/user.js +++ b/user.js @@ -1037,7 +1037,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); // user_pref("browser.region.network.url", ""); - // user_pref("browser.region.update.enabled", "") + // user_pref("browser.region.update.enabled", ""); // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); From b99dd27de828be13530ce2f48c9178d34f5f82ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Jan 2023 01:07:25 +0000 Subject: [PATCH 15/78] browser.startup.blankWindow, #1618 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6743ca7..6e06248 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 5-December-2022 + Last updated: 27-January-2023 Instructions: - [optional] close Firefox and backup your profile @@ -239,6 +239,7 @@ /* REMOVED */ /* 103+ */ 'beacon.enabled', + 'browser.startup.blankWindow', 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', From 82591911670943e629f5bc0a83adb95b2e5909ed Mon Sep 17 00:00:00 2001 From: Keith Harrison Date: Sun, 5 Feb 2023 14:06:49 +0000 Subject: [PATCH 16/78] prefsCleaner.bat: add -unattended flag (#1616) * prefsCleaner.bat: add -unattended flag Usage: prefsCleaner.bat -unattended Skips the prompt for user input and proceeds when -unattended is specified. If omitted, default behaviour is unchanged. --------- Signed-off-by: Keith Harrison Co-authored-by: earthlng --- prefsCleaner.bat | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 7591c0e..d266b3f 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,17 +3,19 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.5 +REM ## version: 2.6 CD /D "%~dp0" +IF /I "%~1"=="-unattended" (SET _ua=1) + :begin ECHO: ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.5 #### +ECHO #### v2.6 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -22,10 +24,13 @@ CALL :message "This will allow inactive preferences to be reset to their default ECHO This Firefox profile shouldn't be in use during the process. CALL :message "" TIMEOUT 1 /nobreak >nul -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 (EXIT /B) -IF ERRORLEVEL 2 (GOTO :showhelp) + +IF NOT DEFINED _ua ( + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 (EXIT /B) + IF ERRORLEVEL 2 (GOTO :showhelp) +) IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) CALL :strlenCheck From 73884850632ffe284f76881786f7d5903b917f58 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 7 Feb 2023 00:02:45 +0000 Subject: [PATCH 17/78] v109 (#1614) --- user.js | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index 6cb9953..4217d61 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 9 January 2023 -* version: 108 +* date: 7 February 2023 +* version: 109 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -471,8 +471,7 @@ user_pref("security.OCSP.require", true); user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict - * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE - * your web browsing by inspecting ALL your web traffic, then override to current default ***/ + * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enable CRLite [FF73+] * 0 = disabled @@ -595,8 +594,6 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2404: limit events that can cause a pop-up [SETUP-WEB] ***/ -user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -606,8 +603,6 @@ user_pref("accessibility.force_disabled", 1); /* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2604: disable page thumbnail collection ***/ -user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); // user_pref("browser.uitour.url", ""); // Defense-in-depth @@ -853,10 +848,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4506: set RFP's font visibility level (1402) [FF94+] ***/ // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] -/* 4507: disable showing about:blank as soon as possible during startup [FF60+] - * When default true this no longer masks the RFP chrome resizing activity - * [1] https://bugzilla.mozilla.org/1448423 ***/ -user_pref("browser.startup.blankWindow", false); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] @@ -963,6 +954,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] +/* 5017: limit events that can cause a pop-up ***/ + // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +/* 5018: disable page thumbnail collection ***/ + // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, @@ -1033,6 +1028,7 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ // user_pref("beacon.enabled", ""); + // user_pref("browser.startup.blankWindow", ""); // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); @@ -1186,8 +1182,8 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); /* 9003: disable What's New toolbar icon [FF69+] ***/ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); -/* 9004: disable seach terms [FF110+] - * [SETTING] Search > SearchBar > Use the address bar for search and navigation > Show search terms instead of URL... ***/ +/* 9004: disable search terms [FF110+] + * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/ user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED From ca022d8c2d2d8b2e149fd34a696284759e566f4e Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 10 Mar 2023 09:21:21 +0000 Subject: [PATCH 18/78] v4.19 - use Powershell for locale-independent TS --- updater.bat | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index 40a6d10..f6174f7 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.18 +REM ## version: 4.19 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows -SET v=4.18 +SET v=4.19 VERIFY ON CD /D "%~dp0" @@ -177,8 +177,7 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j - SET ldt=!ldt:~0,8!_!ldt:~8,6! + FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# MOVE /Y user.js "user-backup-!ldt!.js" >nul ) REN user.js.new user.js From d13f39d9f9c4dae6f7034fe8b4f29e5893a5abdc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Mar 2023 03:26:12 +0000 Subject: [PATCH 19/78] v110 (#1629) --- user.js | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 4217d61..bf931b2 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 7 February 2023 -* version: 109 +* date: 12 March 2023 +* version: 110 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -557,13 +557,6 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); -/* 2001: disable WebRTC (Web Real-Time Communication) - * Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until - * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access - * [TEST] https://browserleaks.com/webrtc - * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ - * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ - // user_pref("media.peerconnection.enabled", false); /* 2002: force WebRTC inside the proxy [FF70+] ***/ user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); /* 2003: force a single network interface for ICE candidates generation [FF42+] @@ -954,9 +947,9 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -/* 5017: limit events that can cause a pop-up ***/ +/* 5018: limit events that can cause a pop-up ***/ // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 5018: disable page thumbnail collection ***/ +/* 5019: disable page thumbnail collection ***/ // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /*** [SECTION 5500]: OPTIONAL HARDENING @@ -1143,6 +1136,13 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" * [1] https://support.mozilla.org/kb/push-notifications-firefox ***/ // user_pref("dom.push.enabled", false); +/* 7020: disable WebRTC (Web Real-Time Communication) + * [WHY] Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until + * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access + * [TEST] https://browserleaks.com/webrtc + * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ + * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ + // user_pref("media.peerconnection.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From e2e8c4ea8f9c8034a2ff72fe3c2d4a4a89404c10 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Mar 2023 07:13:07 +0000 Subject: [PATCH 20/78] add arkenfox/gui --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f33ad9..1a27d8a 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ A `user.js` is a configuration file that can control Firefox settings - for a mo The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. +Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. There is also an [interactive current release](https://arkenfox.github.io/gui/), thanks to [icpantsparti2](https://github.com/icpantsparti2). Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://2019.www.torproject.org/about/torusers.html) calls for it, or for accessing hidden services. From bdaa2867b923669361a8527065e919c839668599 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 19 Mar 2023 11:16:40 +0000 Subject: [PATCH 21/78] v2.7 - use Powershell for locale-independent TS fixes #1624 --- prefsCleaner.bat | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index d266b3f..2e3403f 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.6 +REM ## version: 2.7 CD /D "%~dp0" @@ -15,7 +15,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.6 #### +ECHO #### v2.7 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -37,8 +37,7 @@ CALL :strlenCheck CALL :FFcheck CALL :message "Backing up prefs.js..." -FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j -SET ldt=%ldt:~0,8%_%ldt:~8,6% +FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js" CALL :message "Cleaning prefs.js..." From c84c419544cbbe4442190cc6325b926b519d8db5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 30 Mar 2023 04:50:25 +0000 Subject: [PATCH 22/78] v111 (#1650) --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index bf931b2..3e3b84c 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 12 March 2023 -* version: 110 +* date: 30 March 2023 +* version: 111 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -262,7 +262,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause - * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6 + * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -426,7 +426,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Sept 2022) reports over 99.3% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -875,7 +875,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). * In fact, PB mode limits or removes the ability to control some of these, and you need to quit * Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide - * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. + * a temporary self-contained new session. Close all private windows to clear the PB session. * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [1] https://wiki.mozilla.org/Private_Browsing * [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/ @@ -951,6 +951,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /* 5019: disable page thumbnail collection ***/ // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] +/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/ + // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false); /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, From f2e4a79ca0220aa2ad87e76ff59f5cbc37c5f373 Mon Sep 17 00:00:00 2001 From: Celestial Nebula <41875671+CelestialNebula@users.noreply.github.com> Date: Sat, 22 Apr 2023 11:52:26 +0000 Subject: [PATCH 23/78] updater.sh/prefsCleaner.sh: Check for root and abort (#1651) * updater.sh/prefsCleaner.sh: Check for root and abort Check if running as root and if any files have the owner/group as root|wheel. Abort on both. Should (hopefully) prevent stuff like: https://github.com/arkenfox/user.js/issues/1587 Discussion: https://github.com/arkenfox/user.js/pull/1595 --------- Co-authored-by: Mohammed Anas Co-authored-by: earthlng --- prefsCleaner.sh | 15 +++++++++++++-- updater.sh | 13 ++++++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 052905e..9aa89f0 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,12 +2,23 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.6 +## version: 1.7 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() ) +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + exit 1 +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + exit 1 +fi + readonly CURRDIR=$(pwd) ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) @@ -138,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.6 ║" +echo " ║ v1.7 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." diff --git a/updater.sh b/updater.sh index bf275c5..0f544d0 100755 --- a/updater.sh +++ b/updater.sh @@ -2,12 +2,23 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.5 +## version: 3.6 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + exit 1 +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + exit 1 +fi + readonly CURRDIR=$(pwd) SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) From 7a1d0a92af95d152349830d027648fa299b9bcba Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 23 Apr 2023 09:13:13 +0000 Subject: [PATCH 24/78] v3.7 - fix syntax error --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index 0f544d0..9f4b46b 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.6 +## version: 3.7 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, From d50c772d7d28b0a49e19e5ded6dcb0c4e52717be Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 23 Apr 2023 09:14:03 +0000 Subject: [PATCH 25/78] v1.8 - fix syntax error --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 9aa89f0..c62f070 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.7 +## version: 1.8 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, @@ -149,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.7 ║" +echo " ║ v1.8 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 2f4b93a18fe610435f7142c3a23baa7e247d9613 Mon Sep 17 00:00:00 2001 From: bol0gna <75225753+bol0gna@users.noreply.github.com> Date: Mon, 24 Apr 2023 12:56:29 -0400 Subject: [PATCH 26/78] fix escape character, should close #1667 (#1668) --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index 9f4b46b..6a3d1f2 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.7 +## version: 3.8 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' + printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n" exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, From b117916207862d4785f6da32d48cbe4420372434 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 24 Apr 2023 16:58:19 +0000 Subject: [PATCH 27/78] Update prefsCleaner.sh --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index c62f070..f36732c 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.8 +## version: 1.9 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' + printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n" exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, @@ -149,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.8 ║" +echo " ║ v1.9 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From bc5add9450ddc16c48d315913c43dba34baf4a24 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 4 May 2023 23:31:33 +0000 Subject: [PATCH 28/78] v112 (#1654) --- user.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 3e3b84c..7b0962d 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 30 March 2023 -* version: 111 +* date: 4 May 2023 +* version: 112 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -491,7 +491,7 @@ user_pref("security.pki.crlite_mode", 2); * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) * [TEST] http://example.com [upgrade] - * [TEST] http://httpforever.com/ [no upgrade] ***/ + * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/ user_pref("dom.security.https_only_mode", true); // [FF76+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/ @@ -1007,8 +1007,8 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false] * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] /* 6008: enforce no First Party Isolation [FF51+] - * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), - * and enabling FPI disables those. FPI is no longer maintained ***/ + * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI + * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] /* 6009: enforce SmartBlock shims [FF81+] * In FF96+ these are listed in about:compat From 04e6e77439bfa6e3f6b7b9c5e0afac7f74f0586a Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 5 May 2023 10:56:08 +0000 Subject: [PATCH 29/78] v3.9 - fix #1670 --- updater.sh | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/updater.sh b/updater.sh index 6a3d1f2..88e6e33 100755 --- a/updater.sh +++ b/updater.sh @@ -2,20 +2,15 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.8 +## version: 3.9 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) -# Check if running as root and if any files have the owner/group as root/wheel. +# Check if running as root if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n" - exit 1 -elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then - printf 'It looks like this script was previously run with elevated privileges, -you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 + printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n" exit 1 fi @@ -396,6 +391,17 @@ show_banner update_updater "$@" getProfilePath # updates PROFILE_PATH or exits on error -cd "$PROFILE_PATH" && update_userjs +cd "$PROFILE_PATH" || exit 1 + +# Check if any files have the owner/group as root/wheel. +if [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + cd "$CURRDIR" + exit 1 +fi + +update_userjs cd "$CURRDIR" From c34531b67e0b9d162331fa92dc0eae2548d13fc7 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 21 Jun 2023 03:29:51 +0000 Subject: [PATCH 30/78] 114 deprecated --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6e06248..9245fc4 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 27-January-2023 + Last updated: 21-June-2023 Instructions: - [optional] close Firefox and backup your profile @@ -34,6 +34,8 @@ /* DEPRECATED */ /* 103+ */ 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] + 'privacy.clearsitedata.cache.enabled', // 114 + 'privacy.resistFingerprinting.testGranularityMask', // 114 'security.pki.sha1_enforcement_level', // 103 /* 92-102 */ 'browser.urlbar.suggest.quicksuggest', // 95 From 84d515abfc631f1c824211bc609960a430ba334a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2023 12:44:53 +0000 Subject: [PATCH 31/78] extensions.formautofill.heuristics.enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 9245fc4..7c3f150 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 21-June-2023 + Last updated: 11-July-2023 Instructions: - [optional] close Firefox and backup your profile @@ -33,6 +33,7 @@ const aPREFS = [ /* DEPRECATED */ /* 103+ */ + 'extensions.formautofill.heuristics.enabled', // 114 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] 'privacy.clearsitedata.cache.enabled', // 114 'privacy.resistFingerprinting.testGranularityMask', // 114 From 47f152ac90d5962e0cd29ebcf8b607caa650d41d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 10 Jul 2023 13:35:52 +0000 Subject: [PATCH 32/78] browser.cache.offline.enable --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 7c3f150..94aaa73 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -32,7 +32,8 @@ const aPREFS = [ /* DEPRECATED */ - /* 103+ */ + /* 103-115 */ + 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 'network.cookie.lifetimePolicy', // 103 [technically removed in 104] 'privacy.clearsitedata.cache.enabled', // 114 From 6151d664acced94364e7e3a075e6ac3ca555ef48 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 19 Jul 2023 20:38:31 +0000 Subject: [PATCH 33/78] middlemouse.contentLoadURL --- scratchpad-scripts/arkenfox-cleanup.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 94aaa73..5c0191a 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 11-July-2023 + Last updated: 20-July-2023 Instructions: - [optional] close Firefox and backup your profile @@ -241,7 +241,7 @@ 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ - /* 103+ */ + /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', 'browser.newtab.preload', @@ -261,6 +261,7 @@ 'extensions.formautofill.available', 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', + 'middlemouse.contentLoadURL', 'network.http.altsvc.oe', /* 92-102 */ 'browser.urlbar.trimURLs', From 4d78abf2bfafbbcb03f8f6d6aaaf7e69b7cfee4e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 26 Jul 2023 04:37:00 +0000 Subject: [PATCH 34/78] v115 (#1680) --- user.js | 67 ++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 42 insertions(+), 25 deletions(-) diff --git a/user.js b/user.js index 7b0962d..5ed7c08 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 4 May 2023 -* version: 112 +* date: 26 July 2023 +* version: 115 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -116,7 +116,6 @@ user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] user_pref("intl.accept_languages", "en-US, en"); /* 0211: use en-US locale regardless of the system or region locale * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] - * [TEST] https://arkenfox.github.io/TZP/tests/formatting.html * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] @@ -296,10 +295,11 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [WARNING] If false, this will break the fallback for some security features * [SETUP-CHROME] If you use a proxy and you understand the security impact * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/ - // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96] + // user_pref("network.proxy.allow_bypass", false); /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] - * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off + * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3] + * [SETTING] Privacy & Security>DNS over HTTPS * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https @@ -602,9 +602,6 @@ user_pref("browser.uitour.enabled", false); /* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] -/* 2611: disable middle mouse click opening links from clipboard - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/ -user_pref("middlemouse.contentLoadURL", false); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] * 0 (default) or 1=allow, 2=block * [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/ @@ -642,6 +639,8 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); * for these will show/use their correct 3rd party origin * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/ user_pref("permissions.delegation.enabled", false); +/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */ +user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX] /** DOWNLOADS ***/ /* 2651: enable user interaction for security by always asking where to download @@ -727,10 +726,6 @@ user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ user_pref("privacy.clearOnShutdown.cookies", true); // Cookies user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data -/* 2816: set cache to clear on exit [FF96+] - * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust - * [1] https://bugzilla.mozilla.org/1671182 ***/ - // user_pref("privacy.clearsitedata.cache.enabled", true); /** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] @@ -758,11 +753,11 @@ user_pref("privacy.sanitize.timeSpan", 0); /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want + [TEST] https://arkenfox.github.io/TZP/tzp.html [WARNING] DO NOT USE extensions to alter RFP protected metrics 418986 - limit window.screen & CSS media queries (FF41) - [TEST] https://arkenfox.github.io/TZP/tzp.html#screen 1281949 - spoof screen orientation (FF50) 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) @@ -801,19 +796,23 @@ user_pref("privacy.sanitize.timeSpan", 0); 1595823 - return audioContext sampleRate as 44100 (FF72) 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74) 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78) + 1506364 - return "no-preference" with prefers-contrast (FF80) 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) + 1794628 - return "none" with inverted-colors (FF114) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); -/* 4501: enable privacy.resistFingerprinting [FF41+] +/* 4501: enable privacy.resistFingerprinting * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme + * [NOTE] pbmode applies if true and the original pref is false * [1] https://bugzilla.mozilla.org/418986 ***/ -user_pref("privacy.resistFingerprinting", true); +user_pref("privacy.resistFingerprinting", true); // [FF41+] + // user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+] /* 4502: set new window size rounding max values [FF55+] * [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen * [1] https://bugzilla.mozilla.org/1330882 ***/ @@ -822,7 +821,7 @@ user_pref("privacy.window.maxInnerHeight", 900); /* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ -user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108] /* 4504: enable RFP letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. @@ -838,7 +837,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [WARNING] DO NOT USE unless testing, see [1] comment 12 * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); - // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4506: set RFP's font visibility level (1402) [FF94+] ***/ // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] /* 4510: disable using system colors @@ -941,12 +939,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5017: disable Form Autofill * If .supportedCountries includes your region (browser.search.region) and .supported * is "detect" (default), then the UI will show. Stored data is not secure, uses JSON - * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/ // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] - // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] /* 5018: limit events that can cause a pop-up ***/ // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /* 5019: disable page thumbnail collection ***/ @@ -1021,6 +1017,9 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] +/* 6012: enforce Quarantined Domains [FF115+] + * [WHY] https://support.mozilla.org/kb/quarantined-domains */ +user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ // user_pref("beacon.enabled", ""); // user_pref("browser.startup.blankWindow", ""); @@ -1037,16 +1036,16 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); // user_pref("extensions.formautofill.creditCards.supported", ""); + // user_pref("middlemouse.contentLoadURL", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); /* 7001: disable APIs - * Location-Aware Browsing, Full Screen, offline cache (appCache) - * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002). - * appCache storage capability was removed in FF90. Full screen requires user interaction ***/ + * Location-Aware Browsing, Full Screen + * [WHY] The API state is easily fingerprintable. + * Geo is behind a prompt (7002). Full screen requires user interaction ***/ // user_pref("geo.enabled", false); // user_pref("full-screen-api.enabled", false); - // user_pref("browser.cache.offline.enable", false); /* 7002: set default permissions * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] * 0=always ask (default), 1=allow, 2=block @@ -1194,9 +1193,9 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false); ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); /* ESR102.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them +// [NOTE] replace the * with a slash in the line above to re-enable active ones // FF103 - // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) +// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) // 0=keep until they expire (default), 2=keep until you close Firefox // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761 @@ -1204,6 +1203,24 @@ user_pref("network.cookie.lifetimePolicy", 2); // 6012: disable SHA-1 certificates // [-] https://bugzilla.mozilla.org/1766687 // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1] +// FF114 +// 2816: set cache to clear on exit [FF96+] + // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust + // [1] https://bugzilla.mozilla.org/1671182 + // [-] https://bugzilla.mozilla.org/1821651 + // user_pref("privacy.clearsitedata.cache.enabled", true); +// 4505: experimental RFP [FF91+] + // [-] https://bugzilla.mozilla.org/1824235 + // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); +// 5017: disable Form Autofill heuristics + // Heuristics controls Form Autofill on forms without @autocomplete attributes + // [-] https://bugzilla.mozilla.org/1829670 + // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] +// FF115 + // 7001: disable offline cache (appCache) + // [NOTE] appCache storage capability was removed in FF90 + // [-] https://bugzilla.mozilla.org/1677718 + // user_pref("browser.cache.offline.enable", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 915f39959c7e077f00477e6ce34a0f9f9e3e7c6b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 14 Aug 2023 03:27:30 +0000 Subject: [PATCH 35/78] external.ms-windows-store, fixes #1142 --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 5c0191a..706fbfc 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 20-July-2023 + Last updated: 14-August-2023 Instructions: - [optional] close Firefox and backup your profile @@ -241,6 +241,8 @@ 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ + /* 116+ */ + 'network.protocol-handler.external.ms-windows-store', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From f1831e947bae0940bf8525447345c96ca27924ea Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 Aug 2023 06:45:37 +0000 Subject: [PATCH 36/78] media.gmp-widevinecdm.enabled this adds nothing, users can use `media.eme.enabled` if this is their threat model --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 706fbfc..87556da 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 14-August-2023 + Last updated: 26-August-2023 Instructions: - [optional] close Firefox and backup your profile @@ -242,6 +242,7 @@ /* REMOVED */ /* 116+ */ + 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', /* 103-115 */ 'beacon.enabled', From 576da2e2363d326ebefb962fd1b149b68bc88284 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 26 Aug 2023 07:08:23 +0000 Subject: [PATCH 37/78] Delete smartReferer.png --- wikipiki/smartReferer.png | Bin 37523 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 wikipiki/smartReferer.png diff --git a/wikipiki/smartReferer.png b/wikipiki/smartReferer.png deleted file mode 100644 index c64b93a9c6b9368a9fe7c92087f577fbd1c1914e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 37523 zcma%ibzGF+^Y0=G5`q#UElMLGjii8pv@}R}v(n9iba!`4cXyY7wA3!JbSQ&ri@fABOcG200Psxe^Cu+$;86wufMW0z?V*I- z=0*3z3**~oO$Pt~3;)l90!U4N1pr_wScr*z`C<-q1Ui@lzrB_c6MOy59%yP|Z2|ze zE@mj3sVMKh6ubnViOK}~#LEDc2%o-I5)Jbqh@oYq!gwwnOqH`hsM!5NT>LTVP9^;JuW(>1RMyBcN;i zIaUqeDK_A}VsHQh;IRilf9UO7SAc&CfI#9@UEqYN;`uh?gQQYw1e&Qoi2G_iWwt|C zS7)K1AD1FxBH%W7WRUuirN=FWnBA8XcNP8<0LYFZeBc(2a2>~~7$4`3Y{1cD-s?m| zzA-d}-fvEne)|XjtT}p5-oIn5CGp`$^Rc;7cz9uH5|LvF9CqlR$%uG{ZmvQbHB9-7bHv=A(>4B@G+H&wF3Zj zKT)%&jMNGbJ_P_iW&1K#iIARkzk1h&M%Mjgxf|7bcq}sX6yJbqF&M=#RO4;r zQ=*iBE2{3#kMY8&Uk?WpD87-2;rh&`6sq!C^)vaYp#7r{LD~{6G5kXS_V0IrZIW#9 zzBP)1GuZWF%|CcZ{3UX+ei=KmrAEEXPWxqFM$_bdEmj z_bdawqSd_bFyf3xtKXDimky9rsgAyPcD5jm&+p#O;YH!IKKBR~>*Jxu3lU?d zYmR;-Rh_Rgg*PQJWvldd_g!%s=Vy|)al?zoRyF7!;@`by8VcCR*y!Eh*dX1YI@Q9= zF#Kqjf2F)muQXyQO}zPhlXDZzB$-`AH7`|Z6zqF{_acp_9l0YG!^h`i7CfC9Tayvwtzm*C#W^3uIHWn$Yn9;fro!mZ zWV@?$M|q5G`l2MbcPN+u#<0#nTF5Ee%x0o(Rg##Ls8Ra4RIyZYzn#0{uqdOjUA$HE z))z-)P?}DgPSPxD{7J^P@`Cb85oXa#IYGYj3YHS90@9q;PcEIdMMue*9lAc5vcMv+ zTl@A6nHMWU1z~ejbS{alfmVx6jkbh6{z{;q%MK_&&N{esq9~@*`%$dGAi*GM%|E7j zQXp?uB0>T;++si*N)5Fcuo=jsMWdynm66+%J4#iOYc6CciYFv!;gk06RDbwuZ5aN4Q;joUq5ITXsCYGsg)?tD5sfgEpIJ) zQPeCSCtsR5XVzPF(lFdm+(=xt`5SGiqQR!Y%fQT#$gHuyqW37SJi{w!z# zrE+rOG4jBa5S;<*c8aSqzz)91g#F zhs0JDHz$R$vJ&1~LCU-p#1wqZ>bKvr8nMQxm(N!<7PypL8o-EzE`;o}ph8dq9xyvt zQ|~8FSL0CQs6sC=Q!fA_26~G$M!F*>0YyGEC}yZ3z9PO_k8ZErJ*he)h543DE@~DI zMZ&Y2MF>TrzL$UB>@KG=A3BIGr@Guu9*-HfzzO)`y)*X<-C)Zgtk)ZxE+8mCJy1CE zTd)SnBwG@f%jB|{1LV`qr^HX-G&44Z50%W)T#P~`ES3U`JT06p!UHU(nm=bXGBl*D zWyn6TFjjEeT6aM14&g!T8S7Y3529q&A)Rk-IpaNN0Yxv1S@7QRC4Q6*mgkK>7J1J2 z<7GI_DZUF$B&J&rd5_r})=BQk;NN1}j1=;xpBd%cV-I55xZJ4wISSrwHv7{RN4Lp7 zlU+&U%Y2#Y{Mv?HkguK1FE%FHPPBwdF0R3B&uq)od9=(Vpys~cHms4AA_0Basy4dp zi6%2_(qUQ1L%bfmwb+J&KpAyr za*eI_GRqG&0(Ndom{7teOo3`>Wdcp14U9Ik3Z;kYNfqAhwC-|NzPjBb-@EHktoE@~ zF*gIe_Lt`mbrdvMH6ir|H-QYs9 za|&p>NyAl!Ef#mbPsf>^PK0M9WO#YATrcY{fUV{x<$` z?b9a5)0(ACeDx;v)Ji@*n?1)pf%~{=g~8VJ*3^n-ZL8)Z_x5@Z)5~4bOrG(Tvv#+W zm&m!<%nyPq?QnPCW&hu-5(ZZ`d-( zvdbkKKDjJ;i5B2DaUXLYg)8qKUd}4Zp(nCW}k47c( zK|o}OsQR~FJ(*f|f*8}>R~wts*HS7tKyyOe?DFq#f&^9GJ=OJjjY<9d^G9)iYHbXa zn$~7#v#ra)1KW#nG`tO0VM<)jrnHoalY39+i}tLP1yvoEJ%cy?&qbe7eL|h0e*Ex$ z_=uJN^ZS%as_4(J|MOT!%)bRvd;xz8s5Abl_j!upZ$0W=g8yT~=zQhB{RQ*Jj_>VB zfAsd&`TLz-w)3IDw2|vkeBbAP3i2Nc3Kyu?{^{qLOq}XJB-mm8OUu7w{7cKf#Qi(Q zzqI)OOWeN=rHcGN{vG7s8vpjRekRAK+6C-jdUpNH^*{XWS4#jB3Z=wbM}K@iL@7i` z<^tjWWzCH6wzycrx3KGd*ZcQe5m0q(sClPi_CnJtoF+Z1_K}HenWu^cz3h8AVyZuV z1=srQ*(*l5|2$ARMlwE0)}K*P1XmLw_ut%tt#dI$UHv z5|hxn;{WP$rzR%+GbV4`3|zX1_^uP2Al(a2K8;lW;(V>o$g+ou5n*w9F7dStgc{I2 zSqjU}mC?g-`kXfmW=?N}i=`fpikC7bF$pRZ6I6KX^C^VO6v=V$)07t39|G^+8oYSu zyiclhK0zMeq}+DV+BFpsT%wloLv}Z^)PXNEz5>9>xZHi+42!Gt(D}9NU^d_3nI)87 zf+HwWn?t@J2}d+@GX2auiE00>Gx#Ntbo#i$bFPRRwQ2wI(&4s?rB2#9{MoP4bWeDe z@aeSVe8!g8mGXVdJw{+1w&%E5|0GNUxj6mP)dUqC%DiV*tI4x35sL-ZKNYOKI>>JO z_-9Ee3d_3}OskNLaDLNf_krEsVQ*G+O}9O9pEmw%iPG?xSM5{ncLga%4H-s)bwFLY|3Ug6LeTC(&_`HO_h#o>3inoGDN6T_oDz{O=75sHYO4@t z8p#K{J`AeWI9ounISd6j9!wGi!wB3u8;Bldd*BQ+iT%-pBF(8?!RhkmQIT3Z?;}j_ zx@!pi^vB(!Ava5ZGf|kD0zDH|&Vf-Zme9Zq-g_GozOG6t`F5`Mb=ZqpMsakU&+&DFa98IBIzJmr?F-dFVmtzsn_3l6~d zZ_zSxVQf@UI{4C>h;85H%Sw$~a?H@NR)}t2)NNhvNd@Q^V$Q65^ktzy-_<_L`rQCY z=Bb$HIpq3oEr!OEv>XQhyVcn_7YDHp)Zq!6?9A0CXIgS95V|Vl?90V5z-CCz=I`Sh zVIg2%HuHdKy+8}4*%}U$B%F;~T^_|bqvxv3{8}by6r3)EBg!Tjv6mT{mAGzjS701I z;tu8Rq&=bSVrOD!l6ItlxpJN4klA|@j!drFVdCv%LbBe{4A4}pc6W;L@XFjQh}b#gG%UfOr+Jqgd|@u~-X3sh4&5D}S&3d`LnM5ia=ip%o?9U=B;0xW>og^CVx=Iy+F zGEndC-mr#~PTIpA{w+4JE*zs$@V!sfa;+s3P)@g}k!-zoP~Y3&vi2T@sF~_qEcNoI zD9mbOxesP6FXl1yQ+5o+yIef-(7d~1?2v%2?*q46+z(s-*iU&EIxqK?OV#wRs?7(Nn&0pXr%$7CN-M^2=_|n_A9j*pP2y zG3RnsTaT&hS3$eNo45Oe(>u4l)Q7r377FG*`S|**Fae=J7x1g0N?KX{b!6-Jj?T<6 zER4A3!{RZnv;=ax1Ixi!*w7eUkoPBY#3ym=^QqAERx1D17%MP$zMp84z4*l#J}K(2 zCbwfb>01|8fngzyA_$Q#M+}|m^5ATep7`a<rrQ1aw=$#`HQQG3i2U>&^*JaAB|rIKH*Z z+G&7P1+616lDK~RP-qKh6@w0kr|8g5M>VGx+@S<>(LQ5nWQgQqRBx@I`}7^}X#K{Q zlP>Mt{z#s;rx8-Zar0S!W>Lyar&hidPG2$=!rx3tAF+qED3%ab*ngePpq;@^-|j8Y zR9XgGs^c1{TPS;jjjCMhXWDDM>_33+Jblq#Bz1NF{9?+hX`*&yCXEx_g|I=I?jyp} z?ry?+qW6L)x%u5|wwqIaoCL8Xi3kgCb`yvrmtdO6@SfW;qRt8ZdNnH@vg+slZ2>!R zna>B3kMu{UxFxbG^y;1$@6467 zww6twrH*AOGU}k4^j6WWO0_&MVXA8Fz?F7YkoO2QVKpg+q2-26H9H(t?j#w1yMp6h ztr~|q$16XfF47&DwJ9U@JnF2rN#}>HX%K(pZ$YpZL=sZ22RtdIpW<1tFTh?A#h*5F$24wfM0DsOh%Usatqpv7BLOmnB5g#d*c&^W)H)vJiSub z2%vjlE8S{u+w6V9qv`CE7(o>sd#+h#zDZBm%MrBY$o*XGRI;1UEsw@u*Rv+c30rS-PwGD^U{+&G}Mn@^JbWZgCcBBp-;cKiXbM0G|@0MK!arLI-szEJb{YKssz@HYz5gnnoL}gnd z*d^(bzv1IpY+=J5M|~H5$m3Q$E`ys|eBukF>FNE1+4rLFdFY+`lT4>Qf4tOjuJcol zI>;P03pjTa@g!-p%;)mK0Nnr^r5+1In+o zjKQ_;xRdlOQ6;dYRX=CWLm+sMF`H45J+>ZHts1Y$Y0Eu^IXAV1Fl!H~V0cUa$3wG2 z`;n9&4*}-z2u4S#wPc;j@9xOOnj^Zy$R=0FVEo^q>MN!hmh%VHWXod@&ZMRX<1?*m zyRY6gK2!VN!_^{jA8Y-_&{PT28*Qn^E`ZSA3BrD~V;1&1R!o!UUO8=lbj+WZCstk- zKR&R$Equ#^2fD-mNV3t27qkSjxIKzfscR2^&^lkG-{dr$%*(!8#SM6B%IF23>G?&| zE;9>HM?s1UTX?cskK}N?Wz)#F#nnYL8OAW--|=+*`uuhk)ER0QPid)PcdsO) zy2&~X>7`odjY{pO>RjpM!dwEaD`)T6V=Qh!z3szmKy&-6v}`$@jN8?tXoWm=Sy)g?zENYDypD9~pTilaIeNU#^tpUmMTU)!cL7pEK8E^a%E!FsN{NGD`U@XDJ6 zzc;vD+9H+y*cOXs9vsptMl$A7mU9hGUnNxfhaDW+46y3ZV@V9=c?2paDUBa2Cs&Rq zzSzjJp($2P7FE_ScHcXsc3zJ9U?OkxMqC3j%1|`>H?AA!Y{2rKVJ!6y;}lWmt8z(D{!h#$ z#n*lF57eYdviasYh;rH07FNrjk%u}5dqAgagj}8{I zdU+6YEy`Z=d`kEHX%Z01_||`Tq23MemljBSNfdpI5MfmE_%ez3S`w!R9#nhB|+O#S!v@oH2U(gR$Hlu1Sy!hIQ#3u5-2s|e}kgn|rE%rS}j6sq+UtdAm zy%ZW|N}FA}fx8|(AYpaKjk#U5pIJ@yd2MeLcmp|_>Jhl}-!B@+_3zJO(rakzD2MUS zzd}+3a5pthd&kmTA;#XLcTY~*C2sE}A_LYBOoVCbU(uSAM96gH9d;HeyN_w4t1tKY zYTbvk%l(9ZoqPx6BC62aX*U@1Xy0bIv&!$^T8aIUt19Q!Q$EWCfeQ z$tOfvDDEn=x?(Fa4VMkrql7szqy1?s$NY2JeNUg9o$ZY%_hBJqtXxm1M;MF7as41S zqb3y_l{28cM`VB2q50da-WM>dFYu&Wd$G)QK$^GRrD~Mn++i>WRUFTsL*rHpSU47n ztdiQwd48@>sb}kZ#$-~jobGi{RL9+W>ySi0KB^@LjfDZsAN1aH9%Ps*E0V;O$JG|A}g3OLyHuT?W=48oNZh@b4c)djkPB}-z_gr4|C1tw)QsxOSbYT?rflLfBHi#$V3UN z5`@ow|4cTp0AS3HG=;z?*S{py>A^jaQF<&D&G;#Hdy0AMi5gXyyR-jN{8%C5X?v^^b_Gm&+mDX{?Am8tCy>G#nwF7X& zoXclaM-AwSCf7hafueb_%dp8t2I%$a9P#oP6PRasas5kB&08CYH?_j22%U83i3v;G z(G7zaa+kC>QadF^bevy?q0Hgd_vz+}y9}#6n0NvtwbsC-?CW*EarB&_?g^%Ehx)~v z?a@vExm8NhIr;p@;yS4heOoEb(h-%7MwUZ&;e_)&hB$@BS9<%R>CAPMWm{d3 z;hek)-sa-m_;lfy_gJ!+xF_CfV^BGy=5P-8;T=&f@W!kQ#bo-Wy;52J>!}Xw8(bLW zo_N+T*&>(%@qo1MNu|8!z*c(vt0HwJ^KD?4S+|YX!hGh0t64u4PPuD8=sn9Fdn1m` zVA|(donPKgyIN#RbM*(uLZ8BP(hr}K_g;8OnbE+k`MNJYF|yJmjit32P4V}-Lv0~R zXMRksm)XFj(%tE$RvjC79m@LGIP@Im3!l^Fw+M|iHY8> zS6>lnMA1Wp_i#dR5s`XB6pWW(-qUi(-O9~t);&G^vPre5S#z{4q!D@UDjVPm{o2

T-pn?~Skf|Xgps#9Yq=!xsuE~#Dwl>TSVFL0t6#D=xsb6! zqF{`OFqm<++}&98KJLOOfUVv3FExH`EVo*qTAHVERvcX!Owz)Maoe1&+U2;pccix- zu5imMwz?G?u>zT}YMg{#j{OMs3!?p1#7bs9kA-7xsBFj5yW|ued(i*&s&t}h;5pL( z-B;5k0;RpF`DrhTIT>Vb2v-(K4fyMT&{lO}MNz>z+2G=hIs{P(^TvEY2%qY{xMqgK zYUH!#wQCb!+!sT#VjS~zNO`X|g1W!1Q($>{ZV zcNz;?)q_VQcqZ<@*E^zujInbUI0UP60(D3DMQlSJk&ZWhp%S3M`vf z_ae92>PNG0t`Mhxp9_IzWvmHLm+WSyvNb>=OPVIG) zo1W?Why6Hp@I~k7F^6tC;F2ZSnM2tJHOM^foM#KN>6Kpl`UnOp)mq9U>w~2}haQ~| z0e$Q)%jK6cyDsboD=zHINx79=h4*XY%t0T`JAax?>9h~IowHJ59MLwg$Dc8$wZR8& z_!10=!PN0L6n-tX!20bYCjQfj9xpaS&-H5G30JmKas}h-3&FnI%8HF&%uX_W@@a0b zr~;AcH9p)}v@>K(IOWv0)Eyk0dw&!tFA{-4X0>NUW;CAWeuON%**Cjo@|Zo84Sa6) zbapeB;xr&x^zN6Tclnq_1>$q&ko4M0Q`|c$xYVcZTWOkWdsn-QnCXX|2M5UBc(xu5 z;(}u{5`^Q0nycGHRv_(YtKmdytV5uuYGTS-6|t zSO|mazvJ2d!@Ev@oxuN!jX(Xb!2Q42_`gm61=Ue5CLF(qQUOf4rU^K+nYoo zB)>Cf`Kg~i`!O0lO7rx=LG2^{C|`;7w-y@R166+-DN+btQ49VgB2@ONHt^#_?b>oXXLLzGe2E2n+VW*eX5TnJojXDgrdyJ*@mf~?VRB{l4ry@p++1*dkM zfFJHbzD#*B`}D+0(~MSJT&Iw6vY72c6SBK1ss?S4CcH6Qd>^)>~x@!=)POG7W_ zFHvvZyy}4BMMOHCaN8y32n(y6-lpA?3>@+gN&Qg1stZNf?)_xg)sZZ5`8av;W0J$M zh^uY?T*ODoW#6LFTRrsY^66t6ZqdzPVlo)!SfP%5kcpZ$Ya89--qurTH8UkO6$i%7 zu>qX;4gz~=u-@P+mUrK4gxwY3xNaecw|voe@t5pA9xo?%u%E(*hK+W*__h=#B0lgS zD)xt5@}?ga3%d+rLI)iro9EFusDY(@=}Lj$NlN-&4`yhrvt_mnpIZVivJf3NPI%0% zoiwX?jBor$09K$R$|0wN?epf*vOyW)2JnxdPyDLsqv5-wcTtHIx8k5&M>M zD%*4Ek38=dub6cCQkL`}3PE;Q3f&oJ=hiTx)W@`TFAm?XrKL*Bg?3c99gk)5m2 z(%`p^3SG0+QR@3Jrr*#C=790JhbWCz*jYJB@ zvCmDKe*MfogOo>}Cv8Fpz6|qupIO>^&X(T?8}ohPD=-bHkvGAC3~w zgB)WgS`Rg|Ie|{LG!_>L4X>r9sJ$fTs=>4$dae_K_X)rJ)sgb2!LrhNiy{`2Z}^s* z*^ReN>c}3IjToyg!kim!kADxI7`^D0dZjK9@+9mGejN#5;-H`WB2$Ny8*I`ki-I=Om4r{$BbOLP)VX!nQiW!nF4 z`4(s%udDp0_~+zvGkTMPe=^^ky#F`TYe~a{hhc}aH?@g(bJ3od$gDM3@1?nLS*Ft( zDCp4zW;IJEr_m~$v5y+Cil>Zpy zi#_@jbYH6g={KGJ{3Uw<4?tLb-~xm7s;Ue2;lUuYJLOnkhYQa*xe*ZaS*LUP2sPdZXv^^ryGvxMJR&I{lV-49%3Pll zdYfE7_R>Z0{?r=dcjNp)WqgUlY1tIzTCwl`^(-n=(<-Q0g+^}!SydUI+aiayjf7zx zB*-+mLi6r^ys;OwW0hDI&OApoW24a#^1*sYKnSwQ;d_mOuFL2X_Jd~04sVt{1&gyf zhjT@nwgzJE{gTSHB$dLrtL#fDqDOVQ<8e>RXG5d?wuaQ5YxdT3=jgVtuQ%jc(H5gj zPbxf}CnyQeFu;q#ZQ)-!*yUiwPDtqxkRD+z3q(Y9>4I52f2u>7kRl3Qhv%15MoGzD zwm)~1%@Yw5anHQZpyb(BJ(D`6D>dcqD2o2Ol_v)m!j!s4ZIg@@uKt(mx@5VwAqk<- z=D;6xO7=#1!9XlVdRErK_u+9RlG8I%G!v7H)~U2D6;S&RlTLz1?suCE_&Pjyw`ng} zuu7PvU=HwS#|x6y#U-LHgwti42`ZKy`Ed6Ut<9;sD)gv9{Mt-c2vJE1_sMdP=)elU zv@Yj^ZP5fd3I@&Yhwc2j#)FOI=4usP5O`k_jtYYT&cJCbhQf{Fyo& zhZuMi`!b#0>Ks-^=mUZu0vtsZBACGK!hR?UHvYLLvU~hKXSWb>2JwLz)prz4nNnWm z%FAA6gdDafrQxBcw3|%$1dNCmYGy8`!_<(Dth|N8HV;r%u+tL?m1jl_AU&l%uIUE! z3<*quFJ`hj{p)rCKlk?e5#Bsu{3g{N_d7p;1Q^cGp7FaHrDSJM_jQvcbNZB4xCa+> z2%*O>xlAcx+C*4JNV2c-()7Gdk;}vh5!YGXVdSTj=UTtoDJwoLd(9!c#*D{=~LwLf8c$Iy~U)wuMAHlu?*;Zd4g4!z;! zHp|G!2tCM%kE7w0ikh1LEa6Qtgj22~`C9pArJjK6C?cEZ6(sFvyAh!bEg~~O9?w!brJ z_TDQ@8|(F+jTfHHnP50`s)g5&-K8uKWQvbco<^1HYf`%NOYh&+98}gJUes7Gqw-wm z05=!p9}^GVZ_wKkMK80ic69H5T}lZRCDXV()4$^2M^MV&KGcA8DAcSihR8~(g9#^7 zab3D8FWQFjf#~rrPQTFQ3J73ji17WuW!sF+S6**3!Z>Z4nsKEWD%!5mR3?Qu zzoVtz(0rN`tYlv|RvK418rQn6Nd43-J-$KTDPN4JK1#PUbG6c;_@Pnatx={ z@2&KqA3RJR-F7U54(8?UcL)KE$JV7CbtLDVmTj55tDy#xo8HgoAow3>7(Q`c056q! zR}B*H3z={viESH66TkuTb!Ibd5uW$gXxxZqVRDu|iB(A!t*i=1#;-l2VNBonMu*(? zxP&gr+t^zIVUS%s?FvR&SpmXL6?Ju^S7?O2X0;a6Xxuh8_^4f-v6Z62znG)AN!v7_7)=ikS4{ul8Ou`>_vvqf@|f;NIVYYtJV4g#fO0Va?r=uJZ0a zI>IsEs$~l(mhZ0O?tiZ{BS>wh0#-g`d^ez~s@kNTptxjvu5Pds2+H|LzVO|0g)(aI zdyH%H<0ABFPCr(j&(i&3nEe)&(GHuV8@irP5~Rq>r{N)oC-e~|bBDZ@^hC2amI5VM z2@KIHrx};Ouek!m$#)jDYUHWLn=iiyYVC5KxF%LPKUl)`b)mBy`~zh87zJvTeEUSF z9RaZp@O8cU+g3qaWcRZ!>?Y@-Guk}q>GyK&bE<@`g+37i3rO6%QBZU}rgO6;u+_kN zb3yC&WSJ1R##2|QwWhpMDfAL63cEMErG-RiUP?nCrNiU?=cyZhN^Es_QTx2iZsuzK zIJ9`zs7<{mC6HC3L&)#Q8NIzanYO;KH+&ItbG1irS8)~ClN)`#P|9@3u;E9BAE$ZO z2E)>JM=G7dmuk7;>_-due5{1Cv#Ru}4(>}y`pu;)JB1>u2}k@S`YV(KZJkRx0Twuy z6g-aDy&nsNd(am`Q`FD5g%=40n(h?8oPb@-(a3_n3!A4FhEzMzWEH1ikG>Mwj@)-U z2jlAhq;4_6-ux;AjTvh}zA98#U3K<&k1g0^CD=qU%~>tJo2AtIwvm%gV8DenV)-Kb zZ6Ui=Tz8sSprXE5bYynUZB@Sz4-J1_Go`5)vV8;#H3zLwA9Yj+k_zb_ z>7;O$E5qio*XJ`9mFv9aJYAei7kQL0e^y>9e)3p!a{6|6Wd~z8fH5%fM=l*kGFdo2 zcv>K#j2DO_Q>n@N7xK6L)l;SWDypiA_t&C2_5%YL5lNPJ-Z|JF|vyT1(Tm=!q=U-=4Tsh`L^1lS}h@idC+h1F}E`cDRue5 z@=4kuBP(K5h-L)10_=7z_}~n7OMM=vxG0KT&x`>l4fnd-C{)JbcYxg7o&*}8l|No= zamn>kWV_y!Pbbpr^-;l>eLq&o@J_lwSsl2}b2^Y(1NDvonvA(Od2hM$d0tSZ38rbn zHPLPFoan9&#JDA|jt@F>zNA#+L(+j(hkE+ByG*nj4eo2=MO<0_hO&>1FB{M zX%-}g>28v_yZ@(I)lc~DN;B)C$dmls+@8)#rbDEn)0qtC1P^sm;TLc-bG&y*p$8GR zyGwzXB30`%<%g44)VpPne24v#dV>1S)Y2uQYL~`AP}gjdci%Sl>RxG>Myox1n9@^e z$)UPYp2O@V&|22yXAcpv!7H%xZ}sEtB;+R;@1A0w-daKo?Zc)Nlt+gD8@V!`%JUSc z^TG{C@ie@f5Y!TPZ@rP%$Q53$a5^xcGSG3Y)Fmg^p2BB^{q7naNQ@?}2@EtkqS*C< zlJzsC%nyXuR!)d)77G7-n-@%u>!ZjzcvSh^u5B&}!sFXG^XjDs(0KTuDfy&R)3kj{ zvR&5uUf$lJksUZAr0ZeHA6T6Zk^34-0w;O$gnxJfBGp~`R#XVUve~Uk+RW{N-s-%` zG1>t3a9`=^|aaK zLa82AWsT-zG$CRSd<9R7_ZL8Z;>(o`Y&UEC!rf9Rmqg*C{hFq;3KLGNx$qaPp2JzF zi7c29vWe(HAxVb*^{J^nrt-w&j4OLy>7tkY-MlRcTSf{gb20_?It@ru`oVmb7kF3Z+F9o*qGu2dNaQ zW^X<9LCavMlYUxWe|v836y?5o^%uqrN%aZQvnOQ?OO(hh1O0H6B9zYRL-2T zGVE#2Uc(KU4ZmA!cSyS6i+j`lya!+06x6>^ER!U&vvj%G1X`>qJMegbr+PC5^=5C} zFZGga@Q&Tp%~J!N4&U65S{okX-x$*o5CtR2==q;X>RBDsJa zhh>O_ORLH7U<6J%YgJ@d%_GV|Wrec)>kHg)6Z3GR`W0J+Y-An`Zn^Y?Q|F=|NiEat(g`NTE2OV>qy5LA>N`6&d8dgU<^{ontb0fkweZQGLVY&&$tH zU_OcbNaxxKE;e{@Fb9ojQV9t+Pjl3Q9p3NOWrYSx%IN2=$Pw>e|7w-kZ&9$Z z!So`tf-H_i&>6rHBvLvf7@pcmzcUUX{?E~i=z^Tj`YbaBdId`4x%7W@9%|9QRF$3K7CQfK|i8vRdw{VxdM|BH?Pt>M2{ zRf_DUQiMzhTV06!5n6&Yh&qg}o$DtDU<6}cLhQmXeRmEgClt5@6EXT92#?GJ_~U!R z_W|c8q*=KTROE#)FjaW7Sq@m`vCPNb3K`Q9UImIW6}VpB3*F7z7GXabf+-J@w@y}8 zS@j6nQnLG%+x2}A@imnJEF0J*+WmnHsdoiZ>iW`5_ISxmlEE8F#o~7zkVb*3JHndn zi1qRiAVNQbM=mZj6ch3`<(bo~rN?P#jNLbmilgZ01@SI?KZ4UndGC%NG_S~P0_=F? z$ws98jS4UrnNZ^bo41B!ianr&c+?N%(`^!HPg@wiqHVE#IIYY}mUVK_^X%K9zC>v% zt$#*jmN4Uw{7E>bhM)<7viiI=2e3}`!K<`HdQ%mdPgCMtX`!^L3yZD}BVsBKjAwh> z+oY);p-HH5sXEKZ*mM$wH0Rr`4eCvKf6dN;{^`|6? zqMiE7gQ(;$^Es%WaFsukV6yD!xb^}3y|gsl9D;}3lLpe1SiwRTD%U`po}v(3A( zcB$A(SreI$#i`R>^QIH0b9P*{+|K&TamvB*)BUwx0_XGf3dG9l)vl}Vv~EVTE^2Jh zmz^U&%x%gVn<6eUF(>r9lu2{UiQ{f?UL)>Z6r}?q3?Nc640T+mNp53xbZ-WBKMfe1 z-94(|XWpvtM%`I*0jPIO1{~Otcg+ob)g-i|OZP*^MeW+X%ghvPJzj#`heGZz)XxqU zo)p170BE=rv>^|v(_jv!-7~sOt&YOyUs3~=@|s-A42Sa}wZC?=%MN%=Oh{dYZkaLL zOLHD9?-OfJzuh!OJ6I#Jv)TgtY@AU%6mnN z_*F(BvlA_Zl*tlp|3p|Z~?adMC$ccUAgaQV)VpS06cw6!N~1J zSVv;{C;;LWv2@rCJ^7-!ixT>~we%t4n{>*MZd_9kke$wNX-TaUu6QjBLg#ncI_d94 z?MmDEBpdAOr3bud=oM3~$8kJv%wbs?R0iqX8uyp{ACQCEwa!HD{D^Zx9!L-x#3?1v zK>t->qYkNNZPS!q;gU^%zAiL1=gY3n?q@1Jo05<7<=5-ZtqTa97xr@IckUMl&or3Q zNC3q;xFa(|%4`Kn&@|C{2^qfetxb+)p`;Fo&W9T_cI3Y;7AMt6K;<6e%if`Q zYfc(9=mC!@G)M(Ij?AFqVd3Myf3^b3!@GCl+Q)~t>0FBx<=zT6S6?J(v=<7*rE<@B z-Nu~E>IDfcl$*$89)RjEXD%OfwKdfnQL&Y2!p1-AW2X#u_I-$u6Nt}{it7Z2Lis~W zO#h9#w~UIaZ~KN-6ch=OZUt%SZUyP?ZfS<@R0(NBKpLb`O1ev8=y2$v8wMC)=zR9* zd0zEg_q*;7?|RpI{lIcy_RQ=(d;gE)SI4%S6ZlNRVI&XfWTROsju=X3MKx}F7pYr& z3|fKG=~gH&e0!al>hNw@WI5tHW0jo1XiH(zm2-gy&Gn-UUua0a^_F$7+17P#|eOXjw|vcYI$wIcKXM@P7M+2cB&uVXhvyP1buVkNQT(S>X~X@A+bih z#%C5+3u;b>YDEb_GILkk%)Un@AqMrKYHp8h}|#+}*aue>iE-R|#KI4<(k8L;IN;uzYzj=Nvn#tL+I`8KhKCJX zwm0;?ybEB1og67^9s0(zIesp81H6}u}Ij6IeC+|8EHF#eN^Aw^G%Fs*J`qXVBCH>Ot_YQL~9E z)m04ps_*Abc&~$NXjCclBTMVq9p^U}Q!lQZN;_(n+;l<3as!$ozqmcA-oRWs{p10j z!+X*YUC>ah;qw9q4shriWCN10-OZf_yXnr4ml9~7TlEdT2E0iVnpA0pGKpC~=fhmF zOekJz*7377rwsm55H~*;NEhQzXu5ELi{dKVsF(N=@s3)|5%Jkl zPnr|%#|v{7E48?HR+fz4?(AIH-^L-8o`jP@Za`PVD(r0Z7sl zHf_{+css>9Yudgz4*KIUkqa-uyTbTIFafy$7n-;)uIuc#1&h4(_8l)mhA*B%xD<=` z(&)VG9!2WJgG&w0@dkc*Qbj{x$N3pBUWI+nV(q~hPmppkDuJK8qTiglid>@t?tnQ$ zTbJwI&WH4!3{i9g-k;EF&u25WHQrd?!%Xa!lJ(%r%)3|wJ}^e2!$%&h%wme(-SDY$ z)jJ~RZw*SI7c~dFYLi}i?7lpyJRoC8z9{=07)MxNUzZS{T&%&TU>*c^la96DLrnQG zJaqBe3{DJ`0vGDxg_*>bxGy98f|*)UDFBCV4p>50iV6&FypHOtCPk*10vMH0rGT&4%f3YWqN z=5O&qc!3CVzhlIyv8dkJ>t6Ij^OSYXjPn336%7rS91MOXXT1eNr+TX9&~MaZ2%`qHu3!88bl3E4J&n6PX?&a;$M!9McGyTom=;N!icr< z1_Yu4OG)|CNj>)_{0AoNlJeh!b6j9XlzEN|yghm82h)wGwk&mvVmx+JKfk`71kbv6 zgfPFL%^03Cqf$`Yw7q3d9)KVsx3bTS%wwbf^WF!c?@*{9LA24i;Sn z$^n)S{6&AT>3OZ$OHN-(DK-q0)Kiz}Z;b$iPvzAbowIj^yZvl<)aPMFW?WYUVDY5< zaa40PtNiMm#+fL45_OF&6T+mVccrXLaJjwJQ7LZ(=8E<0w3*#Wop@~Eui zn;W-o44N{%kjD7ygCEw_$L(**zPIh37!x(rvS3rh7((b2P}F^)Gk84e(xmwI9{94D zqVJQ=hpygiBj7e+E`PYrniNvwJ;=W(+3C!hjjS)*2|9ZOYS~b4tD`EEwO*Cxnt&QMa9p{YEiJ0KsrEg zF1cRZQ0V7d16M=oS6k{idu(&__ip#;T+3^C6)F{v!4SHIR5vd#ek`z4Krtf|Q<&?Z zxp?OwuOUDSh$^<=!`j>v5)!-?;!VN5r&&2HE5_G7?*c0-;3Yg50bdwUL{_TlTvinr z6rr_xgmQGi_cdD|5YaFP{G?_-xcch1{Syc!p+4K_nq+%6euM>+HuS}_IQBuOxV8;~ zCtrtLOYCm_>i5}Q-jquEY+vH(EhJ3L^(^7%Pk6SW_e$e=WSRp*t|)Kx(M{HACNZxu z3MDfq%H%N0FKH$jDogB3H7TbUkJfqY1!C8kT8p*0)&AR3i8)8?I0xl8PEp_!*L$W-0$Cg(e&0<3$oe(t6LhP&K~QNAEm-@d*U%fXb>W+uh`PTb*xQK`&}VKLvM(E_1^P8WcaftKkY z{K-T=ZZ&7oEu!Lr&VA=i@g94umYaD?p-0>Sj1iP?N3DBdO-tT^lV4n^E&~@+9ppIy z;d<%9WWp_|W^Lh@SNW-P_y>tuL%z5rCHpR}#DlHw6wZf2$_{hp2!lBI+5?LZ+Is3eX2|mnZSQ-2eBW|-L&{&8lA7(}3R{f!Lyk9{ zG-b2gVA9(+4!yCH)lV#i{_vHu6H&5Z*?iS;nhYu2wz6VkD=7)2kj^DXQ=*3AkTI3T zvZoT27K4{Nv&p2FxW)NS^IjV|OomDG2{*E{_PhY81^$bD>+A2g{*}v45d&~o_)(<1 z-4>N9hK75$j#=^9GOgd5F8QvUdT>`6B~(=_P9=E(T2fs--YjLLSjT0@T@bi-6B0CD z(9)_H?j4my^4i3|sos!52~uk zYM}~ZADV~!9{Lr-Bxj-CLIUnSV%ntQE2NwjdyFL9HbD^L=BDs)S%9d_-hssZljKV~ zJH8eR6{xgUK-!EmPM|$H4ejJX2H0(b5QPr#)N<_T?p6h zF}MZ$(fgQ^>qmmjpjx_-+tJfxAl^4e+p@+APOLh6st)s7Gt!vkVzx6E`GNU9tVES@ z-E7c@@M2TTgRKOj>d(H)UXvoZ@4glD{SFW!#{QZo+tuu}Lz^IEA2 zy9Mkv&7(<*vO>ya(c%tfWc}gr{xT`Qchl?q?X-pSxq*XZQ>V>1YWrO$g&g3}PK5Vqd z&lPP&$G96pOctH%sWQ;9<|Loygpi^<@0=D#I-U8#a;2V9KMx9xxk>`4KY(^ZvSLma zs>HZSoR&4W3-L?4+qJ$4?VbF%y`lTN`x6WK`*H5aI*A&FR?U926Guu6_(yfGSM*~1 zgpw<^1t$Pc(ghx9N9@v*@xoVNIMKx`Iy8r8?1kbPw*Q6_)=%)V?PZR6Hz_ zA+K{x4r_>ZyY8w4{Q8dpV7`Ue5;RgAZXorK{%z?lm`l|Y^!HY?1-8}_@ksD#9cf&@ zq)q5E{<%}0dsq4Ac0oSEkbQpRqqFCr2`Y9A**j|642z4#t~v!xiVhI>MM|rmCAI7o5VcKwrMqo2S~#Y@Ifu^!ha6O{%025VLG`c|YDVrMc<2 zH1}BCtPW!_W1-9v7k{e!@P1-ov8)AvNsVDO9JgW;GZ)x}?EnM;SWLFFM5&q(BP;Me12%gd{_7P7)W~C>F1K_#i=!GJXzlVVR9uUXG3gGMBih6II22`V zJa0%4%1gU;q~-8~u96dhgmCWe*cA%qjDsV%YX&v<_Jjk{BERe^C!hwAQG4+6s^(q{ zov%jDa8P-b&MAiuB}I3WFW$7ryx0&f+)-o) zHSvd#3ky^skOMEpq9ntLhjj4~9bVeN+*8MSSqc0Nc(RiqHr!FD23qQk6F$I~e zy>=w>S@?tGAkP-_zgn%GYl66ZDEc`U@>Nb=MK@h(&0p7~^Q*WTh?8ZKeINmjQcthJShP;+J zU&S{4OOF{D^WNw(v64XnjO`F#S+RCNpq$j(*z{}L($;-3-GV8Akd&G(FCj`S653=rYI6@s)IyNUDq7;x z((a+d1O*IA!{323>R=&9NzmZ#Tm?bLdd6nA1T_N#a#s?gZyoF_YkKGCH@7*y7qMj- z`smVGpzq=QA+cuUKE57ytl6dxI5cEyJo+45aULb@tV7LTMN~gsqG=x}r9^0)9vy>T|R`l|7fu%loP%wj4Q#`6M zT|JN&uH9ixqm9kyk7?TFHif zX$micxQ7{$_n3Rg7s8~-q=@gts_~;6O zQF{4u{&790>>SRz3bRW?&Ezn)pwvCBAMcM2oKAfr$fl8QTBi&4NM_##EPJw3+@B7b zbF%)gAOG^MKBhP-`+7Ng&l&sd7avSPbP-2Zr?p_uRe-_poYqzjI#Sw9byf_29!-JC zz`N)`lgGU2F7wpf9Q@mCaCy0z@6pBK%gw6k<%Z)hR}CVhh|}iXO35cCU^R-=tv=aH znvakRJh6E_gAcl6<$;K)KeDEYYzo>WigR<73)@fv5#wB+nXhJToGfZd}$ze+KatE z`)YrV=u?p?%@CStyjJ4D*cX(PURPSCVWGCQhg@NdmF9VsXRDG|La)7^wm;#G4&=QUFx}`0T-~ zbZ%@~8Xg`i1gV1pZDVDqp8&k+tq=uDZxh+3L?MPE)IC-`B~yytyQL4gyl}LG&A?q0#IH^o02wVb?htlsB1m=E$y}LvhQCNiEB>g@+e6UD~2%#NV2vcf%(> zHcS{m-Luy84od3x*w{`+O?OD+r2Q)F@l;-4j?wT`kCQXlkAmy>*kd$3Hk%?XZzQ%I zjEezXw%%b=dxA&AZTB*4g4jCJwn$J_$ZXtAU^sTu<#~(0+%JZ|L^-~}IK}$dKa<}6 zXG1))`%Tl8HD_}g!t?)CYI6F`CzbYd))@8#So)INwRQNY9*564b1 z*-yI=ibpIELdpd8_tVYJ^#Sc)3RlQ%?SoFcc_M;zcn|HtG}Wb-)jnXKhx~f z<)~9=soj~YBJp)mo(4@c%Uf9R$n9u-S~nnuaM>ovS57O|MUwEp9QI9}BQu-ppB8Ft zz{^t~LF66B=bL}Zs?vq2%N|^ptLj!;JNS+IX3keJjBkz?pa2$BS*4uS z%~SfkE~1Sd7iwptrWK1}GoAP(aCppbfY7M}r_c0{{|MOvx`;pJTI`$1k>Y>01-)7d zRO5mr@l7R{^h_?w2NGE4%s!vz=LPf`q7S#gEfp^GU%5eQ+z!(d{)z>GC`A)z0do9x zzHVaXV{A?WOziAVTJb=aU|^e?vuk;cE^AyY27O9Vw3v%v1Ix0mY*4dwZ@DgB<~{${ zZeZ=)wARcA2j3@xeu-WR%d2ooPx?`bX|&SUK&XfE%nCY3e6~{A#A-kqw)Ix-clRne z26OOy+1Gbg(?XNy4vYi7)9GF@vQie(^b2m3U1rA!A7ISg=GgLU-L8n!{PgE zZh*BA5;|%@z3tDVw^K7lzyx`@9>@=w;yJ4oI@MP)Yz+|62r!A_Mum^GMZ^3 zuC@IuX(RvIceC$;gjIKJB9Lb*Rhcp{X42~4YH2;1Jkam_ds*JaI-grFStYD`R-&Z` zGr7Qb71e#Uch~6RZW8L<809|3%gxbG*V$F2B7F}DfU~R9MlM%7n6^!^AZ|Iqp`xY= zb5~$W`iHHuY9B=+?nc+#<{q;WgONf0vCs6~r$!P?}p@rGVR6H^14X{5_)JC&Qyuoc|HTH#B)XJ@BI?OirX6BNE4n)JP*puw@&jgMoFegI^gGbpI(XZpq3=`$b1SW%SRVKQsJgk+OS1L$lIPs?TB@paA($^VoOiU~_8M z9e6gof))3s;a;;Z;qcHIuSCewg5qQpE~8m1828hTHDC)PYn+obH>Uxr_l>g{l+3ja zb9#8!JuWFp-B$0OnK`ob_4djDP9W%R_Zp)V1h2QZH;Hz$0WEbfx_|BAwnx=%OqrrY zj%1Y8OcgQyJdCLXtN{2+_Kk{2KxsLHQ6nvX*Zcq|;N-#x_sXqdd;q*=d;&k4*k}Le zZ?5cgago-Tf^#|@c>1r2sAm%lzeae0UAgK_hL1I<_O+&$VJz@u4NLjxBN7CSOR}$n z1N?RYZ{MvuovviA$g9EX6ku^@V8EVLf>afP!tjdPdb}XWK>vp1!!7D&ZXx{*#fNP45)S z^ZR<^Dvv$`_J+9Z2K})Pp>MoQIjY(8oy5gWYt>g}h;&bq+I!4*)pY1y#aq8y>Na!> zqTIa}9F(1q`GNH4m_Sm-e3E}B;W8X48m*pY(3YG_+`io-j_({dC_x#tTu?v!C51IV zo77ewL3>wv88{%zLA~7RVre-?-OR=KL$oDc7Oryhb&WKW`ud38laz?m{q8wt=iWb)Zypv^a$6XVXZl~G zI{q!w55#;{XUzKn@(I_wj5MC$A!U^P{C%vj(EM+5iiF9*3DfG)EGPY=cMC5C`etLu zh-isu2d;bC9SC%IpUeS&sJd^PNpCkN_(vzFGdD*XFxulBpd(zEq$DZAS2lq0d(;i+ zcEd_xN%_PyTQ6*gfivKDr`7#EuECfws;H5tooi_=hTH_&bXAT5>70?Yz7d2{Q^2kEJJ|0LUR^Wv%hWbLQRL{`&NZS7PqVh>h>ZuljS`A|Ol zPNVG$CHvA&i^d0n1r1N$;Oed z@cZ|0Rp281!@4zFNKFPVt>?uQL$+BXt=m^$%UGdvJ%~f2IrvEgvp-H0aelW{a}xHG zO96lzKv6mzE?EN9ZXLXj*5)>!1&wU$_83@gE0;ED;aPB;hYy zcVxA%$6V)`x-b8UfgIlsLgWK#iQbJZsd-vC${C}T-P+&P8<>yuHl_cVnbF=TaX+!q z46RX2^Yv9gzh37xg7*?ejr~j40idqoDrBI{cZc$oiM8_yRsL2OiFaq?y3QXHW_6>A z_>@D>jClL+DcGo3z)EW2Byw9K_nIJ zQ{~wWX@z)2j}_{*1|zRb2=kV_0-XZ>k9{b*P{zJSln8G3FC@P5^CUtXs=QtBdd#oX z)bTp+2jp`*NCbdFAobzVw{z~C#PC5grY#Io{hx;e^>)0NeagTU;SHoY-_aH751Uha zEj#l)Q7-V)AxIWfC30ODCZ6|y%oNVOQa+fP|FpL4JddyOc}(+9C~**Tyjw`3Ze6W^l|FI>l&R4;3WeOc)<;5+4aLjoQ! z3r&E;mNg(D%oeNc0ktC-vJF2sT#8%3(NF?NVYQ;%Dtk1+sntPbK`F#7`u@;{6?=>& zMHnviBoNu(KK;7foGW`ugrg~XG4fw<+$ALS|3&6lEBYRk*wAoLiG@F1BPpqlNxyE+ zUjP47>X_S|`~MHjF;K$3st=k0?FHBJcc_ILd+p<>M^>8+rzIm}9sUGkTxMXVl>I5F z^0yAp)vWfadp&xcC;`+K#kQnI9V?QPn6|sp0F<=xUss25zTf!xh0Q~kK&mPua;QPX zYGDc#C8Si-$$tA`#ri(Yem*hZkY+KcW)q~$c%m&ymU+2R$xZFPkOO9J5isjgfVo)4 zH&74c=&rkh$}%b4qwkj*qin6L?41(uSM(z}^&>MPy)#$xS-w5GpoQXwgsTq(xyLpz z;Z390r#TN+DfaW6CQ|*|sN*aAZRfUJRhteKCce~U8Td%->nwW%Dv zegSwp)HK}z!I%7#bP|px!ZbmP@Bqo7EwP8W#g$s8m>e8-6>8YRqqmytxU9+uat%gN z-?{VNCdtJR{Mh{(wmTBwWui-voIEX5!AF@F-5IJNv|?+T(voq%c*q95Q6ccN>PcN1 zAM2jvDZO7wztFe-tD*=iP$uf-JXOcD z6NX}pZc%vi!B=B`Y=V!ac6gOGy}AtwCtn&}EZd?UclrKsWuBuGZF50s_b_`^8lJ#M z8LDDv@N^%=X`CGH-tIIn>)%d3ORywK1zS&C^h{pAtLdlSw&Ec)m?lVdyhSgi8)H6{ z_V~T(#L)FSu{qs#H@?2&Rq%cKa1v6$v*zgA>|7If8v*q?nZ}_bLhSo9nO|tJD8%8~ zWa7ivZ;-NH5oYX$-hQ~PqhLV5t1NPX6qTqq2E8r^#3k$mg_%-c#1X&WPcN`jiqvPUcuJc~KoaLMBXVVngKTz0v&Wyr3 zgGh2;PhV*FaXPjv5?0Sr+5+waQ&ZJ3r!cMsdB{UXR!3j`QfDrO@o(_=x0FihDftrQ zW(t*n+ah*5nrv9wh5JV-P|fZ~gA6YHO3VK^57M4zS|x}438R5T)o)FxFvnP&`RVj{MPD_OxG~iT>>U<04oJGjvSVpP3U_N5nWob zpG3*zisQgB(Rj6+EBdENQbmHUhTWXERL8t*6Dj#!v%Ib^ZAmj5POjg; zBDuPeTysYGwm|xZ^ilm2qgI-&_`f=_v~`(+S!tkg1>g%w+TRHFZy@>?&kQti=+6}a zr7(%l5?$1K^2g;^vjT3f@-`aG473(hQ$E}|J&??q%FqGLibwbMZHO`wk0&LH3CW-o z3sn<;|kZvm~^Ct#P_ z0q1mhf$Rj={WbJ2nZ6u;o<(NplGGl^idJkSkaA=1H03Wf;oGy+F3f*~Y{vEm3+Y0f z&$fu0w0yJ8$ErYA2(vo8IFlrCKpS%G#x{Z8v`% zdethkt2YSQ@p`?+I?!*Xvo3laW3*t8m?R{T%HslBror+&`Ro1yvN2N!LXtoxP(84> zwhO0VS?lrq=3^R!pEo35Jx41Oi$1T8Q8?;z&O%N+fmtN=@Z&rVBA&XSwd85})SAeW z!W4F()p{x0)NzS#82uL+u=~HEps&KB5@z52x8CLdfrHk<3GCORQ{2RlCzyD&B%TYtX%Lc3l}PA z=6yf@Y;7Cl46PRawF->?mR=&$u%!2vkMh?q8I4`5MAg3N-7fkB3bV+Z!3b(Hrsl}Z zm^z{Y$ou0W{x_jg#!b}YPJG2=&pWrokpurog7!*(t{fPrH1K|_c#2IbrE}XCQOs`z z+Hel0wfH9k-JzR~$oLwiTw_tv;&uA?O7Chn0-)8DZj$fhN1G5?k+9E@ouxwW$CpW2 zn;D-2I`p{>phLGy5AcyRkamoePn&`Txlq4m!R{Y3|5(_&=EsYV&H>q=GBBJM>(pVQ zVm+tfPN!H!cxPdal_=)f{TC&iokBC!uBPW&Yx_>oEk_iHcOt%0!Z2Jcjpq-GtNY1a zg7nVJ+?5%NFp^!y<$EJz{kXy4^BchNk2G+)H;UVbPyeMeS5xHwqgQyQd5FLNFt4~G zh5~b%RTj3L6KPxy)sJ({usYAm29Iv15^n(AK&V?_YbjxDqQftj*%<5e*1+qG>zy74 znX+43%yU8dF}HXDqTi=l2b-fnI$oJ?Ty-AEig4+3gy)3=5iORKBR?=k`hi#|E^@?T zD5_&TbqScmawzx}gYAa@t5_4`lz*$tl~VSvM2u5V^$1w=*JYLd2vL*9ky{DE2BppRMq06v;&RegvFS>Z<>-L)|SaDyG; ze68S>-{Yp(9xhCDY_hC1x5RQphw1G~e;KTOsFuJ>>%G}Hv6rDXucem*IwMkZ<}R9v zo#AqkSQV)GOraU=1}dBrXlCWbe{>M23fyPPNwrLDt}vb+{rMG_!b%h3^MNM@Ag$g} zEWoXWV!jd+y9boli39Q9vMdl6?gh#&py^K8@c?!DVC@l0Vs&f2^=s$@k(0lRaT0A6 zi7V@=VM~Oi@^B zD;qvTyTJEg;_jQ5bo~6W6&z9{Yxl%Lr~ZXz&THb0N}7kqz1SHv1d_qd1W6-jHHd^I zDDBa?Rg7&53mRN@#^`KvQc)gq)B;LkBGoD3UkYEvgpo zWVJvQ|83~>KN;qKZ1{I!|C@MG zeAEcsyel@%S47z7B;REtqJHtiHwd^}F9o zYxh3d>{@K^Ftz{7ZpzgD6u9L@kbh0_#XBO0A6-6 z)8+FU(2D~g`0A9sngUE8QR(gF?tPmh$>z2lh(Y2ioRXhqO%jM|Fg*4R`&VIX^)>J& z(uyLYHeRw(rZ;={kVCYV&Nbv^5|e=Ws7R{7MR7Qz`L1oS%i-#QN^Po;myqJd>Fdik ziURG5IKk-^Nus)sz2`$hED~{ zQqo$Ci(bD8EA;0>GA)f`ev^*f%h2vxB`#Xpi&8orbx$-UNx{sF8@3`3!XG{!cN;xg z`{@75y-w!l+Z-|N815?Qi`P(=#NWnWU!50S4FiYpw$>`e@9@x3Z-q#5LDJ3|sSR z=j5B}SA1HA=TGF`GHd+BH)lkXGd(D79J5_Pe%66p+`#YOdA*D+p0DhY2cv5Tk8w2o z3Ok8Rsf`^LU1-Y}JuMI~u&+z>9SE^SWtU|zei10hvc5($UI>^#jmGBmEZAY1_FZev zck(d`fpK{2t9|~!x8-x{Klp%9zb6D!kBDpYA_;oYB47=lFI%CXelv;5NZ9&wnZ4{_ zyU-4fKvzJS>WRC)ZEKasRR(6}i^_;G+~noTA8WVd>vlz8wvp=o_CqF_xho@{!lL>HNAid{dt@5#%bQt4V5V=f zls~FksEfYeHAa5EH6Zh;8SZuNo@k>H<&9QZ;{wKAAo8C@R zkqc_}0dbK^KOaSXrnDBpVa$%gV=o2B{+!XYxIY#)W1$r@`FLhJG=bV>^ou6 zr8_GCJTS08Svmf#S^d58{Oba8_P*-!k=nZa65Xy%hALxV*z@6Z#$$t1?CC_#uCUI+ ztQDIC(b&j$nU=!j>#vRZvp_qXPCPE_0~USz?(}&dC^BWrl5v@N*(fY8U@Q|;-QlCt z&P_-@TZ}6-+OKrcs$IqVc&p8)>#`Y5F_;`Pbq*_S20mE~ZwTmVN#l3;;TEIP0p|Wl zqt^N}?1T52MA3zfgYkby5ykO`0R_8TH!1uF&MxL+#Uq zj!OoAArNBXAOS_a`~ErxL_0Z$-M4RL_7agb>k3ikcnUmAg9G44hpN|#diXcz+=QA#zmlS_BocI7-u>NU{bQ9igclKQ5P_k`%lH8wsuy zsf}lmb5nJ-slfbGCccQ=day@_MN(eGr z0XBzsO%?2YHOPptrKId%vo#DF`i7G4Frcr0s?B^5?V~6~`M3xJ|Cmp$mM;X$SHb85c!H$g3So0S z8FoZWLRM+zQeAT*xGWTH`~7B;2I*f^xs|cB5wNBaOx8H2(d~s`>>{ubtz0NE`&V!) zhLV{osc$G&zu^dVo)VfS8U5<_BQ9B4k#-BgPPzcEcsCxwPu)E`sr84~4|Z7S%^fc^ z3QLSe*tvs$eNf_m+xYoWpqzFFf8uWbYn>5UO#m~cj?())lQO(vg722JS=a`qf2k5W zp;AjE`GpA<8;q@B2x*HRH)b>g+5ia-ZdRsDbWL$h^nOH~O#&~IcWJ_~&> zDk@g1#9elfQaB`{2#h>kFHe}d)X`<5UlZrxOw93)rm~%V!%;J28DTAH*B`#T*lY&Q zrU``l%3G{M3o~+h8wPC>%XWBRhO{n&CM;y0tfyJ@<TN=}=zEr0Qz9pJfato9RFi&vW+2nMI>eBbPLxLI$=0%AMxdzb(#< zk++Sp9bWao&=q?_5$opCH^KVi9>!2CSs(q^A*x4P<0)4$i091d>f_Pw40$_KhLI*j zbq!Hef`V~7J9=BMZD*{NNU7X3ix1fJvTrD>ZJ{)UNFW^xt5~2E9F7P9spP^w`H1^>@@673fl@o(m*ocNFewvWEuvGY=N3Tpu3jJ75~ zw5M6ykzVO#_>|K97Qya)riE~o)RL=#*)Z&QU=AUB-E6LQJi$>p#Q|#)6Q08z{OLSZ zBCY7QC{~*Suh%4=7TG1riGM>WzUk+xnbU@>lRfxX{}$?)KO&+`5tzk>_uKU4EnYbt z+DNW6oHEm!1?4MAUJx79VE~HV#E6=*Td-$QO zh)v&QP8ItPUz83u?wv zBF&rSu*|oXqLP}LJk!%L2PdU+TM1boM9g8{&%MrRg~8WJ6X$|c@af^`t1m|vtrMSG z1F1S*w3oh?Veruh=Bat)G@crlz=C&rc&+D{9w6;ldT43|5SfEMULC!e5cgeMr4e~} zc;MQ9SjI{l%c1Jpr12czcGov%`rI4mh(f|TaAqy?YCao{e5f)6H9uPT%SKj|mLsJ% z^1ZtD@W@b~Bu_D~7z8P`BK;w8wfj)|nkqU_l{Unr69@5c#Qi6qw#b<;i@aUhf+d31$nm<&VSSIq2*Z8XeVWnj`Ft2Aen7MwuB$S+d$Wa1%+2P2*NapEt( zZj=Gy`^rCO>g5xNW}Pk%2`0fLfv2;MW38guFiZKk{< z#sACurOUeh!}tpKJv2PxkZKO{EarMfN1D-4oCs})^}j9bmtCQd-Y+;JWk`$Mej497 zk7TA^{dQ-~W4PWb|DI2?q|dc(kz4t8q!4R7dZyZYrmHMaNfoW3@W4zLv- zy3d0|x9n!B9s&M1sKKt10Pa%~lUiGKjd~e*`P|=zg)FC)ZZ6PFBs$zp?hkj655(9# z%O-#E0p4(VT-P~(%LlJHFCJ{V-fZFR!RsS7EN(vf+4IU;zo4T70Hu9x>Y+1X2##lZ zo+M&@up9~kX3he>cHk`zYacv&{u~%)_69B+z0^z~F98w<6os2ZK*G2}b5no-Bt*1M zO^3;xILV9!qd=FzRp$ zNJ-D&5D6+&N<_XdO$B=X?x|rC(HL->eeDpoK)R+;cGnw*4;R3UC#r5Lu5M&tat?a> zMjlrevmw!kb)l=0^F|?71-D=%sY|chKZb6*3HV&$0{&U|E-67T&8pcaX3?X}nt;&F zvl+6}!7lAGBM4W{1To0)jW>Cqq^hdw7|(e(!$ewXA$`H{*~VryLS@}=554gP?I8^E z0?1nebJdQcm%_T(_q_+(HmI8|R)h^DQj4;7v4s^Uf)#A3kcjz6NvK3=+oE%WO94T- zp8(tp&eZRbO)hvMwe}Icd?jWFrB^7aUIK8M{bpL=)%Ne9PY(p-07J;`Ly+7ePYcJr z1!ENGB9yMGsqKa_Z(Ezk#0g+k^5Sa^ISYkjw<9$bn|4F>6+P3dcP-~IvZ?HGOPH&> zsH$4CV$}X{tnzJR?CY^q7J&tOAksx(O|?yNy(5j zf=YE~*;)eB{lK$RLV46=-faeXAHe*F2*AE5ymIzd5E_>#r zibOz#fQQ9uzKNJePizeT#dAtu5?=c^akL88l%Dsrw3Rf7myZPOfv5iIO{{-;lFF}cP8A>T-K?i@-=nI18ju_!@i+a=uF^VwN%%>s5gM&D7xu9Vg?w} z>;KsUHX#MPSTgp8Y=xHqCEXfR9FpSsr+pClY4~9D$fjTIOr~+a^*EU?mEXmJ)7-OB zZ6-t;Bw%3XW)X>a!(nrtf9qL`E7nPi)b!tIf6n@mV^Rry-v)oXBQB}S05kM{f7()X zw2V-hecrBrxlsVM z2S^nDQ`9KLpdC25v622AUF0vWN`cE(`J0=}ah)M7b}$S*r+TuEW0+4KW6@m~^&1oNjO z4S>reB$-LI?(#g9Z-4YTD&{s09`uJ_b|=R#9wdS|>H+R^4!^VOfA|o)TDSN5F_r{b z$3DkICG{=|3$~TzCM#!fj1hEZLn`uYtUhzJ`|B}JMuyX;tjdqSbsjxDp|a@W^G_Xt zKF-L%q*fYmv?tu*_ywFMCx3?%K6XikRtC=k4spI+>zUUg=lwawmDBIJBrO(@ImI3o z^nXbmsvQxF5?ofi@9MYFxwfF#wo_VM{kM==+=O zVaW!JemT+Ao5_p+d}_ijEAg#z6CK%^^IB43NpYVrL#Mc%rLBe?|6~v992aFj?t=$E);Idn2L?Qjv-?7B5;CM#{kQ%-oI`z1QqFXg7tZGk1i|_{H^gnd6Em84Xd^}M~Iv_k8ljS-m_pBgsFK5xs-qp$BK9}B-)1%^XrWwE&dqdTIl zw{haEfexJMLcZg&^8c)a<*Vifnb_|PY*Jb~{>!bdQ`zGnN~&CjfB5fhW~*Czg0OGk2sYRswoY^(o0C_5&z zAGGeo>*mKJ>htQfT;C=?nBUyUxk=1`-A3@a!-5Zm8yG+R-RN{gsT?>{_G+RMO0(A7 zFz{40cU!&c8`PGo+_&Id;K3ls`xU!(#rsZ5tJ;5McgJB>-3(AWczZB-TY}fzc8jVl zteJanRS7@Wej%6M-~4+Ea52k-qCT++)e05Sm%rTY6Pod5M&Y$o7Q0XH!mD+FYh>mc zE`IoSP5q%4hAAsvB){mtESmec+xNwf(hWyV?H3&fdghop+rvlmnJ*r9d{-o{BnH}e zcm=VSkLAsslj}5QOCDpii`X^o-DLR(I~yPDzo=r+8Y7v2NZE36c3+B^8TYEr-{&;fN_U0T3K-Lw33;7*DIy)FkIKL>3W?0WL##%E>V z{)5}+D~>6I@%W;)(FAMvI2|{&wCvnu)cz-AwZ&u8BX?heawu?(-J&Vq1^_krA3QR!zto4)P4Vt)Vg#8ds(o*l?t{I|Y> zX?67*e|yq-lx)}itWs|P ztpVcx|LayKa69yE;gxHjKYCxo?P&#Sq;M!c`m^E6jzVSN0TQqLkIeN;Z^?E89b4xD zTFei;7rAm-W>9G8+r38)@9p1-r}roMXmdKI;Vst0E*AI)Bpeg From 61a9f9d37a566d5e03e8e218bbc94f7d7631117b Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 27 Aug 2023 01:49:42 +0000 Subject: [PATCH 38/78] v115.1 (#1703) The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. This will better align ESR115 users' defaults with AF moving forward --- user.js | 81 +++++++++++++++++++++++++-------------------------------- 1 file changed, 35 insertions(+), 46 deletions(-) diff --git a/user.js b/user.js index 5ed7c08..ebb40a6 100644 --- a/user.js +++ b/user.js @@ -1,6 +1,6 @@ /****** * name: arkenfox user.js -* date: 26 July 2023 +* date: 27 August 2023 * version: 115 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -18,7 +18,6 @@ * Some site breakage and unintended consequences will happen. Everyone's experience will differ e.g. some user data is erased on exit (section 2800), change this to suit your needs * While not 100% definitive, search for "[SETUP" tags - e.g. third party images/videos not loading on some sites? check 1601 5. Some tag info [SETUP-SECURITY] it's one item, read it [SETUP-WEB] can cause some websites to break @@ -42,13 +41,13 @@ 0300: QUIETER FOX 0400: SAFE BROWSING 0600: BLOCK IMPLICIT OUTBOUND - 0700: DNS / DoH / PROXY / SOCKS / IPv6 + 0700: DNS / DoH / PROXY / SOCKS 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS 1000: DISK AVOIDANCE 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) 1400: FONTS - 1600: HEADERS / REFERERS + 1600: REFERERS 1700: CONTAINERS 2000: PLUGINS / MEDIA / WEBRTC 2400: DOM (DOCUMENT OBJECT MODEL) @@ -255,20 +254,8 @@ user_pref("browser.places.speculativeConnect.enabled", false); * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ // user_pref("browser.send_pings", false); // [DEFAULT: false] -/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS / IPv6 ***/ +/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS ***/ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); -/* 0701: disable IPv6 - * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming - * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 - * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause - * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6 - * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an - * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, - * then this won't make much difference. If you are masking your IP, then it can only help. - * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" - * [TEST] https://ipleak.org/ - * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ -user_pref("network.dns.disableIPv6", true); /* 0702: set the proxy server to do any DNS lookups when using SOCKS * e.g. in Tor, this stops your local DNS server from knowing your Tor destination * as a remote Tor node will handle the DNS request @@ -308,13 +295,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); -/* 0801: disable location bar using search - * Don't leak URL typos to a search engine, give an error message instead - * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" - * [NOTE] This does not affect explicit user action such as using search buttons in the - * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) - * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/ -user_pref("keyword.enabled", false); /* 0802: disable location bar domain guessing * domain guessing intercepts DNS "hostname not found errors" and resends a * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work @@ -527,18 +507,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); // user_pref("layout.css.font-visibility.standard", 1); // user_pref("layout.css.font-visibility.trackingprotection", 1); -/*** [SECTION 1600]: HEADERS / REFERERS +/*** [SECTION 1600]: REFERERS full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); -/* 1601: control when to send a cross-origin referer - * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram - * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/ -user_pref("network.http.referer.XOriginPolicy", 2); /* 1602: control the amount of cross-origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ user_pref("network.http.referer.XOriginTrimmingPolicy", 2); @@ -571,17 +546,6 @@ user_pref("media.peerconnection.ice.default_address_only", true); /* 2020: disable GMP (Gecko Media Plugins) * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ // user_pref("media.gmp-provider.enabled", false); -/* 2021: disable widevine CDM (Content Decryption Module) - * [NOTE] This is covered by the EME master switch (2022) ***/ - // user_pref("media.gmp-widevinecdm.enabled", false); -/* 2022: disable all DRM content (EME: Encryption Media Extension) - * Optionally hide the setting which also disables the DRM prompt - * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV - * [SETTING] General>DRM Content>Play DRM-controlled content - * [TEST] https://bitmovin.com/demos/drm - * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ -user_pref("media.eme.enabled", false); - // user_pref("browser.eme.ui.enabled", false); /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); @@ -631,8 +595,6 @@ user_pref("network.IDN_show_punycode", true); * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] -/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/ -user_pref("network.protocol-handler.external.ms-windows-store", false); /* 2623: disable permissions delegation [FF73+] * Currently applies to cross-origin geolocation, camera, mic and screen-sharing * permissions, and fullscreen requests. Disabling delegation means any prompts @@ -933,8 +895,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow /* 5015: disable Windows taskbar preview [WINDOWS] ***/ // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] /* 5016: discourage downloading to desktop - * 0=desktop, 1=downloads (default), 2=last used - * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ + * 0=desktop, 1=downloads (default), 2=custom + * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/ // user_pref("browser.download.folderList", 2); /* 5017: disable Form Autofill * If .supportedCountries includes your region (browser.search.region) and .supported @@ -949,6 +911,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/ // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false); +/* 5021: disable location bar using search + * Don't leak URL typos to a search engine, give an error message instead + * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" + * [NOTE] This does not affect explicit user action such as using search buttons in the + * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/ + // user_pref("keyword.enabled", false); /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, @@ -989,6 +957,25 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); // user_pref("javascript.options.wasm", false); /* 5507: disable rendering of SVG OpenType fonts ***/ // user_pref("gfx.font_rendering.opentype_svg.enabled", false); +/* 5508: disable all DRM content (EME: Encryption Media Extension) + * Optionally hide the UI setting which also disables the DRM prompt + * [SETTING] General>DRM Content>Play DRM-controlled content + * [TEST] https://bitmovin.com/demos/drm + * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ + // user_pref("media.eme.enabled", false); + // user_pref("browser.eme.ui.enabled", false); +/* 5509: disable IPv6 if using a VPN + * This is an application level fallback. Disabling IPv6 is best done at an OS/network + * level, and/or configured properly in system wide VPN setups. + * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause + * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" + * [TEST] https://ipleak.org/ + * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ + // user_pref("network.dns.disableIPv6", true); +/* 5510: control when to send a cross-origin referer + * 0=always (default), 1=only if base domains match, 2=only if hosts match + * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/ + // user_pref("network.http.referer.XOriginPolicy", 2); /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); @@ -1037,6 +1024,8 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] // user_pref("extensions.formautofill.creditCards.available", ""); // user_pref("extensions.formautofill.creditCards.supported", ""); // user_pref("middlemouse.contentLoadURL", ""); +/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/ + // user_pref("network.protocol-handler.external.ms-windows-store", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1082,7 +1071,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /* 7007: referers - * [WHY] Only cross-origin referers (1600s) need control ***/ + * [WHY] Only cross-origin referers (1602, 5510) matter ***/ // user_pref("network.http.sendRefererHeader", 2); // user_pref("network.http.referer.trimmingPolicy", 0); /* 7008: set the default Referrer Policy [FF59+] From ba173d49205ee927ed62e81e606569d98f531d38 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 28 Aug 2023 04:15:07 +0000 Subject: [PATCH 39/78] layout.css.font-visibility.resistFingerprinting --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 87556da..d3d8a98 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 26-August-2023 + Last updated: 28-August-2023 Instructions: - [optional] close Firefox and backup your profile @@ -32,6 +32,8 @@ const aPREFS = [ /* DEPRECATED */ + /* 116+ */ + 'layout.css.font-visibility.resistFingerprinting', // 116 /* 103-115 */ 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 From dfd5589c3dae1723b8239ad9c46e114c2f851ed2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 16 Sep 2023 07:08:33 +0000 Subject: [PATCH 40/78] v117 deprecated --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index d3d8a98..652709e 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 28-August-2023 + Last updated: 16-September-2023 Instructions: - [optional] close Firefox and backup your profile @@ -33,7 +33,9 @@ const aPREFS = [ /* DEPRECATED */ /* 116+ */ + 'dom.webnotifications.serviceworker.enabled', // 117 'layout.css.font-visibility.resistFingerprinting', // 116 + 'security.family_safety.mode', // 117 /* 103-115 */ 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 From 1e6e211a061b592a176087fe9f6843249852cad2 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 17 Sep 2023 07:17:40 +0000 Subject: [PATCH 41/78] v117 (#1710) --- user.js | 65 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 19 deletions(-) diff --git a/user.js b/user.js index ebb40a6..5e54f30 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 27 August 2023 -* version: 115 +* date: 17 September 2023 +* version: 117 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -33,6 +33,8 @@ - If you are not using arkenfox v102-1... (not a definitive list) - 2815: clearOnShutdown cookies + offlineApps should be false - 9999: switch the appropriate deprecated section(s) back on + * ESR115 + - use https://github.com/arkenfox/user.js/releases/tag/115.1 * INDEX: @@ -283,15 +285,23 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] * [SETUP-CHROME] If you use a proxy and you understand the security impact * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/ // user_pref("network.proxy.allow_bypass", false); -/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] - * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off +/* 0710: enable DNS-over-HTTPS (DoH) [FF60+] + * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off (no rollout) * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3] * [SETTING] Privacy & Security>DNS over HTTPS * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ - // user_pref("network.trr.mode", 5); + // user_pref("network.trr.mode", 3); +/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/ +user_pref("network.dns.skipTRR-when-parental-control-enabled", false); +/* 0712: set DoH provider + * The custom uri is the value shown when you "Choose provider>Custom>" + * [NOTE] If you USE custom then "network.trr.uri" should be set the same + * [SETTING] Privacy & Security>DNS over HTTPS>Increased/Max>Choose provider ***/ + // user_pref("network.trr.uri", "https://example.dns"); + // user_pref("network.trr.custom_uri", "https://example.dns"); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); @@ -443,12 +453,6 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] user_pref("security.OCSP.require", true); /** CERTS / HPKP (HTTP Public Key Pinning) ***/ -/* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS] - * 0=disable detecting Family Safety mode and importing the root - * 1=only attempt to detect Family Safety mode (don't import the root) - * 2=detect Family Safety mode and import the root - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/ -user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/ @@ -499,7 +503,7 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true); user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); /* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed - * In normal windows: uses the first applicable: RFP (4506) over TP over Standard + * In normal windows: uses the first applicable: RFP over TP over Standard * In Private Browsing windows: uses the most restrictive between normal and private * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ @@ -769,7 +773,7 @@ user_pref("privacy.sanitize.timeSpan", 0); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting - * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar + * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false * [1] https://bugzilla.mozilla.org/418986 ***/ @@ -799,8 +803,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [WARNING] DO NOT USE unless testing, see [1] comment 12 * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); -/* 4506: set RFP's font visibility level (1402) [FF94+] ***/ - // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] @@ -967,7 +969,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); /* 5509: disable IPv6 if using a VPN * This is an application level fallback. Disabling IPv6 is best done at an OS/network * level, and/or configured properly in system wide VPN setups. - * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause + * [SETUP-WEB] PR_CONNECT_RESET_ERROR * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" * [TEST] https://ipleak.org/ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ @@ -976,6 +978,11 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * 0=always (default), 1=only if base domains match, 2=only if hosts match * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/ // user_pref("network.http.referer.XOriginPolicy", 2); +/* 5511: set DoH bootstrap address [FF89+] + * Firefox uses the system DNS to initially resolve the IP address of your DoH server. + * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox + * won't use the system DNS. If the IP doesn't match then DoH won't work ***/ + // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF] /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); @@ -1116,11 +1123,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7017: disable service workers * [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/ // user_pref("dom.serviceWorkers.enabled", false); -/* 7018: disable Web Notifications +/* 7018: disable Web Notifications [FF22+] * [WHY] Web Notifications are behind a prompt (7002) * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/ - // user_pref("dom.webnotifications.enabled", false); // [FF22+] - // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+] + // user_pref("dom.webnotifications.enabled", false); /* 7019: disable Push Notifications [FF44+] * [WHY] Push requires subscription * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" @@ -1212,5 +1218,26 @@ user_pref("network.cookie.lifetimePolicy", 2); // user_pref("browser.cache.offline.enable", false); // ***/ +/* ESR115.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable active ones +// FF116 +// 4506: set RFP's font visibility level (1402) [FF94+] + // [-] https://bugzilla.mozilla.org/1838415 + // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] +// FF117 +// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS] + // 0=disable detecting Family Safety mode and importing the root + // 1=only attempt to detect Family Safety mode (don't import the root) + // 2=detect Family Safety mode and import the root + // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 + // [-] https://bugzilla.mozilla.org/1844908 +user_pref("security.family_safety.mode", 0); +// 7018: disable service worker Web Notifications [FF44+] + // [WHY] Web Notifications are behind a prompt (7002) + // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ + // [-] https://bugzilla.mozilla.org/1842457 + // user_pref("dom.webnotifications.serviceworker.enabled", false); +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 3f6fcc13f0b8dcdcadf75edc55c62bb7148ab876 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 08:31:22 +0000 Subject: [PATCH 42/78] permissions.delegation.enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 652709e..998974c 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 16-September-2023 + Last updated: 18-September-2023 Instructions: - [optional] close Firefox and backup your profile @@ -35,6 +35,7 @@ /* 116+ */ 'dom.webnotifications.serviceworker.enabled', // 117 'layout.css.font-visibility.resistFingerprinting', // 116 + 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 /* 103-115 */ 'browser.cache.offline.enable', // 115 From 50af4b9af4295375207eac05b2b89e05830fbd9f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 08:34:35 +0000 Subject: [PATCH 43/78] remove old prefs --- scratchpad-scripts/arkenfox-cleanup.js | 407 +------------------------ 1 file changed, 1 insertion(+), 406 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 998974c..2878031 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -1,5 +1,5 @@ /*** - This will reset the preferences that have been + This will reset the preferences that since FF91 have been - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past @@ -57,193 +57,6 @@ 'security.csp.enable', // 99 'security.password_lifetime', // 102 'security.ssl3.rsa_des_ede3_sha', // 93 - /* 79-91 */ - 'browser.cache.offline.storage.enable', - 'browser.download.hide_plugins_without_extensions', - 'browser.library.activity-stream.enabled', - 'browser.search.geoSpecificDefaults', - 'browser.search.geoSpecificDefaults.url', - 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled', - 'dom.ipc.plugins.reportCrashURL', - 'dom.w3c_pointer_events.enabled', - 'intl.charset.fallback.override', - 'network.ftp.enabled', - 'plugin.state.flash', - 'security.mixed_content.block_object_subrequest', - 'security.ssl.errorReporting.automatic', - 'security.ssl.errorReporting.enabled', - 'security.ssl.errorReporting.url', - /* 69-78 */ - 'browser.newtabpage.activity-stream.telemetry.ping.endpoint', - 'browser.tabs.remote.allowLinkedWebInFileUriProcess', - 'browser.urlbar.oneOffSearches', - 'devtools.webide.autoinstallADBExtension', - 'devtools.webide.enabled', - 'dom.indexedDB.enabled', - 'extensions.blocklist.url', - 'geo.wifi.logging.enabled', - 'geo.wifi.uri', - 'gfx.downloadable_fonts.woff2.enabled', - 'media.autoplay.allow-muted', - 'media.autoplay.enabled.user-gestures-needed', - 'offline-apps.allow_by_default', - 'plugins.click_to_play', - 'privacy.userContext.longPressBehavior', - 'toolkit.cosmeticAnimations.enabled', - 'toolkit.telemetry.hybridContent.enabled', - 'webgl.disable-extensions', - /* 61-68 */ - 'app.update.enabled', - 'browser.aboutHomeSnippets.updateUrl', - 'browser.chrome.errorReporter.enabled', - 'browser.chrome.errorReporter.submitUrl', - 'browser.chrome.favicons', - 'browser.ctrlTab.previews', - 'browser.fixup.hide_user_pass', - 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr', - 'browser.newtabpage.activity-stream.disableSnippets', - 'browser.onboarding.enabled', - 'browser.search.countryCode', - 'browser.urlbar.autocomplete.enabled', - 'devtools.webide.adbAddonURL', - 'devtools.webide.autoinstallADBHelper', - 'dom.event.highrestimestamp.enabled', - 'experiments.activeExperiment', - 'experiments.enabled', - 'experiments.manifest.uri', - 'experiments.supported', - 'lightweightThemes.update.enabled', - 'media.autoplay.enabled', - 'network.allow-experiments', - 'network.cookie.lifetime.days', - 'network.jar.block-remote-files', - 'network.jar.open-unsafe-types', - 'plugin.state.java', - 'security.csp.enable_violation_events', - 'security.csp.experimentalEnabled', - 'shield.savant.enabled', - /* 60 or earlier */ - 'browser.bookmarks.showRecentlyBookmarked', - 'browser.casting.enabled', - 'browser.crashReports.unsubmittedCheck.autoSubmit', - 'browser.formautofill.enabled', - 'browser.formfill.saveHttpsForms', - 'browser.fullscreen.animate', - 'browser.history.allowPopState', - 'browser.history.allowPushState', - 'browser.history.allowReplaceState', - 'browser.newtabpage.activity-stream.enabled', - 'browser.newtabpage.directory.ping', - 'browser.newtabpage.directory.source', - 'browser.newtabpage.enhanced', - 'browser.newtabpage.introShown', - 'browser.pocket.api', - 'browser.pocket.enabled', - 'browser.pocket.oAuthConsumerKey', - 'browser.pocket.site', - 'browser.polaris.enabled', - 'browser.safebrowsing.appRepURL', - 'browser.safebrowsing.enabled', - 'browser.safebrowsing.gethashURL', - 'browser.safebrowsing.malware.reportURL', - 'browser.safebrowsing.provider.google.appRepURL', - 'browser.safebrowsing.reportErrorURL', - 'browser.safebrowsing.reportGenericURL', - 'browser.safebrowsing.reportMalwareErrorURL', - 'browser.safebrowsing.reportMalwareMistakeURL', - 'browser.safebrowsing.reportMalwareURL', - 'browser.safebrowsing.reportPhishMistakeURL', - 'browser.safebrowsing.reportURL', - 'browser.safebrowsing.updateURL', - 'browser.search.showOneOffButtons', - 'browser.selfsupport.enabled', - 'browser.selfsupport.url', - 'browser.sessionstore.privacy_level_deferred', - 'browser.tabs.animate', - 'browser.trackingprotection.gethashURL', - 'browser.trackingprotection.updateURL', - 'browser.urlbar.unifiedcomplete', - 'browser.usedOnWindows10.introURL', - 'camera.control.autofocus_moving_callback.enabled', - 'camera.control.face_detection.enabled', - 'datareporting.healthreport.about.reportUrl', - 'datareporting.healthreport.about.reportUrlUnified', - 'datareporting.healthreport.documentServerURI', - 'datareporting.healthreport.service.enabled', - 'datareporting.policy.dataSubmissionEnabled.v2', - 'devtools.webide.autoinstallFxdtAdapters', - 'dom.archivereader.enabled', - 'dom.beforeAfterKeyboardEvent.enabled', - 'dom.disable_image_src_set', - 'dom.disable_window_open_feature.scrollbars', - 'dom.disable_window_status_change', - 'dom.enable_user_timing', - 'dom.flyweb.enabled', - 'dom.idle-observers-api.enabled', - 'dom.keyboardevent.code.enabled', - 'dom.network.enabled', - 'dom.push.udp.wakeupEnabled', - 'dom.telephony.enabled', - 'dom.vr.oculus050.enabled', - 'dom.workers.enabled', - 'dom.workers.sharedWorkers.enabled', - 'extensions.formautofill.experimental', - 'extensions.screenshots.system-disabled', - 'extensions.shield-recipe-client.api_url', - 'extensions.shield-recipe-client.enabled', - 'full-screen-api.approval-required', - 'general.useragent.locale', - 'geo.security.allowinsecure', - 'intl.locale.matchOS', - 'loop.enabled', - 'loop.facebook.appId', - 'loop.facebook.enabled', - 'loop.facebook.fallbackUrl', - 'loop.facebook.shareUrl', - 'loop.feedback.formURL', - 'loop.feedback.manualFormURL', - 'loop.logDomains', - 'loop.server', - 'media.block-play-until-visible', - 'media.eme.apiVisible', - 'media.eme.chromium-api.enabled', - 'media.getusermedia.screensharing.allow_on_old_platforms', - 'media.getusermedia.screensharing.allowed_domains', - 'media.gmp-eme-adobe.autoupdate', - 'media.gmp-eme-adobe.enabled', - 'media.gmp-eme-adobe.visible', - 'network.http.referer.userControlPolicy', - 'network.http.sendSecureXSiteReferrer', - 'network.http.spdy.enabled.http2draft', - 'network.http.spdy.enabled.v3-1', - 'network.websocket.enabled', - 'pageThumbs.enabled', - 'pfs.datasource.url', - 'plugin.scan.Acrobat', - 'plugin.scan.Quicktime', - 'plugin.scan.WindowsMediaPlayer', - 'plugins.enumerable_names', - 'plugins.update.notifyUser', - 'plugins.update.url', - 'privacy.clearOnShutdown.passwords', - 'privacy.donottrackheader.value', - 'security.mixed_content.send_hsts_priming', - 'security.mixed_content.use_hsts', - 'security.ssl3.ecdhe_ecdsa_rc4_128_sha', - 'security.ssl3.ecdhe_rsa_rc4_128_sha', - 'security.ssl3.rsa_rc4_128_md5', - 'security.ssl3.rsa_rc4_128_sha', - 'security.tls.insecure_fallback_hosts.use_static_list', - 'security.tls.unrestricted_rc4_fallback', - 'security.xpconnect.plugin.unrestricted', - 'social.directories', - 'social.enabled', - 'social.remote-install.enabled', - 'social.share.activationPanelEnabled', - 'social.shareDirectory', - 'social.toast-notifications.enabled', - 'social.whitelist', - 'toolkit.telemetry.unifiedIsOptIn', /* REMOVED */ /* 116+ */ @@ -284,224 +97,6 @@ 'privacy.firstparty.isolate.use_site', 'privacy.window.name.update.enabled', 'security.insecure_connection_text.enabled', - /* 79-91 */ - 'alerts.showFavicons', - 'browser.newtabpage.activity-stream.asrouter.providers.snippets', - 'browser.send_pings.require_same_host', - 'browser.urlbar.usepreloadedtopurls.enabled', - 'dom.allow_cut_copy', - 'dom.battery.enabled', - 'dom.IntersectionObserver.enabled', - 'dom.storage.enabled', - 'dom.vibrator.enabled', - 'extensions.screenshots.upload-disabled', - 'general.warnOnAboutConfig', - 'gfx.direct2d.disabled', - 'layers.acceleration.disabled', - 'media.getusermedia.audiocapture.enabled', - 'media.getusermedia.browser.enabled', - 'media.getusermedia.screensharing.enabled', - 'media.gmp-widevinecdm.visible', - 'media.media-capabilities.enabled', - 'network.http.redirection-limit', - 'privacy.partition.network_state', - 'security.insecure_connection_icon.enabled', - 'security.mixed_content.block_active_content', - 'security.ssl.enable_ocsp_stapling', - 'security.ssl3.dhe_rsa_aes_128_sha', - 'security.ssl3.dhe_rsa_aes_256_sha', - 'webgl.min_capability_mode', - /* 69-78 */ - 'browser.cache.disk_cache_ssl', - 'browser.search.geoip.url', - 'browser.search.region', - 'browser.sessionhistory.max_entries', - 'dom.push.connection.enabled', - 'dom.push.serverURL', - 'extensions.getAddons.discovery.api_url', - 'extensions.htmlaboutaddons.discover.enabled', - 'extensions.webservice.discoverURL', - 'intl.locale.requested', - 'intl.regional_prefs.use_os_locales', - 'media.block-autoplay-until-in-foreground', - 'middlemouse.paste', - 'plugin.sessionPermissionNow.intervalInMinutes', - 'privacy.usercontext.about_newtab_segregation.enabled', - 'security.insecure_connection_icon.pbmode.enabled', - 'security.insecure_connection_text.pbmode.enabled', - 'webgl.dxgl.enabled', - /* 61-68 */ - 'app.update.service.enabled', - 'app.update.silent', - 'app.update.staging.enabled', - 'browser.cache.disk.capacity', - 'browser.cache.disk.smart_size.enabled', - 'browser.cache.disk.smart_size.first_run', - 'browser.cache.offline.insecure.enable', - 'browser.contentblocking.enabled', - 'browser.laterrun.enabled', - 'browser.offline-apps.notify', - 'browser.rights.3.shown', - 'browser.safebrowsing.blockedURIs.enabled', - 'browser.safebrowsing.downloads.remote.block_dangerous', - 'browser.safebrowsing.downloads.remote.block_dangerous_host', - 'browser.safebrowsing.provider.google.gethashURL', - 'browser.safebrowsing.provider.google.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google.reportURL', - 'browser.safebrowsing.provider.google.updateURL', - 'browser.safebrowsing.provider.google4.dataSharing.enabled', - 'browser.safebrowsing.provider.google4.dataSharingURL', - 'browser.safebrowsing.provider.google4.gethashURL', - 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL', - 'browser.safebrowsing.provider.google4.reportPhishMistakeURL', - 'browser.safebrowsing.provider.google4.reportURL', - 'browser.safebrowsing.provider.google4.updateURL', - 'browser.safebrowsing.provider.mozilla.gethashURL', - 'browser.safebrowsing.provider.mozilla.updateURL', - 'browser.safebrowsing.reportPhishURL', - 'browser.sessionhistory.max_total_viewers', - 'browser.sessionstore.max_windows_undo', - 'browser.slowStartup.maxSamples', - 'browser.slowStartup.notificationDisabled', - 'browser.slowStartup.samples', - 'browser.storageManager.enabled', - 'browser.urlbar.autoFill.typed', - 'browser.urlbar.filter.javascript', - 'browser.urlbar.maxHistoricalSearchSuggestions', - 'browser.urlbar.userMadeSearchSuggestionsChoice', - 'canvas.capturestream.enabled', - 'dom.allow_scripts_to_close_windows', - 'dom.disable_window_flip', - 'dom.forms.datetime', - 'dom.imagecapture.enabled', - 'dom.popup_maximum', - 'extensions.webextensions.keepStorageOnUninstall', - 'extensions.webextensions.keepUuidOnUninstall', - 'font.blacklist.underline_offset', - 'font.name.monospace.x-unicode', - 'font.name.monospace.x-western', - 'font.name.sans-serif.x-unicode', - 'font.name.sans-serif.x-western', - 'font.name.serif.x-unicode', - 'font.name.serif.x-western', - 'gfx.offscreencanvas.enabled', - 'javascript.options.shared_memory', - 'layout.css.font-loading-api.enabled', - 'media.gmp-gmpopenh264.autoupdate', - 'media.gmp-gmpopenh264.enabled', - 'media.gmp-manager.updateEnabled', - 'media.gmp-manager.url', - 'media.gmp-manager.url.override', - 'media.gmp-widevinecdm.autoupdate', - 'media.gmp.trial-create.enabled', - 'media.navigator.video.enabled', - 'media.peerconnection.ice.tcp', - 'media.peerconnection.identity.enabled', - 'media.peerconnection.identity.timeout', - 'media.peerconnection.turn.disable', - 'media.peerconnection.use_document_iceservers', - 'media.peerconnection.video.enabled', - 'network.auth.subresource-img-cross-origin-http-auth-allow', - 'network.cookie.leave-secure-alone', - 'network.cookie.same-site.enabled', - 'network.dnsCacheEntries', - 'network.dnsCacheExpiration', - 'network.http.fast-fallback-to-IPv4', - 'network.proxy.autoconfig_url.include_path', - 'offline-apps.quota.warn', - 'pdfjs.enableWebGL', - 'plugin.default.state', - 'plugin.defaultXpi.state', - 'plugin.scan.plid.all', - 'privacy.trackingprotection.annotate_channels', - 'privacy.trackingprotection.lower_network_priority', - 'privacy.trackingprotection.pbmode.enabled', - 'privacy.trackingprotection.ui.enabled', - 'security.data_uri.block_toplevel_data_uri_navigations', - 'security.insecure_field_warning.contextual.enabled', - 'security.insecure_password.ui.enabled', - 'security.tls.version.fallback-limit', - 'services.blocklist.addons.collection', - 'services.blocklist.gfx.collection', - 'services.blocklist.onecrl.collection', - 'services.blocklist.plugins.collection', - 'services.blocklist.signing.enforced', - 'services.blocklist.update_enabled', - 'signon.autofillForms.http', - 'signon.storeWhenAutocompleteOff', - 'toolkit.telemetry.cachedClientID', - 'urlclassifier.trackingTable', - 'xpinstall.whitelist.required', - /* 60 or lower */ - 'browser.migrate.automigrate.enabled', - 'browser.search.geoip.timeout', - 'browser.search.reset.enabled', - 'browser.search.reset.whitelist', - 'browser.stopReloadAnimation.enabled', - 'browser.tabs.insertRelatedAfterCurrent', - 'browser.tabs.loadDivertedInBackground', - 'browser.tabs.loadInBackground', - 'browser.tabs.selectOwnerOnClose', - 'browser.urlbar.clickSelectsAll', - 'browser.urlbar.doubleClickSelectsAll', - 'device.storage.enabled', - 'dom.keyboardevent.dispatch_during_composition', - 'dom.presentation.controller.enabled', - 'dom.presentation.discoverable', - 'dom.presentation.discovery.enabled', - 'dom.presentation.enabled', - 'dom.presentation.receiver.enabled', - 'dom.presentation.session_transport.data_channel.enable', - 'dom.vr.oculus.enabled', - 'dom.vr.openvr.enabled', - 'dom.vr.osvr.enabled', - 'extensions.pocket.api', - 'extensions.pocket.oAuthConsumerKey', - 'extensions.pocket.site', - 'general.useragent.compatMode.firefox', - 'geo.wifi.xhr.timeout', - 'gfx.layerscope.enabled', - 'media.flac.enabled', - 'media.mediasource.enabled', - 'media.mediasource.mp4.enabled', - 'media.mediasource.webm.audio.enabled', - 'media.mediasource.webm.enabled', - 'media.mp4.enabled', - 'media.ogg.enabled', - 'media.ogg.flac.enabled', - 'media.opus.enabled', - 'media.raw.enabled', - 'media.wave.enabled', - 'media.webm.enabled', - 'media.webspeech.recognition.enable', - 'media.wmf.amd.vp9.enabled', - 'media.wmf.enabled', - 'media.wmf.vp9.enabled', - 'network.dns.blockDotOnion', - 'network.stricttransportsecurity.preloadlist', - 'security.block_script_with_wrong_mime', - 'security.fileuri.strict_origin_policy', - 'security.sri.enable', - 'services.sync.enabled', - 'ui.submenuDelay', - 'webextensions.storage.sync.enabled', - 'webextensions.storage.sync.serverURL', - // excluding these e10 settings - // 'browser.tabs.remote.autostart', - // 'browser.tabs.remote.autostart.2', - // 'browser.tabs.remote.force-enable', - // 'browser.tabs.remote.separateFileUriProcess', - // 'extensions.e10sBlocksEnabling', - // 'extensions.webextensions.remote', - // 'dom.ipc.processCount', - // 'dom.ipc.shims.enabledWarnings', - // 'dom.ipc.processCount.extension', - // 'dom.ipc.processCount.file', - // 'security.sandbox.content.level', - // 'dom.ipc.plugins.sandbox-level.default', - // 'dom.ipc.plugins.sandbox-level.flash', - // 'security.sandbox.logging.enabled', /* IMPORTANT: last active pref must not have a trailing comma */ /* reset parrot: check your open about:config after running the script */ From 336300a274a7721616d7e8109facca984b05f727 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 08:39:50 +0000 Subject: [PATCH 44/78] v118 removed these are all at default now as of at least ESR115 --- scratchpad-scripts/arkenfox-cleanup.js | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 2878031..e06b998 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -32,7 +32,7 @@ const aPREFS = [ /* DEPRECATED */ - /* 116+ */ + /* 116-128 */ 'dom.webnotifications.serviceworker.enabled', // 117 'layout.css.font-visibility.resistFingerprinting', // 116 'permissions.delegation.enabled', // 118 @@ -59,9 +59,14 @@ 'security.ssl3.rsa_des_ede3_sha', // 93 /* REMOVED */ - /* 116+ */ + /* 116-128 */ + 'browser.fixup.alternate.enabled', + 'browser.urlbar.dnsResolveSingleWordsAfterSearch', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', + 'privacy.partition.always_partition_third_party_non_cookie_storage', + 'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage', + 'privacy.partition.serviceWorkers', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From f0513b7e64160c80f6e2430a5f3155ee855abdcf Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 11:41:47 +0000 Subject: [PATCH 45/78] inactive prefs no longer needed encryption prefs false since FF109, taskbar since jesus or whatever --- scratchpad-scripts/arkenfox-cleanup.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index e06b998..fea7a68 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -61,12 +61,15 @@ /* REMOVED */ /* 116-128 */ 'browser.fixup.alternate.enabled', + 'browser.taskbar.previews.enable', 'browser.urlbar.dnsResolveSingleWordsAfterSearch', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', 'privacy.partition.always_partition_third_party_non_cookie_storage', 'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage', 'privacy.partition.serviceWorkers', + 'security.ssl3.ecdhe_ecdsa_aes_128_sha', + 'security.ssl3.ecdhe_ecdsa_aes_256_sha', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From bd2e5b8d1d477951d929ea7d79ceb7a13fc322a4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 18 Sep 2023 11:47:49 +0000 Subject: [PATCH 46/78] undo encryption they're not default false since 108, that was nightly only --- scratchpad-scripts/arkenfox-cleanup.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index fea7a68..d8ddf31 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -68,8 +68,6 @@ 'privacy.partition.always_partition_third_party_non_cookie_storage', 'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage', 'privacy.partition.serviceWorkers', - 'security.ssl3.ecdhe_ecdsa_aes_128_sha', - 'security.ssl3.ecdhe_ecdsa_aes_256_sha', /* 103-115 */ 'beacon.enabled', 'browser.startup.blankWindow', From 56f51203bf4fea8aa778b792269205d275a62665 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 21 Sep 2023 12:36:35 +0000 Subject: [PATCH 47/78] point to archived version --- scratchpad-scripts/arkenfox-cleanup.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index d8ddf31..e2487fc 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,10 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 18-September-2023 + There is an archived version at https://github.com/arkenfox/user.js/issues/1080 + if you want the full list prior to FF118 + + Last updated: 22-September-2023 Instructions: - [optional] close Firefox and backup your profile From 6e79d1bba6a932480a938bec5c2cee0388e586b9 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 29 Sep 2023 10:52:55 +0000 Subject: [PATCH 48/78] deprecated v118 --- scratchpad-scripts/arkenfox-cleanup.js | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index e2487fc..6f783a4 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/1080 if you want the full list prior to FF118 - Last updated: 22-September-2023 + Last updated: 29-September-2023 Instructions: - [optional] close Firefox and backup your profile @@ -37,7 +37,10 @@ /* DEPRECATED */ /* 116-128 */ 'dom.webnotifications.serviceworker.enabled', // 117 + 'layout.css.font-visibility.private', // 118 'layout.css.font-visibility.resistFingerprinting', // 116 + 'layout.css.font-visibility.standard', // 118 + 'layout.css.font-visibility.trackingprotection', // 118 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 /* 103-115 */ From f54d632da585a08185c6164017d79315c331181f Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 7 Oct 2023 10:33:49 +0000 Subject: [PATCH 49/78] v2.0 - improve root check --- prefsCleaner.sh | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index f36732c..6586609 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,23 +2,12 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.9 +## version: 2.0 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() ) -# Check if running as root and if any files have the owner/group as root/wheel. -if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n" - exit 1 -elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then - printf 'It looks like this script was previously run with elevated privileges, -you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 - exit 1 -fi - readonly CURRDIR=$(pwd) ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) @@ -143,13 +132,23 @@ done ## change directory to the Firefox profile directory cd "$(dirname "${SCRIPT_FILE}")" +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)." +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + fQuit 1 +fi + [ "$AUTOUPDATE" = true ] && update_prefsCleaner "$@" echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.9 ║" +echo " ║ v2.0 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 3fdcb28b8f1992b66e43582810488413b39ebdb3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Oct 2023 14:03:40 +0000 Subject: [PATCH 50/78] v118 (#1724) --- user.js | 212 ++++++++++++++++++++++++-------------------------------- 1 file changed, 92 insertions(+), 120 deletions(-) diff --git a/user.js b/user.js index 5e54f30..4798b8a 100644 --- a/user.js +++ b/user.js @@ -1,8 +1,9 @@ /****** * name: arkenfox user.js -* date: 17 September 2023 -* version: 117 -* url: https://github.com/arkenfox/user.js +* date: 18 October 2023 +* version: 118 +* urls: https://github.com/arkenfox/user.js [repo] +* : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * README: @@ -26,15 +27,15 @@ * RELEASES: https://github.com/arkenfox/user.js/releases - * It is best to use the arkenfox release that is optimized for and matches your Firefox version - * EVERYONE: each release - - run prefsCleaner to reset prefs made inactive, including deprecated (9999s) - ESR102 - - If you are not using arkenfox v102-1... (not a definitive list) - - 2815: clearOnShutdown cookies + offlineApps should be false - - 9999: switch the appropriate deprecated section(s) back on - * ESR115 - - use https://github.com/arkenfox/user.js/releases/tag/115.1 + * Use the arkenfox release that matches your Firefox version + - DON'T wait for arkenfox to update Firefox, nothing major changes these days + * Each release + - run prefsCleaner to reset prefs made inactive, including deprecated (9999) + * ESR + - It is recommended to not use the updater, or you will get a later version which may cause issues. + So you should manually append your overrides (and keep a copy), and manually update when you + change ESR releases (arkenfox is already past that release) + - If you decide to keep updating, then the onus is on - also see section 9999 * INDEX: @@ -48,7 +49,6 @@ 0900: PASSWORDS 1000: DISK AVOIDANCE 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) - 1400: FONTS 1600: REFERERS 1700: CONTAINERS 2000: PLUGINS / MEDIA / WEBRTC @@ -56,14 +56,14 @@ 2600: MISCELLANEOUS 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING - 4500: RFP (RESIST FINGERPRINTING) + 4500: RFP (resistFingerprinting) 5000: OPTIONAL OPSEC 5500: OPTIONAL HARDENING 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: FINGERPRINTING 9000: NON-PROJECT RELATED - 9999: DEPRECATED / REMOVED / LEGACY / RENAMED + 9999: DEPRECATED / RENAMED ******/ @@ -132,6 +132,9 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ user_pref("browser.discovery.enabled", false); +/* 0323: disable shopping experience [FF116+] + * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0 ***/ +user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false] /** TELEMETRY ***/ /* 0330: disable new data submission [FF41+] @@ -269,11 +272,11 @@ user_pref("network.proxy.socks_remote_dns", true); user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0704: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, - * dav, cdda, gphoto2, trash, etc. By default only sftp is accepted (FF87+) + * dav, cdda, gphoto2, trash, etc. From FF87-117, by default only sftp was accepted * [1] https://bugzilla.mozilla.org/1433507 * [2] https://en.wikipedia.org/wiki/GVfs * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ -user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] +user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+] /* 0705: disable proxy direct failover for system requests [FF91+] * [WARNING] Default true is a security feature against malicious extensions [1] * [SETUP-CHROME] If you use a proxy and you trust your extensions @@ -305,36 +308,30 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false); /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); -/* 0802: disable location bar domain guessing - * domain guessing intercepts DNS "hostname not found errors" and resends a - * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work - * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com - * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't - * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack), - * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/ -user_pref("browser.fixup.alternate.enabled", false); // [DEFAULT: false FF104+] -/* 0804: disable live search suggestions +/* 0801: disable location bar making speculative connections [FF56+] + * [1] https://bugzilla.mozilla.org/1348275 ***/ +user_pref("browser.urlbar.speculativeConnect.enabled", false); +/* 0802: disable location bar contextual suggestions [FF92+] + * [SETTING] Privacy & Security>Address Bar>Suggestions from... + * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ +user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); +/* 0803: disable live search suggestions * [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); user_pref("browser.urlbar.suggest.searches", false); -/* 0805: disable location bar making speculative connections [FF56+] - * [1] https://bugzilla.mozilla.org/1348275 ***/ -user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0806: disable location bar leaking single words to a DNS provider **after searching** [FF78+] - * 0=never resolve, 1=use heuristics, 2=always resolve - * [1] https://bugzilla.mozilla.org/1642623 ***/ -user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DEFAULT: 0 FF104+] -/* 0807: disable location bar contextual suggestions [FF92+] - * [SETTING] Privacy & Security>Address Bar>Suggestions from... - * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ -user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); -/* 0808: disable tab-to-search [FF85+] - * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ - // user_pref("browser.urlbar.suggest.engines", false); +/* 0805: disable urlbar trending search suggestions [FF118+] + * [SETTING] Search>Search Suggestions>Show trending search suggestions (FF119) ***/ +user_pref("browser.urlbar.trending.featureGate", false); +/* 0806: disable urlbar suggestions ***/ +user_pref("browser.urlbar.addons.featureGate", false); // [FF115+] +user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF] +user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false] +user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] +/* 0807: disable urlbar clipboard suggestions [FF118+] ***/ + // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false] /* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) @@ -342,6 +339,10 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ user_pref("browser.formfill.enable", false); +/* 0815: disable tab-to-search [FF85+] + * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search + * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ + // user_pref("browser.urlbar.suggest.engines", false); /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing @@ -499,18 +500,6 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/*** [SECTION 1400]: FONTS ***/ -user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); -/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] - * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed - * In normal windows: uses the first applicable: RFP over TP over Standard - * In Private Browsing windows: uses the most restrictive between normal and private - * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts - * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/ - // user_pref("layout.css.font-visibility.private", 1); - // user_pref("layout.css.font-visibility.standard", 1); - // user_pref("layout.css.font-visibility.trackingprotection", 1); - /*** [SECTION 1600]: REFERERS full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html @@ -558,11 +547,9 @@ user_pref("dom.disable_window_move_resize", true); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); -/* 2601: prevent accessibility services from accessing your browser [RESTART] - * [1] https://support.mozilla.org/kb/accessibility-services ***/ -user_pref("accessibility.force_disabled", 1); -/* 2603: remove temp files opened with an external application - * [1] https://bugzilla.mozilla.org/302433 ***/ +/* 2603: remove temp files opened from non-PB windows with an external application + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574 ***/ +user_pref("browser.download.start_downloads_in_tmp_dir", true); // [FF102+] user_pref("browser.helperApps.deleteTempFileOnExit", true); /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); @@ -599,12 +586,6 @@ user_pref("network.IDN_show_punycode", true); * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] -/* 2623: disable permissions delegation [FF73+] - * Currently applies to cross-origin geolocation, camera, mic and screen-sharing - * permissions, and fullscreen requests. Disabling delegation means any prompts - * for these will show/use their correct 3rd party origin - * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/ -user_pref("permissions.delegation.enabled", false); /* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX] @@ -625,8 +606,7 @@ user_pref("browser.download.always_ask_before_handling_new_types", true); /* 2660: lock down allowed extension directories * [SETUP-CHROME] This will break extensions, language packs, themes and any other * XPI files which are installed outside of profile and application directories - * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [1] https://archive.is/DYjAM (archived) ***/ + * [1] https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2661: disable bypassing 3rd party extension install prompts [FF82+] @@ -653,11 +633,6 @@ user_pref("browser.contentblocking.category", "strict"); * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ // user_pref("privacy.antitracking.enableWebcompat", false); -/* 2710: enable state partitioning of service workers [FF96+] ***/ -user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+] -/* 2720: enable APS (Always Partitioning Storage) ***/ -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+] -user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); @@ -716,7 +691,7 @@ user_pref("privacy.cpd.cookies", false); * which will display a blank value, and are not guaranteed to work ***/ user_pref("privacy.sanitize.timeSpan", 0); -/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) +/*** [SECTION 4500]: RFP (resistFingerprinting) RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want [TEST] https://arkenfox.github.io/TZP/tzp.html @@ -730,7 +705,7 @@ user_pref("privacy.sanitize.timeSpan", 0); FF56 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API - version: android version spoofed as ESR + version: android version spoofed as ESR (FF119 or lower) OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android 1369319 - disable device sensor API 1369357 - disable site specific zoom @@ -772,7 +747,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1794628 - return "none" with inverted-colors (FF114) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); -/* 4501: enable privacy.resistFingerprinting +/* 4501: enable RFP * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false @@ -787,7 +762,7 @@ user_pref("privacy.window.maxInnerHeight", 900); /* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ -user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108] +user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); /* 4504: enable RFP letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. @@ -894,8 +869,6 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("browser.taskbar.lists.frequent.enabled", false); // user_pref("browser.taskbar.lists.recent.enabled", false); // user_pref("browser.taskbar.lists.tasks.enabled", false); -/* 5015: disable Windows taskbar preview [WINDOWS] ***/ - // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] /* 5016: discourage downloading to desktop * 0=desktop, 1=downloads (default), 2=custom * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/ @@ -952,7 +925,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * Vulnerabilities [1] have increasingly been found, including those known and fixed * in native programs years ago [2]. WASM has powerful low-level access, making * certain attacks (brute-force) and vulnerabilities more possible - * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3] + * [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3] * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/ @@ -982,7 +955,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * Firefox uses the system DNS to initially resolve the IP address of your DoH server. * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox * won't use the system DNS. If the IP doesn't match then DoH won't work ***/ - // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF] + // user_pref("network.trr.bootstrapAddr", "10.0.0.1"); // [HIDDEN PREF] /*** [SECTION 6000]: DON'T TOUCH ***/ user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); @@ -1014,7 +987,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6012: enforce Quarantined Domains [FF115+] * [WHY] https://support.mozilla.org/kb/quarantined-domains */ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ +/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/ // user_pref("beacon.enabled", ""); // user_pref("browser.startup.blankWindow", ""); // user_pref("browser.newtab.preload", ""); @@ -1031,8 +1004,21 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] // user_pref("extensions.formautofill.creditCards.available", ""); // user_pref("extensions.formautofill.creditCards.supported", ""); // user_pref("middlemouse.contentLoadURL", ""); -/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/ +/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ + // user_pref("accessibility.force_disabled", ""); + // user_pref("browser.fixup.alternate.enabled", ""); + // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); // user_pref("network.protocol-handler.external.ms-windows-store", ""); + // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); + // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); + // user_pref("privacy.partition.serviceWorkers", ""); +/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/ + // user_pref("browser.cache.offline.enable", ""); + // user_pref("extensions.formautofill.heuristics.enabled", ""); + // user_pref("network.cookie.lifetimePolicy", ""); + // user_pref("privacy.clearsitedata.cache.enabled", ""); + // user_pref("privacy.resistFingerprinting.testGranularityMask", ""); + // user_pref("security.pki.sha1_enforcement_level", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1057,8 +1043,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7003: disable non-modern cipher suites [1] * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks * [1] https://browserleaks.com/ssl ***/ - // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF109+] - // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: false FF109+] + // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); + // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false); // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS @@ -1110,8 +1096,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/ // user_pref("privacy.donottrackheader.enabled", true); /* 7016: customize ETP settings + * [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/ - // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5 FF103+] + // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5] + // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.partition.network_state.ocsp_cache", true); @@ -1182,42 +1170,8 @@ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/ user_pref("browser.urlbar.showSearchTerms.enabled", false); -/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] - [1] https://github.com/arkenfox/user.js/issues/123 -***/ +/*** [SECTION 9999]: DEPRECATED / RENAMED ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* ESR102.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable active ones -// FF103 -// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810) - // 0=keep until they expire (default), 2=keep until you close Firefox - // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761 -user_pref("network.cookie.lifetimePolicy", 2); -// 6012: disable SHA-1 certificates - // [-] https://bugzilla.mozilla.org/1766687 - // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1] -// FF114 -// 2816: set cache to clear on exit [FF96+] - // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust - // [1] https://bugzilla.mozilla.org/1671182 - // [-] https://bugzilla.mozilla.org/1821651 - // user_pref("privacy.clearsitedata.cache.enabled", true); -// 4505: experimental RFP [FF91+] - // [-] https://bugzilla.mozilla.org/1824235 - // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); -// 5017: disable Form Autofill heuristics - // Heuristics controls Form Autofill on forms without @autocomplete attributes - // [-] https://bugzilla.mozilla.org/1829670 - // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -// FF115 - // 7001: disable offline cache (appCache) - // [NOTE] appCache storage capability was removed in FF90 - // [-] https://bugzilla.mozilla.org/1677718 - // user_pref("browser.cache.offline.enable", false); -// ***/ - /* ESR115.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable active ones // FF116 @@ -1237,6 +1191,24 @@ user_pref("security.family_safety.mode", 0); // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ // [-] https://bugzilla.mozilla.org/1842457 // user_pref("dom.webnotifications.serviceworker.enabled", false); +// FF118 +// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] + // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed + // In normal windows: uses the first applicable: RFP over TP over Standard + // In Private Browsing windows: uses the most restrictive between normal and private + // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts + // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc + // [-] https://bugzilla.mozilla.org/1847599 + // user_pref("layout.css.font-visibility.private", 1); + // user_pref("layout.css.font-visibility.standard", 1); + // user_pref("layout.css.font-visibility.trackingprotection", 1); +// 2623: disable permissions delegation [FF73+] + // Currently applies to cross-origin geolocation, camera, mic and screen-sharing + // permissions, and fullscreen requests. Disabling delegation means any prompts + // for these will show/use their correct 3rd party origin + // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion + // [-] https://bugzilla.mozilla.org/1697151 + // user_pref("permissions.delegation.enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 35e8def0b1e5ecf1198e7efe41cfe6aa0415b320 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 18 Oct 2023 14:59:33 +0000 Subject: [PATCH 51/78] network.dns.skipTRR-when-parental-control-enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6f783a4..edb18c9 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/1080 if you want the full list prior to FF118 - Last updated: 29-September-2023 + Last updated: 18-October-2023 Instructions: - [optional] close Firefox and backup your profile @@ -41,6 +41,7 @@ 'layout.css.font-visibility.resistFingerprinting', // 116 'layout.css.font-visibility.standard', // 118 'layout.css.font-visibility.trackingprotection', // 118 + 'network.dns.skipTRR-when-parental-control-enabled', // 119 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 /* 103-115 */ From e2681baec38e7ad09fe1f81c6da5ff84c81b7117 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 1 Nov 2023 22:02:55 +0000 Subject: [PATCH 52/78] javascript.use_us_english_locale https://bugzilla.mozilla.org/1846224 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index edb18c9..18de648 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/1080 if you want the full list prior to FF118 - Last updated: 18-October-2023 + Last updated: 2-November-2023 Instructions: - [optional] close Firefox and backup your profile @@ -37,6 +37,7 @@ /* DEPRECATED */ /* 116-128 */ 'dom.webnotifications.serviceworker.enabled', // 117 + 'javascript.use_us_english_locale', // 119 'layout.css.font-visibility.private', // 118 'layout.css.font-visibility.resistFingerprinting', // 116 'layout.css.font-visibility.standard', // 118 From d94d68245f77665546f9b736f430540295e6229e Mon Sep 17 00:00:00 2001 From: Tad Date: Thu, 2 Nov 2023 16:18:47 -0400 Subject: [PATCH 53/78] Add favicon for Mull Signed-off-by: Tad --- wikipiki/logo-mull.png | Bin 0 -> 1566 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/logo-mull.png diff --git a/wikipiki/logo-mull.png b/wikipiki/logo-mull.png new file mode 100644 index 0000000000000000000000000000000000000000..d80042f89f667fa7bd1370547fdf5a16030eac4c GIT binary patch literal 1566 zcmV+(2I2XMP)F7{|M0Zr|pX#l%f}Z_j-JT3T8zv{0a>Edna)bW#LL@4bBq$v!O0KF&p>+4jL~ zI%AA3i^(>pU#2c`x-4-spz&q%1)T`UOG}3@6o`t6Q&I5QITvnMO3Ri^=l09HriRg$Ohoo_|_q=QPc8t}PH>B_f^*z_2zP7@|TG zSTLpWI29VeKlcyOLEk?CB8CxO3iL4Ip>9^X-ph#NSfB`r6EP%(2*564{Jp*&w&t&b z9hTLw&$tHKSxE&trtAz3*v19sVYub^*`^_FXzw5$JQ_jL@dzUyh#+xu6v^Hb+WObk zcYBchGch}z?Srq)t6{6K5Rwvl2WW&oq5teFFyR5Ny{~ zpFs#65p~wKq@7a!msru1M9$jIb8O2Nrs~2KR)qDoWl&k+o+hueLU}jJNQW>$@F)pZ z>8_Xo;BvX3E~^N5!~h0Rbd?H3G68fjO|fjA1tJ5_L7m)##u_R2BwVrmJ$OQ0Smh+4XkgP(%GHoaP&Z@~AK=K|9PO5iEu-zta0>F(4%|=sN z0Jko;KNCO&XS|jUpun65i#)Cbz%I+1%KHOM;9bpao%}Km)5raZXMSIGs)ifbR{xHi4nsv;B+{^Q&tSlA_2-BWneOypobQJO$9i^HFOA; zJn%S6q1t5!hs^?RXBp&Vaf9qs^4z@eF!(l!6lCEjd z>-FHkE84JbE%+Mhpu{SGAPCS$NtaRq&T{pgwn9Mx{bbWeu(YBaT&2ahnhcM3a*I#m zcgB({CZ-GQRRH327^zvEs_ps}=UwIHP-?Y+0|$1Nm4MM`geWDorvkKb4W0RB6Sy6A zaM=k6u6=wAn@u&BQ`bWqAeL?ih^`>{zDFp!Z8n>goFD)< zsNg^0nh-hjf_yVn6&Bw)$NR?8t$u0;2Kuo#Isc8B%vJqD)t^kR4E*d?DggfG zk0xh(3s-wKlewxWEq$mNqC+I3k6`_T^)Lg(xE<*SiMb7B4`u3vC4A0^atxdyj{ly> zu=0mdR&MP@a%%(y+BL%qLtI=NT#Exfo^2O)=oYt1I_rf&ZEz&hx8Mr$-}H0Vj!(I& zQ?socLrmaL@w#rEoTC|`0|IWtd*a$q{fIVLcymE`;SD;hk88sX%2+lvu3euz_Xn!^ zVa^Mi4K=XIxCFk*UX^Sx*2y+qS2G>={DXZcD0Z?TV-#mSKKJ5oB#FI9+Bd)i3pKbB zpPOy28`1`=u;E?RxD~Adw?R@r%hY9m-E0-@9oM0*no0&IWC4S`W8x%Cp`B(0SH#y%+>hBT8JNN&6IenJ;10M|{r9y|- Q$^ZZW07*qoM6N<$g8weihyVZp literal 0 HcmV?d00001 From 96210522d8ed072565c3d5abcbcdb0a024aa7e01 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 Nov 2023 20:36:12 +0000 Subject: [PATCH 54/78] Add favicon for LibreWolf --- wikipiki/logo-librewolf.png | Bin 0 -> 1253 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 wikipiki/logo-librewolf.png diff --git a/wikipiki/logo-librewolf.png b/wikipiki/logo-librewolf.png new file mode 100644 index 0000000000000000000000000000000000000000..0bb9299cb2ce9fa60787c4abdaee86f6af98dd26 GIT binary patch literal 1253 zcmaKqeK6Ds9L9g8$-6{~)49&eo-ScabdB_ayzDZY6_Rw`dU4|-=3J+otvf<*r@|q5 z>$qiY)@xp3$;%>XR#1R6H9ZpQ&#v$fglKF z2YVYA>EHC%$;n9FCMT|mAXXaEsIImEh%yj&Krok81S02eW-Wu%3qTYuvlOJtUv_E! z9zG=hg!e6J@&W#b|Fb9!|E(1TkYQmJ3#$tuTL?KeIp%%Ecz=MawJb3bOq!nJR@NLKOM>x@epvU;S z6Q?^7+=-AU2z`QZKECDSTo=B73Pv|B_8__!F}=9di&z2T1c(>lav!et;rcVA_9JHy zzYHOF2)_!!6rx}ltYH+5fHQ*P5tNLgbQEQys1%_}glZ9L#_(VawPUCo19u$t<9PTA z{I}?N2f-xzCh=k#!Wq1r#po=4pMz))<8yd5kJt0~V;&P?yb&24IKX>IT14+&q2#>OY7rsw9xlIK)~Ug_@49BlTvYH9^=WskV5SQj;zoq14D zVie>-5||pUTQIVtJZt0lc$z=r><*GkaN3$07-5odPp#v{_)us~y-?D6y=!yvq?b2) zi%Gq>RgqQy*JSq#GEzv>w8Db?qSU9>5~*s^4}aB zGMf_Z*krBb7oXwK5D`lcc|h72^uyh6*76vo`*u5~-M*7`t9klaV6t(7C&Bve+Roet zruNy4$l%y=4a!!_c`)Ot7G zE4V+JA9&2hub(~2SzY%jC4>GI`DUbBTk5Ugy`M1XmTx@6Rf{F%Df`Exj*1l&8fDmF zvSjW0z+EvuNi%yhjTp`>y^*UaR>sY={MQ3FEl)l@uCxPPUDS4i8hI67w4PYaP?B+R zW-XsJZAvFu&rjHEc)3${M6(w6wE1N9K3DBjVJjh5 literal 0 HcmV?d00001 From 29bb5a35f0908143f395b86263746988168c7966 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 2 Nov 2023 21:17:15 +0000 Subject: [PATCH 55/78] rename/add icons (#1760) --- .../{logo-librewolf.png => icon-librewolf.png} | Bin wikipiki/{logo-mull.png => icon-mull.png} | Bin wikipiki/icon-mullvadbrowser.png | Bin 0 -> 1237 bytes wikipiki/icon-torbrowser.png | Bin 0 -> 2044 bytes 4 files changed, 0 insertions(+), 0 deletions(-) rename wikipiki/{logo-librewolf.png => icon-librewolf.png} (100%) rename wikipiki/{logo-mull.png => icon-mull.png} (100%) create mode 100644 wikipiki/icon-mullvadbrowser.png create mode 100644 wikipiki/icon-torbrowser.png diff --git a/wikipiki/logo-librewolf.png b/wikipiki/icon-librewolf.png similarity index 100% rename from wikipiki/logo-librewolf.png rename to wikipiki/icon-librewolf.png diff --git a/wikipiki/logo-mull.png b/wikipiki/icon-mull.png similarity index 100% rename from wikipiki/logo-mull.png rename to wikipiki/icon-mull.png diff --git a/wikipiki/icon-mullvadbrowser.png b/wikipiki/icon-mullvadbrowser.png new file mode 100644 index 0000000000000000000000000000000000000000..f5381b62a0d4809a258f70acad763ba9c1f25af1 GIT binary patch literal 1237 zcmV;`1SNkl9LFe#n)J+=hXhGahUuQ3?mp#^;vAZ}c5ii&Z*lJ_PF0<+>Z^0P{M)z% z(Seb}Cq@R>lwLu$ivVN-jLvn22*KR$Kn4U1hscOw8Nq_vfyzR&d9?cR(ds`E*!0X> zr!wgX21o{$_RSx@BQRehq0TjcnYmMnb;yl(=01AqC=QBrqP?^^kb!wVP>MCfBoh*5 z&Lc94zR3cNJPaAeE*yCRVY!*k#LUL~|B?an;x${l&DR~;rF}CuCDxa#Di>Ob#!4KR znH+Q_V67TR=2X%1W1o{i#)p;t%r36OItr9fFc1id;ZmI=<7Y54vdp{n#!rU;6u?AJ z0?QaE&BXdTAj}G2B_66>qVj7$fQS%SVq`pi`vv|tP^73j<`NNF4crSs)}27RxrBiD zc>2l9SQ}_(5CoH>O#ZRJ%#D&Egh3og35^dmd0>U~;d?I83`WaDD}a5mM4U_O-GL={ zh?$FqGO$8`ws>&I91|Dsq%ytaPHAG?cxo#g7{5euut^p~$^6QOW&^Nzcy|J{8U(LK zz8fI;J)mg}6oFhr%=6dl;LvCLh!EwE+NWwOB*7Vxf_2(6`bVGunea7UT6 z`U~T+eQow^|B;Dbp5WrOKcfHuniyNhW82Q4ffj}X;rcX}qJ=~+2^wI+@GBD&Af@-% z#>*VoI?vSHT1{Q4B8iWSL1dmyfz>wr=tUH0wTqahOo}|M;hRSXB z-u*4-FCOCD>{S!e#Q1jhY@0;=Eli}T1bKM7Aq)a$JtYXsHIT?bFuz!2cx?+Z7#o{o z-;N58%#Ep9uiO4@Ga4S9hk_wfBH<9hB|t(J)P;aEAOvqeSS$b#)4!J?l$p415fuab z?*EGKetv;QtEGMSypLAM0ZdoQ%-4!MynWFlGrwKn(weEq5H35@0PxY1G%Ez5oHfJimssQ?g^v2B8>7`VIi72LWfAzHfL?Vi9g8dhJv{ z2j6W#meDs*qp!b~{9b%}09wm3Ye&sNHzi0pMXzgUMkdKDVA0!Btasu2(h7+I?pPnd zoFgWte=9I^RX{-U5aJ~Y0eKEWF9NK-rvfRSV?-Q3)z2#UcnOhUxaDH{zJ&6BQVAZ9 z<&yY29Yh{T5)sPxI?FQQ3AzzTXDc0~m^@|lD)Pl!=QLL^2Ap<5>aIQ?0f$>|abn04y!UcCvVmV=I;9E3bU zPvhFir@I$Vo+&bBb%&I*_09xHy2o)l7nvQH9DbYLuY|crC z;(@t;8%v8QvHSQc*(ijmW>$ZdYPHIL1-I}wde@9m!FAfg00000NkvXXu0mjfs$V|y literal 0 HcmV?d00001 diff --git a/wikipiki/icon-torbrowser.png b/wikipiki/icon-torbrowser.png new file mode 100644 index 0000000000000000000000000000000000000000..ad7e8d1d3e70ad8a3262ccc4a4baacf91a2131b5 GIT binary patch literal 2044 zcmVex465A$CF{)K{DF#9M>93Y7Od>27R{=&sFe`?-bVZdZb19yzS1wT!oxslJOBMwkvk2ASx%GmE>wRKVSjbRt_wVPQPL=m`&N zbAejUe?#9acdcW>Xm6bO?Cc>UB?g5dh+`-CM!-LzXtsrJhYL2)J@W$}$-s$S(?!^cSJORqG3u1;X|`n)p$X6| zL_PfOZN7~9ih%clKx5W{W2X2{i&QpA5C5ou{B{%bml}BEXBDktLIvK+j>8i>7S}Q0 z!#HTB6UDI2Lm@q5w}obcBm=S$a9h61dAYkxY`Wh<@7Ge;`<*PZY*5Z!TM2OPrwgb| z`sljP!uCg9YA_3aAo6uLHTWMP@I!IPun`#umBd4S29o};MZXS#i0558<%!AH*0B69 zA8y`2KZDq|&q2T_t1BU1e_lC?T~DN8BuRxr1mb(gi&qOVfM4yraeyo;N{*Ta0vR*S zfHI^#mU=)muG`*CpKgvd#OO;N-g{+LNptr%GAjOZ&eBW+<7YfrDZCWbQCk?3r>*zgxq~tdBc(J4m>sK=~o|#{j}0?2{F*MYCx0vIR&!)g6UFN=2@B zvIcq|NlDM7c=6A3tIFf8pLZz;AXs=}`a(_hx!ndyP#lV)Y@14efhhP)mlcRsoe}Nj zr!8-FK_T@-Ypk%%f}LY#mIdao)>U7+JE63sayr!WOcr7gsw6MO03_;qJ%A$&G;2JX zB{W2r>x3p?_m74hB- zgyKKi0wQlC812Rvt~GG^l{IG4VNnU}+?Q7U_#m72-~zDCfdfwQcz zzBSK>lQa3vK&-d;D`QciF9GECPN+W|qkOUuEh8l`$c0e=vy$ zo-8PEXP%uEGS>3D{g3Aq+JF3EQHoMAz@ItW(tzofjYgxgx)Ky*4R=z!7b~ShG`C>U z@?I7!tqJbse5YJD*ZTepiv8O7Uw$)(sgartq4b>gJeEU+8JRr4$^ay-V&WIxJ*Q&^ zN{hTR2`b62&)=vj!bz0@eW;1g0a23bLyig$eeqkJ*z;Hxot%c=ypJa@)vW?|58h{COz8oIW)I^7~c>V$}PVaY(m&g_*M ztt|z(`F?=P2L=psxvD4OWC%|WeFpi>CZ@`3`0L4eX!gV;7rq!kyc;SO5FV56c@-av zb9H?fKn#PZnFSPg()mADaQW30+?uNE0mhnRqfeK%qNmqY)Sr2FrY(lX(Nguk39M6e z+x7j-_;KzWlxVVXvq1@Q?b%F)q_W$g){;Wqc?(fd#*zVOtY>PU8Nq>2}R zd>u7U!{w!==T`1ncO?7BL+KCF<0tuXP%bkqLVlAYGC32XC52d<#q;#5pnHCF#No?>+pwdeeALPNM^jmE)F0f&$5WJ9k$94+cDzeaMxF_ ztNE5~qFza3dD_DGpBt#H>MdQfgP{+5z99h3#MnXp$WbCbtVBALDkd_7?W%ag>Ey~* zC#o&+X{So-a+YT<^5%Q&Id50#<7{mBui2n`sc4wyK~Bm;Y`fT68BqX=Xl|-h0-yy@ z_{+dtEtMAg7ysM$Z~LE9c^%1KIlv`!zd_W;Rj`i%<<({-J>}xU7|wF6PX}hTypiEg a&Gm1|sgw5)O}6a-0000 Date: Fri, 10 Nov 2023 20:52:23 -0300 Subject: [PATCH 56/78] Correct archived version link in arkenfox-cleanup.js (#1763) --- scratchpad-scripts/arkenfox-cleanup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 18de648..1e8df4d 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - There is an archived version at https://github.com/arkenfox/user.js/issues/1080 + There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list prior to FF118 Last updated: 2-November-2023 From f95c6829fe3c0fcc478756d7acbc55020d78b141 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 19 Nov 2023 09:56:47 +0000 Subject: [PATCH 57/78] fixup date/reference --- scratchpad-scripts/arkenfox-cleanup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1e8df4d..6956979 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -4,7 +4,7 @@ - deprecated by Mozilla but listed in the arkenfox user.js in the past There is an archived version at https://github.com/arkenfox/user.js/issues/123 - if you want the full list prior to FF118 + if you want the full list since jesus Last updated: 2-November-2023 From fd72683abe15de5cf57574125b64879e809cf5c4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 20 Nov 2023 02:49:16 +0000 Subject: [PATCH 58/78] v119 (#1757) --- user.js | 98 ++++++++++++++++++++++----------------------------------- 1 file changed, 37 insertions(+), 61 deletions(-) diff --git a/user.js b/user.js index 4798b8a..1772671 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 18 October 2023 -* version: 118 +* date: 20 November 2023 +* version: 119 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -40,7 +40,7 @@ * INDEX: 0100: STARTUP - 0200: GEOLOCATION / LANGUAGE / LOCALE + 0200: GEOLOCATION 0300: QUIETER FOX 0400: SAFE BROWSING 0600: BLOCK IMPLICIT OUTBOUND @@ -100,7 +100,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); -/*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ +/*** [SECTION 0200]: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+] * Optionally enable logging to the console (defaults to false) ***/ @@ -109,16 +109,8 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ /* 0202: disable using the OS's geolocation service ***/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] -user_pref("geo.provider.use_gpsd", false); // [LINUX] +user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] -/* 0210: set preferred language for displaying pages - * [SETTING] General>Language and Appearance>Language>Choose your preferred language... - * [TEST] https://addons.mozilla.org/about ***/ -user_pref("intl.accept_languages", "en-US, en"); -/* 0211: use en-US locale regardless of the system or region locale - * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ -user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); @@ -268,7 +260,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost user_pref("network.proxy.socks_remote_dns", true); /* 0703: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ + * [1] https://bugzilla.mozilla.org/1413868 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0704: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, @@ -297,8 +289,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 3); -/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/ -user_pref("network.dns.skipTRR-when-parental-control-enabled", false); /* 0712: set DoH provider * The custom uri is the value shown when you "Choose provider>Custom>" * [NOTE] If you USE custom then "network.trr.uri" should be set the same @@ -311,11 +301,11 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar making speculative connections [FF56+] * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0802: disable location bar contextual suggestions [FF92+] +/* 0802: disable location bar contextual suggestions * [SETTING] Privacy & Security>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] /* 0803: disable live search suggestions * [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine @@ -354,6 +344,10 @@ user_pref("browser.formfill.enable", false); * [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) * [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ // user_pref("layout.css.visited_links_enabled", false); +/* 0830: enable separate default search engine in Private Windows and its UI setting + * [SETTING] Search>Default Search Engine>Choose a different default search engine for Private Windows only ***/ +user_pref("browser.search.separatePrivateDefault", true); // [FF70+] +user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+] /*** [SECTION 0900]: PASSWORDS [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas @@ -396,7 +390,7 @@ user_pref("browser.sessionstore.privacy_level", 2); /* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); -/* 1006: disable favicons in shortcuts +/* 1006: disable favicons in shortcuts [WINDOWS] * URL shortcuts use a cached randomly named .ico file which is stored in your * profile/shortcutCache directory. The .ico remains after the shortcut is deleted * If set to false then the shortcuts use a generic Firefox icon ***/ @@ -417,7 +411,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -462,7 +456,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); * 0 = disabled * 1 = consult CRLite but only collect telemetry * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results - * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+, default FF100+) + * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071 * [2] https://blog.mozilla.org/security/tag/crlite/ ***/ user_pref("security.remote_settings.crlite_filters.enabled", true); @@ -471,7 +465,7 @@ user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ /* 1241: disable insecure passive content (such as images) on https pages ***/ // user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244) -/* 1244: enable HTTPS-Only mode in all windows [FF76+] +/* 1244: enable HTTPS-Only mode in all windows * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail) * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) @@ -603,12 +597,13 @@ user_pref("browser.download.manager.addToRecentDocs", false); user_pref("browser.download.always_ask_before_handling_new_types", true); /** EXTENSIONS ***/ -/* 2660: lock down allowed extension directories - * [SETUP-CHROME] This will break extensions, language packs, themes and any other - * XPI files which are installed outside of profile and application directories +/* 2660: limit allowed extension directories + * 1=profile, 2=user, 4=application, 8=system, 16=temporary, 31=all + * The pref value represents the sum: e.g. 5 would be profile and application directories + * [SETUP-CHROME] Breaks usage of files which are installed outside allowed directories * [1] https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] -user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] + // user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2661: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); @@ -625,7 +620,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ -user_pref("browser.contentblocking.category", "strict"); +user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] /* 2702: disable ETP web compat features [FF93+] * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants * Opener and redirect heuristics are granted for 30 days, see [3] @@ -703,7 +698,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 - 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API version: android version spoofed as ESR (FF119 or lower) OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android @@ -716,7 +710,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1369309 - spoof media statistics 1382499 - reduce screen co-ordinate fingerprinting in Touch API 1217290 & 1409677 - enable some fingerprinting resistance for WebGL - 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist FF58+ 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) @@ -741,7 +734,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) - 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) + 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100-115) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) 1794628 - return "none" with inverted-colors (FF114) @@ -973,10 +966,9 @@ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] -/* 6009: enforce SmartBlock shims [FF81+] - * In FF96+ these are listed in about:compat +/* 6009: enforce SmartBlock shims (about:compat) [FF81+] * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ -user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] +user_pref("extensions.webcompat.enable_shims", true); // [HIDDEN PREF] [DEFAULT: true] /* 6010: enforce no TLS 1.0/1.1 downgrades * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] @@ -987,38 +979,13 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6012: enforce Quarantined Domains [FF115+] * [WHY] https://support.mozilla.org/kb/quarantined-domains */ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/ - // user_pref("beacon.enabled", ""); - // user_pref("browser.startup.blankWindow", ""); - // user_pref("browser.newtab.preload", ""); - // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); - // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); - // user_pref("browser.region.network.url", ""); - // user_pref("browser.region.update.enabled", ""); - // user_pref("browser.ssl_override_behavior", ""); - // user_pref("devtools.chrome.enabled", ""); - // user_pref("dom.disable_beforeunload", ""); - // user_pref("dom.disable_open_during_load", ""); - // user_pref("extensions.formautofill.available", ""); - // user_pref("extensions.formautofill.addresses.supported", ""); - // user_pref("extensions.formautofill.creditCards.available", ""); - // user_pref("extensions.formautofill.creditCards.supported", ""); - // user_pref("middlemouse.contentLoadURL", ""); -/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ +/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ // user_pref("accessibility.force_disabled", ""); - // user_pref("browser.fixup.alternate.enabled", ""); // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); // user_pref("network.protocol-handler.external.ms-windows-store", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); // user_pref("privacy.partition.serviceWorkers", ""); -/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/ - // user_pref("browser.cache.offline.enable", ""); - // user_pref("extensions.formautofill.heuristics.enabled", ""); - // user_pref("network.cookie.lifetimePolicy", ""); - // user_pref("privacy.clearsitedata.cache.enabled", ""); - // user_pref("privacy.resistFingerprinting.testGranularityMask", ""); - // user_pref("security.pki.sha1_enforcement_level", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1103,7 +1070,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.partition.network_state.ocsp_cache", true); - // user_pref("privacy.query_stripping.enabled", true); // [FF101+] [ETP FF102+] + // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] @@ -1160,7 +1127,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan /*** [SECTION 9000]: NON-PROJECT RELATED ***/ user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); /* 9001: disable welcome notices ***/ -user_pref("browser.startup.homepage_override.mstone", "ignore"); +user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF] /* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); @@ -1209,6 +1176,15 @@ user_pref("security.family_safety.mode", 0); // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion // [-] https://bugzilla.mozilla.org/1697151 // user_pref("permissions.delegation.enabled", false); +// FF119 +// 0211: use en-US locale regardless of the system or region locale + // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 + // [-] https://bugzilla.mozilla.org/1846224 + // user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] +// 0711: disable skipping DoH when parental controls are enabled [FF70+] + // [-] https://bugzilla.mozilla.org/1586941 +user_pref("network.dns.skipTRR-when-parental-control-enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From e4dd5aa4283560e538b4009039175018e24cdc28 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 24 Nov 2023 13:35:14 +0000 Subject: [PATCH 59/78] updater.sh v4.0 - removed group root/wheel check --- updater.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/updater.sh b/updater.sh index 88e6e33..72c77fc 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.9 +## version: 4.0 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -393,11 +393,11 @@ update_updater "$@" getProfilePath # updates PROFILE_PATH or exits on error cd "$PROFILE_PATH" || exit 1 -# Check if any files have the owner/group as root/wheel. -if [ -n "$(find ./ -user 0 -o -group 0)" ]; then +# Check if any files have the owner as root/wheel. +if [ -n "$(find ./ -user 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 + find . -user 0 cd "$CURRDIR" exit 1 fi From 4a510a4b4ceda8a177831a77309f2faccf7e18d5 Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 24 Nov 2023 13:38:25 +0000 Subject: [PATCH 60/78] prefsCleaner.sh v2.1 - remove group root/wheel check --- prefsCleaner.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 6586609..b9739b2 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 2.0 +## version: 2.1 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -132,13 +132,13 @@ done ## change directory to the Firefox profile directory cd "$(dirname "${SCRIPT_FILE}")" -# Check if running as root and if any files have the owner/group as root/wheel. +# Check if running as root and if any files have the owner as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)." -elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then +elif [ -n "$(find ./ -user 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, you will need to change ownership of the following files to your user:\n' - find . -user 0 -o -group 0 + find . -user 0 fQuit 1 fi @@ -148,7 +148,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v2.0 ║" +echo " ║ v2.1 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 33a84b608c8a1f871c6ce9c4d2b932dc57078fae Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 4 Feb 2024 20:09:30 +0000 Subject: [PATCH 61/78] v122 (#1764) --- user.js | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/user.js b/user.js index 1772671..bd7c46f 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 20 November 2023 -* version: 119 +* date: 5 February 2024 +* version: 122 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -56,6 +56,7 @@ 2600: MISCELLANEOUS 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING + 4000: FPP (fingerprintingProtection) 4500: RFP (resistFingerprinting) 5000: OPTIONAL OPSEC 5500: OPTIONAL HARDENING @@ -686,8 +687,32 @@ user_pref("privacy.cpd.cookies", false); * which will display a blank value, and are not guaranteed to work ***/ user_pref("privacy.sanitize.timeSpan", 0); +/*** [SECTION 4000]: FPP (fingerprintingProtection) + RFP (4501) overrides FPP + + In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled + by ETP (2701). FPP will also use Remote Services in future to relax FPP protections + on a per site basis for compatibility (pref coming). + + 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) + https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc + 1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+) +***/ +user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); +/* 4001: enable FPP in PB mode [FF114+] + * [NOTE] In FF119+, FPP for all modes (7106) is enabled with ETP Strict (2701) ***/ + // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] +/* 4002: set global FPP overrides [FF114+] + * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are + * not used by RFP) e.g. "+AllTargets,-CSSPrefersColorScheme" or "-AllTargets,+CanvasRandomization" + * [NOTE] Be aware that not all RFP protections are necessarily in RFPTargets + * [WARNING] Not recommended. Either use RFP or FPP at defaults + * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ + // user_pref("privacy.fingerprintingProtection.overrides", ""); + /*** [SECTION 4500]: RFP (resistFingerprinting) - RFP covers a wide range of ongoing fingerprinting solutions. + RFP overrides FPP (4000) + It is an all-or-nothing buy in: you cannot pick and choose what parts you want [TEST] https://arkenfox.github.io/TZP/tzp.html @@ -741,8 +766,8 @@ user_pref("privacy.sanitize.timeSpan", 0); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP - * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar - * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme + * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar. + * RFP also has a few side effects: mainly timezone is UTC, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); // [FF41+] @@ -1069,7 +1094,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] - // user_pref("privacy.partition.network_state.ocsp_cache", true); + // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+] // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); From c2f191448c0af23c961053b8e450f6c8a71e5567 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 6 Jun 2024 20:21:14 +0000 Subject: [PATCH 62/78] v126 (#1816) --- user.js | 127 +++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 89 insertions(+), 38 deletions(-) diff --git a/user.js b/user.js index bd7c46f..fdc692e 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 5 February 2024 -* version: 122 +* date: 7 June 2024 +* version: 126 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -35,7 +35,7 @@ - It is recommended to not use the updater, or you will get a later version which may cause issues. So you should manually append your overrides (and keep a copy), and manually update when you change ESR releases (arkenfox is already past that release) - - If you decide to keep updating, then the onus is on - also see section 9999 + - If you decide to keep updating, then the onus is on you - also see section 9999 * INDEX: @@ -95,8 +95,8 @@ user_pref("browser.startup.homepage", "about:blank"); user_pref("browser.newtabpage.enabled", false); /* 0105: disable sponsored content on Firefox Home (Activity Stream) * [SETTING] Home>Firefox Home Content ***/ -user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] Pocket > Sponsored Stories -user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Sponsored shortcuts +user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] +user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Shortcuts>Sponsored shortcuts /* 0106: clear default topsites * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); @@ -158,9 +158,6 @@ user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] user_pref("toolkit.coverage.endpoint.base", ""); -/* 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - * Defense-in-depth: currently covered by 0331 ***/ -user_pref("browser.ping-centre.telemetry", false); /* 0335: disable Firefox Home (Activity Stream) telemetry ***/ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); @@ -303,12 +300,14 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); /* 0802: disable location bar contextual suggestions - * [SETTING] Privacy & Security>Address Bar>Suggestions from... + * [NOTE] The UI is controlled by the .enabled pref + * [SETTING] Search>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ -user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] + // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false] + // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false] + // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false] /* 0803: disable live search suggestions - * [NOTE] Both must be true for the location bar to work + * [NOTE] Both must be true for live search to work in the location bar * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); @@ -321,8 +320,9 @@ user_pref("browser.urlbar.addons.featureGate", false); // [FF115+] user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF] user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false] user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] +user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ - // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false] + // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: true FF125+] /* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) @@ -332,7 +332,7 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa user_pref("browser.formfill.enable", false); /* 0815: disable tab-to-search [FF85+] * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/ + * [SETTING] Search>Address Bar>When using the address bar, suggest>Search engines ***/ // user_pref("browser.urlbar.suggest.engines", false); /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive @@ -412,7 +412,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (May 2024) reports over 99.7% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -517,6 +517,12 @@ user_pref("privacy.userContext.ui.enabled", true); * [NOTE] The menu is always shown on long press and right click * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); +/* 1703: set external links to open in site-specific containers [FF123+] + * [SETUP-WEB] Depending on your container extension(s) and their settings + * true=Firefox will not choose a container (so your extension can) + * false=Firefox will choose the container/no-container (default) + * [1] https://bugzilla.mozilla.org/1874599 ***/ + // user_pref("browser.link.force_default_user_context_id_for_external_opens", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); @@ -583,6 +589,11 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.enableScripting", false); // [FF86+] /* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX] +/* 2630: disable content analysis by DLP (Data Loss Prevention) agents + * DLP agents are background processes on managed computers that allow enterprises to monitor locally running + * applications for data exfiltration events, which they can allow/block based on customer defined DLP policies. + * [1] https://github.com/chromium/content_analysis_sdk */ +user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false] /** DOWNLOADS ***/ /* 2651: enable user interaction for security by always asking where to download @@ -636,51 +647,70 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!" * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/ /* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] If "history" is true, downloads will also be cleared - * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies - * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ + * [NOTE] If "history" is true, downloads will also be cleared ***/ user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true] user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true] // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] + // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false] /* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+] * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) * [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); -/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ ***/ +/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/ /* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below). * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) + * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings + * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ user_pref("privacy.clearOnShutdown.cookies", true); // Cookies user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data +user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+] -/** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/ -/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME] - * This dialog can also be accessed from the menu History>Clear Recent History +/** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+] + * Firefox remembers your last choices. This will reset them when you start Firefox + * [SETTING] Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data ***/ +user_pref("privacy.clearSiteData.cache", true); +user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions +user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true); + // user_pref("privacy.clearSiteData.siteSettings", false); + +/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/ +/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] * Firefox remembers your last choices. This will reset them when you start Firefox * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog - * for "Clear Recent History" is opened, it is synced to the same as "history" ***/ + * for "Clear Recent History" is opened, it is synced to the same as "history" + * [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/ user_pref("privacy.cpd.cache", true); // [DEFAULT: true] +user_pref("privacy.clearHistory.cache", true); user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] user_pref("privacy.cpd.history", true); // [DEFAULT: true] + // user_pref("privacy.cpd.downloads", true); // not used, see note above +user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); +user_pref("privacy.cpd.cookies", false); user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false] -user_pref("privacy.cpd.cookies", false); - // user_pref("privacy.cpd.downloads", true); // not used, see note above +user_pref("privacy.clearHistory.cookiesAndStorage", false); // user_pref("privacy.cpd.openWindows", false); // Session Restore // user_pref("privacy.cpd.passwords", false); // user_pref("privacy.cpd.siteSettings", false); -/* 2822: reset default "Time range to clear" for "Clear Recent History" (2820) + // user_pref("privacy.clearHistory.siteSettings", false); + +/** SANITIZE MANUAL: TIMERANGE ***/ +/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, @@ -692,15 +722,15 @@ user_pref("privacy.sanitize.timeSpan", 0); In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled by ETP (2701). FPP will also use Remote Services in future to relax FPP protections - on a per site basis for compatibility (pref coming). + on a per site basis for compatibility (4003). 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc 1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+) ***/ -user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); +user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); /* 4001: enable FPP in PB mode [FF114+] - * [NOTE] In FF119+, FPP for all modes (7106) is enabled with ETP Strict (2701) ***/ + * [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/ // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] /* 4002: set global FPP overrides [FF114+] * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are @@ -709,6 +739,8 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); * [WARNING] Not recommended. Either use RFP or FPP at defaults * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ // user_pref("privacy.fingerprintingProtection.overrides", ""); +/* 4003: disable remote FPP overrides [FF127+] ***/ + // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled"; false); /*** [SECTION 4500]: RFP (resistFingerprinting) RFP overrides FPP (4000) @@ -720,7 +752,6 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); 418986 - limit window.screen & CSS media queries (FF41) 1281949 - spoof screen orientation (FF50) - 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1333651 - spoof User Agent & Navigator API @@ -740,7 +771,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" Block: suppresses the ondevicechange event - 1039069 - warn when language prefs are not set to "en*" (also see 0210, 0211) (FF59) + 1039069 - warn when language prefs are not set to "en*" (FF59) 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59) Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. @@ -763,6 +794,9 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) 1794628 - return "none" with inverted-colors (FF114) + 1554751 - return devicePixelRatio as 2 (previously FF41+ was 1) (FF127) + 1787790 - normalize system fonts (FF128) + 1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP @@ -796,6 +830,12 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] * [WARNING] DO NOT USE unless testing, see [1] comment 12 * [1] https://bugzilla.mozilla.org/1635603 ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); +/* 4506: disable RFP spoof english prompt [FF59+] + * 0=prompt, 1=disabled, 2=enabled (requires RFP) + * [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset. + * [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale. + * [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/ +user_pref("privacy.spoof_english", 1); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] @@ -867,7 +907,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * [1] https://bugzilla.mozilla.org/1281959 ***/ // user_pref("browser.download.forbid_open_with", true); /* 5010: disable location bar suggestion types - * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/ + * [SETTING] Search>Address Bar>When using the address bar, suggest ***/ // user_pref("browser.urlbar.suggest.history", false); // user_pref("browser.urlbar.suggest.bookmark", false); // user_pref("browser.urlbar.suggest.openpage", false); @@ -1108,7 +1148,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/ // user_pref("dom.webnotifications.enabled", false); /* 7019: disable Push Notifications [FF44+] - * [WHY] Push requires subscription + * [WHY] Website "push" requires subscription, and the API is required for CRLite (1224) * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" * [1] https://support.mozilla.org/kb/push-notifications-firefox ***/ // user_pref("dom.push.enabled", false); @@ -1119,6 +1159,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ // user_pref("media.peerconnection.enabled", false); +/* 7021: enable GPC (Global Privacy Control) in non-PB windows + * [WHY] Passive and active fingerprinting. Mostly redundant with Tracking Protection + * in ETP Strict (2701) and sanitizing on close (2800s) ***/ + // user_pref("privacy.globalprivacycontrol.enabled", true); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good @@ -1156,8 +1200,6 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF /* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); -/* 9003: disable What's New toolbar icon [FF69+] ***/ -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); /* 9004: disable search terms [FF110+] * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/ user_pref("browser.urlbar.showSearchTerms.enabled", false); @@ -1210,6 +1252,15 @@ user_pref("security.family_safety.mode", 0); // 0711: disable skipping DoH when parental controls are enabled [FF70+] // [-] https://bugzilla.mozilla.org/1586941 user_pref("network.dns.skipTRR-when-parental-control-enabled", false); +// FF123 +// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] + // Defense-in-depth: currently covered by 0331 + // [-] https://bugzilla.mozilla.org/1868988 +user_pref("browser.ping-centre.telemetry", false); +// FF126 +// 9003: disable What's New toolbar icon [FF69+] + // [-] https://bugzilla.mozilla.org/1724300 +user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/ From 9655743d8cc558e04e0742ff10d51cdda1b3c9ff Mon Sep 17 00:00:00 2001 From: eleius <42178466+eleius@users.noreply.github.com> Date: Fri, 7 Jun 2024 20:53:34 +0000 Subject: [PATCH 63/78] fixup missing semicolon (#1850) --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index fdc692e..01954cc 100644 --- a/user.js +++ b/user.js @@ -677,7 +677,7 @@ user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [F user_pref("privacy.clearOnShutdown.cookies", true); // Cookies user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+] +user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+] /** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+] From 47cbf5b9740ef59ed866874346d3fee3379f8da3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 7 Jun 2024 21:36:53 +0000 Subject: [PATCH 64/78] fixup sysntax, tidy --- user.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user.js b/user.js index 01954cc..8087d85 100644 --- a/user.js +++ b/user.js @@ -322,7 +322,7 @@ user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: fal user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ - // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: true FF125+] + // user_pref("browser.urlbar.clipboard.featureGate", false); /* 0810: disable search and form history * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) @@ -740,7 +740,7 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ // user_pref("privacy.fingerprintingProtection.overrides", ""); /* 4003: disable remote FPP overrides [FF127+] ***/ - // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled"; false); + // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); /*** [SECTION 4500]: RFP (resistFingerprinting) RFP overrides FPP (4000) From 6446d73cf572fcdf631534a5a51276a64eec4a2d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 14 Jun 2024 06:14:26 +0000 Subject: [PATCH 65/78] add deprecated since FF119 --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6956979..1948d07 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 2-November-2023 + Last updated: 14-June-2024 Instructions: - [optional] close Firefox and backup your profile @@ -36,6 +36,8 @@ const aPREFS = [ /* DEPRECATED */ /* 116-128 */ + 'browser.messaging-system.whatsNewPanel.enabled', // 126 + 'browser.ping-centre.telemetry', // 123 'dom.webnotifications.serviceworker.enabled', // 117 'javascript.use_us_english_locale', // 119 'layout.css.font-visibility.private', // 118 From 23caf6961483e0e55544cd4f3594734d0aa35cf0 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 22 Jun 2024 15:44:54 +0000 Subject: [PATCH 66/78] v127 deprecated --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 1948d07..5155259 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 14-June-2024 + Last updated: 23-June-2024 Instructions: - [optional] close Firefox and backup your profile @@ -36,6 +36,7 @@ const aPREFS = [ /* DEPRECATED */ /* 116-128 */ + 'browser.contentanalysis.default_allow', // 127 'browser.messaging-system.whatsNewPanel.enabled', // 126 'browser.ping-centre.telemetry', // 123 'dom.webnotifications.serviceworker.enabled', // 117 @@ -47,6 +48,7 @@ 'network.dns.skipTRR-when-parental-control-enabled', // 119 'permissions.delegation.enabled', // 118 'security.family_safety.mode', // 117 + 'widget.non-native-theme.enabled', // 127 /* 103-115 */ 'browser.cache.offline.enable', // 115 'extensions.formautofill.heuristics.enabled', // 114 From ff5c959cb9b5a65ede9aab82b00cbb283b160e14 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 9 Jul 2024 05:49:23 +0000 Subject: [PATCH 67/78] geo.provider* --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 5155259..50bcb8a 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 23-June-2024 + Last updated: 9-July-2024 Instructions: - [optional] close Firefox and backup your profile @@ -75,6 +75,8 @@ 'browser.fixup.alternate.enabled', 'browser.taskbar.previews.enable', 'browser.urlbar.dnsResolveSingleWordsAfterSearch', + 'geo.provider.network.url', + 'geo.provider.network.logging.enabled', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', 'privacy.partition.always_partition_third_party_non_cookie_storage', From 11582f905a21971eb5869b48ef8c3f2d4eac4d89 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 6 Aug 2024 04:37:00 +0000 Subject: [PATCH 68/78] geo.provider.use_gpsd https://bugzilla.mozilla.org/show_bug.cgi?id=1803234 - removed in FF131 and it doesn't work: https://bugzilla.mozilla.org/show_bug.cgi?id=1763347 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 50bcb8a..21e3438 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 9-July-2024 + Last updated: 6-August-2024 Instructions: - [optional] close Firefox and backup your profile @@ -77,6 +77,7 @@ 'browser.urlbar.dnsResolveSingleWordsAfterSearch', 'geo.provider.network.url', 'geo.provider.network.logging.enabled', + 'geo.provider.use_gpsd', 'media.gmp-widevinecdm.enabled', 'network.protocol-handler.external.ms-windows-store', 'privacy.partition.always_partition_third_party_non_cookie_storage', From f906f7f3b41fe3f6aaa744980431f4fdcd086379 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 26 Aug 2024 08:41:28 +0000 Subject: [PATCH 69/78] v128 (#1862) --- user.js | 122 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 53 deletions(-) diff --git a/user.js b/user.js index 8087d85..1dbf7d2 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 7 June 2024 -* version: 126 +* date: 26 August 2024 +* version: 128 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -57,7 +57,7 @@ 2700: ETP (ENHANCED TRACKING PROTECTION) 2800: SHUTDOWN & SANITIZING 4000: FPP (fingerprintingProtection) - 4500: RFP (resistFingerprinting) + 4500: OPTIONAL RFP (resistFingerprinting) 5000: OPTIONAL OPSEC 5500: OPTIONAL HARDENING 6000: DON'T TOUCH @@ -103,14 +103,9 @@ user_pref("browser.newtabpage.activity-stream.default.sites", ""); /*** [SECTION 0200]: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); -/* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+] - * Optionally enable logging to the console (defaults to false) ***/ -user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); - // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF] /* 0202: disable using the OS's geolocation service ***/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] -user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] /*** [SECTION 0300]: QUIETER FOX ***/ @@ -236,7 +231,7 @@ user_pref("network.prefetch-next", false); /* 0602: disable DNS prefetching * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/ user_pref("network.dns.disablePrefetch", true); - // user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true] +user_pref("network.dns.disablePrefetchFromHTTPS", true); /* 0603: disable predictor / prefetching ***/ user_pref("network.predictor.enabled", false); user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false] @@ -284,7 +279,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" * [SETTING] Privacy & Security>DNS over HTTPS * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy - * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https + * [3] https://support.mozilla.org/kb/firefox-dns-over-https * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 3); /* 0712: set DoH provider @@ -303,13 +298,13 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false); * [NOTE] The UI is controlled by the .enabled pref * [SETTING] Search>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ - // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false] - // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false] - // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false] +user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] +user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] /* 0803: disable live search suggestions * [NOTE] Both must be true for live search to work in the location bar * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine - * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ + * [SETTING] Search>Show search suggestions | Show search suggestions in address bar results ***/ user_pref("browser.search.suggest.enabled", false); user_pref("browser.urlbar.suggest.searches", false); /* 0805: disable urlbar trending search suggestions [FF118+] @@ -323,9 +318,13 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ // user_pref("browser.urlbar.clipboard.featureGate", false); +/* 0808: disable recent searches [FF120+] + * [NOTE] Recent searches are cleared with history (2811) + * [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/ + // user_pref("browser.urlbar.recentsearches.featureGate", false); /* 0810: disable search and form history - * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [NOTE] We also clear formdata on exit (2811) + * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html * [2] https://bugzilla.mozilla.org/381681 ***/ @@ -377,8 +376,8 @@ user_pref("network.auth.subresource-http-auth-allow", 1); /*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache - * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this - * [NOTE] We also clear cache on exit (2811) ***/ + * [NOTE] We also clear cache on exit (2811) + * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/ user_pref("browser.cache.disk.enable", false); /* 1002: disable media cache from writing to disk in Private Browsing * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ @@ -530,7 +529,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); /* 2003: force a single network interface for ICE candidates generation [FF42+] * When using a system-wide proxy, it uses the proxy interface - * [1] https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate + * [1] https://developer.mozilla.org/docs/Web/API/RTCIceCandidate * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/ user_pref("media.peerconnection.ice.default_address_only", true); /* 2004: force exclusion of private IPs from ICE candidates [FF51+] @@ -592,8 +591,10 @@ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: fa /* 2630: disable content analysis by DLP (Data Loss Prevention) agents * DLP agents are background processes on managed computers that allow enterprises to monitor locally running * applications for data exfiltration events, which they can allow/block based on customer defined DLP policies. + * 0=Block all requests, 1=Warn on all requests (which lets the user decide), 2=Allow all requests * [1] https://github.com/chromium/content_analysis_sdk */ -user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false] +user_pref("browser.contentanalysis.enabled", false); // [FF121+] [DEFAULT: false] +user_pref("browser.contentanalysis.default_result", 0); // [FF127+] [DEFAULT: 0] /** DOWNLOADS ***/ /* 2651: enable user interaction for security by always asking where to download @@ -638,12 +639,14 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] * Opener and redirect heuristics are granted for 30 days, see [3] * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/ * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 - * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ + * [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/ // user_pref("privacy.antitracking.enableWebcompat", false); /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2810: enable Firefox to clear items on shutdown + * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and + * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); @@ -665,9 +668,8 @@ user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [F /** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/ /* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below). - * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for - * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) + * [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins, + * add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) @@ -722,7 +724,9 @@ user_pref("privacy.sanitize.timeSpan", 0); In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled by ETP (2701). FPP will also use Remote Services in future to relax FPP protections - on a per site basis for compatibility (4003). + on a per site basis for compatibility (4004). + + https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc @@ -733,19 +737,27 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); * [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/ // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] /* 4002: set global FPP overrides [FF114+] - * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are - * not used by RFP) e.g. "+AllTargets,-CSSPrefersColorScheme" or "-AllTargets,+CanvasRandomization" - * [NOTE] Be aware that not all RFP protections are necessarily in RFPTargets - * [WARNING] Not recommended. Either use RFP or FPP at defaults + * uses "RFPTargets" [1] which despite the name these are not used by RFP + * e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone + * e.g. "-AllTargets,+CanvasRandomization,+JSDateTimeUTC" = no targets but do use FPP canvas and change timezone + * [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/ // user_pref("privacy.fingerprintingProtection.overrides", ""); -/* 4003: disable remote FPP overrides [FF127+] ***/ +/* 4003: set granular FPP overrides + * JSON format: e.g."[{\"firstPartyDomain\": \"netflix.com\", \"overrides\": \"-CanvasRandomization,-FrameRate,\"}]" + * [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults ***/ + // user_pref("privacy.fingerprintingProtection.granularOverrides", ""); +/* 4004: disable remote FPP overrides [FF127+] ***/ // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); -/*** [SECTION 4500]: RFP (resistFingerprinting) +/*** [SECTION 4500]: OPTIONAL RFP (resistFingerprinting) RFP overrides FPP (4000) - It is an all-or-nothing buy in: you cannot pick and choose what parts you want + FF128+ Arkenfox by default uses FPP (automatically enabled with ETP Strict). For most people + this is all you need. To use RFP instead, add RFP (4501) to your overrides, and optionally + add letterboxing (4504), spoof_english (4506), and webgl (4520). + + RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want [TEST] https://arkenfox.github.io/TZP/tzp.html [WARNING] DO NOT USE extensions to alter RFP protected metrics @@ -800,13 +812,12 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP - * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar. - * RFP also has a few side effects: mainly timezone is UTC, and websites will prefer light theme * [NOTE] pbmode applies if true and the original pref is false - * [1] https://bugzilla.mozilla.org/418986 ***/ -user_pref("privacy.resistFingerprinting", true); // [FF41+] + * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar. + * RFP also has a few side effects: mainly that timezone is GMT, and websites will prefer light theme ***/ + // user_pref("privacy.resistFingerprinting", true); // [FF41+] // user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+] -/* 4502: set new window size rounding max values [FF55+] +/* 4502: set RFP new window size max rounded values [FF55+] * [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen * [1] https://bugzilla.mozilla.org/1330882 ***/ user_pref("privacy.window.maxInnerWidth", 1600); @@ -815,7 +826,7 @@ user_pref("privacy.window.maxInnerHeight", 900); * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); -/* 4504: enable RFP letterboxing [FF67+] +/* 4504: enable letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. * The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000") @@ -824,14 +835,12 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ -user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] + // user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] -/* 4505: experimental RFP [FF91+] - * [WARNING] DO NOT USE unless testing, see [1] comment 12 - * [1] https://bugzilla.mozilla.org/1635603 ***/ +/* 4505: disable RFP by domain [FF91+] ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); /* 4506: disable RFP spoof english prompt [FF59+] - * 0=prompt, 1=disabled, 2=enabled (requires RFP) + * 0=prompt, 1=disabled, 2=enabled * [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset. * [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale. * [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/ @@ -839,12 +848,6 @@ user_pref("privacy.spoof_english", 1); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] -/* 4511: enforce non-native widget theme - * Security: removes/reduces system API calls, e.g. win32k API [1] - * Fingerprinting: provides a uniform look and feel across platforms [2] - * [1] https://bugzilla.mozilla.org/1381938 - * [2] https://bugzilla.mozilla.org/1411425 ***/ -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] /* 4512: enforce links targeting new windows to open in a new tab instead * 1=most recent window or tab, 2=new window, 3=new tab * Stops malicious window sizes and some screen resolution leaks. @@ -856,9 +859,8 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] /* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512) * [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/ user_pref("browser.link.open_newwindow.restriction", 0); -/* 4520: disable WebGL (Web Graphics Library) - * [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/ -user_pref("webgl.disabled", true); +/* 4520: disable WebGL (Web Graphics Library) ***/ + // user_pref("webgl.disabled", true); /*** [SECTION 5000]: OPTIONAL OPSEC Disk avoidance, application data isolation, eyeballs... @@ -971,7 +973,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); * [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js * [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/ // user_pref("javascript.options.asmjs", false); -/* 5505: disable Ion and baseline JIT to harden against JS exploits +/* 5505: disable Ion and baseline JIT to harden against JS exploits [RESTART] * [NOTE] When both Ion and JIT are disabled, and trustedprincipals * is enabled, then Ion can still be used by extensions (1599226) * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit @@ -1000,8 +1002,8 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); /* 5509: disable IPv6 if using a VPN * This is an application level fallback. Disabling IPv6 is best done at an OS/network * level, and/or configured properly in system wide VPN setups. - * [SETUP-WEB] PR_CONNECT_RESET_ERROR * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT" + * [SETUP-WEB] PR_CONNECT_RESET_ERROR * [TEST] https://ipleak.org/ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ // user_pref("network.dns.disableIPv6", true); @@ -1047,6 +1049,9 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] /* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ // user_pref("accessibility.force_disabled", ""); // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); + // user_pref("geo.provider.network.url", ""); + // user_pref("geo.provider.network.logging.enabled", ""); + // user_pref("geo.provider.use_gpsd", ""); // user_pref("network.protocol-handler.external.ms-windows-store", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); @@ -1261,6 +1266,17 @@ user_pref("browser.ping-centre.telemetry", false); // 9003: disable What's New toolbar icon [FF69+] // [-] https://bugzilla.mozilla.org/1724300 user_pref("browser.messaging-system.whatsNewPanel.enabled", false); +// FF127 + // 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result + // [-] https://bugzilla.mozilla.org/1880314 +user_pref("browser.contentanalysis.default_allow", false); +// 4511: enforce non-native widget theme + // Security: removes/reduces system API calls, e.g. win32k API [1] + // Fingerprinting: provides a uniform look and feel across platforms [2] + // [1] https://bugzilla.mozilla.org/1381938 + // [2] https://bugzilla.mozilla.org/1411425 + // [-] https://bugzilla.mozilla.org/1848899 +user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] // ***/ /* END: internal custom pref to test for syntax errors ***/ From bc6a2ba1450cc03952c5a09c25dc3d900be51249 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 6 Nov 2024 15:24:03 +0000 Subject: [PATCH 70/78] network.http.referer.hideOnionSource since it was flipped to true for TB, not much point keeping it --- scratchpad-scripts/arkenfox-cleanup.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 21e3438..9cb7411 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -71,6 +71,8 @@ 'security.ssl3.rsa_des_ede3_sha', // 93 /* REMOVED */ + /* 129-140 */ + 'network.http.referer.hideOnionSource', /* 116-128 */ 'browser.fixup.alternate.enabled', 'browser.taskbar.previews.enable', From c6cfa10c0b647dc87fe08027af3fc086f9df72b3 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 7 Nov 2024 09:50:47 +0000 Subject: [PATCH 71/78] webchannel.allowObject.urlWhitelist --- scratchpad-scripts/arkenfox-cleanup.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 9cb7411..3e074b0 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 6-August-2024 + Last updated: 7-November-2024 Instructions: - [optional] close Firefox and backup your profile @@ -35,6 +35,8 @@ const aPREFS = [ /* DEPRECATED */ + /* 129-140 */ + 'webchannel.allowObject.urlWhitelist', // 132 /* 116-128 */ 'browser.contentanalysis.default_allow', // 127 'browser.messaging-system.whatsNewPanel.enabled', // 126 From eae5762d29f18115fbffd73d89bd9e2510b25427 Mon Sep 17 00:00:00 2001 From: Mizuki Nguyen <49761211+MagicalDrizzle@users.noreply.github.com> Date: Sat, 9 Nov 2024 19:55:49 +0700 Subject: [PATCH 72/78] Add missing -command argument in powershell call (#1909) * updater: add missing PowerShell argument * prefcleaner: add missing PowerShell argument --- prefsCleaner.bat | 6 +++--- updater.bat | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 2e3403f..62ca5f0 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.7 +REM ## version: 2.8 CD /D "%~dp0" @@ -15,7 +15,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.7 #### +ECHO #### v2.8 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -37,7 +37,7 @@ CALL :strlenCheck CALL :FFcheck CALL :message "Backing up prefs.js..." -FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# +FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js" CALL :message "Cleaning prefs.js..." diff --git a/updater.bat b/updater.bat index f6174f7..bc1078a 100644 --- a/updater.bat +++ b/updater.bat @@ -3,7 +3,7 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.19 +REM ## version: 4.20 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows SET v=4.19 @@ -177,7 +177,7 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# + FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# MOVE /Y user.js "user-backup-!ldt!.js" >nul ) REN user.js.new user.js From b8f18a3d91e01e44bde7879dd13325b43fab74ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Jan 2025 15:49:26 +0000 Subject: [PATCH 73/78] v133 (#1892) --- user.js | 54 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 37 insertions(+), 17 deletions(-) diff --git a/user.js b/user.js index 1dbf7d2..96eba49 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 26 August 2024 -* version: 128 +* date: 13 January 2025 +* version: 133 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -312,10 +312,11 @@ user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.trending.featureGate", false); /* 0806: disable urlbar suggestions ***/ user_pref("browser.urlbar.addons.featureGate", false); // [FF115+] +user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false] user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF] user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false] user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false] -user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false] +user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ // user_pref("browser.urlbar.clipboard.featureGate", false); /* 0808: disable recent searches [FF120+] @@ -372,6 +373,9 @@ user_pref("network.auth.subresource-http-auth-allow", 1); * [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for... * [1] https://support.mozilla.org/kb/windows-sso ***/ // user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false] +/* 0907: enforce no automatic authentication on Microsoft sites [FF131+] [MAC] + * On macOS, SSO only works on corporate devices ***/ + // user_pref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT: false] /*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); @@ -379,7 +383,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m * [NOTE] We also clear cache on exit (2811) * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/ user_pref("browser.cache.disk.enable", false); -/* 1002: disable media cache from writing to disk in Private Browsing +/* 1002: set media cache in Private Browsing to in-memory and increase its maximum size * [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/ user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+] user_pref("media.memory_cache_max_size", 65536); @@ -564,8 +568,6 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] /* 2616: remove special permissions for certain mozilla domains [FF35+] * [1] resource://app/defaults/permissions ***/ user_pref("permissions.manager.defaultsUrl", ""); -/* 2617: remove webchannel whitelist ***/ -user_pref("webchannel.allowObject.urlWhitelist", ""); /* 2619: use Punycode in Internationalized Domain Names to eliminate possible spoofing * [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded * [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com) @@ -646,7 +648,7 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2810: enable Firefox to clear items on shutdown * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and - * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) + * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); @@ -728,6 +730,9 @@ user_pref("privacy.sanitize.timeSpan", 0); https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc + [NOTE] RFPTargets + granular overrides are somewhat experimental and may produce unexpected results + - e.g. FrameRate can only be controlled per process, not per origin + 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux) https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc 1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+) @@ -763,7 +768,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); [WARNING] DO NOT USE extensions to alter RFP protected metrics 418986 - limit window.screen & CSS media queries (FF41) - 1281949 - spoof screen orientation (FF50) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1333651 - spoof User Agent & Navigator API @@ -790,7 +794,7 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); 1337157 - disable WebGL debug renderer info (FF60) 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62) 1479239 - return "no-preference" with prefers-reduced-motion (FF63) - 1363508 - spoof/suppress Pointer Events (FF64) + 1363508 & 1826051 - spoof/suppress Pointer Events (FF64, FF132) 1492766 - spoof pointerEvent.pointerid (FF65) 1485266 - disable exposure of system colors to CSS or canvas (FF67) 1494034 - return "light" with prefers-color-scheme (FF67) @@ -806,9 +810,15 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) 1794628 - return "none" with inverted-colors (FF114) - 1554751 - return devicePixelRatio as 2 (previously FF41+ was 1) (FF127) 1787790 - normalize system fonts (FF128) 1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128) + 1834307 - always use smooth scrolling (FF132) + 1918202 - spoof screen orientation based on spoofed screen size and platform (FF132) + previously it always returned landscape-primary and an angle of 0 (FF50+) + 1390465 - load all subtitles in WebVTT (Video Text Tracks) (FF133) + 1873382 - make spoofed devicePixelRatio and CSS media queries match (FF133) + previously FF41+ devicePixelRatio was hardcoded as 1 and FF127+ as 2 + previously FF41+ CSS media queries were spoofed as zoom level at a devicePixelRatio of 1 ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable RFP @@ -834,10 +844,12 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); * dislike the margins, then flip this pref, keeping in mind that it is effectively fingerprintable * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 - * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ + * [2] https://hg.mozilla.org/mozilla-central/rev/7211cb4f58ff#l5.13 ***/ // user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] -/* 4505: disable RFP by domain [FF91+] ***/ +/* 4505: disable RFP by domain [FF91+] + * [NOTE] Working examples: "arkenfox.github.io", "*github.io" + * Non-working examples: "https://arkenfox.github.io", "github.io", "*arkenfox.github.io" ***/ // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); /* 4506: disable RFP spoof english prompt [FF59+] * 0=prompt, 1=disabled, 2=enabled @@ -848,6 +860,8 @@ user_pref("privacy.spoof_english", 1); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] +/* 4511: disable using system accent colors ***/ +user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS] /* 4512: enforce links targeting new windows to open in a new tab instead * 1=most recent window or tab, 2=new window, 3=new tab * Stops malicious window sizes and some screen resolution leaks. @@ -1096,10 +1110,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [WHY] Passive fingerprinting and perf costs. These are session-only * and isolated with network partitioning (FF85+) and/or containers ***/ // user_pref("security.ssl.disable_session_identifiers", true); -/* 7006: onions - * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ - // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 - // user_pref("network.http.referer.hideOnionSource", true); // 1305144 /* 7007: referers * [WHY] Only cross-origin referers (1602, 5510) matter ***/ // user_pref("network.http.sendRefererHeader", 2); @@ -1136,9 +1146,11 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/ // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5] - // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] + // user_pref("network.cookie.cookieBehavior.optInPartitioning", true); // [ETP FF132+] // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] + // user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+] + // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+] // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); @@ -1279,5 +1291,13 @@ user_pref("browser.contentanalysis.default_allow", false); user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] // ***/ +/* ESR128.x still uses all the following prefs +// [NOTE] replace the * with a slash in the line above to re-enable active ones +// FF132 +/* 2617: remove webchannel whitelist + // [-] https://bugzilla.mozilla.org/1275612 + // user_pref("webchannel.allowObject.urlWhitelist", ""); +// ***/ + /* END: internal custom pref to test for syntax errors ***/ user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!"); From 80fa110f499d3d3f6763ea5db0f015e1a3bc3ad4 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Jan 2025 19:01:32 +0000 Subject: [PATCH 74/78] dom.securecontext.allowlist_onions --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 3e074b0..8153642 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 7-November-2024 + Last updated: 13-January-2024 Instructions: - [optional] close Firefox and backup your profile @@ -74,6 +74,7 @@ /* REMOVED */ /* 129-140 */ + 'dom.securecontext.allowlist_onions', 'network.http.referer.hideOnionSource', /* 116-128 */ 'browser.fixup.alternate.enabled', From c25187332e19c633b956a6755a7971a6591d3e8d Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Jan 2025 19:02:07 +0000 Subject: [PATCH 75/78] fix the year --- scratchpad-scripts/arkenfox-cleanup.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 8153642..34d1ba5 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 13-January-2024 + Last updated: 13-January-2025 Instructions: - [optional] close Firefox and backup your profile From 9bba5788aa07f67b37abc025782113a43c717b7f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Wed, 5 Mar 2025 07:21:39 +0000 Subject: [PATCH 76/78] legacy sanitizing prefs In FF128 these were used to migrate to - clearOnShutdown to clearOnShutdown_v2 - cpd to clearHistory They are then no longer used. The migration can be checked with - privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs2 - privacy.sanitize.cpd.hasMigratedToNewPrefs2 Note: in FF136 there was another migration, where it changes the `ToNewPrefs2` to false - privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs3 - privacy.sanitize.cpd.hasMigratedToNewPrefs3 AFAICT, cpd.hasMigrated* doesn't migrate until you open the clear history dialog. --- scratchpad-scripts/arkenfox-cleanup.js | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 34d1ba5..58a0e1f 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 13-January-2025 + Last updated: 5-March-2025 Instructions: - [optional] close Firefox and backup your profile @@ -76,6 +76,19 @@ /* 129-140 */ 'dom.securecontext.allowlist_onions', 'network.http.referer.hideOnionSource', + 'privacy.clearOnShutdown.cache', + 'privacy.clearOnShutdown.cookies', + 'privacy.clearOnShutdown.downloads', + 'privacy.clearOnShutdown.formdata', + 'privacy.clearOnShutdown.history', + 'privacy.clearOnShutdown.offlineApps', + 'privacy.clearOnShutdown.sessions', + 'privacy.cpd.cache', + 'privacy.cpd.cookies', + 'privacy.cpd.formdata', + 'privacy.cpd.history', + 'privacy.cpd.offlineApps', + 'privacy.cpd.sessions', /* 116-128 */ 'browser.fixup.alternate.enabled', 'browser.taskbar.previews.enable', From 3d76c74c80485931425464fec0e59d6cb461677a Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 6 Mar 2025 02:52:08 +0000 Subject: [PATCH 77/78] v135 (#1929) --- user.js | 290 +++++++++++++++++++++++--------------------------------- 1 file changed, 118 insertions(+), 172 deletions(-) diff --git a/user.js b/user.js index 96eba49..08c51ca 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 13 January 2025 -* version: 133 +* date: 6 March 2025 +* version: 135 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -63,6 +63,7 @@ 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: FINGERPRINTING + 8500: TELEMETRY 9000: NON-PROJECT RELATED 9999: DEPRECATED / RENAMED @@ -82,7 +83,7 @@ user_pref("browser.aboutConfig.showWarning", false); user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session - * [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode + * [NOTE] Session Restore is cleared with history (2811+), and not used in Private Browsing mode * [SETTING] General>Startup>Restore previous session ***/ user_pref("browser.startup.page", 0); /* 0103: set HOME+NEWWINDOW page @@ -116,8 +117,8 @@ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] /* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); /* 0322: disable personalized Extension Recommendations in about:addons and AMO [FF65+] - * [NOTE] This pref has no effect when Health Reports (0331) are disabled - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations + * [NOTE] This pref has no effect when Health Reports (8501) are disabled + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Allow personalized extension recommendations * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/ user_pref("browser.discovery.enabled", false); /* 0323: disable shopping experience [FF116+] @@ -125,41 +126,13 @@ user_pref("browser.discovery.enabled", false); user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false] /** TELEMETRY ***/ -/* 0330: disable new data submission [FF41+] - * If disabled, no policy is shown or upload takes place, ever - * [1] https://bugzilla.mozilla.org/1195552 ***/ -user_pref("datareporting.policy.dataSubmissionEnabled", false); -/* 0331: disable Health Reports - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ -user_pref("datareporting.healthreport.uploadEnabled", false); -/* 0332: disable telemetry - * The "unified" pref affects the behavior of the "enabled" pref - * - If "unified" is false then "enabled" controls the telemetry module - * - If "unified" is true then "enabled" only controls whether to record extended data - * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2] - * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html - * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ -user_pref("toolkit.telemetry.unified", false); -user_pref("toolkit.telemetry.enabled", false); // see [NOTE] -user_pref("toolkit.telemetry.server", "data:,"); -user_pref("toolkit.telemetry.archive.enabled", false); -user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] -user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] -user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] -user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter -user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] -/* 0333: disable Telemetry Coverage - * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ -user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] -user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] -user_pref("toolkit.coverage.endpoint.base", ""); /* 0335: disable Firefox Home (Activity Stream) telemetry ***/ user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); user_pref("browser.newtabpage.activity-stream.telemetry", false); /** STUDIES ***/ /* 0340: disable Studies - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/ + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Install and run studies ***/ user_pref("app.shield.optoutstudies.enabled", false); /* 0341: disable Normandy/Shield [FF60+] * Shield is a telemetry system that can push and test "recipes" @@ -173,7 +146,7 @@ user_pref("breakpad.reportURL", ""); user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+] // user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false] /* 0351: enforce no submission of backlogged Crash Reports [FF58+] - * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/ + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Send backlogged crash reports ***/ user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false] /** OTHER ***/ @@ -261,7 +234,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] * [1] https://bugzilla.mozilla.org/1433507 * [2] https://en.wikipedia.org/wiki/GVfs * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/ -user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+] +user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""] /* 0705: disable proxy direct failover for system requests [FF91+] * [WARNING] Default true is a security feature against malicious extensions [1] * [SETUP-CHROME] If you use a proxy and you trust your extensions @@ -320,11 +293,11 @@ user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] /* 0807: disable urlbar clipboard suggestions [FF118+] ***/ // user_pref("browser.urlbar.clipboard.featureGate", false); /* 0808: disable recent searches [FF120+] - * [NOTE] Recent searches are cleared with history (2811) + * [NOTE] Recent searches are cleared with history (2811+) * [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/ // user_pref("browser.urlbar.recentsearches.featureGate", false); /* 0810: disable search and form history - * [NOTE] We also clear formdata on exit (2811) + * [NOTE] We also clear formdata on exit (2811+) * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2] * [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html @@ -337,7 +310,7 @@ user_pref("browser.formfill.enable", false); /* 0820: disable coloring of visited links * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing - * attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5] + * attacks. Don't forget clearing history on exit (2811+). However, social engineering [2#limits][4][5] * and advanced targeted timing attacks could still produce usable results * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector * [2] https://dbaron.org/mozilla/visited-privacy @@ -380,7 +353,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1); /*** [SECTION 1000]: DISK AVOIDANCE ***/ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!"); /* 1001: disable disk cache - * [NOTE] We also clear cache on exit (2811) + * [NOTE] We also clear cache on exit (2811+) * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/ user_pref("browser.cache.disk.enable", false); /* 1002: set media cache in Private Browsing to in-memory and increase its maximum size @@ -442,13 +415,14 @@ user_pref("security.tls.enable_0rtt_data", false); * [1] https://en.wikipedia.org/wiki/Ocsp ***/ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1] /* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail - * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR + * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR | SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST * When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail) * Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail) * It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it * could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers) * [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/ - * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/ + * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html + * [3] https://letsencrypt.org/2024/12/05/ending-ocsp/ ***/ user_pref("security.OCSP.require", true); /** CERTS / HPKP (HTTP Public Key Pinning) ***/ @@ -463,7 +437,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071 * [2] https://blog.mozilla.org/security/tag/crlite/ ***/ -user_pref("security.remote_settings.crlite_filters.enabled", true); +user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+] user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ @@ -647,41 +621,33 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"); /* 2810: enable Firefox to clear items on shutdown - * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and + * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811+), or manually via site data (2820+) and * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815) * [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/ user_pref("privacy.sanitize.sanitizeOnShutdown", true); -/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/ -/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] If "history" is true, downloads will also be cleared ***/ -user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true] -user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true] - // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false] - // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false] -/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+] - * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811) +/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2811: set/enforce clearOnShutdown items (if 2810 is true) [SETUP-CHROME] [FF128+] ***/ +user_pref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [DEFAULT: true] + // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [DEFAULT: false] +/* 2812: set/enforce clearOnShutdown items [FF136+] ***/ +user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [DEFAULT: true] +user_pref("privacy.clearOnShutdown_v2.downloads", true); +user_pref("privacy.clearOnShutdown_v2.formdata", true); +/* 2813: set Session Restore to clear on shutdown (if 2810 is true) [FF34+] + * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811+) * [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/ // user_pref("privacy.clearOnShutdown.openWindows", true); -/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/ -/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] - * [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins, - * add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) - * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache) - * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies +/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS ***/ +/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] [FF128+] + * [NOTE] Exceptions: For cross-domain logins, add exceptions for both sites + * e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on) * [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271) * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question) - * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings - * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/ -user_pref("privacy.clearOnShutdown.cookies", true); // Cookies -user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data -user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true] -user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+] + * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ +user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); /** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/ /* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+] @@ -691,30 +657,24 @@ user_pref("privacy.clearSiteData.cache", true); user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true); // user_pref("privacy.clearSiteData.siteSettings", false); +/* 2821: set manual "Clear Data" items [FF136+] ***/ +user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true); +user_pref("privacy.clearSiteData.formdata", true); -/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/ -/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] +/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS ***/ +/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] [FF128+] * Firefox remembers your last choices. This will reset them when you start Firefox - * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog - * for "Clear Recent History" is opened, it is synced to the same as "history" * [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/ -user_pref("privacy.cpd.cache", true); // [DEFAULT: true] -user_pref("privacy.clearHistory.cache", true); -user_pref("privacy.cpd.formdata", true); // [DEFAULT: true] -user_pref("privacy.cpd.history", true); // [DEFAULT: true] - // user_pref("privacy.cpd.downloads", true); // not used, see note above -user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); -user_pref("privacy.cpd.cookies", false); -user_pref("privacy.cpd.sessions", true); // [DEFAULT: true] -user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false] +user_pref("privacy.clearHistory.cache", true); // [DEFAULT: true] user_pref("privacy.clearHistory.cookiesAndStorage", false); - // user_pref("privacy.cpd.openWindows", false); // Session Restore - // user_pref("privacy.cpd.passwords", false); - // user_pref("privacy.cpd.siteSettings", false); - // user_pref("privacy.clearHistory.siteSettings", false); +user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); // [DEFAULT: true] + // user_pref("privacy.clearHistory.siteSettings", false); // [DEFAULT: false] +/* 2831: set manual "Clear History" items [FF136+] ***/ +user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [DEFAULT: true] +user_pref("privacy.clearHistory.formdata", true); /** SANITIZE MANUAL: TIMERANGE ***/ -/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830) +/* 2840: set "Time range to clear" for "Clear Data" (2820+) and "Clear History" (2830+) * Firefox remembers your last choice. This will reset the value when you start Firefox * 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today * [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown, @@ -740,7 +700,7 @@ user_pref("privacy.sanitize.timeSpan", 0); user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); /* 4001: enable FPP in PB mode [FF114+] * [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/ - // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+] + // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true] /* 4002: set global FPP overrides [FF114+] * uses "RFPTargets" [1] which despite the name these are not used by RFP * e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone @@ -763,7 +723,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); add letterboxing (4504), spoof_english (4506), and webgl (4520). RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want - [TEST] https://arkenfox.github.io/TZP/tzp.html [WARNING] DO NOT USE extensions to alter RFP protected metrics @@ -771,8 +730,8 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!"); 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1333651 - spoof User Agent & Navigator API - version: android version spoofed as ESR (FF119 or lower) - OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android + JS: spoofed as Windows 10, OS 10.15, Android 10, or Linux + HTTP Header: spoofed as Windows 10 or Android 10.15 until FF136 then matches JS spoof 1369319 - disable device sensor API 1369357 - disable site specific zoom 1337161 - hide gamepads from content @@ -867,7 +826,6 @@ user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false * Stops malicious window sizes and some screen resolution leaks. * You can still right-click a link and open in a new window * [SETTING] General>Tabs>Open links in tabs instead of new windows - * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3] /* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512) @@ -935,7 +893,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/ // user_pref("browser.urlbar.autoFill", false); /* 5013: disable browsing and download history - * [NOTE] We also clear history and downloads on exit (2811) + * [NOTE] We also clear history and downloads on exit (2811+) * [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/ // user_pref("places.history.enabled", false); /* 5014: disable Windows jumplist [WINDOWS] ***/ @@ -1060,16 +1018,20 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6012: enforce Quarantined Domains [FF115+] * [WHY] https://support.mozilla.org/kb/quarantined-domains */ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ - // user_pref("accessibility.force_disabled", ""); - // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); - // user_pref("geo.provider.network.url", ""); - // user_pref("geo.provider.network.logging.enabled", ""); - // user_pref("geo.provider.use_gpsd", ""); - // user_pref("network.protocol-handler.external.ms-windows-store", ""); - // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); - // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); - // user_pref("privacy.partition.serviceWorkers", ""); +/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF128+ ***/ + // user_pref("privacy.clearOnShutdown.cache", ""); + // user_pref("privacy.clearOnShutdown.cookies", ""); + // user_pref("privacy.clearOnShutdown.downloads", ""); + // user_pref("privacy.clearOnShutdown.formdata", ""); + // user_pref("privacy.clearOnShutdown.history", ""); + // user_pref("privacy.clearOnShutdown.offlineApps", ""); + // user_pref("privacy.clearOnShutdown.sessions", ""); + // user_pref("privacy.cpd.cache", ""); + // user_pref("privacy.cpd.cookies", ""); + // user_pref("privacy.cpd.formdata", ""); + // user_pref("privacy.cpd.history", ""); + // user_pref("privacy.cpd.offlineApps", ""); + // user_pref("privacy.cpd.sessions", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1151,7 +1113,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+] // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+] - // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+] + // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true] // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); @@ -1210,6 +1172,58 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan // user_pref("ui.use_standins_for_native_colors", ""); // user_pref("webgl.enable-debug-renderer-info", ""); +/*** [SECTION 8500]: TELEMETRY + Arkenfox does not consider Firefox telemetry to be a privacy or security concern - comments below. + But since most arkenfox users prefer it disabled, we'll do that rather than cause overrides. + + Opt-out + - Telemetry is essential: a browser engine is a _very_ large complex beast costing billions to maintain + - Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading + Choice + - Every new profile on first use provides data collection/use policy and the abillty to opt-out + - It can be disabled at any time (Settings>Privacy & Security>Data Collection and Use) + Data + - no PII (Personally Identifiable Information) + - can be viewed in about:telemetry + - uses Prio [1][2][3], Glean [4], Oblivious HTTP [5][6] + + [1] https://crypto.stanford.edu/prio/ + [2] https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/ + [3] https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/ + [4] https://firefox-source-docs.mozilla.org/toolkit/components/glean/index.html + [5] https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/ohttp.html + [6] https://blog.mozilla.org/en/tag/oblivious-http/ +***/ +user_pref("_user.js.parrot", "8500 syntax error: the parrot's off the twig!"); +/* 8500: disable new data submission [FF41+] + * If disabled, no policy is shown or upload takes place, ever + * [1] https://bugzilla.mozilla.org/1195552 ***/ +user_pref("datareporting.policy.dataSubmissionEnabled", false); +/* 8501: disable Health Reports + * [SETTING] Privacy & Security>Firefox Data Collection and Use>Send technical... data ***/ +user_pref("datareporting.healthreport.uploadEnabled", false); +/* 0802: disable telemetry + * The "unified" pref affects the behavior of the "enabled" pref + * - If "unified" is false then "enabled" controls the telemetry module + * - If "unified" is true then "enabled" only controls whether to record extended data + * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2] + * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html + * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/ +user_pref("toolkit.telemetry.unified", false); +user_pref("toolkit.telemetry.enabled", false); // see [NOTE] +user_pref("toolkit.telemetry.server", "data:,"); +user_pref("toolkit.telemetry.archive.enabled", false); +user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+] +user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+] +user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+] +user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter +user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+] +/* 8503: disable Telemetry Coverage + * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/ +user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF] +user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF] +user_pref("toolkit.coverage.endpoint.base", ""); + /*** [SECTION 9000]: NON-PROJECT RELATED ***/ user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); /* 9001: disable welcome notices ***/ @@ -1223,74 +1237,6 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / RENAMED ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* ESR115.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable active ones -// FF116 -// 4506: set RFP's font visibility level (1402) [FF94+] - // [-] https://bugzilla.mozilla.org/1838415 - // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] -// FF117 -// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS] - // 0=disable detecting Family Safety mode and importing the root - // 1=only attempt to detect Family Safety mode (don't import the root) - // 2=detect Family Safety mode and import the root - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 - // [-] https://bugzilla.mozilla.org/1844908 -user_pref("security.family_safety.mode", 0); -// 7018: disable service worker Web Notifications [FF44+] - // [WHY] Web Notifications are behind a prompt (7002) - // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ - // [-] https://bugzilla.mozilla.org/1842457 - // user_pref("dom.webnotifications.serviceworker.enabled", false); -// FF118 -// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+] - // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed - // In normal windows: uses the first applicable: RFP over TP over Standard - // In Private Browsing windows: uses the most restrictive between normal and private - // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts - // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc - // [-] https://bugzilla.mozilla.org/1847599 - // user_pref("layout.css.font-visibility.private", 1); - // user_pref("layout.css.font-visibility.standard", 1); - // user_pref("layout.css.font-visibility.trackingprotection", 1); -// 2623: disable permissions delegation [FF73+] - // Currently applies to cross-origin geolocation, camera, mic and screen-sharing - // permissions, and fullscreen requests. Disabling delegation means any prompts - // for these will show/use their correct 3rd party origin - // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion - // [-] https://bugzilla.mozilla.org/1697151 - // user_pref("permissions.delegation.enabled", false); -// FF119 -// 0211: use en-US locale regardless of the system or region locale - // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 - // [-] https://bugzilla.mozilla.org/1846224 - // user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] -// 0711: disable skipping DoH when parental controls are enabled [FF70+] - // [-] https://bugzilla.mozilla.org/1586941 -user_pref("network.dns.skipTRR-when-parental-control-enabled", false); -// FF123 -// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+] - // Defense-in-depth: currently covered by 0331 - // [-] https://bugzilla.mozilla.org/1868988 -user_pref("browser.ping-centre.telemetry", false); -// FF126 -// 9003: disable What's New toolbar icon [FF69+] - // [-] https://bugzilla.mozilla.org/1724300 -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); -// FF127 - // 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result - // [-] https://bugzilla.mozilla.org/1880314 -user_pref("browser.contentanalysis.default_allow", false); -// 4511: enforce non-native widget theme - // Security: removes/reduces system API calls, e.g. win32k API [1] - // Fingerprinting: provides a uniform look and feel across platforms [2] - // [1] https://bugzilla.mozilla.org/1381938 - // [2] https://bugzilla.mozilla.org/1411425 - // [-] https://bugzilla.mozilla.org/1848899 -user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true] -// ***/ - /* ESR128.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable active ones // FF132 From 7f852e94fc80fd0aa19f1c948319974e3301187f Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 21 Apr 2025 15:04:04 +0000 Subject: [PATCH 78/78] media.ondevicechange.enabled --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 58a0e1f..3434fc7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -6,7 +6,7 @@ There is an archived version at https://github.com/arkenfox/user.js/issues/123 if you want the full list since jesus - Last updated: 5-March-2025 + Last updated: 21-April-2025 Instructions: - [optional] close Firefox and backup your profile @@ -36,6 +36,7 @@ const aPREFS = [ /* DEPRECATED */ /* 129-140 */ + 'media.ondevicechange.enabled', // 137 'webchannel.allowObject.urlWhitelist', // 132 /* 116-128 */ 'browser.contentanalysis.default_allow', // 127