From bc5add9450ddc16c48d315913c43dba34baf4a24 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 4 May 2023 23:31:33 +0000
Subject: [PATCH 01/24] v112 (#1654)

---
 user.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/user.js b/user.js
index 3e3b84c..7b0962d 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 30 March 2023
-* version: 111
+*    date: 4 May 2023
+* version: 112
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
 
@@ -491,7 +491,7 @@ user_pref("security.pki.crlite_mode", 2);
  * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
  * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
  * [TEST] http://example.com [upgrade]
- * [TEST] http://httpforever.com/ [no upgrade] ***/
+ * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/
 user_pref("dom.security.https_only_mode", true); // [FF76+]
    // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
 /* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
@@ -1007,8 +1007,8 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
  * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
 user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
 /* 6008: enforce no First Party Isolation [FF51+]
- * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701),
- * and enabling FPI disables those. FPI is no longer maintained ***/
+ * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI
+ * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/
 user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false]
 /* 6009: enforce SmartBlock shims [FF81+]
  * In FF96+ these are listed in about:compat

From 04e6e77439bfa6e3f6b7b9c5e0afac7f74f0586a Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Fri, 5 May 2023 10:56:08 +0000
Subject: [PATCH 02/24] v3.9 - fix #1670

---
 updater.sh | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/updater.sh b/updater.sh
index 6a3d1f2..88e6e33 100755
--- a/updater.sh
+++ b/updater.sh
@@ -2,20 +2,15 @@
 
 ## arkenfox user.js updater for macOS and Linux
 
-## version: 3.8
+## version: 3.9
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
 
 ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() )
 
-# Check if running as root and if any files have the owner/group as root/wheel.
+# Check if running as root
 if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
-	printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n"
-	exit 1
-elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
-	printf 'It looks like this script was previously run with elevated privileges,
-you will need to change ownership of the following files to your user:\n'
-	find . -user 0 -o -group 0
+	printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
 	exit 1
 fi
 
@@ -396,6 +391,17 @@ show_banner
 update_updater "$@"
 
 getProfilePath # updates PROFILE_PATH or exits on error
-cd "$PROFILE_PATH" && update_userjs
+cd "$PROFILE_PATH" || exit 1
+
+# Check if any files have the owner/group as root/wheel.
+if [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+	printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+	find . -user 0 -o -group 0
+	cd "$CURRDIR"
+	exit 1
+fi
+
+update_userjs
 
 cd "$CURRDIR"

From c34531b67e0b9d162331fa92dc0eae2548d13fc7 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 21 Jun 2023 03:29:51 +0000
Subject: [PATCH 03/24] 114 deprecated

---
 scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 6e06248..9245fc4 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 27-January-2023
+  Last updated: 21-June-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -34,6 +34,8 @@
     /* DEPRECATED */
     /* 103+ */
     'network.cookie.lifetimePolicy', // 103 [technically removed in 104]
+    'privacy.clearsitedata.cache.enabled', // 114
+    'privacy.resistFingerprinting.testGranularityMask', // 114
     'security.pki.sha1_enforcement_level', // 103
     /* 92-102 */
     'browser.urlbar.suggest.quicksuggest', // 95

From 84d515abfc631f1c824211bc609960a430ba334a Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 10 Jul 2023 12:44:53 +0000
Subject: [PATCH 04/24] extensions.formautofill.heuristics.enabled

---
 scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 9245fc4..7c3f150 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 21-June-2023
+  Last updated: 11-July-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -33,6 +33,7 @@
   const aPREFS = [
     /* DEPRECATED */
     /* 103+ */
+    'extensions.formautofill.heuristics.enabled', // 114
     'network.cookie.lifetimePolicy', // 103 [technically removed in 104]
     'privacy.clearsitedata.cache.enabled', // 114
     'privacy.resistFingerprinting.testGranularityMask', // 114

From 47f152ac90d5962e0cd29ebcf8b607caa650d41d Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 10 Jul 2023 13:35:52 +0000
Subject: [PATCH 05/24] browser.cache.offline.enable

---
 scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 7c3f150..94aaa73 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -32,7 +32,8 @@
 
   const aPREFS = [
     /* DEPRECATED */
-    /* 103+ */
+    /* 103-115 */
+    'browser.cache.offline.enable', // 115
     'extensions.formautofill.heuristics.enabled', // 114
     'network.cookie.lifetimePolicy', // 103 [technically removed in 104]
     'privacy.clearsitedata.cache.enabled', // 114

From 6151d664acced94364e7e3a075e6ac3ca555ef48 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 19 Jul 2023 20:38:31 +0000
Subject: [PATCH 06/24] middlemouse.contentLoadURL

---
 scratchpad-scripts/arkenfox-cleanup.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 94aaa73..5c0191a 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 11-July-2023
+  Last updated: 20-July-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -241,7 +241,7 @@
     'toolkit.telemetry.unifiedIsOptIn',
 
     /* REMOVED */
-    /* 103+ */
+    /* 103-115 */
     'beacon.enabled',
     'browser.startup.blankWindow',
     'browser.newtab.preload',
@@ -261,6 +261,7 @@
     'extensions.formautofill.available',
     'extensions.formautofill.creditCards.available',
     'extensions.formautofill.creditCards.supported',
+    'middlemouse.contentLoadURL',
     'network.http.altsvc.oe',
     /* 92-102 */
     'browser.urlbar.trimURLs',

From 4d78abf2bfafbbcb03f8f6d6aaaf7e69b7cfee4e Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 26 Jul 2023 04:37:00 +0000
Subject: [PATCH 07/24] v115 (#1680)

---
 user.js | 67 ++++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 42 insertions(+), 25 deletions(-)

diff --git a/user.js b/user.js
index 7b0962d..5ed7c08 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 4 May 2023
-* version: 112
+*    date: 26 July 2023
+* version: 115
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
 
@@ -116,7 +116,6 @@ user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
 user_pref("intl.accept_languages", "en-US, en");
 /* 0211: use en-US locale regardless of the system or region locale
  * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
- * [TEST] https://arkenfox.github.io/TZP/tests/formatting.html
  * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
 user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
 
@@ -296,10 +295,11 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
  * [WARNING] If false, this will break the fallback for some security features
  * [SETUP-CHROME] If you use a proxy and you understand the security impact
  * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
-   // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96]
+   // user_pref("network.proxy.allow_bypass", false);
 /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
- * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
+ * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off
  * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
+ * [SETTING] Privacy & Security>DNS over HTTPS
  * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
  * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
  * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
@@ -602,9 +602,6 @@ user_pref("browser.uitour.enabled", false);
 /* 2608: reset remote debugging to disabled
  * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/
 user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
-/* 2611: disable middle mouse click opening links from clipboard
- * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/
-user_pref("middlemouse.contentLoadURL", false);
 /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
  * 0 (default) or 1=allow, 2=block
  * [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/
@@ -642,6 +639,8 @@ user_pref("network.protocol-handler.external.ms-windows-store", false);
  * for these will show/use their correct 3rd party origin
  * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/
 user_pref("permissions.delegation.enabled", false);
+/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
+user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
 
 /** DOWNLOADS ***/
 /* 2651: enable user interaction for security by always asking where to download
@@ -727,10 +726,6 @@ user_pref("privacy.clearOnShutdown.sessions", true);  // [DEFAULT: true]
  * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
 user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
 user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
-/* 2816: set cache to clear on exit [FF96+]
- * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
- * [1] https://bugzilla.mozilla.org/1671182 ***/
-   // user_pref("privacy.clearsitedata.cache.enabled", true);
 
 /** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/
 /* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME]
@@ -758,11 +753,11 @@ user_pref("privacy.sanitize.timeSpan", 0);
 /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
    RFP covers a wide range of ongoing fingerprinting solutions.
    It is an all-or-nothing buy in: you cannot pick and choose what parts you want
+   [TEST] https://arkenfox.github.io/TZP/tzp.html
 
    [WARNING] DO NOT USE extensions to alter RFP protected metrics
 
     418986 - limit window.screen & CSS media queries (FF41)
-      [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
    1281949 - spoof screen orientation (FF50)
    1330890 - spoof timezone as UTC0 (FF55)
    1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
@@ -801,19 +796,23 @@ user_pref("privacy.sanitize.timeSpan", 0);
    1595823 - return audioContext sampleRate as 44100 (FF72)
    1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74)
    1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78)
+   1506364 - return "no-preference" with prefers-contrast (FF80)
    1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80)
    1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
     531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
    1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
    1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
    1422237 - return "srgb" with color-gamut (FF110)
+   1794628 - return "none" with inverted-colors (FF114)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
-/* 4501: enable privacy.resistFingerprinting [FF41+]
+/* 4501: enable privacy.resistFingerprinting
  * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
  * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
+ * [NOTE] pbmode applies if true and the original pref is false
  * [1] https://bugzilla.mozilla.org/418986 ***/
-user_pref("privacy.resistFingerprinting", true);
+user_pref("privacy.resistFingerprinting", true); // [FF41+]
+   // user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
 /* 4502: set new window size rounding max values [FF55+]
  * [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen
  * [1] https://bugzilla.mozilla.org/1330882 ***/
@@ -822,7 +821,7 @@ user_pref("privacy.window.maxInnerHeight", 900);
 /* 4503: disable mozAddonManager Web API [FF57+]
  * [NOTE] To allow extensions to work on AMO, you also need 2662
  * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
-user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF]
+user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108]
 /* 4504: enable RFP letterboxing [FF67+]
  * Dynamically resizes the inner window by applying margins in stepped ranges [2]
  * If you use the dimension pref, then it will only apply those resolutions.
@@ -838,7 +837,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
  * [WARNING] DO NOT USE unless testing, see [1] comment 12
  * [1] https://bugzilla.mozilla.org/1635603 ***/
    // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
-   // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
 /* 4506: set RFP's font visibility level (1402) [FF94+] ***/
    // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
 /* 4510: disable using system colors
@@ -941,12 +939,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
 /* 5017: disable Form Autofill
  * If .supportedCountries includes your region (browser.search.region) and .supported
  * is "detect" (default), then the UI will show. Stored data is not secure, uses JSON
- * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
  * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses
  * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/
    // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
    // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
-   // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
 /* 5018: limit events that can cause a pop-up ***/
    // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
 /* 5019: disable page thumbnail collection ***/
@@ -1021,6 +1017,9 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
  * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
  * [WHY] To prevent wasting Mozilla's time with a custom setup ***/
 user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
+/* 6012: enforce Quarantined Domains [FF115+]
+ * [WHY] https://support.mozilla.org/kb/quarantined-domains */
+user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
 /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/
    // user_pref("beacon.enabled", "");
    // user_pref("browser.startup.blankWindow", "");
@@ -1037,16 +1036,16 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
    // user_pref("extensions.formautofill.addresses.supported", "");
    // user_pref("extensions.formautofill.creditCards.available", "");
    // user_pref("extensions.formautofill.creditCards.supported", "");
+   // user_pref("middlemouse.contentLoadURL", "");
 
 /*** [SECTION 7000]: DON'T BOTHER ***/
 user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
 /* 7001: disable APIs
- * Location-Aware Browsing, Full Screen, offline cache (appCache)
- * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002).
- * appCache storage capability was removed in FF90. Full screen requires user interaction ***/
+ * Location-Aware Browsing, Full Screen
+ * [WHY] The API state is easily fingerprintable.
+ * Geo is behind a prompt (7002). Full screen requires user interaction ***/
    // user_pref("geo.enabled", false);
    // user_pref("full-screen-api.enabled", false);
-   // user_pref("browser.cache.offline.enable", false);
 /* 7002: set default permissions
  * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
  * 0=always ask (default), 1=allow, 2=block
@@ -1194,9 +1193,9 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false);
 ***/
 user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
 /* ESR102.x still uses all the following prefs
-// [NOTE] replace the * with a slash in the line above to re-enable them
+// [NOTE] replace the * with a slash in the line above to re-enable active ones
 // FF103
-   // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
+// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
    // 0=keep until they expire (default), 2=keep until you close Firefox
    // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
    // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761
@@ -1204,6 +1203,24 @@ user_pref("network.cookie.lifetimePolicy", 2);
 // 6012: disable SHA-1 certificates
    // [-] https://bugzilla.mozilla.org/1766687
    // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1]
+// FF114
+// 2816: set cache to clear on exit [FF96+]
+   // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
+   // [1] https://bugzilla.mozilla.org/1671182
+   // [-] https://bugzilla.mozilla.org/1821651
+   // user_pref("privacy.clearsitedata.cache.enabled", true);
+// 4505: experimental RFP [FF91+]
+   // [-] https://bugzilla.mozilla.org/1824235
+   // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
+// 5017: disable Form Autofill heuristics
+   // Heuristics controls Form Autofill on forms without @autocomplete attributes
+   // [-] https://bugzilla.mozilla.org/1829670
+   // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
+// FF115
+   // 7001: disable offline cache (appCache)
+   // [NOTE] appCache storage capability was removed in FF90
+   // [-] https://bugzilla.mozilla.org/1677718
+   // user_pref("browser.cache.offline.enable", false);
 // ***/
 
 /* END: internal custom pref to test for syntax errors ***/

From 915f39959c7e077f00477e6ce34a0f9f9e3e7c6b Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 14 Aug 2023 03:27:30 +0000
Subject: [PATCH 08/24] external.ms-windows-store, fixes #1142

---
 scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 5c0191a..706fbfc 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 20-July-2023
+  Last updated: 14-August-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -241,6 +241,8 @@
     'toolkit.telemetry.unifiedIsOptIn',
 
     /* REMOVED */
+    /* 116+ */
+    'network.protocol-handler.external.ms-windows-store',
     /* 103-115 */
     'beacon.enabled',
     'browser.startup.blankWindow',

From f1831e947bae0940bf8525447345c96ca27924ea Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sat, 26 Aug 2023 06:45:37 +0000
Subject: [PATCH 09/24] media.gmp-widevinecdm.enabled

this adds nothing, users can use `media.eme.enabled` if this is their threat model
---
 scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 706fbfc..87556da 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 14-August-2023
+  Last updated: 26-August-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -242,6 +242,7 @@
 
     /* REMOVED */
     /* 116+ */
+    'media.gmp-widevinecdm.enabled',
     'network.protocol-handler.external.ms-windows-store',
     /* 103-115 */
     'beacon.enabled',

From 576da2e2363d326ebefb962fd1b149b68bc88284 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sat, 26 Aug 2023 07:08:23 +0000
Subject: [PATCH 10/24] Delete smartReferer.png

---
 wikipiki/smartReferer.png | Bin 37523 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 wikipiki/smartReferer.png

diff --git a/wikipiki/smartReferer.png b/wikipiki/smartReferer.png
deleted file mode 100644
index c64b93a9c6b9368a9fe7c92087f577fbd1c1914e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 37523
zcma%ibzGF+^Y0=G5`q#UElMLGjii8pv@}R}v(n9iba!`4cXyY7wA3!JbS<znEPK(<
z_jBWS?|t3-$FtAtIeTJe&Y3ea?>Q&ri@fABOcG200Psxe^Cu+$;86wufMW0z?V*I-
z=0*3z3**~oO$Pt~3;)l90!U4N1pr_wScr*z`C<-q1Ui@lzrB_c6MOy59%yP|Z2|ze
zE@mj3sVMKh6ubnViOK}~#LEDc2%o-I5)Jbqh@oYq!gwwnOqH`hsM!5NT>LTVP<AkC
zWTa0xq2fF2P|V-x8&tWGetE&6Be!cFc~*06ms?}^_47j8W$=vJ3G}X~*omJx6uEq`
zi$y73tojZ14XkajeDuYn{swsdwAPr)0r3_EaOEu^!1SgIy#s*aI*s)d&?T4F^`0yU
ziMuD7qK)F?kJ9BB!z=UDhXC-=JyNs~@KFNACnK3w8Ib)Lpg(G42nBp$2I$j)wx$6-
z8CNMDC;+W^DngX(7{F_Mli*JPbACYCgj%RLK;u1tz*MI11K>9^;JuW(>1RMyBcN;i
zIaUqeDK_A}VsHQh;IRilf9UO7SAc&CfI#9@UEqYN;`uh?gQQYw1e&Qoi2G_iWwt|C
zS7)K1AD1FxBH%W7WRUuirN=FWnBA8XcNP8<0LYFZeBc(2a2>~~7$4`3Y{1cD-s?m|
zzA-d}-fvEne)|XjtT}p5-oIn5CGp`$^Rc<lr8#<Ru8WoJbQxw^gZr@_kiEO84*&K?
zHsU$a%?k^g8yml+`$V-2M%2CT&3g2@)DhO#-U4@*=c^s-)V}OGzLJlxR(pP)$rg}J
z#A5gxE^kFi-Zf$&@5ra$^hp^uYcLW(74hsMKc$Al*$du;h{iJX(@Y_a*CFq2QH3B}
zfGSHN6pt9@A38>;7cz9uH5|LvF9CqlR$%uG{ZmvQbHB9-7bHv=A(>4B@G+H&wF3Zj
zKT)%&jMNGbJ_P_iW&1K#iIARkzk1h&M%Mjgxf|<FpW9!Qy01s{xhSTw51G9_L)mvx
z`oOU&az=gDnUCb0U5e&`ao=!QdQ_Wm1i#_l7(C7Frf>7bcq}sX6yJbqF&M=#RO4;r
zQ=*iBE2{3#kMY8&Uk?WpD87-2;rh&`6sq!C^)vaYp#7r{LD~{6G5kXS_V0IrZIW#9
zzBP)1GuZWF%|CcZ{3UX+ei=KmrAEEXPWxqFM<N)`owNO`)Esv)N=R(*eb>$_bdEmj
z_bdawqSd_bFyf3xtKXDimky9rsg<F&hMXHsRJ%OJ^A+#H;C}2P`r3d(<g<pXhWzi(
zKVFkjbG}%_;K4xkSL~sC6Zb==j<)5+b>AyPcD5jm&+p#O;YH!IKKBR~>*Jxu3lU?d
zYmR;-Rh_Rgg*PQJWvldd_g!%s=Vy|)al?zoRyF7!;@`by8VcCR*y!Eh*dX1YI@Q9=
zF#Kqjf2F)muQXyQO}zPhlXDZzB$-`AH7`|Z<wuUn3$CcIqUAXaN|lO1Kkzx7Qa_CO
zy_AwED9=rpCNU>6zqF{_acp_9l0YG!^h<qebXRgGX$SSp1^Zbbq2FMz89i~@EA&@p
z#4fKYlVuBur^AQ`Ro?Tk?I&-i;HCgoH5eNhJqcq*FcYK`XcI^oSyhTl3QNExSgLT<
zQI)7-U1hHd2~`edXfei2VyS9L#+Q9%Qf0GZ{vSalW<P)`!uj5sh!8Z*UfEs+v3$ks
zYCUM%z-ufc;#${tR94SQ1D$-i`e>`i7CfC9Tayvwtzm*C#W^3uIHWn$Yn9;fro!mZ
zWV@?$M|q5G`l2MbcPN+u#<0#nTF5Ee%x0o(Rg##Ls8Ra4RIyZYzn#0{uqdOjUA$HE
z))z-)P?}DgPSPxD{7J^P@`Cb85oXa#IYGYj3YHS90@9q;PcEIdMMue*9lAc5vcMv+
zTl@A6nHMWU1z~ejbS{alfmVx6jkbh6{z{;q%MK_&&N{esq9~@*`%$dGAi*GM%|E7j
zQXp?uB0>T;++si*N)5Fcuo=jsMWdynm66+%J4#iOYc6Cc<d@}_9US{PmOD0=!j&e-
zHqXADww*Sg25Hp)>iYFv!;gk06RDbwuZ5aN4Q;joUq5ITXsCYGsg)?tD5sfgEpIJ)
zQPeCSCtsR5XVzPF(lFdm+(=xt`5SGiqQR!Y%fQT#$gHuyqW37SJ<hAeD*_>i{w!z#
zr<D9Fxwk`|JprE@A2@Y9{YcoW|15Er)l6gJ`NVGyXaoKzL!U*4a@w?{8If7DgC9IN
zEJWt}C`*zMOB(6G%24};wBxy*&YJtwc}7}oTF>E+rOG4jBa5S;<*c8aSqzz)91g#F
zhs0JDHz$R$vJ&1~LCU-p#1wqZ>bKvr8nMQxm(N!<7PypL8o-EzE`;o}ph8dq9xyvt
zQ|~8FSL0CQs6sC=Q!fA_26~G$M!F*>0YyGEC}yZ3z9PO_k8ZErJ*he)h543DE@~DI
zMZ&Y2MF>TrzL$UB>@KG=A3BIGr@Guu9*-HfzzO)`y)*X<-C)Zgtk)ZxE+8mCJy1CE
zTd)SnBwG@f%jB|{1LV`qr^HX-G&44Z50%W)T#P~`ES3U`JT06p!UHU(nm=bXGBl*D
zWyn6TFjjEeT6aM14&g!T8S7Y3529q&A)Rk-IpaNN0Yxv1S@7QRC4Q6*mgkK>7J1J2
z<7GI_DZUF$B&J&rd5_r})=BQk;NN1}j1=;xpBd%cV-I55xZJ4wISSrwHv7{RN4Lp7
zlU+&U%Y2#Y{Mv?HkguK1FE%FHPPBwdF0R3B&uq)od9=(Vpys~cHms4AA_0Basy4dp
zi6%2<gJ|K7%2)b%M)Vpp6Lr(hv5=7uiKUrLV~0O$N0y>_(qUQ1L%bfmwb+J&KpAyr
za*eI_GRqG&0(Ndom{7teOo3`>Wdcp14U9Ik3Z;kYNfqAhwC-|NzPjBb-@EHktoE@~
zF*gIe_Lt`mbrdvMH6ir|H-Q<XLWCiq6$DE}Nra%^^vkZBq(Q)u&Xnc&y5iElX5$Id
zDbw98Fmt9BPGU*YRuYcwvxUXFXArfz!}AOACDx=d`lVLC2C?S6PJyO2lcM4AF@9l{
ze3dhm8x`)Osg-(z`77JWBT|pH3(kYtC9SqggwSxuk}8U-+^p%W$*t6F?WJ%<NXhP1
z;;oHNxx9_t;UMZ1Dgym2PQ!fj%q;nopo&t|9Mire&LCySeFn^h`5E^!)rj<g^|#+X
zxozxTVn8k_p7AX@hkKN*p-)pflbeyVT8gHgrb?tKr`~EAYPBf*6q=md1H0czE>Ys9
za|&p>NyAl!Ef#mbPsf>^PK0M9WO#YATrcY{<u-V18;wIOae=Uw=Z<Sr;>fUV{x<$`
z?b9a5)0(ACeDx;v)Ji@*n?1)pf%~{=g~8VJ*3^n-ZL8)Z_x5@Z)5~4bOrG(Tvv#+W
zm&m!<%nyPq?QnPCW&h<l<mHODJso0vv~|IS?x?&?p-u1X<Dtlc*h<i>u-5(ZZ`d-(
zvdbkKKDjJ;i5B2DaUXLYg)8<XDkW+(@LAw~Ca=(k59`AAh~2v)u?gb|+DxMR-22fA
zqL-}RSF`)`<CDpgIZ3BUah*1v1&F<_ed5Zcft~@1j$v00Hr+F|+rw^`WfyW-9t2lm
z!}B$W9%+7EeXjhg=r)cxE)Mw^H5q<q#KFAu;BUS*`m7`e0Jzft06u;Iz%}yWy$b+1
zy$1mH^Z@|AWB`B&7^~MW0RRMbNPQAfaa}xEaq}cNM_irEn>qKUd}4Zp(nCW}k47c(
zK|o}OsQR~FJ(*f|f*8}>R~wts*HS7tKyyOe?DFq#f&^9GJ=OJjjY<9d^G9)iYHbXa
zn$~7#v#ra)1KW#nG`tO0VM<)jrnHoalY39+i}tLP1yvoEJ%cy?&qbe7eL|h0e*Ex$
z_=uJN^ZS%as_4(J|MOT!%)bRvd;xz8s5Abl_j!upZ$0W=g8yT~=zQhB{RQ*Jj_>VB
zfAsd&`TLz-w)3IDw2|vkeBbAP3i2Nc3Kyu?{^{qLOq}XJB-mm8OUu7w{7cKf#Qi(Q
zzqI)OOWeN=rHcGN{vG7s8vpjRekRAK+6C-jdUpNH^*{XWS4#jB3Z=wbM}K@iL@7i`
z<^tjWWzCH6wzycrx3KGd*ZcQe5m0q(sClPi_CnJtoF+Z1_K}HenWu^cz3h8AVyZuV
z1=srQ*(*l5|2$ARMlwE0)}K*P1XmLw_u<GN2a81K2$A=4KPl@APBO>t%tt#dI$UHv
z5|hxn;{WP$rzR%+GbV4`3|zX1_^uP2Al(a2K8;lW;(V>o$g+ou5n*w9F7dStgc{I2
zSqjU}mC?g-`kXfmW=?N}i=`fpikC7bF$pRZ6I6KX^C^VO6v=V$)07t39|G^+8oYSu
zyiclhK0zMeq}+DV+BFpsT%wloLv}Z^)PXNEz5>9>xZHi+42!Gt(D}9NU^d_3nI)87
zf+HwWn?t@J2}d+@GX2auiE00>Gx#Ntbo#i$bFPRRwQ2wI(&4s?rB2#9{MoP4bWeDe
z@aeSVe8!g8mGXVdJw{+1w&%E5|0GNUxj6mP)dUqC%DiV*tI4x35sL-ZKNYOKI>>JO
z_-9Ee3d_3}OskNLaDLNf_krEsVQ*G+O}9O9pEmw%iPG?xSM5{ncLga%4H<ZQnquIQ
zoSPR9Au+XgZAhP>-s)bwFLY|3Ug6LeTC(&_`<mk$S-;x7pz}PNtOx!$<P;d&vA9}!
zyK%M_#X4^4iF@UK?dT2f>HO_h#o>3<o~75&x{6MgYUOqe!*$TAG`cIge3e<^bnAIP
zXG5TXLbP&amg&8P6DYu&MrqObeyc$2WD}g!kVjLs9|ro|^G7Lyr<ry?F}&}7pn3L?
zH3&*$ek4so&Xj+mzHecFY?b;FM!j~mR`n^t$A8iV{^fy-hb6#qw2`P%*P1@UtyA1m
zg`b(9s8YZ4c)R`+q<&8QdRTI`CF=xAA!jh5M3HjJ>inoGDN6T_oDz{O=75sHYO4@t
z8p#K{J`AeWI9ounISd6j9!wGi!wB3u8;Bldd*BQ+iT%-pBF(8?!RhkmQIT3Z?;}j_
zx@!pi^vB(!Ava5ZGf|kD0zDH|&Vf-Zme9Zq-g_Go<meSK1eYvIO@~7JdiY9@Mis!U
zBn3oud!c^iJ+agZ5|4_VaO1xewQW0kGY-U7g@8suS#GJ7m7w5OH0Mo$R*~7Yv7fhy
z$GTTjiyViUW+_~jfZ}pI3u{z`Ybxh=9)aklW$UkxYl(zRx1zBY&e!;V-(u(OyFqH*
z7r5OcnqKUOUz>zOG6t`F5`Mb=ZqpMsakU&+&DFa98IBIzJmr?F-dFVmtzsn_3l6~d
zZ_zSxVQf@UI{4C>h;85H%Sw$~a?H@NR)}t2)NNhvNd@Q^V$Q65^ktzy-_<_L`rQCY
z=Bb$HIpq3oEr!OEv>XQhyVcn_7YDHp)Zq!6?9A0CXIgS95V|Vl?90V5z-CCz=I`Sh
zVIg2%HuHdKy+8}4*%}U$B%F;~T^_|bqvxv3{8}by6r3)EBg!Tjv6mT{mAGzjS701I
z;tu8Rq&=bSVrOD!l6ItlxpJN4klA|@j!drFVdCv%LbBe{4A4}pc6W;<A1|_m&#Buf
zY`x8QbJ_jP9Rf^}gA(x+P9h5FH1^HKEA@n==g7OoT{?3pZ?ifRj#kj@Au|v=o5tcY
z7L@%uH<Fe8=x@4?GTfa9Ae8v++VzM_6mt$kZcvsJzs*J4$O=zB+i^t!L1R;5YnE5M
z-ZAA-D{VxOdeWmR2a(j-NYHG9p1$=B8?PN<98k6vPabB1g{y0Gx;BH9ytHk6@0BOf
zxI|$vUN@R|se|`-+m0Piexj=Wy@;e;3NQOhp>L@XFjQh}b#<clgTNgXPNZi#qBFhs
zq>gG%UfOr+Jqgd|@u~-X3sh4&5D}S&3d`LnM5ia=ip%o?9U=B;0xW>og^CVx=Iy+F
zGEndC-mr#~PTIpA{w+4JE*zs$@V!sfa;+s3P)@g}k!-zoP<WdZu%s*G<}8#&F3@Mj
zA!KYu_?u7rCl^=;>~Y3&<YC9fkNXJ1vR0sQ@o0OpV7p#KoS*yNZ#e8S^OJBH;iOJ0
z+!eXIMtyjN4r+T)c`uA_AL6_}M9*c~yi4QDn!xGlK3AxAg|hK>vi2T@sF~_qEcNoI
zD9mbOxesP6FXl1yQ+5o+yIef-(7d~1?2v%2?*q46+z(s-*iU&EIxqK?OV#wRs?7<G
z+;Wd(m$!?)Z6J^O&1cf#^US$+!@A)Ta(3F>(Nn&0pXr%$7CN-M^2=_|n_A9j*pP2y
zG3RnsTaT&hS3$eNo45Oe(>u4l)Q7r377FG*`S|**Fae=J7x1g0N?KX{b!6-Jj?T<6
zER4A3!{RZnv;=ax1Ixi!*w7eUkoPBY#3ym=^QqAERx1D17%MP$zMp84z4*l#J}K(2
zCbwfb>01|8fngzyA_$Q#M+}|m^5ATep7`a<<MBp-U(?;2XV&f4V{~qJw8j&KQj;TP
zz1|{rK3Uoe8E{{C(1hvyaWpw8Pmy^0#b4WR<~6n3S~jJ7FZ_dXFvEByeEngwwiEGS
zxmp$Xt~)13ZiPUsd%Q##zt)dRzwynl<c_Yh5=?FF@$iem2)g{$<R~0ql$m!hwJ){U
zj+3XzaonVM6dD*Z&`1f7Vt9B!!Xu&c5>rrQ1aw=$#`HQQG3i2U>&^*JaAB|rIKH*Z
z+G&7P1+616lDK~RP-qKh6@w0kr|8g5M>VGx+@S<>(LQ5nWQgQqRBx@I`}7^}X#K{Q
zlP>Mt{z#s;rx8-Zar0S!W>Lyar&hidPG2$=!rx3tAF+qED3%ab*ngePpq;@^-|j8Y
zR9XgGs^c1{TPS;jjjCMhXWDDM>_33+Jblq#Bz1NF{9?+hX`*&yCXEx_g|I=I?jyp}
z?ry?+qW6L)x%u5|wwqIaoCL8Xi3kgCb`yvrmtdO6@SfW;qRt8ZdNnH@vg+slZ2>!R
zna>B3kMu{UxFxbG^y;1$@6467<hj8K+_YL}-u-mx2RgiqETbZt`fzAgw??x;n*7H=
zIV=t9P4BitwM#4VCoj?2V!y7+w*U&%znj+D-mwuT(@KcqpV5ZwM8vVx`;;VzI;dx>
zww6twrH*AOGU}k4^j6WWO0_&MVXA8Fz?F7YkoO2QVKpg+q2-26H9H(t?j#w1yMp6h
ztr~|q$16XfF47&DwJ9U@JnF2rN#}>HX%K(pZ$YpZL=sZ22RtdIpW<r42Kk^*&z%f}
z9;*CGG?><1tFTh?A#h*5F$24wfM0DsOh%Usatqpv7BLOmnB5g#d*c&^W)H)vJiSub
z2%vjlE8S{u+w6V9qv`CE7(o>sd#+h#zDZBm%MrBY$o*XGRI;1UEsw@u*Rv<t1n$tS
z<WzF4dMw!hi$<eG(j3*6?;WPYUf!5TYDAO9dMxJL%fsbW381L*J6DAGDja!wza?`u
zTt4mU@zY47bIT!mEUYjZapghRD0(>+c30rS-PwGD^U{+&G}Mn@^JbWZg<?)HGQ;Kg
z6at}w<``%rhAf>CcBBp-;cKiXbM0G|@0MK!arLI-szEJb{YKssz@HYz5gnnoL}gnd
z*d^(bzv1IpY+=J5M|~H5$m3Q$E`ys|eBukF>FNE1+4rLFdFY+`lT4>Qf4tOjuJcol
z<PKI37w5ylwIz0`<x`yU`L<6d6BGqCR>I>;P03pjTa@g!-p%;)mK0Nnr^r5+1In+o
zjKQ_;xRdlOQ6;dYRX=CWLm+sMF`H45J+>ZHts1Y$Y0Eu^IXAV1Fl!H~V0cUa$3wG2
z`;n9&4*}-z2u4S#wPc;j@9xOOnj^Zy$R=0FVEo^q>MN!hmh%VHWXod@&ZMRX<1?*m
zyRY6gK2!VN!_^{jA8Y-_&{PT28*Qn^E`ZSA3BrD~V;1&1R!o!UUO8=lbj+WZCstk-
zKR&R$Equ#^2fD-mNV3t27qkSjxIKzfscR2^&^lkG-{dr$%*(!8#SM6B%IF23>G?&|
zE;9>HM?s1UTX?cskK}N?<fhj>Wz)#F#nnYL8OAW--|=+*`uuhk)ER0QPid)PcdsO)
zy2&~X>7`odjY{pO>RjpM!dwEaD`)T6V=Qh!z3szmKy&-6v}`$@jN8?tXo<K=o~b6s
ztn{x$e`)QVSz^UA&?wE2!vTpI-qX1*>Wm=Sy)g?zENYDypD9~pTilaIeNU#<r^zau
zYSYWff1k>^tpUmMTU)!cL7pEK8E^a%E!FsN{<I_m%a!4W#kF=a7+g7>NGD`U@XDJ6
zzc;vD+9H+y*cOXs9vsptMl$A7mU9hGUnNxfhaDW+46y3ZV@V9=c?2paDUBa2Cs&Rq
zzSzjJp($2P7FE_ScHcXsc3zJ9U?OkxMqC3j%1|`>H?AA!Y{2rKVJ!6y;}lWm<oo*6
zor`d#qM%KTBm&n<TvRjU{9JkxPf`x<9pY&eiJk5b9mz6aLPW+BPQ-k>t8z(D{!h#$
z#n*lF<c-{9T@wH`E;I~%b?<kYKMZ&3N+YH|wfIrRsLI^ME81CM%fU5dYt(6`*k|5j
zLI$SHoRdk!9E9edC@?yo<K2nM$W7>57eYdviasYh;rH07FNrjk%u}5dqAgagj}8{I
zdU+6YEy`Z=d`kEHX%Z01_||`Tq23MemljBSNfdpI5MfmE_%ez3S`w!<wXv#hK1-<o
zeewr`<Sp`h9#8n7^>R9#n<eL5veK~BaR~Eo%-g5=(dzfQ9FxHefmG|<<V9B0<d65b
z^Mt*;->hB|+O#S!v@oH2U(gR$Hlu1Sy!hIQ#3u5-2s|e}kgn|rE%rS}j6sq+UtdAm
zy%ZW|N}FA}fx8|(AYpaKjk#U5pIJ@yd2MeLcmp|_>Jhl}-!B@+_3zJO(rakzD2MUS
zzd}+3a5pthd&kmTA;#XLcTY~*C2sE}A_LYBOoVCbU(uSAM96gH9d;HeyN_w4t1tKY
zYTbvk%l(9ZoqPx6BC62aX*U@1Xy0bIv&<J`s!6$-@M3>!$^T8aIUt19Q!Q$EWCfeQ
z$tOfvDDEn=x?(Fa4VMkrql7szqy1?s$NY2JeNUg9o$ZY%_hBJqtXxm1M;MF7as41S
zqb3y_l{28cM`VB2q50da-WM>dFYu&Wd$G)QK$^GRrD~Mn++i>WRUFTsL*rHpSU47n
ztdiQwd48@>sb}kZ#$-~jobGi{RL9+W>ySi0KB^@LjfDZsAN1aH9%Ps<uXhKI(JF#G
zW39}Vn|thz8a>*E0V;O$JG|A}g3OLyHuT?W=48oNZh@b4c)djkPB}-z_gr<C2@d7F
z(NcJdTq&;?p*H*c&G`_ncmkjFC$gTtKK4)>4|C1tw)QsxOSbYT?rflLfBHi#$V3UN
z5`@ow|4cTp0AS3HG=;z?*S{py<N-mi4G-2SqdGdTNqcc0SB5rrI-#WyHybNxN*j<b
ziTR)I{GrD_xDgj;bI+&q$-G$Ch=Za(chE(7$2y77mbz)zT+-z%yD-#TtZZI$r-Mmt
z?!HAZVtcJH*yf@hmA9_OG#wfm<+9h8tiZK73u>>A^jaQF<&D&G;#Hdy0<Q0X+R2pv
zut{u<BcL`IY_*oue7xULhuju2u2%j$<;MQV`)Ep<ySSMjfv&wG+q~f3ivh}$HPBE)
zgVTm@i^D{`rhpZuahC)R5a*zw%=aC%7+2??JI*NU+}SKp?!9&&STI8*u2=avOWI}#
z`Eoz3l&c9ZFzO7pt>AMi5gXyyR-jN{8%C5X?v^^b_Gm&+mDX{?Am8tCy>G#nwF7X&
zoXclaM-AwSCf7hafueb_%dp8t2I%$a9P#oP6PRasas5kB&08CYH?_j22%U83i3v;G
z(G7zaa+kC>QadF^bevy?q0Hgd_vz+}y9}#6n0NvtwbsC-?CW*EarB&_?g^%Ehx)~v
z?a@vExm8NhIr;p@;yS4heOo<?TV`Z7!L0~zXYJ|F^q@(+PM_)9Ltuu;mg6J5?B9b_
zS#oS!$_A)&T1(Xo_eOFygXJwh#}>Eb(h-%7MwUZ&;e_)&hB$@BS9<%R>CAPMWm{d3
z;hek)-sa-m_;lfy_gJ!+xF_CfV^BGy=5P-8;T=&f@W!kQ#bo-Wy;52J>!}Xw8(bLW
zo_N+T*&>(%@qo1MNu|8!z*c(vt0HwJ^KD?4S+|YX!hGh0t64u4PPuD8=sn9Fdn1m`
zVA|(donPKgyIN#RbM*(uLZ8BP(hr}K_g;8OnbE+k`MNJYF|yJmjit32P4V}-Lv0~R
zXMRksm)XFj(%tE$RvjC79m@LGIP<!^u^ch7AIt;wiNtvbaB>@Im3!l^Fw+M|iHY8>
zS6>lnMA1Wp_i#dR5s`XB6pWW(-qUi(-O9~t);&G^vPre5S#z{4q!D@UDjVPm{o2<p
zhEh!+s>T-pn?~Skf|Xgps#9Yq=!xsuE~#Dwl>TSVFL0t6#D=xsb6!<Bz83WgkV#2>
zqF{`OFqm<++}&98KJLOOfUVv3FExH`EVo*qTAHVERvcX!Owz)Maoe1&+U2;pccix-
zu5imMwz?G?u>zT}YMg{#j{OMs3!?p1#7bs9kA-7xsBFj5yW|ued(i*&s&t}h;5pL(
z-B;5k0;RpF`DrhTIT>Vb2v-(K4fyMT&{lO}MNz>z+2G=hIs{P(^TvEY2%qY{xMqgK
zYUH!#wQCb!+!sT#VjS~zNO`X|g<f-Q2-=&(TUF$eEz`X_pS$Ea+I);R@pVZzYHzCX
z$C7hd)*&=PC!CweJ7qNIoz;^X1(-J2%K#G6h)#dEjcNbVb+nbZ!SoPI`t_0Rd`yFl
z!9M5$C1^FV<E((l+KuKuVaGkp${hMO9W9&yiXSdFCc{9}6xqO#KhrYjMl#X6c;mv}
ztT%H#Q*|yudFw7TH)BF(mBw?vfOHou4AgFT)2AsK_dMNNR244Oj40>1W!1Q($>{ZV
zcNz;?)q<HO!&I!Z<+O&Rh(}gVJbAPr5H!yq^B3s2Tq;ZZQaU$kNj3_`x2{I&TFn76
zZahUqUfyvcuykgWB!!u3LGP^U1wC+Rw$(Id=g)xfR$?%15-XN(kDPS@Q7?!7e$p)o
zt-RBs&<3Y|-K(r`)@`>_VQcqZ<@*E^zujInbUI0UP60(D3DMQlSJk&ZWhp%S3M`vf
z_ae92<BP1`l4~Dqr?}Oe=O7kMr!p>>PNG0t`Mhxp9_IzWvmHLm+WSyvNb>=OPVIG)
zo1W?Why6Hp@I~k7F^6tC;F2ZSnM2tJHOM^foM#KN>6Kpl`UnOp)mq9U>w~2}haQ~|
z0e$Q)%jK6cyDsboD=zHINx79=h4*XY%t0T`JAax?>9h~IowHJ59MLwg$Dc8$wZR8&
z_!10=!PN0L6n-tX!20bYCjQfj9xpaS&-H5G30JmKas}h-3&FnI%8HF&%uX_W@@a0b
zr~;AcH9p)}v@>K(IOWv0)Eyk0dw&!tFA{-4X0>NUW;CAWeuON%**Cjo@|Zo84Sa6)
zbapeB;xr&x^zN6Tclnq_1>$q&ko4M0Q`|c$xYVcZTWOkWdsn-QnCXX|2M5UBc(xu5
z;(}u<H^r-~<-gwzx^fe-yBI5SK)`!|>{5`^Q0nycGHRv_(YtKmdytV5uuYGTS-6|t
zSO|mazvJ2d!@Ev@oxuN!jX(Xb!2Q42_`gm61=Ue5C<Iv&=>LF(qQUOf4rU^K+nYoo
zB)>Cf`Kg~i`!O0lO7rx=LG2^{C|`;7w-y@R166+-<aQ5B|C2BH|A6HGI`{uuUg6({
z>DN+btQ49VgB2@ONHt^#_?b>oXXLLzGe2E2<Souc8P3(^r7*Oj(tf|7jDs$5&B5_W
z)R|EKdDiir0O@w)L+?_23N!cO%V6e+qm`*0u+6(lj==s0RL9BKv-L8wW}SfUQBidT
zsL=KNjkM;cAgZKklc7yVV)j5R;@<mNRz=;Q++~;ciOgA;LtCjo*SAP{ttDSO;IQZ4
zK&vgE<1-6KVEE=a;@e7ophm{9$v`w`3$9yidaZ4fyPfCAE5@*wlWXIe)Q``u+xTmx
zw!Y#Baj)kax_~p1rfGg0I8016hy7MSw|zCYPtZ;wZ`zSL2LFSQP-mPUOWZ;fF2sWN
zn})NTB3Ea9l+!6?tHH;T<D*6=O*kLX2ijE~NbEM+R+V!*4xt}b%*)f~4oG34`?wYR
zU($<z8AC^&O0BV{0w3Sto>n+VW*eX5TnJojXDgrdyJ*@mf~?VRB{l4ry@p++1*dkM
zfFJHbzD#*B`}D+0(~MSJT&Iw6vY72c<h7eaJ1A@PGtvQs$!CMy8(RH9YSkf;mKBo~
z#R>6SBK1ss?S4CcH6Qd><Zp+s-6?<h$`jp!pBCAzEDn|_A4gT>^)>~x@!=)POG7W_
zFHvvZyy}4BMMOHCaN8y32n(y6-lpA?3>@+gN&Qg1stZNf?)_xg)sZZ5`8av;W0J$M
zh^uY?T*ODoW#6LFTRrsY^66t6ZqdzPVlo)!SfP%5kcpZ$Ya89--qurTH8UkO6$i%7
zu>qX;4gz~=u-@P+mUrK4gxwY3xNaecw|voe@t5pA9xo?%u%E(*hK+W*__h=#B0lgS
zD)xt5@}?ga3%d+rLI)iro9EFusDY(@=}Lj$NlN-&4`yhrvt_mnpIZVivJf3NPI%0%
zoiwX?jBor$09K$R$|0wN?epf*vOyW)2JnxdPyDLsqv5-wcTtHIx<t`k14YyQ;Do|-
zx|Hg(cNA+8pzStb8PewB=1uA^l<jQYlS6*v=Ozc+J-b{O7Jck@P8(C!My~5xD+{fM
zJhi;Qa|@CpoH?g~R_E=L-%k6<TQaYqDQQ;7?(km@OZVG})uzm=3WjU@u(DT9hdP(n
zn)_|%^_NjxMN4mWSyq8rmt|s~J;qc15FA`9ynEnfC#f$C@jAQ(!FJ&*ZU>8k5&M>M
zD%*4Ek38=dub6cCQkL`}3PE;Q3f&oJ=hiTx)W@`TFAm?XrKL*Bg?3c99gk)5m2<Z6
zyI_NASWL<~f^bGJls_0M3W5zFAHUl=muglE<TSgn=Z;PAZkNx3pMQW1bbfWC?G$?0
zWj;?4R}k^6{Gu`r81lGj)9UJ!8ht}ormR-Ae_~}Nk0R7kAz!~O+u3Z|iDTqyFI~xD
zRM(*?W%xqnf|7*FjkNpnEnn9_l=;hJYZJ?^Q{X&{%6v|XfBS7uR+$xXB~Gn;xo|y>
z(%`p^3SG0+QR@3<P09yCT(`=d7NmEuw%+h%U{&HiY+tdCfwYp9N4i5zI1fVgf{v%$
z<IYX_+Qp&DYewEFGtZlUEzJkK4Vp11;HX-zysSoslT>Jrr*#C=790JhbWCz*jYJB@
zvCmDKe*MfogOo>}Cv8Fpz6|qupIO>^&X(T?8}ohPD=-bHkvGA<b{MPA0;?`^jD?Ji
z#XYz29^eNid0W?C7N-)9tXio|Z2g^}=@dl#%#;Ckm`hZ#6p<dK%w;xDm&r2M%^M+C
zE0R`c1-MXSq{Yf3@YSH4(Xy6X_)=%^QqW@ow7Ci$^u9D#=Q9|3*W#e)qJ8SE>C3~w
zgB)WgS`Rg|Ie|{LG!_>L4X>r9sJ$fTs=>4$dae_K_X)rJ)sgb2!LrhNiy{`2Z}^s*
z*^ReN>c}3IjT<BP*zWBtI5sk~XJ<63S-dRJ3w&)nxh}CiLi#e(&RIw9$lTQ9-Ikcz
z+E-R*SEe87I-tz|$UOWj-y-HeHnGru&3dC9?rFrWQ^*|m?T_79N2lp*XZeeJ{A-TP
zgg*SIge1M}|1<aeuL-j|JrH!)W>oyg!kim!kADxI7`^<bmtZuyqWQmA$0xs9$y+~L
zl|VtW>D0dZjK9@+9mGejN#5;-H`WB2$Ny8*I`ki-I=Om4r{$BbOLP)VX!nQiW!nF4
z`4(s%udDp0_~+zvGkTMPe=^^ky#F`TYe~a{hhc}aH?@g(bJ3od$gDM3@1?nLS*Ft(
zDCp4<yNdCEeo@s-G4y@dY1u~`%=q?*nl4KL(lIZ+`XH?IDm1NKGQmzC>zW;IJE<!;
zIg$NsG_iF=6GB~92SH0tq&<+|_;bfZuQl@LkqbQ0B2(jbi}3wgEB`BYFRS(hV(@?u
z-CV$+XfUO;{pmH}?#KlSUG%;<=$vJc`jdYa<r<PMQVMkuLSR>r_m~$v5y+Cil>Zpy
zi#_@jbYH6g={KGJ{3Uw<4?tLb-~xm7s;Ue2;lUuYJL<pNZ(dC8|LS;5O0V@uTAYPr
zucLl$Hm$f6Yp7u?TdxxZ3__&n&O|sC7!QQh#wz6{cX|*iPZ<f%KR^HEm2t%KW7=-*
z)82>Onkh<CC-Qv^M%d#ET&tdVRf0CY*pW;b-rt+Kt1VxVF)(+qk2Fbd4&_A7yAx{R
z@Chb;ColQGW)v_me@mbHR%hA@k2%2`f4+e=_XmB#_)1;XcIU11Ag5Pz;Txq$(^OhQ
zLPB0LoUTRQ?m}N_AKo~=f;JN^WXKoO89}RZnbD>YQa*xe*Za<IykzkS<V9sayQef2
zYG&gx=*H*r@vY6xojrbTljLRwOKDy>S*LUP2sPdZXv^^ryGvxMJR&I{lV-49%3Pll
zdYfE7_R>Z0{?r=dcjNp)WqgUlY1tIzTCwl`^(-n=(<-Q0g+^}!SydUI+aiayjf7zx
zB*-+mLi6r^ys;OwW0hDI&OApoW24a#^1*sYKnSwQ;d_mOuFL2X_Jd~04sVt{1&gyf
zhjT@nwgzJE{gTSHB$dLrtL#fDqDOVQ<8e>RXG5d?wuaQ5YxdT3=jgVtuQ%jc(H5gj
zPbxf}CnyQeFu;q#ZQ)-!*yUiwPDtqxkRD+z3q(Y9>4I52f2u>7kRl3Qhv%15MoGzD
zwm)~1%@Yw5anHQZpyb(BJ(D`6D>dcqD2o2Ol_v)m!j!s4ZIg@@uKt(mx@5VwAqk<-
z=D;6xO7=#1!9XlVdRErK_u+9RlG8I%G!v7H)~U2D6;S&RlTLz1?suCE_&Pjyw`ng}
zuu7PvU=HwS#|x6y#U-LHgwti42`ZKy`Ed6Ut<9;sD)gv9{Mt-c2vJE1_sMdP=)elU
zv@Yj^ZP5fd3I@&Yhwc2j#)FOI=4usP5O`k_jtYYT<gHVr``0l%x>&cJCbhQf{Fyo&
zhZuMi`!b#0>Ks-^=mUZu0vtsZBACGK!hR?UHvYLLvU~hKXSWb>2JwLz)prz4nNnWm
z%FAA6gdDafrQxBcw3|%$1dNCmYGy8`!_<(Dth|N8HV;r%u+tL?m1jl_AU&l%uIUE!
z3<*quFJ`hj{p)rCKlk?e5#Bsu{3g{N_d7p;1Q^cGp7FaHrDSJM_jQvcbNZB4xCa+>
z2%*O>xlAcx+C*4JNV<Y}au=*m_nw~*-DDG77|<gO)NX|jW;|Un@v6o~BwHj9OGhh}
z?4dDjU!$c!O3l!RLqkH#qy+?d+d-f%EW|gWtER0@zVGT-HLpH08ok^K@cKn2SXszw
zK>2c-()7Gdk;}vh5!YGXVdSTj=UTtoDJw<U-}d=@29I)@Y;6V7BFn%#pg3|yc{xSw
zELf)1{6uG-jg0h4QJi%|%j0(XhVkCzT@Y<cq=l~J?&`Lcd?g*YJBN~Wt@ZDNjKR#V
z*~W{!xlrZ#_U_oxbDf;*zzsFfK&jn|HGrIzN@v)s?9T)OOEb{4Iu_8?agF1Z=(%D=
z)QPHXH`SJ9gbc-Qt%wtC1%<CjejlGKag~ODoSdRd?kJ9}sbNo?0EOk^5ZQ%HeV32W
zD(YvlQ{D9u378fU7pHk2>oLd(9!c#*D{=~LwLf8c$Iy~U)wuMAHlu?*;Zd4g4!z;!
zHp|G!2tCM%kE7w0ikh1LEa6Qtgj22~`C9pArJjK6C?cEZ6(sFvyAh!bEg~~O9<qD+
zOdt#KGGHFZv~J3<V(Y3xL=|(!tn#F9TRvSLz3{_#k3naBXqm9<D06T9iJj>?w!brJ
z_TDQ@8|(F+jTfHHnP50`s)g5&-K8uKWQvbco<^1HYf`%NOYh&+98}gJUes7Gqw-wm
z05=!p9}^GVZ_wKkMK80ic69H5T}lZRCDXV()4$^2M^MV&KGcA8DAcSihR8~(g9#^7
zab3D8FWQFjf#~rrPQTFQ3J73ji17WuW!sF+S6**3!Z>Z4nsKEWD%!5mR3?Qu<xq;l
ziGk3Q4#X~x)m!obInz3rt6$*QJ*zjRn!?7_V+#Ab(mZZ{%b7|)Lr+L25<lms&uGR>
zzoVtz(0rN`tYlv|RvK41<M)#Sf`oF8tH~Ir<ie0b2E1QY3y1Vhs7TUpgv_T$g_lX4
zh4b^ykuL4YSocX`d1J4cUNWfXsMC)uIf^p`q}UUFou#r8F&yO~Xn+mT*azx7gm?Q+
z^$xp|)*F^+QA$4)dDyefQIRX_-G^Xt14YJ+Rt6P!BEG5^E}7*kdEvCKj!GU61qF{E
zC36plp67$mXx%#estjJe3iRc^k*FvX%p<aX@Dv12;Vv~cOTw=bFr~wcp0Jt`W)Ys7
zeFbytQW&f{x0WXW-nLbIJ}fRN>8rQn6Nd43-J-$KTDPN4JK1#PUbG6c;_@Pnatx={
z@2&KqA3RJR-F7U54(8?UcL)KE$JV7CbtLDVmTj55tDy#xo8HgoAow3>7(Q`c056q!
zR}B*H3z={viESH66TkuTb!Ibd5uW$gXxxZqVRDu|iB(A!t*i=1#;-l2VNBonMu*(?
zxP&gr+t^zIVUS%s?FvR&SpmXL6?Ju^S7?O2X0;a6Xxuh8_^4f-v6Z62zn<K6p7U|o
z@p)~2=oK>G)AN!v7_7)=ikS4{ul8Ou`>_vvqf@|f;NIVYYtJV4g#fO0Va?r=uJZ0a
zI>IsEs$~l(mhZ0O?tiZ{BS>wh0#-g`d^ez~s@kNTptxjvu5Pds2+H|LzVO|0g)(aI
zdyH%H<0ABFPCr(j&(i&3nEe)&(GHuV8@irP5~Rq>r{N)oC-e~|bBDZ@^hC2amI5VM
z2@KIHrx};Ouek!m$#)jDYUHWLn=iiyYVC5KxF%LPKUl)`b)mBy`~zh87zJvTeEUSF
z9RaZp@O8cU+g3qaWcRZ!>?Y@-Guk}q>GyK&bE<@`g+37i3rO6%QBZU}rgO6;u+_kN
zb3yC&WSJ1R##2|QwWhpMDfAL63cEMErG-RiUP?nCrNiU?=cyZhN^Es_QTx2iZsuzK
zIJ9`zs7<{mC6HC3L&)#Q8NIzanYO;KH+&ItbG1irS8)~ClN)`#P|9@3u;E9BAE$ZO
z2E)>JM=G7dmuk7;>_-due5{1Cv#Ru}4(>}y`pu;)JB1>u2}k@S`YV(KZJkRx0Twuy
z6g-aDy&nsNd(am`Q`FD5g%=40n(h?8oPb@-(a3_n3!A4FhEzMzWEH1ikG>Mwj@)-U
z2jlAhq;4_6-ux;AjTvh}zA98#U3K<&k1g0^CD=qU%~>tJo2AtIwvm%gV8DenV)-Kb
zZ6Ui=<bnz5RZL6N2!Wq{f|!it4p%y+oHBjGv=dy0+6}3uqZ6^Tk_eymQlUN+Q~0?l
z*~)#IH={KfcLV*>Tz8sSprXE5bYynUZB@Sz4-J1_Go`5)vV8;#H3zLwA9Yj+k_zb_
z>7;O$E5qio*XJ`9mFv9aJYAei7kQL0e^y>9e)3p!a{6|6Wd~z8fH5%fM=l*kGFdo2
zcv>K#j2DO_Q>n@N7xK6L)l;SWDypiA_t&<ep9|nL+*bpZTJvBk(#s=J56p!){DP_q
za;b>C2_5%YL5lNPJ-Z|JF|vyT1(Tm=!q=U-=4Tsh`L^1lS}h@idC+h1F}E`cDRue5
z@=4kuBP(K5h-L)10_=7z_}~n7OMM=vxG0KT&x`>l4fnd-C{)JbcYxg7o&*}8l|No=
zamn>kWV_y!Pbbpr^-;l>eLq&o@J_lwSsl2}b2^Y(1NDvonvA(Od2hM$d0tSZ38rbn
zHPLPFoan9&#JDA|jt@F>zNA#+L(+j(hkE+<WF*k>ByG*nj4eo2=MO<0_hO&>1FB{M
zX%-}g>28v_yZ@(I)lc~DN;B)C$dmls+@8)#rbDEn)0qtC1P^sm;TLc-bG&y*p$8GR
zyGwzXB30`%<%g44)VpPne24v#dV>1S)Y2uQYL~`AP}gjdci%Sl>RxG>Myox1n9@^e
z$)UPYp2O@V&|22yXAcpv!7H%xZ}sEtB;+R;@1A0w-daKo?Zc)Nlt+gD8@V!`%JUSc
z^TG{C@ie@f5Y!TPZ@rP%$Q53$a5^xcGSG3Y)Fmg^p2BB^{q7naNQ@?}2@EtkqS*C<
zlJzsC%nyXuR!)d)77G7-n-@%u>!ZjzcvSh^u5B&}!sFXG^XjDs(0KTuDfy&R)3kj{
zvR&5uUf$lJksUZAr0ZeHA6T6Zk^34-0w;O$gnxJfBGp~`R#XVUve~Uk+RW{N-s-%`
zG1>t3a9`<rpE%nhoNPY24S$)Z(eyToe476&Qw`?pq#`2Q)zqJd2Vk9#_xk+<!CqPe
zMWk;b;YO*nT51*I_397)3}Ns4g*JO;^2*)5mISTu<KP*J-c)zzG13r&cM*9YE~e-l
zw);WlC0`Aj34?R@?;QqxoN{%s<(%73hiM=Zyew(22EHo6g+4lYrvuShO(!D4uDK8S
zuzNo-EqtGojnS?_?|rW*+3;nhgj`DU;%aoN#fjPp*|_l<qv-iI$)8}E?tElEVk8*^
zoY|44K*09Hjfstdga(LgaRJ<E5qbz4bkIR#%;40~R)nS16QybPA?^0yna*>=^|aaK
zLa82AWsT-zG$CRSd<9R7_ZL8Z;>(o`Y&UEC!rf9Rmqg*C{hFq;3KLGNx$qaPp2JzF
zi7c29vWe(HAxVb*<R@Gv{z47sZvIFX5;1g$H&D*-_ZjQA))i{%$Mb|&Ok&auoHhjT
zQ;udnddw`gQixcau3Df$GA9rmekOb$=9XtU$ASe(?PFH3Jpn&`A|+*%0^jV#2I!O5
z9`Ow&t1odNYeL?!c?9);o+cPe<-*-{pb8tnF&cR3S16a)Z-n0<ge!SiS@tPC<EYJ{
z2B{vhuBv38%mdMWeh%YKlQ1-VlWL0YsfWJN^Bx-y56^tAEalRXk(X?c4I95z(6_H|
z3+#`+e8f01YNf`Xpu}l86Kpz`dW{7CP<)#%Pe&0&VTT+UVZ_6aqi1zlclM}S;7sLF
z=rgU&+2@mH&}JcOskj|QJ9ZWLZSAbhg5F{q9Um|2)~u=k-wOGCcu{qMLQVbK0xa+%
zX>^{J^nrt-w&j4OLy>7tkY-MlRcTSf{gb20_?It@ru`oVmb7kF3Z+F9o*qGu2dNaQ
zW^X<9LCavMlYUxWe|v836y?5o^%uqrN%aZQv<r?J9yR?``@^Q^MNDaP8$V_E%KcRF
z060OtAe|T`lCd<NUR#B(HQvYy(tA{c2U$EAVik2Q9-=1{kDYXiq~c6p1<I?c(iHA`
z)XIo5jDhrLIU@??(hM8vt}0)YmXy@7{8Il_XCX(N{fI){pmw2cQ}b3;U0q32GsGbI
z#XhDdYRv*?Y}^EvrsDDW3g4`0tp%s;vcE(GNzjbqW>nOQ?OO(hh1O0H6B9zYRL-2T
zGVE#2Uc(KU4ZmA!cSyS6i+j`lya!+06x6>^ER!U&vvj%G1X`>qJMegbr+PC5^=5C}
zFZGga@Q&Tp%~J!N4&U65S{okX-x<imEBiE=vL$}<amj@>$*o5CtR2==q;X>RBDsJa
zhh>O_ORLH7U<6J%YgJ@d%_GV|Wrec)>kHg)6Z3GR`W0J+Y-An`Zn^Y?Q|F=<O&5p9
z)mVj<-G-z2u7U@FQT}knVccDY&kKE_izmDbwH9{W)oGFX@}#-T&)M9qp1jNpNb8$*
ziaPq#OS=|$>|NiEat(g`NTE2OV>qy5LA>N`6&d8dgU<^{ontb0fkweZQGLVY&&$tH
zU_O<Pky>cbNaxxKE;e{@Fb9ojQV9t+Pjl3Q9p3NOWrYSx%IN2=$Pw>e|7w-kZ&9$Z
z!So`tf-H_i&>6rHBvLvf7@pcmzcUUX{?E<mra6nt%FeuZD$IZFH_65M;O@tM!?a_m
zk$L(Df|3{5{2BQC0egZ_{c}&@Ul{CP*y-Pt%74B5@b4WDJ2c*1*skYceWw(`KZk(c
zKw;_HFq6#KtnPnqW0*w-UJ=Xw4@B;Nx?s^4qAdNebRIO1SbBK0y&ES#wNLFSm8DVA
z^QU$f>~i=z^Tj`YbaBdId`4x%7W@9%|9QRF$3K7CQfK|i8vRdw{VxdM|BH?Pt>M2{
zRf_DUQiMzhTV06!5n6&Yh&qg}o$DtDU<6}cLhQmXeRmEgClt5@6EXT92#?GJ_~U!R
z_W|c8q*=KTROE#)FjaW7Sq@m`vCPNb3K`Q9UImIW6}VpB3*F7z7GXabf+-J@w@y}8
zS@j6nQnLG%+x2}A@imnJEF0J*+WmnHsdoiZ>iW`5_ISxmlEE8F#o~7zkVb*3JHndn
zi1qRiAVNQbM=mZj6ch3`<(bo~rN?P#jNLbmilgZ01@SI?KZ4UndGC%NG_S~P0_=F?
z$ws98jS4UrnNZ^bo41B!ianr&c+?N%(`^!HPg@wiqHVE#IIYY}mUVK_^X%K9zC>v%
zt$#*jmN4Uw{7E>bhM)<7viiI=2e3}`!K<`HdQ%mdPgCMtX`!^L3yZD}BVsBKjAwh>
z+oY<UNL=rC&V2aPULY)ecpEAU?(z4OHOdU@tM8%Q?%qOf(-poKd75oZ!sh9sgYU26
zZwO_tUke+iDHxNLDW7s3k_tWue>);p-HH5sXEKZ*mM$wH0Rr`4eCvKf6dN;{^`|6?
zqMiE7gQ(;$^Es%WaFsu<vz&J!n2f2|Ra1&(b0Q2IBxEmz0dCGoKX!V%)HW%<e2B5o
z+KS9=ei<x(`Uj&yZL*SjF>kV6yD!xb^}3y|gsl9D;}3lLpe1SiwRTD%U`po}v(3A(
zcB$A(SreI$#i`R>^QIH0b9P*{+|K&TamvB*)BUwx0_XGf3dG9l)vl}Vv~EVTE^2Jh
zmz^U&%x%gVn<6eUF(>r9lu2{UiQ{f?UL)>Z6r}?q3?Nc640T+mNp53xbZ-WBKMfe1
z-94(|XWpvtM%`I*0jPIO1{~Otcg+ob)g-i|OZP*^MeW+X%ghvPJzj#`heGZz)XxqU
zo)p170BE=rv>^|v(_jv!-7~sOt&YOyUs3~=@|s-A42Sa}wZC?=%MN%=Oh{dYZkaLL
zOLHD9?-OfJzuh!OJ6<wt?^7-zbndnjb#C4aUNX`$!WsFb=n4X9h6X_=$|#_tlA2mz
z?+Nh)^D-c#<r-N*;EIHTwCm0=3V|j0Wo6-;a7gZtUUBW*x?l{QvO{Qb=aE;9;knuz
z8MmvEYV#FgB7x3m^peesB@K{W?Y*v|Vo0epIyPfE4kII@Z_F}(11hN*qMJX^q={Q-
zJe($Q7RPX~m<5_WL+|Zr^8#oxVd|BF8U*E44Wol^NR(nr@j>I#Jv)TgtY@AU%6mnN
z_*F<wb8^ZV{mR}?;X4;0aTDgjrVt3<*nsCH7R}Ia&DZRCznN-h`Yp{cv!nh<Z3@&x
zIzduWX_kf`qC6%PItf>(BvlA_Zl*tlp|3p|Z~?adMC$ccUAgaQV)VpS06cw6!N~1J
zSVv;{C;;LWv2@rCJ^7-!ixT>~we%t4n{>*MZd_9kke$wNX-TaUu6QjBLg#ncI_d94
z?MmDEBpdAOr3bud=oM3~$8kJv%wbs?R0iqX8uyp{ACQCEwa!HD{D^Zx9!L-x#3?1v
zK>t->qYkNNZPS!q;gU^%zAiL1=gY3n?q@1Jo05<7<=5-ZtqTa97xr@IckUMl&or3Q
z<LIKIT2?lOp$MkT4zD+KSo&gOweygI^#^z{lcXtAZw1Nnb)dIwd@k87q5ctQwhz^j
zyuc@>NC3q;xFa(|%4`Kn&@|C{2^qfetxb+)p`;Fo&W9T_cI3Y;7AMt6K;<6e%if`Q
zYfc(9=mC!@G)M(Ij?AFqVd3Myf3^b3!@GCl+Q)~t>0FBx<=zT6S6?J(v=<7*rE<@B
z-Nu~E>IDfcl$*$89)RjEXD%OfwKdfnQL&Y2!p1-AW2X#u_I-$u6Nt}{it7Z2Lis~W
zO#h9#w~UIaZ~KN-6ch=OZUt%SZUyP?ZfS<@R0(NBKpLb`O1ev8=y2$v8wMC)=zR9*
zd0zEg_q*;7?|RpI{lIcy_RQ=(d;gE)SI4%S6ZlNRVI&XfWTROsju=X3MKx}F7pYr&
z3|fKG=~gH&e0!al>hNw@WI5tHW0jo1XiH(zm2-gy&Gn-UUua0a^<O(zB2yp`=Eum?
zx>_F$7+17P#|eOXjw|vcYI$wIcKXM@P7M+2cB&uVXhvyP1buVkNQT(S>X~X@A+bih
z#%C5+3u;b>YDEb_GILkk%)Un@Aq<s6Q0Rre@6+Q{oH)Uza+}HV_Jb90b0U?mlFqc#
zti1>MrKYHp8h}|#+}*aue>iE-R|#KI4<(k8L;IN;uzYzj=Nvn#tL<S>+I`8KhKCJX
zwm0;?yb<S$>EB1og67^9s0(zIesp81H6}u}Ij6IeC+|8EHF#eN^Aw^G%Fs*J`qX<z
zmAH~^Sg)q~kU!w&dy3lrbKdTAdq+fiU%J5Yc+Ubg*^h<oZ!u?D>VBCH>Ot_YQL~9E
z)m04ps_*Abc&~$NXjCclBTMVq9p^U}Q!lQZN;_(n+;l<3as!$ozqmcA-oRWs{p10j
z!+X*YUC>ah;qw9q4shriWCN10-OZf_yXnr4ml<J4I}<uh<?IRN4lQ_&obnF&LnJ72
zH|=^M?P2;2dDiGwN|*L)n+?%UU74O&guDFQws`2aPE|MCT75@go8J)ftOaKg{pRX0
zbJIYH$<GPQTrEtvB0QIYYk~pr%YB;{QPq!#^t8&e=o88-DNb6;i&V<kj%~bNXJ!-`
zOblB3U1EK8SfHDB+<lXOGCj1DIr!Ca_N}CCPEuwG`?aM@4<=vE*MCxtn4xlK1`Cba
z0Ug;X4#vv;XMPKG=V_*2X5F~APFo`e^Gym+(!(h?`j{w9zmfEQ=vtxA&~ORV+pvSB
zyw1aO7hpTdc01Y?eCJ=u^UGxRtpkU8rO`qQN>9~7TlEdT2E0iVnpA0pGKpC~=fhmF
zOekJz*7377<S6(dh-9->rwsm55H~*;NEh<fn{>QzXu5ELi{dKVsF(N=@s3)|5%Jkl
zPnr|%#|v{7E48?HR+fz4?(<yqh0<B*)WEhVKY2>AIH-^L-8o`jP@Za`PVD(r0Z7sl
zHf_{+css>9Yudgz4*KIUkqa-uyTbTIFafy$7n-;)uIuc#1&h4(_8l)mhA*B%xD<=`
z(&)VG9!2WJgG&w0@dkc*Qbj{x$N3pBUWI+nV(q~hPmppkDuJK8qTiglid>@t?tnQ$
zTbJwI&WH4!3{i9g-k;EF&u25WHQrd?!%Xa!lJ(%r%)3|wJ}^e2!$%&h%wme(-SDY$
z)jJ~RZw*SI7c~dFYLi}i?7lpyJRoC8z9{=07)MxNUzZS{T&%&TU>*c^la96DLrnQG
zJaqBe3{DJ`0vGDxg_*>bxGy98f|*)UDFBC<l;p{nrmn8;&Du+EI@ecHr;nxXttC(%
z%N@Z)&%~5-g`o2^GxHJfsP%!-n;v`!SaB67)V_L7x+Oj7ipiYAlpg+N|8N;SZHU7;
zv%<a&Q9U?Wzg;Wxwu3v6XicF3)kA-vU+#M#3v+o5Hb~7!auC|Hk?CLz$-IOtW$#U0
zV622-k$Ud-G6S6(pa=q2J((Z<ddUvIohyH{AMlybpaARo;o_|yS+s*5Gqp2mf~phv
zCEYWN(Y}c480!?G?nyiXx39JiUZBTL`L=BlU*(-M8-o1<tR)w%bs$_$4f;2v%Ei36
zK=<d&GYr^ZGi`Tn?;QZyXhx=@D>V4p>50iV6&FypHOtCPk*10vMH0rGT&4%f3YWqN
z=5O&qc!3CVzhlIyv8dkJ>t6Ij^OSYXjPn336%7rS91MOXXT1eNr+TX9<nEdI&XrM^
zdVrAMp<nDp#e#ls>&~MaZ2%`qHu3!88bl3E4J&n6PX?&a;$M!9McGyTom=;N!icr<
z1_Yu4OG)|CNj>)_{0AoNlJeh!b6j9XlzEN|yghm82h)wGwk&mvVmx+JKfk`71kbv6
zgfPFL%^03<Hk$Oy<GeNz>Cqf$`Yw7q3d9)KVsx3bTS%wwbf^WF!c?@*{9LA24i;Sn
z$^n)S{6&AT>3OZ$OHN-(DK-q0)Kiz}Z;b$iPvzAbowIj^yZvl<)aPMFW?WYUVDY5<
zaa40PtNiMm#+fL45_OF&6T+mVccrXLaJjwJQ7LZ(=8E<0w3*#Wop@<t^jQ91>~Eui
zn;W-o44N{%kjD7ygCEw_$L(**zPIh37!x(rvS3rh7((b2P}F^)Gk84e(xmwI9{94D
zqVJQ=hpygiBj7e+E`PYrniNv<V1Vf)u4z!w(OGL=XWKVQcI%sXXxKdF76`QUWYHXb
zebE5PsG_2>wJ;=W(+3C!hjjS)*2|9ZOYS~b4tD`EEwO*Cxnt&QMa9p{YEiJ0KsrEg
zF1cRZQ0V7d16M=oS6k{idu(&__ip#;T+3^C6)F{v!4SHIR5vd#ek`z4Krtf|Q<&?Z
zxp?OwuOUDSh$^<=!`j>v5)!-?;!VN5r&&2HE5_G7?*c0-;3Yg50bdwUL{_TlTvinr
z6rr_xgmQGi_cdD|5YaFP{G?_-xcch1{Syc!p+4K_nq+%6euM>+HuS}_IQBuOxV8;~
zCtrtLOYCm_>i5}Q-jquEY+vH(EhJ3L^(^7%Pk6SW_e$e=WSRp*t|)Kx(M{HACNZxu
z3MDfq%H%N0FKH$jDogB3H7TbUkJfqY1!C8kT8p*0)&AR3i8)8?I0xl<TjjyJ8Q05Z
zgX>8PEp_!*L$W-0$Cg(e&0<3$oe(t6LhP&<m3&c6pvdk9IFhy&G&TKPs1*ReEEY1#
zv<-8Cm%7q3zO6Osv(*FiAv2nc{8N|<#;s@vTQ&vXhuX=G8U&5a`xx=K$&rnF{Z*P;
z9k&$P7P%+E6F3*O+R(}B8_$c?BI<pu3{&z*QYw3H(8HTMI8&u<*cb<$KtIdo?SJ<-
z=XiS4uR74Q4J>K~QNAEm-@d*U%fXb>W+uh`PTb*xQK`&}VKLvM(E_1^P8WcaftKkY
z{K-T=ZZ&7oEu!Lr&VA=i@g94umYaD?p-0>Sj1iP?N3DBdO-tT^lV4n^E&~@+9ppIy
z;d<%9WWp_|W^Lh@SNW-P_y>tuL%z5rCHpR}#DlHw6w<JJ1yS6mU-sJ!<hJ6gJ7!J?
zNzd$-1Do&>Zf2$_{hp2!lBI+5?LZ+Is3<wjJi+wat!qu|B9+i`aT_I-zpXf#%rSYn
z<PrBJySr&U6a1ho`qiY1=Y=IF16d>eX2|mnZSQ-2eBW|-L&{&8lA7(}3R{f!Lyk9{
zG-b2gVA9(+4!yCH)lV#i{_vHu6H&5Z*?iS;nhYu2wz6VkD=7)2kj^DXQ=*3AkTI3T
zvZoT27K4{Nv&p2FxW)NS^IjV|OomDG2{*E{_PhY81^$bD>+A2g{*}v45d&~o_)(<1
z-4>N9hK75$j#=^9GOgd5F8QvUdT>`6B~(=_P9=E(T2fs--YjLLSjT0@T@bi-6B0CD
z(9)_H?j4my^4i3|s<a5Z=@;qiH&EAV9Oa72&3$`Y^FBtHA{`*KMvHYg<#A^d=fHvi
z@XikufL$gFZMPu4yRLP2H6*6Y^h(TfiVUL!?b-7zoUpLLW(47HT9N6;v>os!52~uk
zYM}~ZADV~!9{Lr-Bxj-CLIUnSV%ntQE2NwjdyFL9HbD^L=BDs)S%9d_-hssZljKV~
zJH8eR6{xgUK-!<iS^?CvHC@S@E@-rKtD9>EmPM|$H4ejJX2H0(b5QPr#)N<_T?p6h
zF}MZ$(fgQ^>qmmjpjx_-+tJfxAl^4e+p@+APOLh6st)s7Gt!vkVzx6E`GNU9tVES@
z-E7c@@M2TTgRKOj>d(H)UXvoZ@4glD<AOmj1|zjAac>{SFW!#{QZo+tuu}Lz^IEA2
zy9Mkv&7(<*vO>ya(c%tfWc}gr{xT`Qchl?q?X-pSxq*XZQ>V<IaUo;FcV!t;xU4^@
zh6Df9n!-VTexp-ZEnw0luQimWb;tWv9kmM29Te)Kz&s5jZaPs#W#tYN#SC8y3+ZFL
z(~JL1A1SO|Md4dZRIo}}Z+_XfXO!&1*SGI^^bk6A&)y&Rm>>1YWrO$g&g3}PK5Vqd
z&lPP&$G96pOctH%sWQ;9<|Loygpi^<@0=D#I-U8#a;2V9KMx9xxk>`4KY(^ZvSLma
zs>HZSoR&4W3-L?4+qJ$4?VbF%y`lTN`x6WK`*H5aI*A&FR?U926Guu6_(yfGSM*~1
zgpw<^1t$Pc(ghx9N9@v*@xoVNIMKx`Iy8<NX)VM2<f!=egs-c@T4!f0{uXFJPAxH9
zv^kEM(&ph0F#S<fr$zzwyRA21T+!G|cI^VD!5A1>r8?1kbPw*Q6_)=%)V?PZR6Hz_
zA+K{x4r_>ZyY8w4{Q8dpV7`Ue5;RgAZXorK{%z?lm`l|Y^!HY?1-8}_@ksD#9cf&@
zq)q5E{<%}0dsq4Ac0oSEkbQpRqqFCr2`Y9A**j|642z4#t~<F{nLot?_3jCJUVA*A
zGCi>v!xiVhI>MM|rmCAI7o5VcKwrMqo2S~#Y@Ifu^!ha6O{%025VLG`c|YDVrMc<2
zH1}BCtPW!_<K>W1-9v7k{e!@P1-ov8)AvNsVDO9JgW;GZ)x}?EnM;S<!)(`c*<YO=
zMont|N@nw+|0uTXxA|?WDPZJ6Ho$wXHx13_&X4P3H0>W<kqzJRw2G-CS-n1enfQ$S
zv>LFFM5&q(BP;Me12%gd{_7P7)W~C>F1K_#i=!GJXzlVVR9uUXG3gGMBih6II22`V
zJa0%4%1gU;q~-8~u96dhgmCWe*cA%qjDsV%YX&v<_Jjk{BERe^C!hwAQG4+6s^(q{
zov%jDa8P-b&MAiuB}I3WFW$7ryx0&f+)<ffr|PX^YE18dFX^}omrm`Re76r`N>-o)
zHSvd#3ky^skOMEpq9ntLhjj4~<D|>9bVeN+*8MSSqc0Nc(RiqHr!FD23qQk6F$I~e
zy>=w>S@?tGAkP-_zgn%GYl66ZDEc`U@>Nb=MK@h(&0p7~<tN|1cz%ic`{A^iI0NTU
z1HNCk)B+0^tyW9xyS3!OE4S9#TB^6^EYvRz%e7#5BOhKfP<~FXCmVOc(^;YYT<+%I
z$qSt^CAam}qezuom$RPr7#7cEO_p81$eQ&~LM66g;@^Ijd9|i8F}?GOgu1fiU|5CQ
ztYn){NldGms@mal;Pk`t`49!^S%97homeq6sIw>^Q*WTh?8ZKeINmjQcthJShP;+J
zU&S{4OOF{D^WNw(v64XnjO<a`@Te)pu+URF$x`H+27le<Ba^VlPF3uGl;xqz;H7t}
zqPhNcIfCp^@8m^uvm3oC*%~AU;V4kjia(N4^NmE7d`WxD{K~hpi!U9k?Zy5t<~)w8
zH32g7x>`F#S+RCNpq$j(*z{}L($;-3-GV8Akd&G(FCj`S653=rYI6@s)IyNUDq7;x
z((a+d1O*IA!{323>R=&9NzmZ#Tm?bLdd6nA1T_N#a#s?gZyoF_YkKGCH@7*y7qMj-
z`smVGpzq=QA+cuUKE57ytl6dxI5cEyJ<qZ6eI7Gp;e*sl#vQe4Ro+@!eopse5^h?d
z)NlO`5el=sIYtjJU|OAwkxv_vF2{=0GA6xvL)O3O9uxxr1eHrez1ih&kf&aeIbFhs
zFqVv)^ir1>o+45aULb@tV7LTMN~gsqG=x}r9^0)9vy>T|R`l|7fu%loP%wj4Q#`6M
zT|JN<Jjht{rPV8T%7NtWn)cSU`VH^H3pl|iQuWex*2$I8>&uH9ixqm9kyk7?TFHif
zX$micxQ7{$_n3Rg7s8~-q<rgU^5l?HOIlkBJ<(ekeK)8b<GOnm`&~?f(-!;`@2N?i
zWQ!e730w*vQbsqT7$L4C%{yKZo{J8hk#3+BThH0e29px<EddIpwqeVY<Tix3T#_Jj
z1huY`q@@96mBUVrWCoqya#BG10oRA8o)8Q&OQs1Py(1oae4m%p(Zkn>=@gts_~;6O
zQF{4u{&790>>SRz3bRW?&Ezn)pwvCBAMcM2oKAfr$fl8QTBi&4NM_##EPJw3+@B7b
zbF%)gAOG^MKBhP-`+7Ng&l&sd7avSPbP-2Zr?p_uRe-_poYqzjI#Sw9byf_29!-JC
zz`N)`lgGU2F7wpf9Q@mCaCy0z@6pBK%gw6k<%Z)hR}CVhh|}iXO35cCU^R-=tv=aH
znvakRJh6E_gAcl6<$;K)KeD<D#Y&mNx=tj_H;+wD9;A*ysBB9|PIYp&<R431-o3u7
zobuBi@-;VJn1yaAqH$DM)(FO-w9Rq5O{Ghk9c4anuw_i$PSFepcxKD=Q81tPEH$|D
zq`|b+-+zk#=}2E8dzl}_BOTz<Nh6Slyj{2)-p@Ypx#6??bbF3m64%26?R4tm_c$rq
zF4P{`Zm{I_u!Z`eGX)+D`#1>EYYzo>WigR<73)@fv5#wB+nXhJToGfZd}$ze+KatE
z`)YrV=u?p?%@CStyjJ4<t5^DN;6?+-wA#-`j%c+Kb+J7S=QMnV`CjidDDn5t$dx!Z
zqNV)=`eG-{k~ufTzQ$L(h<;VB)pR6}=3qK!zZ;(2-OUw+OJ-D-w!3<}?4IH0-ub9o
zsA)kq`6fXQvKlmF+2tK6I>D*cX(PURPSCVWGCQ<DsciL8F&|z%NeqgNz(CO(tCPx*
zsvgIO9V0r1V?F!Ag=0Fy;uZ`E#l{2`Ab_mK9!0`^K+80tMGHXK9BUF8nckZh-D}PO
zd3rsZm?-GfDEvCcZSDmF1C9a&Xb9sI8}9&p-iyBebWfliYfSI#d~-*L0-Gn5Jh30=
zgx7!<aP-nkDEnmrJsH)P0+{5h#>hg@NdmF9VsXRDG|La)7^wm;#G4&=QUFx}`0T-~
zbZ%@~8Xg`i1gV1pZDVDqp8&k+tq=uD<D7uUj;lb<%@^OQsk%7|J087~6;g%}mPA|#
zmyDufH`nV)7zIKa(aH8<VR_lwXwz3&HpdIGexuzuXAfx5+0k;j=N2iF%3kkRR-6-Z
ztiLPzVPD;PZjW&>Zxh+3L?MPE)IC-`B~yytyQL4gyl}LG&A?q0#IH^o02wVb<orz$
zUP``~7VEuM4jHdo9S6P^7>?htlsB1m=E$y}LvhQCNiEB>g@+e6UD~2%#NV2vcf%(>
zHcS{m-Luy84od3x*w{`+O?OD+r2Q)F@l;-4j?wT`kCQXlkAmy>*kd$3Hk%?XZzQ%I
zjEezXw%%b=dxA&AZTB*4g4jCJwn$J_$ZXtAU^sTu<#~(0+%JZ|L^-~}IK}$dKa<}6
zXG1))`%Tl8HD_}g!t?)CYI6F`CzbYd))@8#So)INwRQNY9*56<L$^4HkF+<j<MH!t
z{&MBt&D6Vs_LFa^WMAa3(F=|{yhWucsdp#$uSFmml7n^Ww&hQMi=Bns<@-09%4LGd
z2xII!HLW*y9@m_;cyI(hs%&mOiLDL2+;G6UeAM_AL~nAe2JtGJI=xcHD&rqmY)?d)
zU?o=wsO7V3rM4AW-CxWg^R^Ly<DdScYhn@^<*=FIxjARoN7pCWw|zA_LpD_~a&1xi
zFh--Q=FAkI(d`V6f@JpTEo(;-h*)IpIchCcp^(u|PheHm7cw0LSCOu0=Ty~Vg>4b1
z*-yI=ibpIELdpd8_tVYJ^#Sc)3RlQ%?SoFcc<q^Fyb8Z0NrlBcSw4FHyXXA+AW+r)
zb8@o61hjFJzjS@fJ@b)SIcq-^C&F9=#2LS2(wburf>_M;zcn|HtG}Wb-)jnXKhx~f
z<)~9=soj~YBJp)mo(4@c%Uf9R$n9u-S~nnuaM>ovS57O|MUwEp9QI9}BQu-ppB8Ft
zz{^t~<C&~6axDG{eM(X^vg$jv`1FgV1t(~Rqb7T#D$w^ZQL1-ffR+=H8SmMTIBpy)
zH-Fnwg$3Fd&)ra>LF66B=bL}Zs?vq2%N|^ptLj!;JNS+IX3keJjBkz?pa2$BS*4uS
z%~SfkE~1Sd7iwptrWK1}GoAP(aCppbfY7M}r_c0{{|MOvx`;pJTI`$1k>Y>01-)7d
zRO5mr@l7R{^h_?w2NGE4%s!vz=LPf`q7S#gEfp^GU%5eQ+z!(d{)z>GC`A)z0do9x
zzHVaXV{A?WOziAVTJb=aU|^e?vuk;cE^AyY27O9Vw3v%v1Ix0mY*4dwZ@DgB<~{${
zZeZ=)wARcA2j3@xeu-WR%d2ooPx?`bX|&SUK&XfE%nCY3e6~{A#A-kqw)Ix-clRne
z26OO<X}oL<`_L%h-2c&X_HmHQNuY?TQ^;K}_(=gFQhm32($I(=0}iy_p1<EKD_}=v
ze$B*MvHrC>y+1Gbg(?XNy4vYi7)9GF@vQie(^b2m3U1rA!A7ISg=GgLU-L8n!{PgE
zZh*BA5;|%@z3tDVw^K7lzyx`@9>@=w;yJ4oI@MP)Yz+|6<D}ic8hN^|*uNY)5jUzc
ziPkl=UpMO3(a@kVdEgmY2jfz}J-s1Amj#dVa0kZ6`%b)^MMe4e>2r!A_Mum^GMZ^3
zuC@IuX(RvIceC$;gjIKJB9Lb*Rhcp{X42~4YH2;1Jkam_ds*JaI-grFStYD`R-&Z`
zGr7Qb71e#Uch~6RZW8L<809|3%gxbG*V$F2B7F}DfU~R9MlM%7n6^!^AZ|Iqp`xY=
zb5~$W`iHHuY9B=+?nc+#<{q;WgONf0vCs6~<MBL216C^5h1`ugN{B!J+NJR2bnL=s
z!`n%cLl5Ob7`+=?H=k4nX^6@FQ<|UVgzeeY)&8yDUOiL^cndTlqj#d6bC0#x2kM{D
zoA1tI({o_hn%i&bHYoYO+d%yQ4~f;sPm(77t3VqMJ$v_bV#q)?*5t|M5W-ZGSx2t6
zcmCRaFVfMbiRU1}Bt@^6m8b)BL;3-$)5@jz+O(ENwYcWKoylC<YIAJ9F@LM**AXlb
z-7R4)VyBW?@fm9Mq;(2vFk1A;VMG7axk>r$!P?}p@rGVR6H^14X{5_)J<d!bT7<2p
zrLC!ll=1-ecx(>C&Qyuoc|HTH#B)XJ@BI?OirX6BNE4n)JP*puw@&jg<e-RoKWCpV
z>MoFegI^gGbpI(XZpq3=`$b1SW%SRVKQsJgk+OS1L$lIPs?TB@paA($^VoOiU~_8M
z9e6gof))3s;a;;Z;qcHIuSCewg5qQpE~8m1828hTHDC)PYn+obH>Uxr_l>g{l+3ja
zb9#8!JuWFp-B$0OnK`ob_4djDP9W%R_Zp)V1h2QZH;Hz$0WEbfx_|BAwnx=%OqrrY
zj%1Y8OcgQyJdCLXtN{2+_Kk{2KxsLHQ6nvX*Zcq|;N-#x_sXqdd;q*=d;&k4*k}Le
zZ?5cgago-Tf^#|@c>1r2sAm%lzeae0UAgK_hL1I<_O+&$VJz@u4NLjxBN7CSOR}$n
z1N?RYZ{MvuovviA$g9EX6ku^@V8EVLf>afP!tjdP<Z!6QiLcTg1)U1c+=A6CjhnOl
zu;+MY_@q)u%P*Fpv|R4x+o5CjfBY^gtiARt-BCbC^X=CDxD9_oO(W!Y5HeXG!VtvA
z1X%YpG`Q_+(O~wL+rHk_B7I2C0*P12q=noJZrl5T$2f{D9029=J3;xs8^ZdVF+h?Z
ze|v8J(-QQz=jK1t<9|Qz9~=H>db}XWK<ru22x)EG_%>>vp1!!7D&ZXx{*#fNP45)S
z^ZR<^Dvv$`_J+9Z2K})Pp>MoQIjY(8oy5gWYt>g}h;&bq+I!4*)pY1y#aq8y>Na!>
zqTIa}9F(1q`GNH4m_Sm-e3E}B;W8X48m*pY(3YG_+`io-j_({dC_x#tTu?v!C51IV
zo77ewL3>wv88{%zLA~7RVre-?-OR=KL$oDc7Oryhb&WKW`ud38laz?m{q8wt<S&I3
zbP=sX9@)J1IF<6;7x?aQmi-%_gi+b?`A<h5b()dEG;?|2I0Jj#sRIV~P$)|8AmXO?
z%HN73|IsOnP`KYuk10A|aP#9B)0F+otlq2a0FI3A636O>=iWb)Zypv^a$6XVXZl~G
zI{q!w55#;{XUzKn@(I_wj5MC$A!U^P{C%vj(EM+5iiF9*3DfG)EGPY=cMC5C`etLu
zh-isu2d;bC9SC%IpUeS&sJd^PNpCkN_(vzFGdD*XFxulBpd(zEq$DZAS2lq0d(;i+
zcEd_xN%_PyTQ6*gfivKDr`7#EuECfws;H5tooi_=hTH_&bXAT5>70?Yz7d2{Q^<b_
z_}M+CB7Y0P2b5m$O8ZKEg4cs&jAse#j}cSC0eCG5!{-RCa-Y+pNYfW(1XsMq_?5hB
zT7+jxkYQ5caIXhC&yjn>2kEJJ|0LUR^Wv%hWbLQRL{`&NZS7PqVh>h>ZuljS`A|Ol
zPNVG$CHvA&i^d0n<kHL;oe5g&D)y~mSvML3T=}K`ail!*+3?WxcQU~8p`eMHm=z!1
zz{m)E%SXtW2x&RM$@Wz~aJc2$8-}yvw%i{ee_^&qdBuX$3DzS$<#aY)05#}pzk05B
z`OD+iQvu5j#I`hUViB-tDFp*soUB8IHqzzmR8K~PdRDqxbzBdG{_Ga3>1r1N$;Oed
z@cZ|0Rp281!@4zFNKFPVt>?uQL$+BXt=m^$%UGdvJ%~f2IrvEgvp-H0aelW{a}xHG
zO96lzKv6mzE<j9urYa?O77SUs7DNR;O`}%N*xY8rd)1cvs#(_P!9UeBqDo;mFd@ti
z3`XRXR%A=h`36CqX<R1oGnKU8)7_j{wmrg3Z&7FD(eMYwCcc^nvh9^j{hlsn#3$dW
zxkL|T#tz5+FI^_|q(p`mN0Z4#vplO%bcJ${2Ia+{iOxf)HQ#fttl$gfS`_Qp4hfE6
zCYs{ghIPX3i2#FM^0N5-kF~NtfWJxk+)^Mm*g*ZQc?eV3dgh1!)FD#eWdmXldt`~w
zb!9SMv;m$Yb?m(l$YsiDJr=MLE|X~)i3WcA4cV+xs;jo#8^0COgSoPFD%XM90dVPn
z{3$IjpWQSY2Hib?Z}`~NLS^KuN@=(i;tmg;g(#GiiPzTfoecn&6xZs{Hz-#a`N(Aq
zxVnL>?EN9Z<XJ1hw^%dm!RXS0^H?R*QpXEyT3G-D#VFtcLF|<Lb2uL_1`4pu2OxF{
zFQypjuDp!?z7~L^4QTDCv9^E4TfYg6`)h9X-z(qWx#Zt#0JgZfyzx-l^i6<TNNv%=
zp$01MhWrcapS8n!0jWQgX2vZIG`+HpPm;AEqIv2gE2vQp!Y2oB`@X}qC*6u+YE{3f
z+)c!mkkQZ@Kb2xMa`7y@4RWEX1T%b5=r=8}@EcSyHxIsLirJRJlFRoG#(nU-)jl`=
zXLQJ*J(|$*eu$=8hHCwdcS7GY>XLXj*5)>!1&wU$_83@gE0;E<QhxD8w3`9A;bwW7
zZhI>D<Y4UR{3xBZz;X^#RO<Jc1=$-cAs21_#tk#PV9IRlV^=^~I0XT@5>;aPB;hYy
zcVxA%$6V)`x-b8UfgIlsLgWK#iQbJZsd-vC${C}T-P+&P8<>yuHl_cVnbF=TaX+!q
z46RX2^Yv9gzh37xg7*?ejr~j40idqoDrBI{cZc$oiM8_yRsL2OiFaq?y3QXHW_6>A
z_<uT29jt?iJTYtBPs(Nc1EVe$IrUrCiSt|a@VKzD4rXKpa4oRcl%<=ng}KvDu|M3~
zbfa^j*ty$wGD&INPQbbST~)t4nyqE^wXUvQbg@^8MhT^<ovuPa7I{a3Q0JoN{is%A
zwh1`?q+3SPD0C0B5RL-uExCw$%dWVYu#1Fe(>>@D>jClL+DcGo3z)EW2Byw9K_nIJ
zQ{~wWX@z)2j}_{*1|zRb2=kV_0-XZ>k9{b*P{zJSln8G3FC@P5^CUtXs=QtBdd#oX
z)bTp+2jp`*NCbdFAobzVw{z~C#PC5grY#Io{hx;e^>)0NeagTU;SHoY-_aH751Uha
zEj#l)Q7-V)AxIWfC30ODCZ6|y%oNVOQ<b|`PMF-V`h-Ox@EvP<jAn+zxMbx<xex+G
zVvfDq(;u)l=g@DRa<25W!eJ5lFkP4@o@1q0Z`9KFXjjb4dF}GCcE<F8(W#FQlbGf@
z$IoSapK8Us%tY~r&y$n;RfMHtx$UWl^){q@D@&Ls%DZdV%In{@#CQ9h3cb1b{OxTi
zWuM>a+fP|FpL4JddyOc}(+9C~**Tyjw`3Ze6W^l|FI>l&R4;3WeOc)<;5+4aLjoQ!
z3r&E;mNg(D%oeNc0ktC-vJF2sT#8%3(NF?NVYQ;%Dtk1+sntPbK`F#7`u@;{6?=>&
zMHnviBoNu(KK;7foGW`ugrg~XG4fw<+$ALS|3&6lEBYRk*wAoLiG@F1BPpqlNxyE+
zUjP47>X_S|`~MHjF;K$3st=k0?FHBJcc_ILd+p<>M^>8+rzIm}9sUGkTxMXVl>I5F
z^0yAp)vWfadp&xcC;`+K#kQnI9V?QPn6|sp0F<=xUss25zTf!xh0Q~kK&mPua;QPX
zYGDc#C8Si-$$tA`#ri(Yem*hZkY+KcW)q~$c%m&ymU+2R$xZFPkOO9J5isjgfVo)4
zH&74c=&rkh$}%b4qwkj*qin6L?41(uSM(z}^&>MPy)#$xS-w5GpoQXwgsTq(xyLpz
z;Z390r#TN+DfaW6CQ|*|sN*aAZRfUJRhteKCce~U8Td%->nw<q36rSWw=KxZ>W%Dv
zegSwp)HK}z!I%7#bP|px!ZbmP@Bqo7EwP8W#g$s8m>e8-6>8YRqqmytxU9+uat%gN
z-?{VNCdtJR{Mh{(wmTBwWui-voIEX5!AF@F-5IJNv|?+T(voq%c*q95Q6ccN>PcN1
zAM2jvDZO7wztFe-tD*=iP$<tAc5p#p)P0|$7I36qnwuo$%BE8c+3*Z3{QBbDWJCHD
zQ%-l&iPsAxOm)&_Q;73}i*`hG!_QaJUf*oQ083&r6IO-!l4`@S=N*_5O>uf-JXOcD
z6NX}pZc%vi!B=B`Y=V!ac6gOGy}AtwCtn&}EZd?UclrKsWuBuGZF50s_b_`^8lJ#M
z8LDDv@N^%=X`CGH-tIIn>)%d3ORywK1zS&C^h{pAtLdlSw&Ec)m?lVdyhSgi8)H6{
z_V~T(#L)FSu{qs#H@?2&Rq%cKa1v6$v*zgA>|7If8v*q?nZ}_bLhSo9nO|tJD8%8~
zWa7ivZ;-NH5oYX$-hQ~PqhLV5t1NPX<d#W8%PMvj4h%b$6$&qkaZRmaKsXSUT4rE6
z0hA|2xB5b`jD!j=BTcwi=(Cjk(OelbK!;ye&@3*K|Ni~EB!mlqwbwF{{cD}O?w6UY
zzX9$C3Rr`Tsw!1V{*rqmfO+o%G_y>6qTqq2E8r^#3k$mg_%-c#1X&WPcN`jiqvP<e
z7h*IoUc7m!G#T~Iomd6B!^HU`P1_AzX<&Q~7#M!1g?IqB4qyX9uZxwY=I3XiH_U$o
z(An8Kl@>UcuJc~Ko<gYZjc$8WTdtBi%n=l%wa~ypiy}8)>aLMBXVVngKTz0v&Wyr3
zgGh2;PhV*FaXPjv5?0Sr+5+waQ&ZJ3r!cMsdB{UXR!3j`QfDrO@o(_=x0FihDftrQ
zW(t*n+ah*5nrv9wh5JV-P|fZ~gA6YHO3VK^57M4zS|x}<xZv9oi(0e{a8Vd0*h4rQ
zel8tDy^Gt>438R5T)o)FxFvnP&`RVj{MPD_OxG~iT>>U<04oJGjvSVpP3U_N5nWob
zpG3*zis<l$7Xpr=r>QgB(Rj6+EBdENQbmHUhTWXERL8t*6Dj#!v%Ib^ZAmj5POjg;
zBDuPeTysYGwm|xZ^ilm2qgI-&_`f=_v~`(+S!tkg1>g%w+TRHFZy@>?&kQti=+6}a
zr7(%l5?$1K^2g;^vjT3f@-`aG473(hQ$E}|J&??q%FqGLibwbMZHO`wk0&LH3CW-o
z3sn<uAv1iaGTa;dSDS@dqcper<L$N<UkT;J<?9P=J$^v0hZd@%5?kjL`)oa!zbt*K
z@YvtZZ!OAeCeo-QJ{9-L@7MZ`5&$py)^*8OLl2IPc8WW80oQj4><;|kZvm~^Ct#P_
z0q1mhf$Rj={WbJ2nZ6u;o<(NplGGl^idJkSkaA=1H03Wf;oGy+F3f*~Y{vEm3+Y0f
z&$fu0w0yJ8$ErYA2(vo8I<CdZciGkaLLzseyHhy(a?H(5AblCw$8JaBHesE#R!1Bg
zyTui><ksoPr&2`@KzjrO32|QwV|7lk2%$3IT&~BloA8LoXqO)*EJXl;!?qp6`q@@v
zxiR)=ZdTQgN=sSo%m=qWqo$#hG4UU5!fI=yd)9i&dLBA8d;$j8g`y(GXF(+63)?j~
zA|rI1@%*X1(_hgu;G3)j#W44rf*0yRe+%n6({EWs`#uReWRbUwSA4;+kApM&@Rp!1
zkg2<;y0OLqa@x~N{9G?BFxQ|i1H`TdmnBCM3sA=`c){AIfM>FlrCKpS%G#x{Z8v`%
zdethkt2YSQ@p`?+I?!*Xvo3laW3*t8m?R{T%HslBror+&`Ro1yvN2N!LXtoxP(84>
zwhO0VS?lrq=3^R!pEo35Jx41Oi$1T8Q8?;z&O%N+fmtN=@Z&rVBA&XSwd85})SAeW
z!W4F()p{x0)NzS#82uL+u=~HEps&KB5@z52x8CLdfrHk<3GCORQ<ucVEvN)Qs)q#s
z`1p8rO@01e${`@S&Fa+z*N!3y;-<C6Ceb);oc*bl5>{2RlCzyD&B%TYtX%Lc3l}PA
z=6yf@Y;7Cl46PRawF->?mR=&$u%!2vkMh?q8I4`5MAg3N-7fkB3bV+Z!3b(Hrsl}Z
zm^z{Y$ou0W{x_jg#!b}YPJG2=&pWrokpurog7!*(t{fPrH1K|_c#2IbrE}XCQOs`z
z+Hel0wfH9k-JzR~$oLwiTw_tv;&uA?O7Chn0-)8DZj$fhN1G5?k+9E@ouxwW$CpW2
zn;D-2I`p{>phLGy5AcyRkamoePn&`Txlq4m!R{Y3|5(_&=EsYV&H>q=GBBJM>(pVQ
zVm+tfPN!H!cxPdal_=)f{TC&iokBC!uBPW&Yx_>oEk_iHcOt%0!Z2Jcjpq-GtNY1a
zg7nVJ+?5%NFp^!y<$EJz{kXy4^BchNk2G+)H;UVbPyeMeS5xHwqgQyQd5FLNFt4~G
zh5~b%RTj3L6KPxy)sJ({usYAm29Iv15^n(AK&V?_YbjxDqQftj*%<5e*1+qG>zy74
znX+43%yU8dF}HXDqTi=l2b-fnI$oJ?Ty-AEig4+3gy)3=5iORKBR?=k`hi#|E^@?T
zD5_&TbqScmawzx}gYAa@t5_4`lz*$tl~VSvM2u5V^$1w<E+f&BI3Ious&+|KeM{6S
zVxT+loyK;HXS#7=C>=*JYLd2vL*9ky{DE2BppRMq06v;&RegvFS>Z<>-L)|SaDyG;
ze68S>-{Yp(9xhCDY_hC1x5RQphw1G~e;KTOsFuJ>>%G}Hv6rDXucem*IwMkZ<}R9v
zo#AqkSQV)GOraU=1}dBrXlCWbe{>M23fyPPNwrLDt}vb+{rMG_!b%h3^MNM@Ag$g}
zEWoXWV!jd+y9boli39Q9vMdl6?gh#&py^K8@c?!DVC@l0Vs&f2^=s$@k(0lRaT0A6
zi7V@=VM~Oi<y9(G$G$@Wtou<y`GOikL-==b{148V@y9J-p7_Hj+h`T@G|Xkxtq{Qh
z<Ac?_5PP9ROM+D%9<nf7LoC!i%gU-Kc=Ld~eE_Cal|atm<2)b`8wap!K)v;<e>@^B
zD;qvTyTJEg;_jQ5bo~6W6&z9{Yxl%Lr~ZXz&THb0N}7kqz1SHv1d_qd1W6-jHHd^I
zDDBa?Rg7&53mRN@#^`KvQc)gq<lvEQ{$?9xOn-&AWN`GUi>)B;LkBGoD3UkYEvgpo
zWVJvQ<zUq+UK^!pnd^na;C@iWpi3Ux7dA%thuC!z`zN`qxc@(p%hjh<6*@2*Gw}o@
zfs7<J`9FDXHvj{pfX7s6zUBa1`xg=UuMG45MF9V6-9?t>|83~>KN;qKZ1{I!|C@MG
zeAEcsyel@%S47z7B;REtqJHti<GXzB#qrHPtrnLjWPtTH@fmVb8Us?(7>Hwd^}F9o
zYxh3d>{@K^Ftz{7ZpzgD6u9L@kb<o$+`JEf1fL!6ExP&-zq?C33*>h0_#XBO0A6-6
z)8+FU(2D~g`0A9sngUE8QR(gF?tPmh$>z2lh(Y2ioRXhqO%jM|Fg*4R`&VIX^)>J&
z(uyLYHeRw(rZ;={kVCYV&Nbv^5|e=Ws7R{7MR7Qz`L1oS%i-#QN^Po;myqJd>Fdik
ziURG5IKk-^Nus)sz2`$hED~{<fTND&`O_fvh^{*rM4wb(H7y|D%QtcY_~DoiFS8(>
zQqo$Ci(bD8EA;0>GA)f`ev^*f%h2vxB`#Xpi&8orbx$-UNx{sF8@3`3!XG{!cN;xg
z`{@75y-w!l+Z-|N815?Qi`P(=#NWnWU!50S4FiYpw<i*d-7V0(HTm_@RI<FxBpXT#
zrT90Mm)b&~qT()qh~=G&p$g6e71ByV|86&Ndntxs)o>$>`e@9@x3Z-q#5LDJ3|sSR
z=j5B}SA1HA=TGF`GHd+BH)lkXGd(D79J5_Pe%66p+`#YOdA*D+p0DhY2cv5Tk8w2o
z3Ok8Rsf`^LU1-Y}JuMI~u&+z>9SE^SWtU|zei10hvc5($UI>^#jmGBmEZAY1_FZev
zck(d`fpK{2t9|~!x8-x{Klp%9zb6D!kBDpYA_;oYB47=lFI%CXelv;5NZ9&wnZ4{_
zyU-4fKvzJS>WRC)ZEKasRR(6}<iHZH{Cdkgk7DP2J3MCsPKZ*4DT;l$J$-5$(epx3
zX!G{~+)6ADoNOpaqt-^@F4X0Yw7gJey~{0uTO;sO5;%PT(?p7U3N6L3MMl4WM09fU
z(P{e4(DYv;M#x0{(*Qd@z<vUQfLgBLx?`B9Z08|jH|#EtLrh)`)tW#P6Sa(q@_CyR
z@B!=U?=MA{iRm(f+jbu9YXeD!=Q6*@#iklYM;jXk@;}I5d@m~5oh<fhRTTaB4ThSK
zYO&w>i^_;G+~noTA8WVd>vlz8wvp=o_CqF_xho@{!lL>HNAid{dt@5#%bQt4V5V=f
zls~FksEfYeHAa5EH6Zh;8SZuNo@k>H<&9QZ;{w<TfJ$vEqvcRsX?Z*Qye!(fIgR*4
zt*`M^?Cdx|B&EKOz1ia#%?mDcXiG&!cxPws*9Kr&7|TTF$B}CTa)2RlF>KAAo8C@R
zkqc_}0dbK^KOaSXrnDBpVa$%gV=o2B{+!X<l(XA>YxIY#)W1$r@`FLhJG=bV>^ou6
zr8_GCJTS08Svmf#S^d58{Oba8_P*-!k=nZa65Xy%hALxV*z@6Z#$$t1?CC_#uCUI+
ztQDIC(b&j$nU=!j>#vRZvp_qXPCPE_0~USz?(}&dC^BWrl5v@N*(fY8U@Q|;-QlCt
z&P_-@TZ}6-+OKrcs$IqVc&p8)>#`Y5F_;`Pbq*_S20mE~ZwTmVN#l3;;TEIP0p|Wl
zqt^N}?1T52MA3zfgYkby5ykO`0R_8TH!1uF&Mx<so$_1voU@}ri`pS42s{4yDV8&p
zqT)D)Hm)^erl5y@YSv&(Q3r5s+4|^JfdPM$J+Jw@{A!w&TbAzn1J2KqLg4h>L+#Uq
zj!OoAArNBXAOS_a`~ErxL_0Z$-M4RL_7agb>k3ikcnUmAg9G44hpN|#diXcz+<h6n
zU@gl{0LObZ53SqESC`dXb7V6fM|z5nz7nTj-X=u`kr!WXo6-&uD|v6bT^;5ldh|~5
z6_Ez&faOG9%(eV6RZV;0J5>=QA#zmlS_BocI7-u>NU{bQ9igclKQ5P_k`%lH8wsuy
zsf}lmb5nJ-slfbGCccQ=day@_M<fe*k@3!P#k<o?)Zxr1Iq2D}_jtQg^4dg6GzQtv
z`oQacxIfrSjQ#Yg)(4nl%p_+y3-K6XaUeGmRQ!P<RqUlfP(2u{)m*$Al5ax>N(eGr
z0XBzsO%?2YHOPptrKId%<H}h{;Qi#h`D81AOdR`m<#gJ+Es_ZAxnX?7*PXFKjBCLu
zQe86%Z!a_>vo#DF`i7G4Frcr0s?B^5?V~6~`M3xJ|Cmp$mM;X$SHb85c!H$g3So0S
z8FoZWLRM+zQeAT*xGWTH`~7B;2I*f^xs|cB5wNBaOx8H2(d~s`>>{ubtz0NE`&V!)
zhLV{osc$G&zu^dVo)VfS8U5<_BQ9B4k#-BgPPzcEcsCxwPu)E`sr84~4|Z7S%^fc^
z3QLSe*tvs$eNf_m+xYoWpqzFFf8uWbYn>5UO#m~cj?())lQO(vg722JS=a`qf2k5W
zp;AjE`<cgZ5lI>GpA<8;q@B2x*HRH)b>g+5ia-ZdRsDbWL$h^nOH~O#&~IcWJ_~&>
zDk@g1#9elfQaB`{2#h>kFHe}d)X`<5UlZrxOw93)rm~%V!%;J28DTAH*B`#T*lY&Q
zrU``l%3G{M3o~+h8wPC>%XWBRhO{n&CM;y0tfyJ@<<L<sCX1B8^%xz4{z4t=zA!#)
z0ORJ`zJ_|SkoMvxcD#S5!7`WuJ{+jMUTeJs@hfoN%7~p{l6jq%HC2K`R7aN!yZBqH
zL)k;Q!3nCq0mUbiWvaT7?9oE3RD%q+Nz(}JFXuduaFz`w`4xi7AHH1qg2g$#COYKX
ztFdJrPter%zR>TN=}=zEr0Qz9pJfato9RFi&vW+2nMI>eBbPLxLI$=0%AMxdzb(#<
zk++Sp9bWao&=q?_5$opCH^KVi9>!2CSs(q^A*x4P<0)4$i091d>f_Pw40$_KhLI*j
zbq!Hef`V~7J9=BMZD*<if6kJ}=U35a<o#k&h)vYHPqzFI6Lj<^UZQ^mgA=KAe;J<1
zqzgPq^aZFQc6N+hu7e4G33P=316-hs&cTU<pVYt_HL4#wW{TA*y$cdP*Sb-fn`1Gy
z^gM4hSNa9D1x8igyEO_PPtMTnE1<ORT5?nd;{B?`PPNo$k(!<uGx;|3ZZFpTzW~N)
z6$-#170&9+@GQ9ITOV{-8l>{NNU7X3ix1fJvTrD>ZJ{)UNFW^xt5~<A^c`PtcX6qC
zXNp#J^?${!fJ3uRAOCKQFnc%GJU<bCboJmtAk;SCn(=QqierfT8-v0`3Oc}4xsg01
z642rmd7l#IT~%P*NYr?N6+%VAe=sDfq+nu2!*M`t!{+D&je<@A@zKxWQ-b32H`k@k
z-q`Pif8`@)>2E9F7P9spP^w`H1^>@@673fl@o(m*ocNFewvWEuvGY=N3Tpu3jJ75~
zw5M6ykzVO#_>|K97Qya)riE~o)RL=#*)Z&QU=AUB-E6LQJi$>p#Q|#)6Q08z{OLSZ
zBCY7QC{~*Suh%4=7TG1riGM>WzUk+xnbU@>lRfxX{}$?)KO&+`5tzk>_uKU4EnYbt
z+DNW<?{O3d))V3N_r4%Dg*ic~;!bK+y$>6oHEm!1?4MAUJx79VE~HV#E6=*Td-$QO
zh)v&QP8ItPUz83u<?rj|)+qq`UeSh<MG^#RyUcPa%wF31TyMXc+g9%*a8g{8jFcLL
zodvDCE^g~}5;4j{1cr`=Mz&tRcas;$5+SaR1{sS{!aVUorQJ3G`%Z@+2L*mFZ>?wv
zBF&rSu*|oXqLP}LJk!%L2PdU+TM1boM9g8{&%MrRg~8WJ6X$|c@af^`t1m|vtrMSG
z1F1S*w3oh?Veruh=Bat)G@crlz=C&rc&+D{9w6;ldT43|5SfEMULC!e5cgeMr4e~}
zc;MQ9SjI{l%c1Jpr12czcGov%`rI4mh(f|TaAqy?YCao{e5f)6H9uPT%SKj|mLsJ%
z^1ZtD@W@b~Bu_D~7z8P`BK;w8wfj)|nkqU_l{Unr69@5c#Qi6qw#b<;i@aUh<!!ei
z<N*Aa4@moP62Y%XrzQDg3RDW*aG>f+d31$nm<&VSSIq2*Z8XeVWnj`Ft2Ae<oyd&L
z%kWK#S~(&YHyLv9MWu7;Gr|1Iz=`f9o*&D2jJ6B6YN~59{SM!`cpUP?6)tsVyf|t|
zy8=0=XlgFC-q^xw?%Bh}(W<%6a08a!Q&%<Zak%?yM_QBMQSklz%K%oabjlCyz3ti+
zy4-m<RnNJ3WC1+&sIC;Ba+u+$B`lBg<{StH;l12wHyzZ)KWs5eUe`Q)-0cVr9CkcU
zu}rF`dK)~#*M=rH`OEJRMTqywACcEfWyUzc<6~>n7MwuB$S+d$Wa1%+2P2*NapEt(
zZj=Gy`^rCO>g5<XFuo@J!!wTc)AXsnC3}$t>xNW}Pk%2`0fLfv2;MW38guFiZKk{<
z#sACurOUeh!}tpKJv2PxkZKO{EarMfN1D-4oCs})^}j9bmtCQd-Y+;JWk`$Mej497
zk7TA^{dQ-~W4PWb|DI2?q|dc(kz4t8q!4R7dZyZYrmHMaN<CG}<OCessxVS8S@`H7
zkYD26yqGC0Q|fr(;d7T-vU+)iU&86=+s&AJ6MA|P4iruvx45#3eMK>foW3@W4zLv-
zy3d0|x9n!B9s&M1sKKt10Pa%~lUiGKjd~e*`P|=zg)FC)ZZ6PFBs$zp?hkj655(9#
z%O-#E0p4(VT-P~(%LlJHFCJ{V-fZFR!RsS7EN(vf+4IU;zo4T70Hu9x>Y+1X2##lZ
zo+M&@up9~kX3he>cHk`zYacv&{u~%)_69B+z0^z~F98w<6os2ZK*G2}b5no-Bt*1M
zO^3;xILV9!q<Gqh!8WV!w<}&nb`+R&1_Uut-+|R26hN?ly9&As1QxU6Wq>d=FzRp$
zNJ-D&5D6+&N<_XdO$B=X?x|rC(HL->eeDpoK)R+;cGnw*4;R3UC#r5Lu5M&tat?a>
zMjlrevmw!kb)l=0^F|?71-D=%sY|chKZb6*3HV&$0{&U|E-67T&8pcaX3?X}nt;&F
zvl+6}!7lAGBM4W{1To0)jW>Cqq^hdw7|(e(!$ewXA$`H{*~VryLS@}=554gP?I8^E
z0?1nebJdQcm%_T(_q_+(HmI8|R)h^DQj4;7v4s^Uf)#A3kcjz6NvK3=+oE%WO94T-
zp8(tp&eZRbO)hvMwe}Icd?jWFrB^7aUIK8M{bpL=)%Ne9PY(p-07J;`Ly+7ePYcJr
z1!ENGB9yMGsqKa_Z(Ezk#0g+k^5Sa^ISYkjw<9$bn|4F>6+P3dcP-~IvZ?HGOPH&>
zsH$4CV$}X{<jvJ%1NaL~;dqsv{h?zY+q|9(>tnzJR?CY^q7J&tOAksx(O|?yNy(5j
zf=YE~*;)<cLgLN2b&lbDdq!duG>eB{lK$RLV46=-faeXAHe*F2*AE5ymIzd5E_>#r
zibOz#fQQ9uzKNJePizeT#dAtu5?=c^akL88l%Dsrw3Rf7myZPOfv<SURe&AiI&Bl)
zOF>5iIO{{-;lFF}cP8A>T-K?i@-=nI18ju_!@i+a=uF^VwN%%>s5gM&D7xu9Vg?w}
z>;KsUHX#MPSTgp8Y=xHqCEXfR9FpSsr+pClY4~9D$fjTIOr~+a^*EU?mEXmJ)7-OB
zZ6-t;Bw%3XW)X>a!(nrtf9qL`E7nPi)b!tIf6n@mV^Rry-v)oXBQB}S05kM{f7()X
zw2<V;IP;`Lp}@9y2!sD+@&&$PaT%Qdd^hL`dkmrTX~UCj|7x?d_>V-hecrBrxlsVM
z2S^nDQ`9KLpdC25v622AUF0vWN`cE(`J0<XSbO)Q&$HHDIZVGXN-6by_drh`Kt#8!
zv2Thv3kQJ2qnj5gmJn~;?G7U7mb^#r>=}ah)M7b}$S*r+TuEW0+4KW6@m~^&1oNjO
z4S>reB$-LI?(#g9Z-4YTD&{s09`uJ_b|=R#9wdS|>H+R^4!^VOfA|o)TDSN5F_r{b
z$3DkICG{=|3$~TzCM#!fj1hEZLn`uYtUhzJ`|B}JMuyX;tjdqSbsjxDp|a@W^G_Xt
zKF-L%q*fYmv?tu*_ywFMCx3?%K6XikRtC=k4spI+>zUUg=lwawmDBIJBrO(@ImI3o
z^nXbmsvQxF5?ofi<nYL4+ic0?Y`P|xXXXn0{L$ne@FCeF@7r+D{<S8a?ag5Uv!Hz6
zB8$9YD|+>@9MYFxwfF#wo_V<ij{h1+8CX~DnOBGiMQ&8Y3OVtUJ=EFN&6tjqoJQe4
zJT&qGx@H9k)k&{bwAVR(1-vOZjc$JFYwN8`uP;N?<(^mQ5sg}}zG(dAUhgw;ka@(d
zM?xUX+ri<1Z1vrLK@hYs9;O-~dC2}KlIBUxATznMcBSVdV$P4T<y0S!+NC^UOZV(*
zzK5D^7SWX~X1-<a?bto}w10y0w8H+ORRQ{0#m@dgk)MBOv{KV`q%i7)r^Zx+nH11d
z-H8ck9pL_0@3`1J`!T!IUJ4Q)Ah^bC_9yKrXh-(PDyN784DWCw?LwIO!HlH%lfK8Q
zVT9-W(OMqlLIg2c6#A)rf;^7dx=@4P7gS=q6d!T;i!7V+T!A<zSd)&z>M{kM==+=O
zVaW!JemT+Ao5_p+d}_ijEAg#z6CK%^^IB43NpYVrL#Mc%rLBe?|6~v992<q{%_TSE
zG!%7!$UGtc>aFj?t=$E);Idn2L?Qjv-?7B5;CM#{kQ%-oI`z1QqFXg7tZGk1<eDD4
zpz<ED8Qv^U5D=@>i|_{H^gnd6Em84Xd^}M~Iv_k8ljS-m_p<Q2*yM4jSzUD@@0N9*
z@5N6|vS?Whaj-?vLmSI|<Y}5|{nW?5Gjw<&Tg2(4@(cTZjMn~kp@V1vMB(^5_fCUJ
z=&1vvv0(5rpo)<RV1+XWBgq-$;yflpIs9+&z!+5$<7Ow)254$A{Xb(2MaUS#k1k&}
zOA;vR?U#)VSTC$q?^UVfz%|BPR4HlQ>BgsFK5xs-qp$BK9}B-)1%^XrWwE&dqdTIl
zw{haEfexJMLcZg&^8c)a<*Vifnb_|PY*Jb~{>!bd<uWLh?LYo~bD7iv_Z8ltHu^RH
zkj1+}=ZX9?(^|SP<n6{QO2>Q`zGnN~&CjfB5fhW~*Czg0OGk2sYRswoY^(o0C_5&z
zAGGeo>*mKJ>htQfT;C=?nBUyUxk=1`-A3@a!-5Zm8yG+R-RN{gsT?>{_G+RMO0(A7
zFz{40cU!&c8`PGo+_&Id;K3ls`xU!(#rsZ5tJ;5McgJB>-3(AWczZB-TY}fzc8jVl
zteJanRS7@Wej%6M-~4+Ea52k-qCT++)e05Sm%rTY6Pod5M&Y$o7Q0XH!mD+FYh>mc
zE`IoSP5q%4hAAsvB){mtESmec+xNwf(hWyV?H3&fdghop+rvlmnJ*r9d{-o{BnH}e
zcm=VSkLAsslj}5QOCDpii`X^o-DLR(I~yPDzo=r+8Y<aSf3Mov<6x1T&NYLxCw@O&
z^`S)_(YCsG_3(+`d8T|Dz{^SM8Z4VTZoa$WDF)davF9nQ(fF$B`sU0$)%^)P+iidF
zOkWQwRFiUJW3qLWkNy7lGeh|JrK-E$e-3Y*uKar4^LZa7ZN5}(G1N)B`sV4M7lrx%
zKZ$)jaKGucWQB6ziywdgH8@#|-2Y>7v2NZE36c3<WHzk(yCr)0<EOv;6c0^Tee$kU
z(WUm1iS+Zi(|a<T)&Y-weFHpdsN}AKrsm8~Me2FmOS8-%Ew0xQi==@E0Rfj(ctoMh
z{2Vq=ez#o2@u~Jw504C&&1t@cJG0gsf2izVzU=P4ziakoI+nKBv4Kv90Bx4AUbE}2
z<88KMN<lF-wfXn<SeEVXJ#`9n;6-Prr{HVwY*zJ|2)9?ePd{A(Y)j4n9ts|63Ow|}
zNz=7->+B^<mTWLA*=>8TYEr-{&;fN_U0T3K-Lw33;7*DIy)FkIKL>3W?0WL##%E>V
z{)5}+D~>6I@%W;)(FAMvI2|{&wCvnu)cz-AwZ&u8BX?heawu?(-J&Vq<?lUlj=auU
zHJ`uM_?pSt`7$m4?1~B^5AIi$*)>1^_krA3QR!zto4)P4Vt)Vg#8ds(o*l?t{I|Y>
zX?<n*d!P5FOQO!~N<Ip#_V)d9{`sm)q}$^!cW(Nch$F`KS>67*e|yq-lx)}itWs|P
ztpVcx|LayKa69yE;gxHjKYCxo?P&#Sq;M!c`m^E6jzVSN0TQqLkIeN;Z^?E89b4xD
zTFei;7rAm-W>9G8+r38)@<d091Mi0bZGE^B{b=RuT`a&EQl<ErkR>9p1-r}roMX<z
zw;`&+grTFx9l^^N?&E`9T72;VnlyY?3N#3hJP!s_2OpAV`|+QdVUz9E+o@+nwle^M
Mr>mdKI;Vst0E*AI)Bpeg


From 61a9f9d37a566d5e03e8e218bbc94f7d7631117b Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 27 Aug 2023 01:49:42 +0000
Subject: [PATCH 11/24] v115.1 (#1703)

The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. This will better align ESR115 users' defaults with AF moving forward
---
 user.js | 81 +++++++++++++++++++++++++--------------------------------
 1 file changed, 35 insertions(+), 46 deletions(-)

diff --git a/user.js b/user.js
index 5ed7c08..ebb40a6 100644
--- a/user.js
+++ b/user.js
@@ -1,6 +1,6 @@
 /******
 *    name: arkenfox user.js
-*    date: 26 July 2023
+*    date: 27 August 2023
 * version: 115
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -18,7 +18,6 @@
        * Some site breakage and unintended consequences will happen. Everyone's experience will differ
          e.g. some user data is erased on exit (section 2800), change this to suit your needs
        * While not 100% definitive, search for "[SETUP" tags
-         e.g. third party images/videos not loading on some sites? check 1601
   5. Some tag info
        [SETUP-SECURITY] it's one item, read it
             [SETUP-WEB] can cause some websites to break
@@ -42,13 +41,13 @@
   0300: QUIETER FOX
   0400: SAFE BROWSING
   0600: BLOCK IMPLICIT OUTBOUND
-  0700: DNS / DoH / PROXY / SOCKS / IPv6
+  0700: DNS / DoH / PROXY / SOCKS
   0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
   0900: PASSWORDS
   1000: DISK AVOIDANCE
   1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
   1400: FONTS
-  1600: HEADERS / REFERERS
+  1600: REFERERS
   1700: CONTAINERS
   2000: PLUGINS / MEDIA / WEBRTC
   2400: DOM (DOCUMENT OBJECT MODEL)
@@ -255,20 +254,8 @@ user_pref("browser.places.speculativeConnect.enabled", false);
  * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
    // user_pref("browser.send_pings", false); // [DEFAULT: false]
 
-/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS / IPv6 ***/
+/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS ***/
 user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
-/* 0701: disable IPv6
- * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming
- * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4
- * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause
- * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6
- * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an
- * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
- * then this won't make much difference. If you are masking your IP, then it can only help.
- * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
- * [TEST] https://ipleak.org/
- * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
-user_pref("network.dns.disableIPv6", true);
 /* 0702: set the proxy server to do any DNS lookups when using SOCKS
  * e.g. in Tor, this stops your local DNS server from knowing your Tor destination
  * as a remote Tor node will handle the DNS request
@@ -308,13 +295,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
 
 /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
 user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
-/* 0801: disable location bar using search
- * Don't leak URL typos to a search engine, give an error message instead
- * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
- * [NOTE] This does not affect explicit user action such as using search buttons in the
- * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)
- * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/
-user_pref("keyword.enabled", false);
 /* 0802: disable location bar domain guessing
  * domain guessing intercepts DNS "hostname not found errors" and resends a
  * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
@@ -527,18 +507,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
    // user_pref("layout.css.font-visibility.standard", 1);
    // user_pref("layout.css.font-visibility.trackingprotection", 1);
 
-/*** [SECTION 1600]: HEADERS / REFERERS
+/*** [SECTION 1600]: REFERERS
                   full URI: https://example.com:8888/foo/bar.html?id=1234
      scheme+host+port+path: https://example.com:8888/foo/bar.html
           scheme+host+port: https://example.com:8888
    [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
 ***/
 user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
-/* 1601: control when to send a cross-origin referer
- * 0=always (default), 1=only if base domains match, 2=only if hosts match
- * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
- * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
-user_pref("network.http.referer.XOriginPolicy", 2);
 /* 1602: control the amount of cross-origin information to send [FF52+]
  * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
 user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
@@ -571,17 +546,6 @@ user_pref("media.peerconnection.ice.default_address_only", true);
 /* 2020: disable GMP (Gecko Media Plugins)
  * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
    // user_pref("media.gmp-provider.enabled", false);
-/* 2021: disable widevine CDM (Content Decryption Module)
- * [NOTE] This is covered by the EME master switch (2022) ***/
-   // user_pref("media.gmp-widevinecdm.enabled", false);
-/* 2022: disable all DRM content (EME: Encryption Media Extension)
- * Optionally hide the setting which also disables the DRM prompt
- * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
- * [SETTING] General>DRM Content>Play DRM-controlled content
- * [TEST] https://bitmovin.com/demos/drm
- * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
-user_pref("media.eme.enabled", false);
-   // user_pref("browser.eme.ui.enabled", false);
 
 /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
 user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
@@ -631,8 +595,6 @@ user_pref("network.IDN_show_punycode", true);
  * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
 user_pref("pdfjs.disabled", false); // [DEFAULT: false]
 user_pref("pdfjs.enableScripting", false); // [FF86+]
-/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/
-user_pref("network.protocol-handler.external.ms-windows-store", false);
 /* 2623: disable permissions delegation [FF73+]
  * Currently applies to cross-origin geolocation, camera, mic and screen-sharing
  * permissions, and fullscreen requests. Disabling delegation means any prompts
@@ -933,8 +895,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
 /* 5015: disable Windows taskbar preview [WINDOWS] ***/
    // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
 /* 5016: discourage downloading to desktop
- * 0=desktop, 1=downloads (default), 2=last used
- * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
+ * 0=desktop, 1=downloads (default), 2=custom
+ * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/
    // user_pref("browser.download.folderList", 2);
 /* 5017: disable Form Autofill
  * If .supportedCountries includes your region (browser.search.region) and .supported
@@ -949,6 +911,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
    // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
 /* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
    // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
+/* 5021: disable location bar using search
+ * Don't leak URL typos to a search engine, give an error message instead
+ * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
+ * [NOTE] This does not affect explicit user action such as using search buttons in the
+ * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/
+   // user_pref("keyword.enabled", false);
 
 /*** [SECTION 5500]: OPTIONAL HARDENING
    Not recommended. Overriding these can cause breakage and performance issues,
@@ -989,6 +957,25 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
    // user_pref("javascript.options.wasm", false);
 /* 5507: disable rendering of SVG OpenType fonts ***/
    // user_pref("gfx.font_rendering.opentype_svg.enabled", false);
+/* 5508: disable all DRM content (EME: Encryption Media Extension)
+ * Optionally hide the UI setting which also disables the DRM prompt
+ * [SETTING] General>DRM Content>Play DRM-controlled content
+ * [TEST] https://bitmovin.com/demos/drm
+ * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
+   // user_pref("media.eme.enabled", false);
+   // user_pref("browser.eme.ui.enabled", false);
+/* 5509: disable IPv6 if using a VPN
+ * This is an application level fallback. Disabling IPv6 is best done at an OS/network
+ * level, and/or configured properly in system wide VPN setups.
+ * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause
+ * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
+ * [TEST] https://ipleak.org/
+ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
+   // user_pref("network.dns.disableIPv6", true);
+/* 5510: control when to send a cross-origin referer
+ * 0=always (default), 1=only if base domains match, 2=only if hosts match
+ * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
+   // user_pref("network.http.referer.XOriginPolicy", 2);
 
 /*** [SECTION 6000]: DON'T TOUCH ***/
 user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@@ -1037,6 +1024,8 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
    // user_pref("extensions.formautofill.creditCards.available", "");
    // user_pref("extensions.formautofill.creditCards.supported", "");
    // user_pref("middlemouse.contentLoadURL", "");
+/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/
+   // user_pref("network.protocol-handler.external.ms-windows-store", "");
 
 /*** [SECTION 7000]: DON'T BOTHER ***/
 user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@@ -1082,7 +1071,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
    // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
    // user_pref("network.http.referer.hideOnionSource", true); // 1305144
 /* 7007: referers
- * [WHY] Only cross-origin referers (1600s) need control ***/
+ * [WHY] Only cross-origin referers (1602, 5510) matter ***/
    // user_pref("network.http.sendRefererHeader", 2);
    // user_pref("network.http.referer.trimmingPolicy", 0);
 /* 7008: set the default Referrer Policy [FF59+]

From ba173d49205ee927ed62e81e606569d98f531d38 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 28 Aug 2023 04:15:07 +0000
Subject: [PATCH 12/24] layout.css.font-visibility.resistFingerprinting

---
 scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 87556da..d3d8a98 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 26-August-2023
+  Last updated: 28-August-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -32,6 +32,8 @@
 
   const aPREFS = [
     /* DEPRECATED */
+    /* 116+ */
+    'layout.css.font-visibility.resistFingerprinting', // 116
     /* 103-115 */
     'browser.cache.offline.enable', // 115
     'extensions.formautofill.heuristics.enabled', // 114

From dfd5589c3dae1723b8239ad9c46e114c2f851ed2 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sat, 16 Sep 2023 07:08:33 +0000
Subject: [PATCH 13/24] v117 deprecated

---
 scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index d3d8a98..652709e 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 28-August-2023
+  Last updated: 16-September-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -33,7 +33,9 @@
   const aPREFS = [
     /* DEPRECATED */
     /* 116+ */
+    'dom.webnotifications.serviceworker.enabled', // 117
     'layout.css.font-visibility.resistFingerprinting', // 116
+    'security.family_safety.mode', // 117
     /* 103-115 */
     'browser.cache.offline.enable', // 115
     'extensions.formautofill.heuristics.enabled', // 114

From 1e6e211a061b592a176087fe9f6843249852cad2 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 17 Sep 2023 07:17:40 +0000
Subject: [PATCH 14/24] v117 (#1710)

---
 user.js | 65 ++++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 46 insertions(+), 19 deletions(-)

diff --git a/user.js b/user.js
index ebb40a6..5e54f30 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 27 August 2023
-* version: 115
+*    date: 17 September 2023
+* version: 117
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
 
@@ -33,6 +33,8 @@
     - If you are not using arkenfox v102-1... (not a definitive list)
       - 2815: clearOnShutdown cookies + offlineApps should be false
       - 9999: switch the appropriate deprecated section(s) back on
+  * ESR115
+    - use https://github.com/arkenfox/user.js/releases/tag/115.1
 
 * INDEX:
 
@@ -283,15 +285,23 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
  * [SETUP-CHROME] If you use a proxy and you understand the security impact
  * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
    // user_pref("network.proxy.allow_bypass", false);
-/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
- * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off
+/* 0710: enable DNS-over-HTTPS (DoH) [FF60+]
+ * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off (no rollout)
  * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
  * [SETTING] Privacy & Security>DNS over HTTPS
  * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
  * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
  * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
  * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
-   // user_pref("network.trr.mode", 5);
+   // user_pref("network.trr.mode", 3);
+/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/
+user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
+/* 0712: set DoH provider
+ * The custom uri is the value shown when you "Choose provider>Custom>"
+ * [NOTE] If you USE custom then "network.trr.uri" should be set the same
+ * [SETTING] Privacy & Security>DNS over HTTPS>Increased/Max>Choose provider ***/
+   // user_pref("network.trr.uri", "https://example.dns");
+   // user_pref("network.trr.custom_uri", "https://example.dns");
 
 /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
 user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
@@ -443,12 +453,6 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
 user_pref("security.OCSP.require", true);
 
 /** CERTS / HPKP (HTTP Public Key Pinning) ***/
-/* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
- * 0=disable detecting Family Safety mode and importing the root
- * 1=only attempt to detect Family Safety mode (don't import the root)
- * 2=detect Family Safety mode and import the root
- * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/
-user_pref("security.family_safety.mode", 0);
 /* 1223: enable strict PKP (Public Key Pinning)
  * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict
  * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/
@@ -499,7 +503,7 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true);
 user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
 /* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
  * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
- * In normal windows: uses the first applicable: RFP (4506) over TP over Standard
+ * In normal windows: uses the first applicable: RFP over TP over Standard
  * In Private Browsing windows: uses the most restrictive between normal and private
  * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
  * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/
@@ -769,7 +773,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting
- * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
+ * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar
  * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
  * [NOTE] pbmode applies if true and the original pref is false
  * [1] https://bugzilla.mozilla.org/418986 ***/
@@ -799,8 +803,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
  * [WARNING] DO NOT USE unless testing, see [1] comment 12
  * [1] https://bugzilla.mozilla.org/1635603 ***/
    // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
-/* 4506: set RFP's font visibility level (1402) [FF94+] ***/
-   // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
 /* 4510: disable using system colors
  * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
 user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
@@ -967,7 +969,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
 /* 5509: disable IPv6 if using a VPN
  * This is an application level fallback. Disabling IPv6 is best done at an OS/network
  * level, and/or configured properly in system wide VPN setups.
- * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause
+ * [SETUP-WEB] PR_CONNECT_RESET_ERROR
  * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
  * [TEST] https://ipleak.org/
  * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
@@ -976,6 +978,11 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
  * 0=always (default), 1=only if base domains match, 2=only if hosts match
  * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
    // user_pref("network.http.referer.XOriginPolicy", 2);
+/* 5511: set DoH bootstrap address [FF89+]
+ * Firefox uses the system DNS to initially resolve the IP address of your DoH server.
+ * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox
+ * won't use the system DNS. If the IP doesn't match then DoH won't work ***/
+   // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF]
 
 /*** [SECTION 6000]: DON'T TOUCH ***/
 user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@@ -1116,11 +1123,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 /* 7017: disable service workers
  * [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/
    // user_pref("dom.serviceWorkers.enabled", false);
-/* 7018: disable Web Notifications
+/* 7018: disable Web Notifications [FF22+]
  * [WHY] Web Notifications are behind a prompt (7002)
  * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
-   // user_pref("dom.webnotifications.enabled", false); // [FF22+]
-   // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
+   // user_pref("dom.webnotifications.enabled", false);
 /* 7019: disable Push Notifications [FF44+]
  * [WHY] Push requires subscription
  * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
@@ -1212,5 +1218,26 @@ user_pref("network.cookie.lifetimePolicy", 2);
    // user_pref("browser.cache.offline.enable", false);
 // ***/
 
+/* ESR115.x still uses all the following prefs
+// [NOTE] replace the * with a slash in the line above to re-enable active ones
+// FF116
+// 4506: set RFP's font visibility level (1402) [FF94+]
+   // [-] https://bugzilla.mozilla.org/1838415
+   // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
+// FF117
+// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS]
+   // 0=disable detecting Family Safety mode and importing the root
+   // 1=only attempt to detect Family Safety mode (don't import the root)
+   // 2=detect Family Safety mode and import the root
+   // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
+   // [-] https://bugzilla.mozilla.org/1844908
+user_pref("security.family_safety.mode", 0);
+// 7018: disable service worker Web Notifications [FF44+]
+   // [WHY] Web Notifications are behind a prompt (7002)
+   // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/
+   // [-] https://bugzilla.mozilla.org/1842457
+   // user_pref("dom.webnotifications.serviceworker.enabled", false);
+// ***/
+
 /* END: internal custom pref to test for syntax errors ***/
 user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!");

From 3f6fcc13f0b8dcdcadf75edc55c62bb7148ab876 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 08:31:22 +0000
Subject: [PATCH 15/24] permissions.delegation.enabled

---
 scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 652709e..998974c 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 16-September-2023
+  Last updated: 18-September-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -35,6 +35,7 @@
     /* 116+ */
     'dom.webnotifications.serviceworker.enabled', // 117
     'layout.css.font-visibility.resistFingerprinting', // 116
+    'permissions.delegation.enabled', // 118
     'security.family_safety.mode', // 117
     /* 103-115 */
     'browser.cache.offline.enable', // 115

From 50af4b9af4295375207eac05b2b89e05830fbd9f Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 08:34:35 +0000
Subject: [PATCH 16/24] remove old prefs

---
 scratchpad-scripts/arkenfox-cleanup.js | 407 +------------------------
 1 file changed, 1 insertion(+), 406 deletions(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 998974c..2878031 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -1,5 +1,5 @@
 /***
-  This will reset the preferences that have been
+  This will reset the preferences that since FF91 have been
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
@@ -57,193 +57,6 @@
     'security.csp.enable', // 99
     'security.password_lifetime', // 102
     'security.ssl3.rsa_des_ede3_sha', // 93
-    /* 79-91 */
-    'browser.cache.offline.storage.enable',
-    'browser.download.hide_plugins_without_extensions',
-    'browser.library.activity-stream.enabled',
-    'browser.search.geoSpecificDefaults',
-    'browser.search.geoSpecificDefaults.url',
-    'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
-    'dom.ipc.plugins.reportCrashURL',
-    'dom.w3c_pointer_events.enabled',
-    'intl.charset.fallback.override',
-    'network.ftp.enabled',
-    'plugin.state.flash',
-    'security.mixed_content.block_object_subrequest',
-    'security.ssl.errorReporting.automatic',
-    'security.ssl.errorReporting.enabled',
-    'security.ssl.errorReporting.url',
-    /* 69-78 */
-    'browser.newtabpage.activity-stream.telemetry.ping.endpoint',
-    'browser.tabs.remote.allowLinkedWebInFileUriProcess',
-    'browser.urlbar.oneOffSearches',
-    'devtools.webide.autoinstallADBExtension',
-    'devtools.webide.enabled',
-    'dom.indexedDB.enabled',
-    'extensions.blocklist.url',
-    'geo.wifi.logging.enabled',
-    'geo.wifi.uri',
-    'gfx.downloadable_fonts.woff2.enabled',
-    'media.autoplay.allow-muted',
-    'media.autoplay.enabled.user-gestures-needed',
-    'offline-apps.allow_by_default',
-    'plugins.click_to_play',
-    'privacy.userContext.longPressBehavior',
-    'toolkit.cosmeticAnimations.enabled',
-    'toolkit.telemetry.hybridContent.enabled',
-    'webgl.disable-extensions',
-    /* 61-68 */
-    'app.update.enabled',
-    'browser.aboutHomeSnippets.updateUrl',
-    'browser.chrome.errorReporter.enabled',
-    'browser.chrome.errorReporter.submitUrl',
-    'browser.chrome.favicons',
-    'browser.ctrlTab.previews',
-    'browser.fixup.hide_user_pass',
-    'browser.newtabpage.activity-stream.asrouter.userprefs.cfr',
-    'browser.newtabpage.activity-stream.disableSnippets',
-    'browser.onboarding.enabled',
-    'browser.search.countryCode',
-    'browser.urlbar.autocomplete.enabled',
-    'devtools.webide.adbAddonURL',
-    'devtools.webide.autoinstallADBHelper',
-    'dom.event.highrestimestamp.enabled',
-    'experiments.activeExperiment',
-    'experiments.enabled',
-    'experiments.manifest.uri',
-    'experiments.supported',
-    'lightweightThemes.update.enabled',
-    'media.autoplay.enabled',
-    'network.allow-experiments',
-    'network.cookie.lifetime.days',
-    'network.jar.block-remote-files',
-    'network.jar.open-unsafe-types',
-    'plugin.state.java',
-    'security.csp.enable_violation_events',
-    'security.csp.experimentalEnabled',
-    'shield.savant.enabled',
-    /* 60 or earlier */
-    'browser.bookmarks.showRecentlyBookmarked',
-    'browser.casting.enabled',
-    'browser.crashReports.unsubmittedCheck.autoSubmit',
-    'browser.formautofill.enabled',
-    'browser.formfill.saveHttpsForms',
-    'browser.fullscreen.animate',
-    'browser.history.allowPopState',
-    'browser.history.allowPushState',
-    'browser.history.allowReplaceState',
-    'browser.newtabpage.activity-stream.enabled',
-    'browser.newtabpage.directory.ping',
-    'browser.newtabpage.directory.source',
-    'browser.newtabpage.enhanced',
-    'browser.newtabpage.introShown',
-    'browser.pocket.api',
-    'browser.pocket.enabled',
-    'browser.pocket.oAuthConsumerKey',
-    'browser.pocket.site',
-    'browser.polaris.enabled',
-    'browser.safebrowsing.appRepURL',
-    'browser.safebrowsing.enabled',
-    'browser.safebrowsing.gethashURL',
-    'browser.safebrowsing.malware.reportURL',
-    'browser.safebrowsing.provider.google.appRepURL',
-    'browser.safebrowsing.reportErrorURL',
-    'browser.safebrowsing.reportGenericURL',
-    'browser.safebrowsing.reportMalwareErrorURL',
-    'browser.safebrowsing.reportMalwareMistakeURL',
-    'browser.safebrowsing.reportMalwareURL',
-    'browser.safebrowsing.reportPhishMistakeURL',
-    'browser.safebrowsing.reportURL',
-    'browser.safebrowsing.updateURL',
-    'browser.search.showOneOffButtons',
-    'browser.selfsupport.enabled',
-    'browser.selfsupport.url',
-    'browser.sessionstore.privacy_level_deferred',
-    'browser.tabs.animate',
-    'browser.trackingprotection.gethashURL',
-    'browser.trackingprotection.updateURL',
-    'browser.urlbar.unifiedcomplete',
-    'browser.usedOnWindows10.introURL',
-    'camera.control.autofocus_moving_callback.enabled',
-    'camera.control.face_detection.enabled',
-    'datareporting.healthreport.about.reportUrl',
-    'datareporting.healthreport.about.reportUrlUnified',
-    'datareporting.healthreport.documentServerURI',
-    'datareporting.healthreport.service.enabled',
-    'datareporting.policy.dataSubmissionEnabled.v2',
-    'devtools.webide.autoinstallFxdtAdapters',
-    'dom.archivereader.enabled',
-    'dom.beforeAfterKeyboardEvent.enabled',
-    'dom.disable_image_src_set',
-    'dom.disable_window_open_feature.scrollbars',
-    'dom.disable_window_status_change',
-    'dom.enable_user_timing',
-    'dom.flyweb.enabled',
-    'dom.idle-observers-api.enabled',
-    'dom.keyboardevent.code.enabled',
-    'dom.network.enabled',
-    'dom.push.udp.wakeupEnabled',
-    'dom.telephony.enabled',
-    'dom.vr.oculus050.enabled',
-    'dom.workers.enabled',
-    'dom.workers.sharedWorkers.enabled',
-    'extensions.formautofill.experimental',
-    'extensions.screenshots.system-disabled',
-    'extensions.shield-recipe-client.api_url',
-    'extensions.shield-recipe-client.enabled',
-    'full-screen-api.approval-required',
-    'general.useragent.locale',
-    'geo.security.allowinsecure',
-    'intl.locale.matchOS',
-    'loop.enabled',
-    'loop.facebook.appId',
-    'loop.facebook.enabled',
-    'loop.facebook.fallbackUrl',
-    'loop.facebook.shareUrl',
-    'loop.feedback.formURL',
-    'loop.feedback.manualFormURL',
-    'loop.logDomains',
-    'loop.server',
-    'media.block-play-until-visible',
-    'media.eme.apiVisible',
-    'media.eme.chromium-api.enabled',
-    'media.getusermedia.screensharing.allow_on_old_platforms',
-    'media.getusermedia.screensharing.allowed_domains',
-    'media.gmp-eme-adobe.autoupdate',
-    'media.gmp-eme-adobe.enabled',
-    'media.gmp-eme-adobe.visible',
-    'network.http.referer.userControlPolicy',
-    'network.http.sendSecureXSiteReferrer',
-    'network.http.spdy.enabled.http2draft',
-    'network.http.spdy.enabled.v3-1',
-    'network.websocket.enabled',
-    'pageThumbs.enabled',
-    'pfs.datasource.url',
-    'plugin.scan.Acrobat',
-    'plugin.scan.Quicktime',
-    'plugin.scan.WindowsMediaPlayer',
-    'plugins.enumerable_names',
-    'plugins.update.notifyUser',
-    'plugins.update.url',
-    'privacy.clearOnShutdown.passwords',
-    'privacy.donottrackheader.value',
-    'security.mixed_content.send_hsts_priming',
-    'security.mixed_content.use_hsts',
-    'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
-    'security.ssl3.ecdhe_rsa_rc4_128_sha',
-    'security.ssl3.rsa_rc4_128_md5',
-    'security.ssl3.rsa_rc4_128_sha',
-    'security.tls.insecure_fallback_hosts.use_static_list',
-    'security.tls.unrestricted_rc4_fallback',
-    'security.xpconnect.plugin.unrestricted',
-    'social.directories',
-    'social.enabled',
-    'social.remote-install.enabled',
-    'social.share.activationPanelEnabled',
-    'social.shareDirectory',
-    'social.toast-notifications.enabled',
-    'social.whitelist',
-    'toolkit.telemetry.unifiedIsOptIn',
 
     /* REMOVED */
     /* 116+ */
@@ -284,224 +97,6 @@
     'privacy.firstparty.isolate.use_site',
     'privacy.window.name.update.enabled',
     'security.insecure_connection_text.enabled',
-    /* 79-91 */
-    'alerts.showFavicons',
-    'browser.newtabpage.activity-stream.asrouter.providers.snippets',
-    'browser.send_pings.require_same_host',
-    'browser.urlbar.usepreloadedtopurls.enabled',
-    'dom.allow_cut_copy',
-    'dom.battery.enabled',
-    'dom.IntersectionObserver.enabled',
-    'dom.storage.enabled',
-    'dom.vibrator.enabled',
-    'extensions.screenshots.upload-disabled',
-    'general.warnOnAboutConfig',
-    'gfx.direct2d.disabled',
-    'layers.acceleration.disabled',
-    'media.getusermedia.audiocapture.enabled',
-    'media.getusermedia.browser.enabled',
-    'media.getusermedia.screensharing.enabled',
-    'media.gmp-widevinecdm.visible',
-    'media.media-capabilities.enabled',
-    'network.http.redirection-limit',
-    'privacy.partition.network_state',
-    'security.insecure_connection_icon.enabled',
-    'security.mixed_content.block_active_content',
-    'security.ssl.enable_ocsp_stapling',
-    'security.ssl3.dhe_rsa_aes_128_sha',
-    'security.ssl3.dhe_rsa_aes_256_sha',
-    'webgl.min_capability_mode',
-    /* 69-78 */
-    'browser.cache.disk_cache_ssl',
-    'browser.search.geoip.url',
-    'browser.search.region',
-    'browser.sessionhistory.max_entries',
-    'dom.push.connection.enabled',
-    'dom.push.serverURL',
-    'extensions.getAddons.discovery.api_url',
-    'extensions.htmlaboutaddons.discover.enabled',
-    'extensions.webservice.discoverURL',
-    'intl.locale.requested',
-    'intl.regional_prefs.use_os_locales',
-    'media.block-autoplay-until-in-foreground',
-    'middlemouse.paste',
-    'plugin.sessionPermissionNow.intervalInMinutes',
-    'privacy.usercontext.about_newtab_segregation.enabled',
-    'security.insecure_connection_icon.pbmode.enabled',
-    'security.insecure_connection_text.pbmode.enabled',
-    'webgl.dxgl.enabled',
-    /* 61-68 */
-    'app.update.service.enabled',
-    'app.update.silent',
-    'app.update.staging.enabled',
-    'browser.cache.disk.capacity',
-    'browser.cache.disk.smart_size.enabled',
-    'browser.cache.disk.smart_size.first_run',
-    'browser.cache.offline.insecure.enable',
-    'browser.contentblocking.enabled',
-    'browser.laterrun.enabled',
-    'browser.offline-apps.notify',
-    'browser.rights.3.shown',
-    'browser.safebrowsing.blockedURIs.enabled',
-    'browser.safebrowsing.downloads.remote.block_dangerous',
-    'browser.safebrowsing.downloads.remote.block_dangerous_host',
-    'browser.safebrowsing.provider.google.gethashURL',
-    'browser.safebrowsing.provider.google.reportMalwareMistakeURL',
-    'browser.safebrowsing.provider.google.reportPhishMistakeURL',
-    'browser.safebrowsing.provider.google.reportURL',
-    'browser.safebrowsing.provider.google.updateURL',
-    'browser.safebrowsing.provider.google4.dataSharing.enabled',
-    'browser.safebrowsing.provider.google4.dataSharingURL',
-    'browser.safebrowsing.provider.google4.gethashURL',
-    'browser.safebrowsing.provider.google4.reportMalwareMistakeURL',
-    'browser.safebrowsing.provider.google4.reportPhishMistakeURL',
-    'browser.safebrowsing.provider.google4.reportURL',
-    'browser.safebrowsing.provider.google4.updateURL',
-    'browser.safebrowsing.provider.mozilla.gethashURL',
-    'browser.safebrowsing.provider.mozilla.updateURL',
-    'browser.safebrowsing.reportPhishURL',
-    'browser.sessionhistory.max_total_viewers',
-    'browser.sessionstore.max_windows_undo',
-    'browser.slowStartup.maxSamples',
-    'browser.slowStartup.notificationDisabled',
-    'browser.slowStartup.samples',
-    'browser.storageManager.enabled',
-    'browser.urlbar.autoFill.typed',
-    'browser.urlbar.filter.javascript',
-    'browser.urlbar.maxHistoricalSearchSuggestions',
-    'browser.urlbar.userMadeSearchSuggestionsChoice',
-    'canvas.capturestream.enabled',
-    'dom.allow_scripts_to_close_windows',
-    'dom.disable_window_flip',
-    'dom.forms.datetime',
-    'dom.imagecapture.enabled',
-    'dom.popup_maximum',
-    'extensions.webextensions.keepStorageOnUninstall',
-    'extensions.webextensions.keepUuidOnUninstall',
-    'font.blacklist.underline_offset',
-    'font.name.monospace.x-unicode',
-    'font.name.monospace.x-western',
-    'font.name.sans-serif.x-unicode',
-    'font.name.sans-serif.x-western',
-    'font.name.serif.x-unicode',
-    'font.name.serif.x-western',
-    'gfx.offscreencanvas.enabled',
-    'javascript.options.shared_memory',
-    'layout.css.font-loading-api.enabled',
-    'media.gmp-gmpopenh264.autoupdate',
-    'media.gmp-gmpopenh264.enabled',
-    'media.gmp-manager.updateEnabled',
-    'media.gmp-manager.url',
-    'media.gmp-manager.url.override',
-    'media.gmp-widevinecdm.autoupdate',
-    'media.gmp.trial-create.enabled',
-    'media.navigator.video.enabled',
-    'media.peerconnection.ice.tcp',
-    'media.peerconnection.identity.enabled',
-    'media.peerconnection.identity.timeout',
-    'media.peerconnection.turn.disable',
-    'media.peerconnection.use_document_iceservers',
-    'media.peerconnection.video.enabled',
-    'network.auth.subresource-img-cross-origin-http-auth-allow',
-    'network.cookie.leave-secure-alone',
-    'network.cookie.same-site.enabled',
-    'network.dnsCacheEntries',
-    'network.dnsCacheExpiration',
-    'network.http.fast-fallback-to-IPv4',
-    'network.proxy.autoconfig_url.include_path',
-    'offline-apps.quota.warn',
-    'pdfjs.enableWebGL',
-    'plugin.default.state',
-    'plugin.defaultXpi.state',
-    'plugin.scan.plid.all',
-    'privacy.trackingprotection.annotate_channels',
-    'privacy.trackingprotection.lower_network_priority',
-    'privacy.trackingprotection.pbmode.enabled',
-    'privacy.trackingprotection.ui.enabled',
-    'security.data_uri.block_toplevel_data_uri_navigations',
-    'security.insecure_field_warning.contextual.enabled',
-    'security.insecure_password.ui.enabled',
-    'security.tls.version.fallback-limit',
-    'services.blocklist.addons.collection',
-    'services.blocklist.gfx.collection',
-    'services.blocklist.onecrl.collection',
-    'services.blocklist.plugins.collection',
-    'services.blocklist.signing.enforced',
-    'services.blocklist.update_enabled',
-    'signon.autofillForms.http',
-    'signon.storeWhenAutocompleteOff',
-    'toolkit.telemetry.cachedClientID',
-    'urlclassifier.trackingTable',
-    'xpinstall.whitelist.required',
-    /* 60 or lower */
-    'browser.migrate.automigrate.enabled',
-    'browser.search.geoip.timeout',
-    'browser.search.reset.enabled',
-    'browser.search.reset.whitelist',
-    'browser.stopReloadAnimation.enabled',
-    'browser.tabs.insertRelatedAfterCurrent',
-    'browser.tabs.loadDivertedInBackground',
-    'browser.tabs.loadInBackground',
-    'browser.tabs.selectOwnerOnClose',
-    'browser.urlbar.clickSelectsAll',
-    'browser.urlbar.doubleClickSelectsAll',
-    'device.storage.enabled',
-    'dom.keyboardevent.dispatch_during_composition',
-    'dom.presentation.controller.enabled',
-    'dom.presentation.discoverable',
-    'dom.presentation.discovery.enabled',
-    'dom.presentation.enabled',
-    'dom.presentation.receiver.enabled',
-    'dom.presentation.session_transport.data_channel.enable',
-    'dom.vr.oculus.enabled',
-    'dom.vr.openvr.enabled',
-    'dom.vr.osvr.enabled',
-    'extensions.pocket.api',
-    'extensions.pocket.oAuthConsumerKey',
-    'extensions.pocket.site',
-    'general.useragent.compatMode.firefox',
-    'geo.wifi.xhr.timeout',
-    'gfx.layerscope.enabled',
-    'media.flac.enabled',
-    'media.mediasource.enabled',
-    'media.mediasource.mp4.enabled',
-    'media.mediasource.webm.audio.enabled',
-    'media.mediasource.webm.enabled',
-    'media.mp4.enabled',
-    'media.ogg.enabled',
-    'media.ogg.flac.enabled',
-    'media.opus.enabled',
-    'media.raw.enabled',
-    'media.wave.enabled',
-    'media.webm.enabled',
-    'media.webspeech.recognition.enable',
-    'media.wmf.amd.vp9.enabled',
-    'media.wmf.enabled',
-    'media.wmf.vp9.enabled',
-    'network.dns.blockDotOnion',
-    'network.stricttransportsecurity.preloadlist',
-    'security.block_script_with_wrong_mime',
-    'security.fileuri.strict_origin_policy',
-    'security.sri.enable',
-    'services.sync.enabled',
-    'ui.submenuDelay',
-    'webextensions.storage.sync.enabled',
-    'webextensions.storage.sync.serverURL',
-    //  excluding these e10 settings
-       // 'browser.tabs.remote.autostart',
-       // 'browser.tabs.remote.autostart.2',
-       // 'browser.tabs.remote.force-enable',
-       // 'browser.tabs.remote.separateFileUriProcess',
-       // 'extensions.e10sBlocksEnabling',
-       // 'extensions.webextensions.remote',
-       // 'dom.ipc.processCount',
-       // 'dom.ipc.shims.enabledWarnings',
-       // 'dom.ipc.processCount.extension',
-       // 'dom.ipc.processCount.file',
-       // 'security.sandbox.content.level',
-       // 'dom.ipc.plugins.sandbox-level.default',
-       // 'dom.ipc.plugins.sandbox-level.flash',
-       // 'security.sandbox.logging.enabled',
 
     /* IMPORTANT: last active pref must not have a trailing comma */ 
     /* reset parrot: check your open about:config after running the script */

From 336300a274a7721616d7e8109facca984b05f727 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 08:39:50 +0000
Subject: [PATCH 17/24] v118 removed

these are all at default now as of at least ESR115
---
 scratchpad-scripts/arkenfox-cleanup.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 2878031..e06b998 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -32,7 +32,7 @@
 
   const aPREFS = [
     /* DEPRECATED */
-    /* 116+ */
+    /* 116-128 */
     'dom.webnotifications.serviceworker.enabled', // 117
     'layout.css.font-visibility.resistFingerprinting', // 116
     'permissions.delegation.enabled', // 118
@@ -59,9 +59,14 @@
     'security.ssl3.rsa_des_ede3_sha', // 93
 
     /* REMOVED */
-    /* 116+ */
+    /* 116-128 */
+    'browser.fixup.alternate.enabled',
+    'browser.urlbar.dnsResolveSingleWordsAfterSearch',
     'media.gmp-widevinecdm.enabled',
     'network.protocol-handler.external.ms-windows-store',
+    'privacy.partition.always_partition_third_party_non_cookie_storage',
+    'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage',
+    'privacy.partition.serviceWorkers',
     /* 103-115 */
     'beacon.enabled',
     'browser.startup.blankWindow',

From f0513b7e64160c80f6e2430a5f3155ee855abdcf Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 11:41:47 +0000
Subject: [PATCH 18/24] inactive prefs no longer needed

encryption prefs false since FF109, taskbar since jesus or whatever
---
 scratchpad-scripts/arkenfox-cleanup.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index e06b998..fea7a68 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -61,12 +61,15 @@
     /* REMOVED */
     /* 116-128 */
     'browser.fixup.alternate.enabled',
+    'browser.taskbar.previews.enable',
     'browser.urlbar.dnsResolveSingleWordsAfterSearch',
     'media.gmp-widevinecdm.enabled',
     'network.protocol-handler.external.ms-windows-store',
     'privacy.partition.always_partition_third_party_non_cookie_storage',
     'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage',
     'privacy.partition.serviceWorkers',
+    'security.ssl3.ecdhe_ecdsa_aes_128_sha',
+    'security.ssl3.ecdhe_ecdsa_aes_256_sha',
     /* 103-115 */
     'beacon.enabled',
     'browser.startup.blankWindow',

From bd2e5b8d1d477951d929ea7d79ceb7a13fc322a4 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 11:47:49 +0000
Subject: [PATCH 19/24] undo encryption

they're not default false since 108, that was nightly only
---
 scratchpad-scripts/arkenfox-cleanup.js | 2 --
 1 file changed, 2 deletions(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index fea7a68..d8ddf31 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -68,8 +68,6 @@
     'privacy.partition.always_partition_third_party_non_cookie_storage',
     'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage',
     'privacy.partition.serviceWorkers',
-    'security.ssl3.ecdhe_ecdsa_aes_128_sha',
-    'security.ssl3.ecdhe_ecdsa_aes_256_sha',
     /* 103-115 */
     'beacon.enabled',
     'browser.startup.blankWindow',

From 56f51203bf4fea8aa778b792269205d275a62665 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 21 Sep 2023 12:36:35 +0000
Subject: [PATCH 20/24] point to archived version

---
 scratchpad-scripts/arkenfox-cleanup.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index d8ddf31..e2487fc 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,10 @@
   - removed from the arkenfox user.js
   - deprecated by Mozilla but listed in the arkenfox user.js in the past
 
-  Last updated: 18-September-2023
+  There is an archived version at https://github.com/arkenfox/user.js/issues/1080
+  if you want the full list prior to FF118
+
+  Last updated: 22-September-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile

From 6e79d1bba6a932480a938bec5c2cee0388e586b9 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Fri, 29 Sep 2023 10:52:55 +0000
Subject: [PATCH 21/24] deprecated v118

---
 scratchpad-scripts/arkenfox-cleanup.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index e2487fc..6f783a4 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
   There is an archived version at https://github.com/arkenfox/user.js/issues/1080
   if you want the full list prior to FF118
 
-  Last updated: 22-September-2023
+  Last updated: 29-September-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -37,7 +37,10 @@
     /* DEPRECATED */
     /* 116-128 */
     'dom.webnotifications.serviceworker.enabled', // 117
+    'layout.css.font-visibility.private', // 118
     'layout.css.font-visibility.resistFingerprinting', // 116
+    'layout.css.font-visibility.standard', // 118
+    'layout.css.font-visibility.trackingprotection', // 118
     'permissions.delegation.enabled', // 118
     'security.family_safety.mode', // 117
     /* 103-115 */

From f54d632da585a08185c6164017d79315c331181f Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Sat, 7 Oct 2023 10:33:49 +0000
Subject: [PATCH 22/24] v2.0 - improve root check

---
 prefsCleaner.sh | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/prefsCleaner.sh b/prefsCleaner.sh
index f36732c..6586609 100755
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
@@ -2,23 +2,12 @@
 
 ## prefs.js cleaner for Linux/Mac
 ## author: @claustromaniac
-## version: 1.9
+## version: 2.0
 
 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
 
 ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() )
 
-# Check if running as root and if any files have the owner/group as root/wheel.
-if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
-	printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
-	exit 1
-elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
-	printf 'It looks like this script was previously run with elevated privileges,
-you will need to change ownership of the following files to your user:\n'
-	find . -user 0 -o -group 0
-	exit 1
-fi
-
 readonly CURRDIR=$(pwd)
 
 ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
@@ -143,13 +132,23 @@ done
 ## change directory to the Firefox profile directory
 cd "$(dirname "${SCRIPT_FILE}")"
 
+# Check if running as root and if any files have the owner/group as root/wheel.
+if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
+	fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)."
+elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+	printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+	find . -user 0 -o -group 0
+	fQuit 1
+fi
+
 [ "$AUTOUPDATE" = true ] && update_prefsCleaner "$@"
 
 echo -e "\n\n"
 echo "                   ╔══════════════════════════╗"
 echo "                   ║     prefs.js cleaner     ║"
 echo "                   ║    by claustromaniac     ║"
-echo "                   ║           v1.9           ║"
+echo "                   ║           v2.0           ║"
 echo "                   ╚══════════════════════════╝"
 echo -e "\nThis script should be run from your Firefox profile directory.\n"
 echo "It will remove any entries from prefs.js that also exist in user.js."

From 3fdcb28b8f1992b66e43582810488413b39ebdb3 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 18 Oct 2023 14:03:40 +0000
Subject: [PATCH 23/24] v118 (#1724)

---
 user.js | 212 ++++++++++++++++++++++++--------------------------------
 1 file changed, 92 insertions(+), 120 deletions(-)

diff --git a/user.js b/user.js
index 5e54f30..4798b8a 100644
--- a/user.js
+++ b/user.js
@@ -1,8 +1,9 @@
 /******
 *    name: arkenfox user.js
-*    date: 17 September 2023
-* version: 117
-*     url: https://github.com/arkenfox/user.js
+*    date: 18 October 2023
+* version: 118
+*    urls: https://github.com/arkenfox/user.js [repo]
+*        : https://arkenfox.github.io/gui/ [interactive]
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
 
 * README:
@@ -26,15 +27,15 @@
 
 * RELEASES: https://github.com/arkenfox/user.js/releases
 
-  * It is best to use the arkenfox release that is optimized for and matches your Firefox version
-  * EVERYONE: each release
-    - run prefsCleaner to reset prefs made inactive, including deprecated (9999s)
-    ESR102
-    - If you are not using arkenfox v102-1... (not a definitive list)
-      - 2815: clearOnShutdown cookies + offlineApps should be false
-      - 9999: switch the appropriate deprecated section(s) back on
-  * ESR115
-    - use https://github.com/arkenfox/user.js/releases/tag/115.1
+  * Use the arkenfox release that matches your Firefox version
+    - DON'T wait for arkenfox to update Firefox, nothing major changes these days
+  * Each release
+    - run prefsCleaner to reset prefs made inactive, including deprecated (9999)
+  * ESR
+    - It is recommended to not use the updater, or you will get a later version which may cause issues.
+      So you should manually append your overrides (and keep a copy), and manually update when you
+      change ESR releases (arkenfox is already past that release)
+    - If you decide to keep updating, then the onus is on - also see section 9999
 
 * INDEX:
 
@@ -48,7 +49,6 @@
   0900: PASSWORDS
   1000: DISK AVOIDANCE
   1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
-  1400: FONTS
   1600: REFERERS
   1700: CONTAINERS
   2000: PLUGINS / MEDIA / WEBRTC
@@ -56,14 +56,14 @@
   2600: MISCELLANEOUS
   2700: ETP (ENHANCED TRACKING PROTECTION)
   2800: SHUTDOWN & SANITIZING
-  4500: RFP (RESIST FINGERPRINTING)
+  4500: RFP (resistFingerprinting)
   5000: OPTIONAL OPSEC
   5500: OPTIONAL HARDENING
   6000: DON'T TOUCH
   7000: DON'T BOTHER
   8000: DON'T BOTHER: FINGERPRINTING
   9000: NON-PROJECT RELATED
-  9999: DEPRECATED / REMOVED / LEGACY / RENAMED
+  9999: DEPRECATED / RENAMED
 
 ******/
 
@@ -132,6 +132,9 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
  * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations
  * [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/
 user_pref("browser.discovery.enabled", false);
+/* 0323: disable shopping experience [FF116+]
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0 ***/
+user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
 
 /** TELEMETRY ***/
 /* 0330: disable new data submission [FF41+]
@@ -269,11 +272,11 @@ user_pref("network.proxy.socks_remote_dns", true);
 user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
 /* 0704: disable GIO as a potential proxy bypass vector
  * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer,
- * dav, cdda, gphoto2, trash, etc. By default only sftp is accepted (FF87+)
+ * dav, cdda, gphoto2, trash, etc. From FF87-117, by default only sftp was accepted
  * [1] https://bugzilla.mozilla.org/1433507
  * [2] https://en.wikipedia.org/wiki/GVfs
  * [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
-user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
+user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+]
 /* 0705: disable proxy direct failover for system requests [FF91+]
  * [WARNING] Default true is a security feature against malicious extensions [1]
  * [SETUP-CHROME] If you use a proxy and you trust your extensions
@@ -305,36 +308,30 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
 
 /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
 user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
-/* 0802: disable location bar domain guessing
- * domain guessing intercepts DNS "hostname not found errors" and resends a
- * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
- * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com
- * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't
- * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack),
- * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/
-user_pref("browser.fixup.alternate.enabled", false); // [DEFAULT: false FF104+]
-/* 0804: disable live search suggestions
+/* 0801: disable location bar making speculative connections [FF56+]
+ * [1] https://bugzilla.mozilla.org/1348275 ***/
+user_pref("browser.urlbar.speculativeConnect.enabled", false);
+/* 0802: disable location bar contextual suggestions [FF92+]
+ * [SETTING] Privacy & Security>Address Bar>Suggestions from...
+ * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
+user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
+user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
+/* 0803: disable live search suggestions
  * [NOTE] Both must be true for the location bar to work
  * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
  * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
 user_pref("browser.search.suggest.enabled", false);
 user_pref("browser.urlbar.suggest.searches", false);
-/* 0805: disable location bar making speculative connections [FF56+]
- * [1] https://bugzilla.mozilla.org/1348275 ***/
-user_pref("browser.urlbar.speculativeConnect.enabled", false);
-/* 0806: disable location bar leaking single words to a DNS provider **after searching** [FF78+]
- * 0=never resolve, 1=use heuristics, 2=always resolve
- * [1] https://bugzilla.mozilla.org/1642623 ***/
-user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DEFAULT: 0 FF104+]
-/* 0807: disable location bar contextual suggestions [FF92+]
- * [SETTING] Privacy & Security>Address Bar>Suggestions from...
- * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
-user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
-user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
-/* 0808: disable tab-to-search [FF85+]
- * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
- * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
-   // user_pref("browser.urlbar.suggest.engines", false);
+/* 0805: disable urlbar trending search suggestions [FF118+]
+ * [SETTING] Search>Search Suggestions>Show trending search suggestions (FF119) ***/
+user_pref("browser.urlbar.trending.featureGate", false);
+/* 0806: disable urlbar suggestions ***/
+user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
+user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
+user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
+user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
+/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
+   // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false]
 /* 0810: disable search and form history
  * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
  * [NOTE] We also clear formdata on exit (2811)
@@ -342,6 +339,10 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
  * [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
  * [2] https://bugzilla.mozilla.org/381681 ***/
 user_pref("browser.formfill.enable", false);
+/* 0815: disable tab-to-search [FF85+]
+ * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
+ * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
+   // user_pref("browser.urlbar.suggest.engines", false);
 /* 0820: disable coloring of visited links
  * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
  * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
@@ -499,18 +500,6 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
  * [TEST] https://expired.badssl.com/ ***/
 user_pref("browser.xul.error_pages.expert_bad_cert", true);
 
-/*** [SECTION 1400]: FONTS ***/
-user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
-/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
- * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
- * In normal windows: uses the first applicable: RFP over TP over Standard
- * In Private Browsing windows: uses the most restrictive between normal and private
- * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
- * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/
-   // user_pref("layout.css.font-visibility.private", 1);
-   // user_pref("layout.css.font-visibility.standard", 1);
-   // user_pref("layout.css.font-visibility.trackingprotection", 1);
-
 /*** [SECTION 1600]: REFERERS
                   full URI: https://example.com:8888/foo/bar.html?id=1234
      scheme+host+port+path: https://example.com:8888/foo/bar.html
@@ -558,11 +547,9 @@ user_pref("dom.disable_window_move_resize", true);
 
 /*** [SECTION 2600]: MISCELLANEOUS ***/
 user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
-/* 2601: prevent accessibility services from accessing your browser [RESTART]
- * [1] https://support.mozilla.org/kb/accessibility-services ***/
-user_pref("accessibility.force_disabled", 1);
-/* 2603: remove temp files opened with an external application
- * [1] https://bugzilla.mozilla.org/302433 ***/
+/* 2603: remove temp files opened from non-PB windows with an external application
+ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574 ***/
+user_pref("browser.download.start_downloads_in_tmp_dir", true); // [FF102+]
 user_pref("browser.helperApps.deleteTempFileOnExit", true);
 /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
@@ -599,12 +586,6 @@ user_pref("network.IDN_show_punycode", true);
  * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
 user_pref("pdfjs.disabled", false); // [DEFAULT: false]
 user_pref("pdfjs.enableScripting", false); // [FF86+]
-/* 2623: disable permissions delegation [FF73+]
- * Currently applies to cross-origin geolocation, camera, mic and screen-sharing
- * permissions, and fullscreen requests. Disabling delegation means any prompts
- * for these will show/use their correct 3rd party origin
- * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/
-user_pref("permissions.delegation.enabled", false);
 /* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
 user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
 
@@ -625,8 +606,7 @@ user_pref("browser.download.always_ask_before_handling_new_types", true);
 /* 2660: lock down allowed extension directories
  * [SETUP-CHROME] This will break extensions, language packs, themes and any other
  * XPI files which are installed outside of profile and application directories
- * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
- * [1] https://archive.is/DYjAM (archived) ***/
+ * [1] https://archive.is/DYjAM ***/
 user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF]
 user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
 /* 2661: disable bypassing 3rd party extension install prompts [FF82+]
@@ -653,11 +633,6 @@ user_pref("browser.contentblocking.category", "strict");
  * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
  * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
    // user_pref("privacy.antitracking.enableWebcompat", false);
-/* 2710: enable state partitioning of service workers [FF96+] ***/
-user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+]
-/* 2720: enable APS (Always Partitioning Storage) ***/
-user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+]
-user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+]
 
 /*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
 user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
@@ -716,7 +691,7 @@ user_pref("privacy.cpd.cookies", false);
  * which will display a blank value, and are not guaranteed to work ***/
 user_pref("privacy.sanitize.timeSpan", 0);
 
-/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
+/*** [SECTION 4500]: RFP (resistFingerprinting)
    RFP covers a wide range of ongoing fingerprinting solutions.
    It is an all-or-nothing buy in: you cannot pick and choose what parts you want
    [TEST] https://arkenfox.github.io/TZP/tzp.html
@@ -730,7 +705,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
  FF56
    1369303 - spoof/disable performance API
    1333651 - spoof User Agent & Navigator API
-      version: android version spoofed as ESR
+      version: android version spoofed as ESR (FF119 or lower)
       OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
    1369319 - disable device sensor API
    1369357 - disable site specific zoom
@@ -772,7 +747,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
    1794628 - return "none" with inverted-colors (FF114)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
-/* 4501: enable privacy.resistFingerprinting
+/* 4501: enable RFP
  * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar
  * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
  * [NOTE] pbmode applies if true and the original pref is false
@@ -787,7 +762,7 @@ user_pref("privacy.window.maxInnerHeight", 900);
 /* 4503: disable mozAddonManager Web API [FF57+]
  * [NOTE] To allow extensions to work on AMO, you also need 2662
  * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
-user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108]
+user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
 /* 4504: enable RFP letterboxing [FF67+]
  * Dynamically resizes the inner window by applying margins in stepped ranges [2]
  * If you use the dimension pref, then it will only apply those resolutions.
@@ -894,8 +869,6 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
    // user_pref("browser.taskbar.lists.frequent.enabled", false);
    // user_pref("browser.taskbar.lists.recent.enabled", false);
    // user_pref("browser.taskbar.lists.tasks.enabled", false);
-/* 5015: disable Windows taskbar preview [WINDOWS] ***/
-   // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
 /* 5016: discourage downloading to desktop
  * 0=desktop, 1=downloads (default), 2=custom
  * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/
@@ -952,7 +925,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
  * Vulnerabilities [1] have increasingly been found, including those known and fixed
  * in native programs years ago [2]. WASM has powerful low-level access, making
  * certain attacks (brute-force) and vulnerabilities more possible
- * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3]
+ * [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3]
  * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm
  * [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
  * [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
@@ -982,7 +955,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
  * Firefox uses the system DNS to initially resolve the IP address of your DoH server.
  * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox
  * won't use the system DNS. If the IP doesn't match then DoH won't work ***/
-   // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF]
+   // user_pref("network.trr.bootstrapAddr", "10.0.0.1"); // [HIDDEN PREF]
 
 /*** [SECTION 6000]: DON'T TOUCH ***/
 user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@@ -1014,7 +987,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
 /* 6012: enforce Quarantined Domains [FF115+]
  * [WHY] https://support.mozilla.org/kb/quarantined-domains */
 user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
-/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/
+/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/
    // user_pref("beacon.enabled", "");
    // user_pref("browser.startup.blankWindow", "");
    // user_pref("browser.newtab.preload", "");
@@ -1031,8 +1004,21 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
    // user_pref("extensions.formautofill.creditCards.available", "");
    // user_pref("extensions.formautofill.creditCards.supported", "");
    // user_pref("middlemouse.contentLoadURL", "");
-/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/
+/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
+   // user_pref("accessibility.force_disabled", "");
+   // user_pref("browser.fixup.alternate.enabled", "");
+   // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
    // user_pref("network.protocol-handler.external.ms-windows-store", "");
+   // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
+   // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
+   // user_pref("privacy.partition.serviceWorkers", "");
+/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/
+   // user_pref("browser.cache.offline.enable", "");
+   // user_pref("extensions.formautofill.heuristics.enabled", "");
+   // user_pref("network.cookie.lifetimePolicy", "");
+   // user_pref("privacy.clearsitedata.cache.enabled", "");
+   // user_pref("privacy.resistFingerprinting.testGranularityMask", "");
+   // user_pref("security.pki.sha1_enforcement_level", "");
 
 /*** [SECTION 7000]: DON'T BOTHER ***/
 user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@@ -1057,8 +1043,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 /* 7003: disable non-modern cipher suites [1]
  * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks
  * [1] https://browserleaks.com/ssl ***/
-   // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF109+]
-   // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: false FF109+]
+   // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
+   // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
    // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
    // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
    // user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
@@ -1110,8 +1096,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
  * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/
    // user_pref("privacy.donottrackheader.enabled", true);
 /* 7016: customize ETP settings
+ * [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled
  * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
-   // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5 FF103+]
+   // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5]
+   // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
    // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
    // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
    // user_pref("privacy.partition.network_state.ocsp_cache", true);
@@ -1182,42 +1170,8 @@ user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
  * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/
 user_pref("browser.urlbar.showSearchTerms.enabled", false);
 
-/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
-   Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1]
-   [1] https://github.com/arkenfox/user.js/issues/123
-***/
+/*** [SECTION 9999]: DEPRECATED / RENAMED ***/
 user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
-/* ESR102.x still uses all the following prefs
-// [NOTE] replace the * with a slash in the line above to re-enable active ones
-// FF103
-// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
-   // 0=keep until they expire (default), 2=keep until you close Firefox
-   // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
-   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761
-user_pref("network.cookie.lifetimePolicy", 2);
-// 6012: disable SHA-1 certificates
-   // [-] https://bugzilla.mozilla.org/1766687
-   // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1]
-// FF114
-// 2816: set cache to clear on exit [FF96+]
-   // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
-   // [1] https://bugzilla.mozilla.org/1671182
-   // [-] https://bugzilla.mozilla.org/1821651
-   // user_pref("privacy.clearsitedata.cache.enabled", true);
-// 4505: experimental RFP [FF91+]
-   // [-] https://bugzilla.mozilla.org/1824235
-   // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
-// 5017: disable Form Autofill heuristics
-   // Heuristics controls Form Autofill on forms without @autocomplete attributes
-   // [-] https://bugzilla.mozilla.org/1829670
-   // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
-// FF115
-   // 7001: disable offline cache (appCache)
-   // [NOTE] appCache storage capability was removed in FF90
-   // [-] https://bugzilla.mozilla.org/1677718
-   // user_pref("browser.cache.offline.enable", false);
-// ***/
-
 /* ESR115.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable active ones
 // FF116
@@ -1237,6 +1191,24 @@ user_pref("security.family_safety.mode", 0);
    // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/
    // [-] https://bugzilla.mozilla.org/1842457
    // user_pref("dom.webnotifications.serviceworker.enabled", false);
+// FF118
+// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
+   // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
+   // In normal windows: uses the first applicable: RFP over TP over Standard
+   // In Private Browsing windows: uses the most restrictive between normal and private
+   // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
+   // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
+   // [-] https://bugzilla.mozilla.org/1847599
+   // user_pref("layout.css.font-visibility.private", 1);
+   // user_pref("layout.css.font-visibility.standard", 1);
+   // user_pref("layout.css.font-visibility.trackingprotection", 1);
+// 2623: disable permissions delegation [FF73+]
+   // Currently applies to cross-origin geolocation, camera, mic and screen-sharing
+   // permissions, and fullscreen requests. Disabling delegation means any prompts
+   // for these will show/use their correct 3rd party origin
+   // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion
+   // [-] https://bugzilla.mozilla.org/1697151
+   // user_pref("permissions.delegation.enabled", false);
 // ***/
 
 /* END: internal custom pref to test for syntax errors ***/

From 35e8def0b1e5ecf1198e7efe41cfe6aa0415b320 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 18 Oct 2023 14:59:33 +0000
Subject: [PATCH 24/24] network.dns.skipTRR-when-parental-control-enabled

---
 scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 6f783a4..edb18c9 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
   There is an archived version at https://github.com/arkenfox/user.js/issues/1080
   if you want the full list prior to FF118
 
-  Last updated: 29-September-2023
+  Last updated: 18-October-2023
 
   Instructions:
   - [optional] close Firefox and backup your profile
@@ -41,6 +41,7 @@
     'layout.css.font-visibility.resistFingerprinting', // 116
     'layout.css.font-visibility.standard', // 118
     'layout.css.font-visibility.trackingprotection', // 118
+    'network.dns.skipTRR-when-parental-control-enabled', // 119
     'permissions.delegation.enabled', // 118
     'security.family_safety.mode', // 117
     /* 103-115 */