diff --git a/user.js b/user.js index 39ea13e..141dee0 100644 --- a/user.js +++ b/user.js @@ -274,7 +274,7 @@ user_pref("services.blocklist.gfx.collection", "gfx"); // if gfx hw acceleration // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // (FF50+) // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // (FF50+) /* 0410d: disable Mozilla safebrowsing downloads, updates - * [NOTE] These two prefs are also used for Tracking Protection (see 0420) ***/ + * [NOTE] These two prefs are also used for Tracking Protection and Flash (see 0420 and 0440) ***/ // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); // resolves hash conflicts // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); // update FF lists /* 0410e: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ @@ -291,16 +291,25 @@ user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // (FF50+) * [TEST] see github wiki APPENDIX C: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", true); -/* 0420: disable Tracking Protection (TP) - * There SHOULD be NO privacy concerns here, but we strongly recommend to use uBlock Origin instead, +/* 0420: disable/enable Tracking Protection (TP) + * There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, * which offers more comprehensive as well as specialized lists. It also allows per domain control. + * By default TP is only used in Private Browsing windows. + * ^ If both are false then TP is disabled + * ^ If .enabled = true then .pbmode.enabled is IGNORED and TP is enabled for ALL windows + * ^ If .pbmode.enabled = true (and enabled = false) then TP is Private Browsing windows only * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing * [1] https://wiki.mozilla.org/Security/Tracking_protection * [2] https://support.mozilla.org/en-US/kb/tracking-protection-firefox ***/ -user_pref("privacy.trackingprotection.enabled", false); // all windows pref (not just private) -user_pref("privacy.trackingprotection.pbmode.enabled", false); // private browsing pref -/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection ***/ +user_pref("privacy.trackingprotection.enabled", true); // enforces ALL windows if true (not just private) + // user_pref("privacy.trackingprotection.pbmode.enabled", false); // private browsing pref +/* 0421: enable more Tracking Protection choices under Options>Privacy>Use Tracking Protection + * Displays three choices: "Always", "Only in private windows", "Never" ***/ user_pref("privacy.trackingprotection.ui.enabled", true); +/* 0422: use "basic" or "strict" tracking protecting list - ONLY USE ONE! + * [SETTINGS] Options>Privacy>Use Tracking Protection>Change Block List ***/ + // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // simple/basic + // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict /* 0430: disable SSL Error Reporting * [1] https://gecko.readthedocs.org/en/latest/browser/base/sslerrorreport/preferences.html ***/ user_pref("security.ssl.errorReporting.automatic", false); @@ -308,10 +317,10 @@ user_pref("security.ssl.errorReporting.enabled", false); user_pref("security.ssl.errorReporting.url", ""); /* 0440: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+) * If you don't have Flash, then you don't need this enabled - * [NOTE] if enabled, you will need to check what prefs (safebrowsing URLs etc) this uses to update + * [NOTE] There are two prefs (see 0410d) shared with Safe Browsing * [1] http://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1237198 ***/ -user_pref("browser.safebrowsing.blockedURIs.enabled", false); + // user_pref("browser.safebrowsing.blockedURIs.enabled", false); /*** 0600: BLOCK IMPLICIT OUTBOUND [not explicitly asked for - eg clicked on] ***/ user_pref("ghacks_user.js.parrot", "0600 syntax error: the parrot's no more!");