1
0

0800 revamp

This commit is contained in:
Roman-Nopantski 2017-03-14 02:50:47 +13:00 committed by GitHub
parent 668c307ffb
commit 37505e3461

93
user.js
View File

@ -328,8 +328,6 @@ user_pref("network.predictor.enabled", false);
* https://wiki.mozilla.org/Necko/CaptivePortal ***/
user_pref("captivedetect.canonicalURL", "");
user_pref("network.captive-portal-service.enabled", false); // (FF52+)
/* 0604: disable search suggestions ***/
user_pref("browser.search.suggest.enabled", false);
/* 0605: disable link-mouseover opening connection to linked server
* http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests
* http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/
@ -345,9 +343,14 @@ user_pref("network.protocol-handler.external.ms-windows-store", false);
/* 0608: disable predictor / prefetching (FF48+) ***/
user_pref("network.predictor.enable-prefetch", false);
/*** 0800: LOCATION BAR / SEARCH / AUTO SUGGESTIONS / HISTORY / FORMS etc
Not ALL of these are strictly needed, some are for the truly paranoid, but
included for a more comprehensive list (see comments on each one) ***/
/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS / DOWNLOADS [SETUP]
If you are in a private environment (no unwanted eyeballs) and your device is private
(restricted access), and the device is secure when unattended (locked, encrypted, forensic
hardened), then items 0850 and above can be relaxed in return for more convenience and
functionality. Likewise, you may want to check the items cleared on shutdown in section 2800.
[NOTE] The urlbar is also commonly referred to as the location bar and address bar
#Required reading: https://xkcd.com/538/
***/
user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
/* 0801: disable location bar using search - PRIVACY
* don't leak typos to a search engine, give an error message instead ***/
@ -360,62 +363,70 @@ user_pref("keyword.enabled", false);
* intend to), can leak sensitive data (eg query strings: eg Princeton attack),
* and is a security risk (eg common typos & malicious sites set up to exploit this) ***/
user_pref("browser.fixup.alternate.enabled", false);
/* 0803: disable locationbar dropdown - PRIVACY (shoulder surfers, forensics/unattended browser) ***/
user_pref("browser.urlbar.maxRichResults", 0);
/* 0804: display all parts of the url - helps SECURITY ***/
/* 0803: display all parts of the url in the location bar - helps SECURITY ***/
user_pref("browser.urlbar.trimURLs", false);
/* 0805: disable urlbar autofill - PRIVACY (shoulder surfers, forensics/unattended browser)
* http://kb.mozillazine.org/Inline_autocomplete ***/
user_pref("browser.urlbar.autoFill", false);
user_pref("browser.urlbar.autoFill.typed", false);
/* 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) ***/
user_pref("browser.urlbar.autocomplete.enabled", false);
/* 0808: disable types of urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser)
* [SETTING] Options>Privacy>Location Bar. If you wish to enable any of these suggestions,
* then also make sure 0806 (enable suggestions) and 0803 (locationbar dropdown) are at default ***/
user_pref("browser.urlbar.suggest.history", false);
user_pref("browser.urlbar.suggest.bookmark", false);
user_pref("browser.urlbar.suggest.openpage", false);
/* 0809: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY
/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY
* This is a PER TAB session history. You still have a full history stored under all history
* default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages
* use it as a means of referral (eg hotlinking), 4 or 6 may be more practical ***/
user_pref("browser.sessionhistory.max_entries", 4);
/* 0810: disable CSS querying page history - CSS history leak - PRIVACY
* [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in
* 'certain circumstances', also see latest comments in the bug link
* use it as a means of referral (eg hotlinking), 4 or 6 or 10 may be more practical ***/
user_pref("browser.sessionhistory.max_entries", 10);
/* 0805: disable CSS querying page history - CSS history leak - PRIVACY
* [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's
* only in 'certain circumstances', also see latest comments in the bug link
* [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use)
* https://dbaron.org/mozilla/visited-privacy
* https://bugzilla.mozilla.org/show_bug.cgi?id=147777
* https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/
user_pref("layout.css.visited_links_enabled", false);
/* 0811: disable displaying javascript in history URLs - SECURITY ***/
/* 0806: disable displaying javascript in history URLs - SECURITY ***/
user_pref("browser.urlbar.filter.javascript", true);
/* 0812: disable search and form history
/* 0807: disable search bar LIVE search suggestions - PRIVACY
* [SETTING] Options>Search>Provide search suggestions ***/
user_pref("browser.search.suggest.enabled", false);
/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY
* Also disable the location bar prompt to enable/disable or learn more about it.
* [SETTING] Options>Search>Show search suggestions in location bar results ***/
user_pref("browser.urlbar.suggest.searches", false);
user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+)
/* 0850a: disable location bar autocomplete ***/
user_pref("browser.urlbar.autocomplete.enabled", false);
/* 0850b: disable location bar dropdown
* This controls the maximum number of entries that can appear in the location bar dropdown.
* Zero completely disables it. If you want ANY dropdown functionality, this must be changed ***/
user_pref("browser.urlbar.maxRichResults", 0);
/* 0850c: disable location bar suggestion types
* [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest
* [NOTE] If you wish to enable these suggestions, make sure 0850a and 0850b are at default ***/
user_pref("browser.urlbar.suggest.history", false);
user_pref("browser.urlbar.suggest.bookmark", false);
user_pref("browser.urlbar.suggest.openpage", false);
/* 0850d: disable location bar autofill
* http://kb.mozillazine.org/Inline_autocomplete ***/
user_pref("browser.urlbar.autoFill", false);
user_pref("browser.urlbar.autoFill.typed", false);
/* 0850e: disable location bar one-off searches (FF51+)
* http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
user_pref("browser.urlbar.oneOffSearches", false);
/* 0860: disable search and form history
* [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history
* [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/
// user_pref("browser.formfill.enable", false);
/* 0813: disable saving form data on secure websites - PRIVACY (shoulder surfers etc)
* For convenience & functionality, this is best left at default true.
* You can clear formdata on exiting Firefox (see 2803) ***/
/* 0861: disable saving form history on secure websites
* For convenience & functionality, this is best left at default true,
* especially as the web moves more and more to encrypted services
* You can clear form history on exiting Firefox (see 2803) ***/
// user_pref("browser.formfill.saveHttpsForms", false);
/* 0815: disable live search suggestions in the urlbar and toggle off the Opt-In prompt (FF41+)
* [SETTING] Options>Search>Provide search suggestions ***/
user_pref("browser.urlbar.suggest.searches", false);
user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true);
/* 0816: disable browsing and download history
/* 0862: disable browsing and download history
* [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history
* [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/
// user_pref("places.history.enabled", false);
/* 0817: disable Jumplist (Windows7+) ***/
/* 0870: disable Windows jumplist ***/
user_pref("browser.taskbar.lists.enabled", false);
user_pref("browser.taskbar.lists.frequent.enabled", false);
user_pref("browser.taskbar.lists.recent.enabled", false);
user_pref("browser.taskbar.lists.tasks.enabled", false);
/* 0818: disable taskbar preview ***/
/* 0871: disable Windows taskbar preview ***/
user_pref("browser.taskbar.previews.enable", false);
/* 0819: disable one-off searches from the addressbar (FF51+)
* http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/
user_pref("browser.urlbar.oneOffSearches", false);
/*** 0900: PASSWORDS ***/
user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!");