From 37505e3461de28b053381340ac5e22312b3f8bee Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Tue, 14 Mar 2017 02:50:47 +1300 Subject: [PATCH] 0800 revamp --- user.js | 93 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 52 insertions(+), 41 deletions(-) diff --git a/user.js b/user.js index 9627cff..bc10b06 100644 --- a/user.js +++ b/user.js @@ -328,8 +328,6 @@ user_pref("network.predictor.enabled", false); * https://wiki.mozilla.org/Necko/CaptivePortal ***/ user_pref("captivedetect.canonicalURL", ""); user_pref("network.captive-portal-service.enabled", false); // (FF52+) -/* 0604: disable search suggestions ***/ -user_pref("browser.search.suggest.enabled", false); /* 0605: disable link-mouseover opening connection to linked server * http://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests * http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links ***/ @@ -345,9 +343,14 @@ user_pref("network.protocol-handler.external.ms-windows-store", false); /* 0608: disable predictor / prefetching (FF48+) ***/ user_pref("network.predictor.enable-prefetch", false); -/*** 0800: LOCATION BAR / SEARCH / AUTO SUGGESTIONS / HISTORY / FORMS etc - Not ALL of these are strictly needed, some are for the truly paranoid, but - included for a more comprehensive list (see comments on each one) ***/ +/*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS / DOWNLOADS [SETUP] + If you are in a private environment (no unwanted eyeballs) and your device is private + (restricted access), and the device is secure when unattended (locked, encrypted, forensic + hardened), then items 0850 and above can be relaxed in return for more convenience and + functionality. Likewise, you may want to check the items cleared on shutdown in section 2800. + [NOTE] The urlbar is also commonly referred to as the location bar and address bar + #Required reading: https://xkcd.com/538/ + ***/ user_pref("ghacks_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar using search - PRIVACY * don't leak typos to a search engine, give an error message instead ***/ @@ -360,62 +363,70 @@ user_pref("keyword.enabled", false); * intend to), can leak sensitive data (eg query strings: eg Princeton attack), * and is a security risk (eg common typos & malicious sites set up to exploit this) ***/ user_pref("browser.fixup.alternate.enabled", false); -/* 0803: disable locationbar dropdown - PRIVACY (shoulder surfers, forensics/unattended browser) ***/ -user_pref("browser.urlbar.maxRichResults", 0); -/* 0804: display all parts of the url - helps SECURITY ***/ +/* 0803: display all parts of the url in the location bar - helps SECURITY ***/ user_pref("browser.urlbar.trimURLs", false); -/* 0805: disable urlbar autofill - PRIVACY (shoulder surfers, forensics/unattended browser) - * http://kb.mozillazine.org/Inline_autocomplete ***/ -user_pref("browser.urlbar.autoFill", false); -user_pref("browser.urlbar.autoFill.typed", false); -/* 0806: disable autocomplete - PRIVACY (shoulder surfers, forensics/unattended browser) ***/ -user_pref("browser.urlbar.autocomplete.enabled", false); -/* 0808: disable types of urlbar suggestions - PRIVACY (shoulder surfers, forensics/unattended browser) - * [SETTING] Options>Privacy>Location Bar. If you wish to enable any of these suggestions, - * then also make sure 0806 (enable suggestions) and 0803 (locationbar dropdown) are at default ***/ -user_pref("browser.urlbar.suggest.history", false); -user_pref("browser.urlbar.suggest.bookmark", false); -user_pref("browser.urlbar.suggest.openpage", false); -/* 0809: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY +/* 0804: limit history leaks via enumeration (PER TAB: back/forward) - PRIVACY * This is a PER TAB session history. You still have a full history stored under all history * default=50, minimum=1=currentpage, 2 is the recommended minimum as some pages - * use it as a means of referral (eg hotlinking), 4 or 6 may be more practical ***/ -user_pref("browser.sessionhistory.max_entries", 4); -/* 0810: disable CSS querying page history - CSS history leak - PRIVACY - * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's only in - * 'certain circumstances', also see latest comments in the bug link + * use it as a means of referral (eg hotlinking), 4 or 6 or 10 may be more practical ***/ +user_pref("browser.sessionhistory.max_entries", 10); +/* 0805: disable CSS querying page history - CSS history leak - PRIVACY + * [NOTE] this has NEVER been fully "resolved": in Mozilla/docs it is stated it's + * only in 'certain circumstances', also see latest comments in the bug link + * [TEST] http://lcamtuf.coredump.cx/yahh/ (see github wiki APPENDIX C on how to use) * https://dbaron.org/mozilla/visited-privacy * https://bugzilla.mozilla.org/show_bug.cgi?id=147777 * https://developer.mozilla.org/en-US/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); -/* 0811: disable displaying javascript in history URLs - SECURITY ***/ +/* 0806: disable displaying javascript in history URLs - SECURITY ***/ user_pref("browser.urlbar.filter.javascript", true); -/* 0812: disable search and form history +/* 0807: disable search bar LIVE search suggestions - PRIVACY + * [SETTING] Options>Search>Provide search suggestions ***/ +user_pref("browser.search.suggest.enabled", false); +/* 0808: disable location bar LIVE search suggestions (requires 0807 = true) - PRIVACY + * Also disable the location bar prompt to enable/disable or learn more about it. + * [SETTING] Options>Search>Show search suggestions in location bar results ***/ +user_pref("browser.urlbar.suggest.searches", false); +user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); // (FF41+) +/* 0850a: disable location bar autocomplete ***/ +user_pref("browser.urlbar.autocomplete.enabled", false); +/* 0850b: disable location bar dropdown + * This controls the maximum number of entries that can appear in the location bar dropdown. + * Zero completely disables it. If you want ANY dropdown functionality, this must be changed ***/ +user_pref("browser.urlbar.maxRichResults", 0); +/* 0850c: disable location bar suggestion types + * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest + * [NOTE] If you wish to enable these suggestions, make sure 0850a and 0850b are at default ***/ +user_pref("browser.urlbar.suggest.history", false); +user_pref("browser.urlbar.suggest.bookmark", false); +user_pref("browser.urlbar.suggest.openpage", false); +/* 0850d: disable location bar autofill + * http://kb.mozillazine.org/Inline_autocomplete ***/ +user_pref("browser.urlbar.autoFill", false); +user_pref("browser.urlbar.autoFill.typed", false); +/* 0850e: disable location bar one-off searches (FF51+) + * http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ +user_pref("browser.urlbar.oneOffSearches", false); +/* 0860: disable search and form history * [SETTING] Options>Privacy>History>Custom Settings>Remember search and form history * [NOTE] You can clear formdata on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.enable", false); -/* 0813: disable saving form data on secure websites - PRIVACY (shoulder surfers etc) - * For convenience & functionality, this is best left at default true. - * You can clear formdata on exiting Firefox (see 2803) ***/ +/* 0861: disable saving form history on secure websites + * For convenience & functionality, this is best left at default true, + * especially as the web moves more and more to encrypted services + * You can clear form history on exiting Firefox (see 2803) ***/ // user_pref("browser.formfill.saveHttpsForms", false); -/* 0815: disable live search suggestions in the urlbar and toggle off the Opt-In prompt (FF41+) - * [SETTING] Options>Search>Provide search suggestions ***/ -user_pref("browser.urlbar.suggest.searches", false); -user_pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); -/* 0816: disable browsing and download history +/* 0862: disable browsing and download history * [SETTING] Options>Privacy>History>Custom Settings>Remember my browsing and download history * [NOTE] You can clear history and downloads on exiting Firefox (see 2803) ***/ // user_pref("places.history.enabled", false); -/* 0817: disable Jumplist (Windows7+) ***/ +/* 0870: disable Windows jumplist ***/ user_pref("browser.taskbar.lists.enabled", false); user_pref("browser.taskbar.lists.frequent.enabled", false); user_pref("browser.taskbar.lists.recent.enabled", false); user_pref("browser.taskbar.lists.tasks.enabled", false); -/* 0818: disable taskbar preview ***/ +/* 0871: disable Windows taskbar preview ***/ user_pref("browser.taskbar.previews.enable", false); -/* 0819: disable one-off searches from the addressbar (FF51+) - * http://www.ghacks.net/2016/08/09/firefox-one-off-searches-address-bar/ ***/ -user_pref("browser.urlbar.oneOffSearches", false); /*** 0900: PASSWORDS ***/ user_pref("ghacks_user.js.parrot", "0900 syntax error: the parrot's expired!");