michel_ouba/FF_arkenfox_user.js
michel_ouba/FF_arkenfox_user.js
1
0
Fork 0
Code Releases Activity

update trac tor tickets (#958)

Browse Source 
and some other minor tweaks
This commit is contained in:
Thorin-Oakenpants 2020-06-24 17:26:25 +00:00 committed by GitHub
parent f573200aa8
commit 4be0a80720
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
user.js
View File

@ -177,7 +177,7 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
* fallback to the "Current locale" based on your application language * fallback to the "Current locale" based on your application language
* [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content * [SETTING] General>Language and Appearance>Fonts and Colors>Advanced>Text Encoding for Legacy Content
* [TEST] https://hsivonen.com/test/moz/check-charset.htm * [TEST] https://hsivonen.com/test/moz/check-charset.htm
* [1] https://trac.torproject.org/projects/tor/ticket/20025 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20025 ***/
user_pref("intl.charset.fallback.override", "windows-1252"); user_pref("intl.charset.fallback.override", "windows-1252");
/*** [SECTION 0300]: QUIET FOX /*** [SECTION 0300]: QUIET FOX
@ -390,7 +390,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost
/* 0701: disable IPv6 /* 0701: disable IPv6
* IPv6 can be abused, especially regarding MAC addresses. They also do not play nice * IPv6 can be abused, especially regarding MAC addresses. They also do not play nice
* with VPNs. That's even assuming your ISP and/or router and/or website can handle it. * with VPNs. That's even assuming your ISP and/or router and/or website can handle it.
* Firefox telemetry (April 2019) shows only 5% of all connections are IPv6 * [STATS] Firefox telemetry (June 2020) shows only 5% of all connections are IPv6
* [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an * [NOTE] This is just an application level fallback. Disabling IPv6 is best done at an
* OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
* then this won't make much difference. If you are masking your IP, then it can only help. * then this won't make much difference. If you are masking your IP, then it can only help.
@ -430,13 +430,13 @@ user_pref("network.proxy.socks_remote_dns", true);
// user_pref("network.ftp.enabled", false); // user_pref("network.ftp.enabled", false);
/* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+] /* 0709: disable using UNC (Uniform Naming Convention) paths [FF61+]
* [SETUP-CHROME] Can break extensions for profiles on network shares * [SETUP-CHROME] Can break extensions for profiles on network shares
* [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/
user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
/* 0710: disable GIO as a potential proxy bypass vector /* 0710: disable GIO as a potential proxy bypass vector
* Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda, * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, dav, cdda,
* gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64) * gphoto2, trash, etc. By default only smb and sftp protocols are accepted so far (as of FF64)
* [1] https://bugzilla.mozilla.org/1433507 * [1] https://bugzilla.mozilla.org/1433507
* [2] https://trac.torproject.org/23044 * [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23044
* [3] https://en.wikipedia.org/wiki/GVfs * [3] https://en.wikipedia.org/wiki/GVfs
* [4] https://en.wikipedia.org/wiki/GIO_(software) ***/ * [4] https://en.wikipedia.org/wiki/GIO_(software) ***/
user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
@ -653,10 +653,10 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.require_safe_negotiation", true);
/* 1202: control TLS versions with min and max /* 1202: control TLS versions with min and max
* 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3
* [STATS] Firefox telemetry (June 2020) shows only 0.16% of SSL handshakes use 1.0 or 1.1
* [WARNING] Leave these at default, otherwise you alter your TLS fingerprint. * [WARNING] Leave these at default, otherwise you alter your TLS fingerprint.
* Firefox telemetry (April 2020) shows only 0.25% of TLS web traffic uses 1.0 or 1.1
* [1] https://www.ssllabs.com/ssl-pulse/ ***/ * [1] https://www.ssllabs.com/ssl-pulse/ ***/
// user_pref("security.tls.version.min", 3); // user_pref("security.tls.version.min", 3); // [DEFAULT: 3 FF78+]
// user_pref("security.tls.version.max", 4); // user_pref("security.tls.version.max", 4);
/* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */ /* 1203: enforce TLS 1.0 and 1.1 downgrades as session only */
user_pref("security.tls.version.enable-deprecated", false); user_pref("security.tls.version.enable-deprecated", false);
@ -715,7 +715,7 @@ user_pref("security.pki.sha1_enforcement_level", 1);
* 0=disable detecting Family Safety mode and importing the root * 0=disable detecting Family Safety mode and importing the root
* 1=only attempt to detect Family Safety mode (don't import the root) * 1=only attempt to detect Family Safety mode (don't import the root)
* 2=detect Family Safety mode and import the root * 2=detect Family Safety mode and import the root
* [1] https://trac.torproject.org/projects/tor/ticket/21686 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/
user_pref("security.family_safety.mode", 0); user_pref("security.family_safety.mode", 0);
/* 1222: disable intermediate certificate caching (fingerprinting attack vector) [FF41+] [RESTART] /* 1222: disable intermediate certificate caching (fingerprinting attack vector) [FF41+] [RESTART]
* [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only. * [NOTE] This affects login/cert/key dbs. The effect is all credentials are session-only.
@ -726,12 +726,12 @@ user_pref("security.family_safety.mode", 0);
* PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict * PKP (Public Key Pinning) 0=disabled 1=allow user MiTM (such as your antivirus), 2=strict
* [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing * [SETUP-WEB] If you rely on an AV (antivirus) to protect your web browsing
* by inspecting ALL your web traffic, then leave at current default=1 * by inspecting ALL your web traffic, then leave at current default=1
* [1] https://trac.torproject.org/projects/tor/ticket/16206 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16206 ***/
user_pref("security.cert_pinning.enforcement_level", 2); user_pref("security.cert_pinning.enforcement_level", 2);
/** MIXED CONTENT ***/ /** MIXED CONTENT ***/
/* 1240: disable insecure active content on https pages /* 1240: disable insecure active content on https pages
* [1] https://trac.torproject.org/projects/tor/ticket/21323 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21323 ***/
user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true] user_pref("security.mixed_content.block_active_content", true); // [DEFAULT: true]
/* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/ /* 1241: disable insecure passive content (such as images) on https pages [SETUP-WEB] ***/
user_pref("security.mixed_content.block_display_content", true); user_pref("security.mixed_content.block_display_content", true);
@ -755,8 +755,8 @@ user_pref("security.mixed_content.block_object_subrequest", true);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false); // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
/* 1263: disable DHE (Diffie-Hellman Key Exchange) /* 1263: disable DHE (Diffie-Hellman Key Exchange)
* [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/ * [1] https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH ***/
// user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false ESR78 & FF79+] // user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); // [DEFAULT: false FF78+]
// user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false ESR78 & FF79+] // user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); // [DEFAULT: false FF78+]
/* 1264: disable the remaining non-modern cipher suites as of FF52 ***/ /* 1264: disable the remaining non-modern cipher suites as of FF52 ***/
// user_pref("security.ssl3.rsa_aes_128_sha", false); // user_pref("security.ssl3.rsa_aes_128_sha", false);
// user_pref("security.ssl3.rsa_aes_256_sha", false); // user_pref("security.ssl3.rsa_aes_256_sha", false);
@ -764,8 +764,10 @@ user_pref("security.mixed_content.block_object_subrequest", true);
/** UI (User Interface) ***/ /** UI (User Interface) ***/
/* 1270: display warning on the padlock for "broken security" (if 1201 is false) /* 1270: display warning on the padlock for "broken security" (if 1201 is false)
* Bug: warning padlock not indicated for subresources on a secure page! [2] * Bug: warning padlock not indicated for subresources on a secure page! [2]
* [STATS] SSL Labs (June 2020) reports 98.8% of sites have secure renegotiation [3]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://bugzilla.mozilla.org/1353705 ***/ * [2] https://bugzilla.mozilla.org/1353705
* [3] https://www.ssllabs.com/ssl-pulse/ ***/
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/* 1271: control "Add Security Exception" dialog on SSL warnings /* 1271: control "Add Security Exception" dialog on SSL warnings
* 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default) * 0=do neither 1=pre-populate url 2=pre-populate url + pre-fetch cert (default)
@ -789,7 +791,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
user_pref("browser.display.use_document_fonts", 0); user_pref("browser.display.use_document_fonts", 0);
/* 1403: disable icon fonts (glyphs) and local fallback rendering /* 1403: disable icon fonts (glyphs) and local fallback rendering
* [1] https://bugzilla.mozilla.org/789788 * [1] https://bugzilla.mozilla.org/789788
* [2] https://trac.torproject.org/projects/tor/ticket/8455 ***/ * [2] https://gitlab.torproject.org/legacy/trac/-/issues/8455 ***/
// user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+] // user_pref("gfx.downloadable_fonts.enabled", false); // [FF41+]
// user_pref("gfx.downloadable_fonts.fallback_delay", -1); // user_pref("gfx.downloadable_fonts.fallback_delay", -1);
/* 1404: disable rendering of SVG OpenType fonts /* 1404: disable rendering of SVG OpenType fonts
@ -962,7 +964,7 @@ user_pref("dom.disable_window_move_resize", true);
* This stops malicious window sizes and some screen resolution leaks. * This stops malicious window sizes and some screen resolution leaks.
* You can still right-click a link and open in a new window. * You can still right-click a link and open in a new window.
* [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen
* [1] https://trac.torproject.org/projects/tor/ticket/9881 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/
user_pref("browser.link.open_newwindow", 3); user_pref("browser.link.open_newwindow", 3);
user_pref("browser.link.open_newwindow.restriction", 0); user_pref("browser.link.open_newwindow.restriction", 0);
/* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks /* 2204: disable Fullscreen API (requires user interaction) to prevent screen-resolution leaks
@ -1142,7 +1144,7 @@ user_pref("browser.uitour.url", "");
* [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/
user_pref("devtools.chrome.enabled", false); user_pref("devtools.chrome.enabled", false);
/* 2608: disable remote debugging /* 2608: disable remote debugging
* [1] https://trac.torproject.org/projects/tor/ticket/16222 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/
user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
/* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN] /* 2609: disable MathML (Mathematical Markup Language) [FF51+] [SETUP-HARDEN]
* [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc * [TEST] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#misc
@ -1154,7 +1156,7 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
* [1] https://bugzilla.mozilla.org/1216893 ***/ * [1] https://bugzilla.mozilla.org/1216893 ***/
// user_pref("svg.disabled", true); // user_pref("svg.disabled", true);
/* 2611: disable middle mouse click opening links from clipboard /* 2611: disable middle mouse click opening links from clipboard
* [1] https://trac.torproject.org/projects/tor/ticket/10089 ***/ * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/
user_pref("middlemouse.contentLoadURL", false); user_pref("middlemouse.contentLoadURL", false);
/* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS) /* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
* [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins) * [NOTE] A low setting of 5 or under will probably break some sites (e.g. gmail logins)
@ -1507,8 +1509,8 @@ user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan
// 4601: [2514] spoof (or limit?) number of CPU cores [FF48+] // 4601: [2514] spoof (or limit?) number of CPU cores [FF48+]
// [NOTE] *may* affect core chrome/Firefox performance, will affect content. // [NOTE] *may* affect core chrome/Firefox performance, will affect content.
// [1] https://bugzilla.mozilla.org/1008453 // [1] https://bugzilla.mozilla.org/1008453
// [2] https://trac.torproject.org/projects/tor/ticket/21675 // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675
// [3] https://trac.torproject.org/projects/tor/ticket/22127 // [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127
// [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
// user_pref("dom.maxHardwareConcurrency", 2); // user_pref("dom.maxHardwareConcurrency", 2);
// * * * / // * * * /
@ -1520,7 +1522,7 @@ user_pref("dom.enable_resource_timing", false);
user_pref("dom.enable_performance", false); user_pref("dom.enable_performance", false);
// 4604: [2512] disable device sensor API // 4604: [2512] disable device sensor API
// Optional protection depending on your device // Optional protection depending on your device
// [1] https://trac.torproject.org/projects/tor/ticket/15758 // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758
// [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
// [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 // [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
// user_pref("device.sensors.enabled", false); // user_pref("device.sensors.enabled", false);
@ -1531,7 +1533,7 @@ user_pref("dom.enable_performance", false);
user_pref("browser.zoom.siteSpecific", false); user_pref("browser.zoom.siteSpecific", false);
// 4606: [2501] disable gamepad API - USB device ID enumeration // 4606: [2501] disable gamepad API - USB device ID enumeration
// Optional protection depending on your connected devices // Optional protection depending on your connected devices
// [1] https://trac.torproject.org/projects/tor/ticket/13023 // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023
// user_pref("dom.gamepad.enabled", false); // user_pref("dom.gamepad.enabled", false);
// 4607: [2503] disable giving away network info [FF31+] // 4607: [2503] disable giving away network info [FF31+]
// e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
@ -1547,7 +1549,7 @@ user_pref("media.webspeech.synth.enabled", false);
// * * * / // * * * /
// FF57+ // FF57+
// 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+] // 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+]
// [1] https://trac.torproject.org/projects/tor/ticket/15757 // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757
// [2] https://bugzilla.mozilla.org/654550 // [2] https://bugzilla.mozilla.org/654550
user_pref("media.video_stats.enabled", false); user_pref("media.video_stats.enabled", false);
// 4611: [2509] disable touch events // 4611: [2509] disable touch events
@ -1555,7 +1557,7 @@ user_pref("media.video_stats.enabled", false);
// 0=disabled, 1=enabled, 2=autodetect // 0=disabled, 1=enabled, 2=autodetect
// Optional protection depending on your device // Optional protection depending on your device
// [1] https://developer.mozilla.org/docs/Web/API/Touch_events // [1] https://developer.mozilla.org/docs/Web/API/Touch_events
// [2] https://trac.torproject.org/projects/tor/ticket/10286 // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286
// user_pref("dom.w3c_touch_events.enabled", 0); // user_pref("dom.w3c_touch_events.enabled", 0);
// * * * / // * * * /
// FF59+ // FF59+