diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6aa8c31..9d2ec12 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 11-December-2021 + Last updated: 16-January-2022 Instructions: - [optional] close Firefox and backup your profile @@ -232,6 +232,7 @@ 'privacy.firstparty.isolate.block_post_message', 'privacy.firstparty.isolate.restrict_opener_access', 'privacy.firstparty.isolate.use_site', + 'security.insecure_connection_text.enabled', /* 79-91 */ 'alerts.showFavicons', 'browser.newtabpage.activity-stream.asrouter.providers.snippets', diff --git a/user.js b/user.js index 0d9bf72..e80a95c 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 9 December 2021 -* version 96-alpha +* date: 21 January 2022 +* version 96 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -139,15 +139,6 @@ user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); -/** UPDATES ***/ -/* 0302: disable auto-INSTALLING Firefox updates via a background service [FF90+] [WINDOWS] - * [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running - * [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows ***/ -user_pref("app.update.background.scheduling.enabled", false); -/* 0306: disable search engine updates (e.g. OpenSearch) - * [NOTE] This does not affect Mozilla's built-in or Web Extension search engines ***/ -user_pref("browser.search.update", false); - /** RECOMMENDATIONS ***/ /* 0320: disable recommendation pane in about:addons (uses Google Analytics) ***/ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF] @@ -564,8 +555,6 @@ user_pref("browser.ssl_override_behavior", 1); * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) * [TEST] https://expired.badssl.com/ ***/ user_pref("browser.xul.error_pages.expert_bad_cert", true); -/* 1273: display "Not Secure" text on HTTP sites ***/ -user_pref("security.insecure_connection_text.enabled", true); // [FF60+] /*** [SECTION 1400]: FONTS ***/ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!"); @@ -582,7 +571,6 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); // user_pref("layout.css.font-visibility.trackingprotection", 1); /*** [SECTION 1600]: HEADERS / REFERERS - Expect some breakage e.g. banks: use an extension if you need precise control full URI: https://example.com:8888/foo/bar.html?id=1234 scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port: https://example.com:8888 @@ -591,7 +579,8 @@ user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); /* 1601: control when to send a cross-origin referer * 0=always (default), 1=only if base domains match, 2=only if hosts match - * [SETUP-WEB] Known to cause issues with older modems/routers and some sites e.g vimeo, icloud, instagram ***/ + * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram + * If "2" is too strict, then override to "0" and use Smart Referer (Strict mode + add exceptions) ***/ user_pref("network.http.referer.XOriginPolicy", 2); /* 1602: control the amount of cross-origin information to send [FF52+] * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ @@ -768,11 +757,18 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false); /*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); /* 2701: enable ETP Strict Mode [FF86+] - * [NOTE] ETP Strict Mode enables Total Cookie Protection (TCP) + * ETP Strict Mode enables Total Cookie Protection (TCP) + * [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of + * cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ user_pref("browser.contentblocking.category", "strict"); +/* 2702: disable ETP web compat features [FF93+] + * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants + * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/ + * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/ + // user_pref("privacy.antitracking.enableWebcompat", false); /* 2710: enable state partitioning of service workers [FF96+] ***/ user_pref("privacy.partition.serviceWorkers", true); @@ -1093,7 +1089,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true] * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/ user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true] -/* 0607: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ +/* 6007: enforce Local Storage Next Generation (LSNG) [FF65+] ***/ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] /* 6008: enforce no First Party Isolation [FF51+] * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), @@ -1118,6 +1114,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("privacy.firstparty.isolate.block_post_message", ""); // user_pref("privacy.firstparty.isolate.restrict_opener_access", ""); // user_pref("privacy.firstparty.isolate.use_site", ""); + // user_pref("security.insecure_connection_text.enabled", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1279,8 +1276,10 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switc // user_pref("full-screen-api.warning.timeout", 0); /* UPDATES ***/ // user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates - // [NOTE] You will still get prompts to update, and should do so in a timely manner - // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them + // [NOTE] You will still get prompts to update, and should do so in a timely manner + // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them + // user_pref("browser.search.update", false); // disable search engine updates (e.g. OpenSearch) + // [NOTE] This does not affect Mozilla's built-in or Web Extension search engines // user_pref("extensions.update.enabled", false); // disable extension and theme update checks // user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates // [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) @@ -1339,6 +1338,12 @@ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is m // 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807 // [-] https://bugzilla.mozilla.org/1735976 user_pref("browser.urlbar.suggest.quicksuggest", false); +// FF96 +// 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS] + // [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running + // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows + // [-] https://bugzilla.mozilla.org/1738983 +user_pref("app.update.background.scheduling.enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/