1
0

2699 RFP -> 4500s

This commit is contained in:
Thorin-Oakenpants 2017-09-14 15:57:42 +12:00 committed by GitHub
parent 17ba1401cf
commit 54b64e3f3c

105
user.js
View File

@ -846,7 +846,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
* If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed.
* [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If * [NOTE] Creating your own probably highly-unique whitelist will raise your entropy. If
* you block sites choosing fonts in 1401, this preference is irrelevant. In future, * you block sites choosing fonts in 1401, this preference is irrelevant. In future,
* privacy.resistFingerprinting (see 2699) may cover this, and 1401 can be relaxed. * privacy.resistFingerprinting (see 4500) may cover this, and 1401 can be relaxed.
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 ***/
// user_pref("font.system.whitelist", ""); // (hidden pref) // user_pref("font.system.whitelist", ""); // (hidden pref)
@ -1244,9 +1244,8 @@ user_pref("dom.presentation.discoverable", false);
user_pref("dom.presentation.discovery.enabled", false); user_pref("dom.presentation.discovery.enabled", false);
user_pref("dom.presentation.receiver.enabled", false); user_pref("dom.presentation.receiver.enabled", false);
user_pref("dom.presentation.session_transport.data_channel.enable", false); user_pref("dom.presentation.session_transport.data_channel.enable", false);
/* 2514: spoof (or limit?) number of CPU cores (also see 2699f) (FF48+) /* 2514: spoof (or limit?) number of CPU cores (FF48+)
* [WARNING] *may* affect core chrome/Firefox performance, will affect content. * [WARNING] *may* affect core chrome/Firefox performance, will affect content.
* Highly recommended to leave this (DOM) and use 2699f (navigator)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1008453
* [2] https://trac.torproject.org/projects/tor/ticket/21675 * [2] https://trac.torproject.org/projects/tor/ticket/21675
* [3] https://trac.torproject.org/projects/tor/ticket/22127 * [3] https://trac.torproject.org/projects/tor/ticket/22127
@ -1437,7 +1436,7 @@ user_pref("security.csp.experimentalEnabled", true);
navigator objects, resource://URIs, <isindex> locale, feature detection and more. navigator objects, resource://URIs, <isindex> locale, feature detection and more.
2. You are not in a controlled set of significant numbers, where the values are enforced 2. You are not in a controlled set of significant numbers, where the values are enforced
by default. It works for TBB because for TBB, the spoofed values ARE their default. by default. It works for TBB because for TBB, the spoofed values ARE their default.
* We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 2699) * We do not recommend UA spoofing yourself, leave it to privacy.resistFingerprinting (see 4500)
* Values below are for example only based on the current ESR/TBB at the time of writing * Values below are for example only based on the current ESR/TBB at the time of writing
***/ ***/
/* 2697a: navigator.userAgent leaks in JS /* 2697a: navigator.userAgent leaks in JS
@ -1457,53 +1456,6 @@ user_pref("security.csp.experimentalEnabled", true);
// user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref) // user_pref("general.oscpu.override", "Windows NT 6.1"); // (hidden pref)
/* 2697g: general.useragent.locale (related, see 0204) ***/ /* 2697g: general.useragent.locale (related, see 0204) ***/
/*** 2699: privacy.resistFingerprinting
This master switch will be used for a wide range of items,
many of which will **override** existing prefs from FF55+
** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+)
[POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
[NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
[NOTE] This will probably make your values pretty unique until you resize or snap the
inner window width + height into standard/common resolutions (such as 1366x768)
To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
your window size, do some math, resize to allow for all the non inner window elements
[TEST] http://browserspy.dk/screen.php
** 1281949 - spoof screen orientation (FF50+)
** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
** 1330890 - spoof timezone as UTC 0 (FF55+)
** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
This spoof *shouldn't* affect core chrome/Firefox performance
** 1217238 - reduce precision of time exposed by javascript (FF55+)
** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+)
** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+)
FF56: The version number will be rounded down to the nearest multiple of 10
FF57+: The version number will match current ESR
** 1369319 - disable device sensor API (see 2512) (FF56+)
** 1369357 - disable site specific zoom (see 2515) (FF56+)
** 1337161 - hide gamepads from content (see 2501) (FF56+)
** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+)
** 1372069 - disable geolocation API (see 0201) (FF56+)
** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+)
** 1369309 - spoof media statistics (see 2506) (FF57+)
** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+)
** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+)
** 1382545 - reduce fingerprinting in Animation API (FF57+)
** 1354633 - limit MediaError.message to a whitelist (FF57+)
** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+)
This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
***/
/* 2699a: enable privacy.resistFingerprinting (FF41+)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/
user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+)
/* 2699b: set new window sizes to round to hundreds (FF55+) [SETUP]
* [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen.
* The override values are a starting point to round from if you want some control
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882
* [2] https://hardware.metrics.mozilla.com/ ***/
// user_pref("privacy.window.maxInnerWidth", 1600); // (hidden pref)
// user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref)
/*** 2700: COOKIES & DOM STORAGE ***/ /*** 2700: COOKIES & DOM STORAGE ***/
user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!"); user_pref("ghacks_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
/* 2701: disable cookies on all sites [SETUP] /* 2701: disable cookies on all sites [SETUP]
@ -1618,6 +1570,57 @@ user_pref("privacy.firstparty.isolate", true);
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1319773#c22 ***/
user_pref("privacy.firstparty.isolate.restrict_opener_access", true); user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
/*** 4500: privacy.resistFingerprinting
This master switch will be used for a wide range of items, many of which will
**override** existing prefs from FF55+, often providing a **better** solution
IMPORTANT: As existing prefs become redundant, and some of them WILL interfere
with how RFP works, they will be moved to section 4600 and made inactive
** 418986 - limit window.screen & CSS media queries leaking identifiable info (FF41+)
[POC] http://ip-check.info/?lang=en (screen, usable screen, and browser window will match)
[NOTE] Does not cover everything yet - https://bugzilla.mozilla.org/show_bug.cgi?id=1216800
[NOTE] This will probably make your values pretty unique until you resize or snap the
inner window width + height into standard/common resolutions (such as 1366x768)
To set a size, open a XUL (chrome) page (such as about:config) which is at 100% zoom, hit
Shift+F4 to open the scratchpad, type window.resizeTo(1366,768), hit Ctrl+R to run. Test
your window size, do some math, resize to allow for all the non inner window elements
[TEST] http://browserspy.dk/screen.php
** 1281949 - spoof screen orientation (FF50+)
** 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
** 1330890 - spoof timezone as UTC 0 (FF55+)
** 1360039 - spoof navigator.hardwareConcurrency as 2 (also see 2514) (FF55+)
This spoof *shouldn't* affect core chrome/Firefox performance
** 1217238 - reduce precision of time exposed by javascript (FF55+)
** 1369303 - spoof/disable performance API (see 2410-deprecated, 2411, 2412) (FF56+)
** 1333651 & 1383495 & 1396468 & 1393283 - spoof Navigator API (see section 2697) (FF56+)
FF56: The version number will be rounded down to the nearest multiple of 10
FF57+: The version number will match current ESR
** 1369319 - disable device sensor API (see 2512) (FF56+)
** 1369357 - disable site specific zoom (see 2515) (FF56+)
** 1337161 - hide gamepads from content (see 2501) (FF56+)
** 1372072 - spoof network information API as "unknown" (see 2503) (FF56+)
** 1372069 - disable geolocation API (see 0201) (FF56+)
** 1333641 - reduce fingerprinting in WebSpeech API (see 2021) (FF56+)
** 1369309 - spoof media statistics (see 2506) (FF57+)
** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 2509) (FF57+)
** 1217290 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+)
** 1382545 - reduce fingerprinting in Animation API (FF57+)
** 1354633 - limit MediaError.message to a whitelist (FF57+)
** 1382533 - enable fingerprinting resistance for Presentation API (see 2513) (FF57+)
This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
***/
/* 4501: enable privacy.resistFingerprinting (FF41+)
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=418986 ***/
user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF55+)
/* 4502: set new window sizes to round to hundreds (FF55+) [SETUP]
* [NOTE] Width will round to multiples of 200s and height to 100s, to fit your screen.
* The override values are a starting point to round from if you want some control
* [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1330882
* [2] https://hardware.metrics.mozilla.com/ ***/
user_pref("privacy.window.maxInnerWidth", 1400); // (hidden pref)
user_pref("privacy.window.maxInnerHeight", 800); // (hidden pref)
/*** 5000: PERSONAL SETTINGS [SETUP] /*** 5000: PERSONAL SETTINGS [SETUP]
Settings that are handy to migrate and/or are not in the Options interface. Users Settings that are handy to migrate and/or are not in the Options interface. Users
can put their own non-security/privacy/fingerprinting/tracking stuff here ***/ can put their own non-security/privacy/fingerprinting/tracking stuff here ***/