1
0
Fork 0

merge v111

This commit is contained in:
Michel 2023-04-25 10:08:14 +02:00
commit 6388108e3a
7 changed files with 69 additions and 43 deletions

View File

@ -7,7 +7,7 @@ A `user.js` is a configuration file that can control Firefox settings - for a mo
The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings.
Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. There is also an [interactive current release](https://arkenfox.github.io/gui/), thanks to [icpantsparti2](https://github.com/icpantsparti2).
Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://2019.www.torproject.org/about/torusers.html) calls for it, or for accessing hidden services.

View File

@ -3,17 +3,19 @@ TITLE prefs.js cleaner
REM ### prefs.js cleaner for Windows
REM ## author: @claustromaniac
REM ## version: 2.5
REM ## version: 2.7
CD /D "%~dp0"
IF /I "%~1"=="-unattended" (SET _ua=1)
:begin
ECHO:
ECHO:
ECHO ########################################
ECHO #### prefs.js cleaner for Windows ####
ECHO #### by claustromaniac ####
ECHO #### v2.5 ####
ECHO #### v2.7 ####
ECHO ########################################
ECHO:
CALL :message "This script should be run from your Firefox profile directory."
@ -22,18 +24,20 @@ CALL :message "This will allow inactive preferences to be reset to their default
ECHO This Firefox profile shouldn't be in use during the process.
CALL :message ""
TIMEOUT 1 /nobreak >nul
CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]"
CLS
IF ERRORLEVEL 3 (EXIT /B)
IF ERRORLEVEL 2 (GOTO :showhelp)
IF NOT DEFINED _ua (
CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]"
CLS
IF ERRORLEVEL 3 (EXIT /B)
IF ERRORLEVEL 2 (GOTO :showhelp)
)
IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30)
IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30)
CALL :strlenCheck
CALL :FFcheck
CALL :message "Backing up prefs.js..."
FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j
SET ldt=%ldt:~0,8%_%ldt:~8,6%
FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js"
CALL :message "Cleaning prefs.js..."

View File

@ -2,12 +2,23 @@
## prefs.js cleaner for Linux/Mac
## author: @claustromaniac
## version: 1.6
## version: 1.9
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() )
# Check if running as root and if any files have the owner/group as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
exit 1
elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
you will need to change ownership of the following files to your user:\n'
find . -user 0 -o -group 0
exit 1
fi
readonly CURRDIR=$(pwd)
## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
@ -138,7 +149,7 @@ echo -e "\n\n"
echo " ╔══════════════════════════╗"
echo " ║ prefs.js cleaner ║"
echo " ║ by claustromaniac ║"
echo " ║ v1.6 ║"
echo " ║ v1.9 ║"
echo " ╚══════════════════════════╝"
echo -e "\nThis script should be run from your Firefox profile directory.\n"
echo "It will remove any entries from prefs.js that also exist in user.js."

View File

@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
Last updated: 5-December-2022
Last updated: 27-January-2023
Instructions:
- [optional] close Firefox and backup your profile
@ -239,6 +239,7 @@
/* REMOVED */
/* 103+ */
'beacon.enabled',
'browser.startup.blankWindow',
'browser.newtab.preload',
'browser.newtabpage.activity-stream.feeds.discoverystreamfeed',
'browser.newtabpage.activity-stream.feeds.snippets',
@ -257,7 +258,6 @@
'extensions.formautofill.creditCards.available',
'extensions.formautofill.creditCards.supported',
'network.http.altsvc.oe',
'security.tls.version.enable-deprecated',
/* 92-102 */
'browser.urlbar.trimURLs',
'dom.caches.enabled',

View File

@ -3,10 +3,10 @@ TITLE arkenfox user.js updater
REM ## arkenfox user.js updater for Windows
REM ## author: @claustromaniac
REM ## version: 4.18
REM ## version: 4.19
REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows
SET v=4.18
SET v=4.19
VERIFY ON
CD /D "%~dp0"
@ -177,8 +177,7 @@ IF EXIST user.js.new (
IF DEFINED _singlebackup (
MOVE /Y user.js user.js.bak >nul
) ELSE (
FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j
SET ldt=!ldt:~0,8!_!ldt:~8,6!
FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
MOVE /Y user.js "user-backup-!ldt!.js" >nul
)
REN user.js.new user.js

View File

@ -2,12 +2,23 @@
## arkenfox user.js updater for macOS and Linux
## version: 3.5
## version: 3.8
## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() )
# Check if running as root and if any files have the owner/group as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n"
exit 1
elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
you will need to change ownership of the following files to your user:\n'
find . -user 0 -o -group 0
exit 1
fi
readonly CURRDIR=$(pwd)
SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)

51
user.js
View File

@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
* date: 21 December 2022
* version: 108
* date: 30 March 2023
* version: 111
* url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -261,7 +261,8 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost
/* 0701: disable IPv6
* IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming
* your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4
* [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6
* [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause
* [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6
* [NOTE] This is an application level fallback. Disabling IPv6 is best done at an
* OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
* then this won't make much difference. If you are masking your IP, then it can only help.
@ -425,7 +426,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
* [STATS] SSL Labs (Sept 2022) reports over 99.3% of top sites have secure renegotiation [4]
* [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@ -470,8 +471,7 @@ user_pref("security.OCSP.require", true);
user_pref("security.family_safety.mode", 0);
/* 1223: enable strict PKP (Public Key Pinning)
* 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict
* [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE: If you rely on an AV (antivirus) to protect
* your web browsing by inspecting ALL your web traffic, then override to current default ***/
* [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/
user_pref("security.cert_pinning.enforcement_level", 2);
/* 1224: enable CRLite [FF73+]
* 0 = disabled
@ -557,15 +557,6 @@ user_pref("privacy.userContext.ui.enabled", true);
/*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/
user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
/* 2001: disable WebRTC (Web Real-Time Communication)
* Firefox uses mDNS hostname obfuscation on desktop (except Windows7/8) and the
* private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after
* you grant device (microphone or camera) access
* [SETUP-HARDEN] Test first. Windows7/8 users only: behind a proxy who never use WebRTC
* [TEST] https://browserleaks.com/webrtc
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
* [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/
// user_pref("media.peerconnection.enabled", false);
/* 2002: force WebRTC inside the proxy [FF70+] ***/
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
/* 2003: force a single network interface for ICE candidates generation [FF42+]
@ -596,8 +587,6 @@ user_pref("media.eme.enabled", false);
user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
/* 2402: prevent scripts from moving and resizing open windows ***/
user_pref("dom.disable_window_move_resize", true);
/* 2404: limit events that can cause a pop-up [SETUP-WEB] ***/
user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
/*** [SECTION 2600]: MISCELLANEOUS ***/
user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
@ -607,8 +596,6 @@ user_pref("accessibility.force_disabled", 1);
/* 2603: remove temp files opened with an external application
* [1] https://bugzilla.mozilla.org/302433 ***/
user_pref("browser.helperApps.deleteTempFileOnExit", true);
/* 2604: disable page thumbnail collection ***/
user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
user_pref("browser.uitour.enabled", false);
// user_pref("browser.uitour.url", ""); // Defense-in-depth
@ -819,6 +806,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
1422237 - return "srgb" with color-gamut (FF110)
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable privacy.resistFingerprinting [FF41+]
@ -853,10 +841,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
/* 4506: set RFP's font visibility level (1402) [FF94+] ***/
// user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
/* 4507: disable showing about:blank as soon as possible during startup [FF60+]
* When default true this no longer masks the RFP chrome resizing activity
* [1] https://bugzilla.mozilla.org/1448423 ***/
user_pref("browser.startup.blankWindow", false);
/* 4510: disable using system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
@ -891,7 +875,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
* caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode).
* In fact, PB mode limits or removes the ability to control some of these, and you need to quit
* Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide
* a temporary self-contained new session. Close all Private Windows to clear the PB mode session.
* a temporary self-contained new session. Close all private windows to clear the PB session.
* [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode
* [1] https://wiki.mozilla.org/Private_Browsing
* [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/
@ -963,6 +947,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
// user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
// user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
// user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
/* 5018: limit events that can cause a pop-up ***/
// user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
/* 5019: disable page thumbnail collection ***/
// user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
// user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
/*** [SECTION 5500]: OPTIONAL HARDENING
Not recommended. Overriding these can cause breakage and performance issues,
@ -1033,11 +1023,12 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/
// user_pref("beacon.enabled", "");
// user_pref("browser.startup.blankWindow", "");
// user_pref("browser.newtab.preload", "");
// user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", "");
// user_pref("browser.newtabpage.activity-stream.feeds.snippets", "");
// user_pref("browser.region.network.url", "");
// user_pref("browser.region.update.enabled", "")
// user_pref("browser.region.update.enabled", "");
// user_pref("browser.ssl_override_behavior", "");
// user_pref("devtools.chrome.enabled", "");
// user_pref("dom.disable_beforeunload", "");
@ -1147,6 +1138,13 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
* [1] https://support.mozilla.org/kb/push-notifications-firefox ***/
// user_pref("dom.push.enabled", false);
/* 7020: disable WebRTC (Web Real-Time Communication)
* [WHY] Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until
* required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access
* [TEST] https://browserleaks.com/webrtc
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
* [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/
// user_pref("media.peerconnection.enabled", false);
/*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING
[WHY] They are insufficient to help anti-fingerprinting and do more harm than good
@ -1186,6 +1184,9 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
/* 9003: disable What's New toolbar icon [FF69+] ***/
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
/* 9004: disable search terms [FF110+]
* [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/
user_pref("browser.urlbar.showSearchTerms.enabled", false);
/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1]