From f5e54b4a709ca3d58e12e7524e71d3cd7f994515 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 2 Jan 2023 17:15:24 +0000 Subject: [PATCH 01/16] revert security.tls.version.enable-deprecated we kept it in the user js --- scratchpad-scripts/arkenfox-cleanup.js | 1 - 1 file changed, 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 15f59d7..6743ca7 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -257,7 +257,6 @@ 'extensions.formautofill.creditCards.available', 'extensions.formautofill.creditCards.supported', 'network.http.altsvc.oe', - 'security.tls.version.enable-deprecated', /* 92-102 */ 'browser.urlbar.trimURLs', 'dom.caches.enabled', From be376afc1ef9ee6c1eb305768af1da4a3eb1ca1e Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 8 Jan 2023 15:20:22 +0000 Subject: [PATCH 02/16] v108 (#1606) --- user.js | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/user.js b/user.js index c3eaab9..6a150db 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 21 November 2022 -* version: 107 +* date: 9 January 2023 +* version: 108 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -110,13 +110,6 @@ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] user_pref("geo.provider.use_gpsd", false); // [LINUX] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] -/* 0203: disable region updates - * [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html ***/ -user_pref("browser.region.update.enabled", false); // [FF79+] - // user_pref("browser.region.network.url", ""); // [FF78+] Defense-in-depth -/* 0204: set search region - * [NOTE] May not be hidden if Firefox has changed your settings due to your region (0203) ***/ - // user_pref("browser.search.region", "US"); // [HIDDEN PREF] /* 0210: set preferred language for displaying pages * [SETTING] General>Language and Appearance>Language>Choose your preferred language... * [TEST] https://addons.mozilla.org/about ***/ @@ -268,6 +261,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost /* 0701: disable IPv6 * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 + * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, @@ -477,7 +471,7 @@ user_pref("security.OCSP.require", true); user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict - * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE: If you rely on an AV (antivirus) to protect + * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE * your web browsing by inspecting ALL your web traffic, then override to current default ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enable CRLite [FF73+] @@ -565,10 +559,8 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); /* 2001: disable WebRTC (Web Real-Time Communication) - * Firefox uses mDNS hostname obfuscation on desktop (except Windows7/8) and the - * private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after - * you grant device (microphone or camera) access - * [SETUP-HARDEN] Test first. Windows7/8 users only: behind a proxy who never use WebRTC + * Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until + * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access * [TEST] https://browserleaks.com/webrtc * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ @@ -603,7 +595,7 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2404: limit events that can cause a popup [SETUP-WEB] ***/ +/* 2404: limit events that can cause a pop-up [SETUP-WEB] ***/ user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2600]: MISCELLANEOUS ***/ @@ -611,9 +603,6 @@ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curta /* 2601: prevent accessibility services from accessing your browser [RESTART] * [1] https://support.mozilla.org/kb/accessibility-services ***/ user_pref("accessibility.force_disabled", 1); -/* 2602: disable sending additional analytics to web servers - * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ -user_pref("beacon.enabled", false); /* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); @@ -829,6 +818,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) + 1422237 - return "srgb" with color-gamut (FF110) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1034,18 +1024,20 @@ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] * In FF96+ these are listed in about:compat * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] -/* 6010: enforce/reset TLS 1.0/1.1 downgrades to session only - * [NOTE] In FF97+ the TLS 1.0/1.1 downgrade UX was removed +/* 6010: enforce no TLS 1.0/1.1 downgrades * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] /* 6011: enforce disabling of Web Compatibility Reporter [FF56+] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] -/* 6050: prefsCleaner: reset items removed from arkenfox FF102+ ***/ +/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ + // user_pref("beacon.enabled", ""); // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); + // user_pref("browser.region.network.url", ""); + // user_pref("browser.region.update.enabled", "") // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); @@ -1194,6 +1186,9 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); /* 9003: disable What's New toolbar icon [FF69+] ***/ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); +/* 9004: disable seach terms [FF110+] + * [SETTING] Search > SearchBar > Use the address bar for search and navigation > Show search terms instead of URL... ***/ +user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] From 62a68f08147123b0c2c288ffdecc3f03e4ab1ae8 Mon Sep 17 00:00:00 2001 From: icpantsparti2 <101484718+icpantsparti2@users.noreply.github.com> Date: Sun, 8 Jan 2023 16:48:25 +0000 Subject: [PATCH 03/16] v108 (#1613) nit: add a ';' to the end of line 1040 --- user.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user.js b/user.js index 6a150db..6cb9953 100644 --- a/user.js +++ b/user.js @@ -1037,7 +1037,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); // user_pref("browser.region.network.url", ""); - // user_pref("browser.region.update.enabled", "") + // user_pref("browser.region.update.enabled", ""); // user_pref("browser.ssl_override_behavior", ""); // user_pref("devtools.chrome.enabled", ""); // user_pref("dom.disable_beforeunload", ""); From b99dd27de828be13530ce2f48c9178d34f5f82ab Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Fri, 27 Jan 2023 01:07:25 +0000 Subject: [PATCH 04/16] browser.startup.blankWindow, #1618 --- scratchpad-scripts/arkenfox-cleanup.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js index 6743ca7..6e06248 100644 --- a/scratchpad-scripts/arkenfox-cleanup.js +++ b/scratchpad-scripts/arkenfox-cleanup.js @@ -3,7 +3,7 @@ - removed from the arkenfox user.js - deprecated by Mozilla but listed in the arkenfox user.js in the past - Last updated: 5-December-2022 + Last updated: 27-January-2023 Instructions: - [optional] close Firefox and backup your profile @@ -239,6 +239,7 @@ /* REMOVED */ /* 103+ */ 'beacon.enabled', + 'browser.startup.blankWindow', 'browser.newtab.preload', 'browser.newtabpage.activity-stream.feeds.discoverystreamfeed', 'browser.newtabpage.activity-stream.feeds.snippets', From 82591911670943e629f5bc0a83adb95b2e5909ed Mon Sep 17 00:00:00 2001 From: Keith Harrison Date: Sun, 5 Feb 2023 14:06:49 +0000 Subject: [PATCH 05/16] prefsCleaner.bat: add -unattended flag (#1616) * prefsCleaner.bat: add -unattended flag Usage: prefsCleaner.bat -unattended Skips the prompt for user input and proceeds when -unattended is specified. If omitted, default behaviour is unchanged. --------- Signed-off-by: Keith Harrison Co-authored-by: earthlng --- prefsCleaner.bat | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index 7591c0e..d266b3f 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,17 +3,19 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.5 +REM ## version: 2.6 CD /D "%~dp0" +IF /I "%~1"=="-unattended" (SET _ua=1) + :begin ECHO: ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.5 #### +ECHO #### v2.6 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -22,10 +24,13 @@ CALL :message "This will allow inactive preferences to be reset to their default ECHO This Firefox profile shouldn't be in use during the process. CALL :message "" TIMEOUT 1 /nobreak >nul -CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" -CLS -IF ERRORLEVEL 3 (EXIT /B) -IF ERRORLEVEL 2 (GOTO :showhelp) + +IF NOT DEFINED _ua ( + CHOICE /C SHE /N /M "Start [S] Help [H] Exit [E]" + CLS + IF ERRORLEVEL 3 (EXIT /B) + IF ERRORLEVEL 2 (GOTO :showhelp) +) IF NOT EXIST "user.js" (CALL :abort "user.js not found in the current directory." 30) IF NOT EXIST "prefs.js" (CALL :abort "prefs.js not found in the current directory." 30) CALL :strlenCheck From 73884850632ffe284f76881786f7d5903b917f58 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Tue, 7 Feb 2023 00:02:45 +0000 Subject: [PATCH 06/16] v109 (#1614) --- user.js | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/user.js b/user.js index 6cb9953..4217d61 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 9 January 2023 -* version: 108 +* date: 7 February 2023 +* version: 109 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -471,8 +471,7 @@ user_pref("security.OCSP.require", true); user_pref("security.family_safety.mode", 0); /* 1223: enable strict PKP (Public Key Pinning) * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict - * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE - * your web browsing by inspecting ALL your web traffic, then override to current default ***/ + * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/ user_pref("security.cert_pinning.enforcement_level", 2); /* 1224: enable CRLite [FF73+] * 0 = disabled @@ -595,8 +594,6 @@ user_pref("media.eme.enabled", false); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); -/* 2404: limit events that can cause a pop-up [SETUP-WEB] ***/ -user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /*** [SECTION 2600]: MISCELLANEOUS ***/ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!"); @@ -606,8 +603,6 @@ user_pref("accessibility.force_disabled", 1); /* 2603: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2604: disable page thumbnail collection ***/ -user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); // user_pref("browser.uitour.url", ""); // Defense-in-depth @@ -853,10 +848,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4506: set RFP's font visibility level (1402) [FF94+] ***/ // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1] -/* 4507: disable showing about:blank as soon as possible during startup [FF60+] - * When default true this no longer masks the RFP chrome resizing activity - * [1] https://bugzilla.mozilla.org/1448423 ***/ -user_pref("browser.startup.blankWindow", false); /* 4510: disable using system colors * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/ user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS] @@ -963,6 +954,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] +/* 5017: limit events that can cause a pop-up ***/ + // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); +/* 5018: disable page thumbnail collection ***/ + // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, @@ -1033,6 +1028,7 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/ // user_pref("beacon.enabled", ""); + // user_pref("browser.startup.blankWindow", ""); // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); @@ -1186,8 +1182,8 @@ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", fa user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); /* 9003: disable What's New toolbar icon [FF69+] ***/ user_pref("browser.messaging-system.whatsNewPanel.enabled", false); -/* 9004: disable seach terms [FF110+] - * [SETTING] Search > SearchBar > Use the address bar for search and navigation > Show search terms instead of URL... ***/ +/* 9004: disable search terms [FF110+] + * [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/ user_pref("browser.urlbar.showSearchTerms.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED From ca022d8c2d2d8b2e149fd34a696284759e566f4e Mon Sep 17 00:00:00 2001 From: earthlng Date: Fri, 10 Mar 2023 09:21:21 +0000 Subject: [PATCH 07/16] v4.19 - use Powershell for locale-independent TS --- updater.bat | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/updater.bat b/updater.bat index 40a6d10..f6174f7 100644 --- a/updater.bat +++ b/updater.bat @@ -3,10 +3,10 @@ TITLE arkenfox user.js updater REM ## arkenfox user.js updater for Windows REM ## author: @claustromaniac -REM ## version: 4.18 +REM ## version: 4.19 REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows -SET v=4.18 +SET v=4.19 VERIFY ON CD /D "%~dp0" @@ -177,8 +177,7 @@ IF EXIST user.js.new ( IF DEFINED _singlebackup ( MOVE /Y user.js user.js.bak >nul ) ELSE ( - FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j - SET ldt=!ldt:~0,8!_!ldt:~8,6! + FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# MOVE /Y user.js "user-backup-!ldt!.js" >nul ) REN user.js.new user.js From d13f39d9f9c4dae6f7034fe8b4f29e5893a5abdc Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 12 Mar 2023 03:26:12 +0000 Subject: [PATCH 08/16] v110 (#1629) --- user.js | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/user.js b/user.js index 4217d61..bf931b2 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 7 February 2023 -* version: 109 +* date: 12 March 2023 +* version: 110 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -557,13 +557,6 @@ user_pref("privacy.userContext.ui.enabled", true); /*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!"); -/* 2001: disable WebRTC (Web Real-Time Communication) - * Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until - * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access - * [TEST] https://browserleaks.com/webrtc - * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ - * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ - // user_pref("media.peerconnection.enabled", false); /* 2002: force WebRTC inside the proxy [FF70+] ***/ user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); /* 2003: force a single network interface for ICE candidates generation [FF42+] @@ -954,9 +947,9 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+] // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+] // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+] -/* 5017: limit events that can cause a pop-up ***/ +/* 5018: limit events that can cause a pop-up ***/ // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); -/* 5018: disable page thumbnail collection ***/ +/* 5019: disable page thumbnail collection ***/ // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /*** [SECTION 5500]: OPTIONAL HARDENING @@ -1143,6 +1136,13 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID" * [1] https://support.mozilla.org/kb/push-notifications-firefox ***/ // user_pref("dom.push.enabled", false); +/* 7020: disable WebRTC (Web Real-Time Communication) + * [WHY] Firefox desktop uses mDNS hostname obfuscation and the private IP is never exposed until + * required in TRUSTED scenarios; i.e. after you grant device (microphone or camera) access + * [TEST] https://browserleaks.com/webrtc + * [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ + * [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/ + // user_pref("media.peerconnection.enabled", false); /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING [WHY] They are insufficient to help anti-fingerprinting and do more harm than good From e2e8c4ea8f9c8034a2ff72fe3c2d4a4a89404c10 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Mon, 13 Mar 2023 07:13:07 +0000 Subject: [PATCH 09/16] add arkenfox/gui --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2f33ad9..1a27d8a 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ A `user.js` is a configuration file that can control Firefox settings - for a mo The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen). -Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. +Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. There is also an [interactive current release](https://arkenfox.github.io/gui/), thanks to [icpantsparti2](https://github.com/icpantsparti2). Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://2019.www.torproject.org/about/torusers.html) calls for it, or for accessing hidden services. From bdaa2867b923669361a8527065e919c839668599 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 19 Mar 2023 11:16:40 +0000 Subject: [PATCH 10/16] v2.7 - use Powershell for locale-independent TS fixes #1624 --- prefsCleaner.bat | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/prefsCleaner.bat b/prefsCleaner.bat index d266b3f..2e3403f 100644 --- a/prefsCleaner.bat +++ b/prefsCleaner.bat @@ -3,7 +3,7 @@ TITLE prefs.js cleaner REM ### prefs.js cleaner for Windows REM ## author: @claustromaniac -REM ## version: 2.6 +REM ## version: 2.7 CD /D "%~dp0" @@ -15,7 +15,7 @@ ECHO: ECHO ######################################## ECHO #### prefs.js cleaner for Windows #### ECHO #### by claustromaniac #### -ECHO #### v2.6 #### +ECHO #### v2.7 #### ECHO ######################################## ECHO: CALL :message "This script should be run from your Firefox profile directory." @@ -37,8 +37,7 @@ CALL :strlenCheck CALL :FFcheck CALL :message "Backing up prefs.js..." -FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j -SET ldt=%ldt:~0,8%_%ldt:~8,6% +FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%# COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js" CALL :message "Cleaning prefs.js..." From c84c419544cbbe4442190cc6325b926b519d8db5 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Thu, 30 Mar 2023 04:50:25 +0000 Subject: [PATCH 11/16] v111 (#1650) --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index bf931b2..3e3b84c 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 12 March 2023 -* version: 110 +* date: 30 March 2023 +* version: 111 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -262,7 +262,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4 * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause - * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6 + * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6 * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP, * then this won't make much difference. If you are masking your IP, then it can only help. @@ -426,7 +426,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Sept 2022) reports over 99.3% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -875,7 +875,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow * caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode). * In fact, PB mode limits or removes the ability to control some of these, and you need to quit * Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide - * a temporary self-contained new session. Close all Private Windows to clear the PB mode session. + * a temporary self-contained new session. Close all private windows to clear the PB session. * [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode * [1] https://wiki.mozilla.org/Private_Browsing * [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/ @@ -951,6 +951,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown"); /* 5019: disable page thumbnail collection ***/ // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] +/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/ + // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false); /*** [SECTION 5500]: OPTIONAL HARDENING Not recommended. Overriding these can cause breakage and performance issues, From f2e4a79ca0220aa2ad87e76ff59f5cbc37c5f373 Mon Sep 17 00:00:00 2001 From: Celestial Nebula <41875671+CelestialNebula@users.noreply.github.com> Date: Sat, 22 Apr 2023 11:52:26 +0000 Subject: [PATCH 12/16] updater.sh/prefsCleaner.sh: Check for root and abort (#1651) * updater.sh/prefsCleaner.sh: Check for root and abort Check if running as root and if any files have the owner/group as root|wheel. Abort on both. Should (hopefully) prevent stuff like: https://github.com/arkenfox/user.js/issues/1587 Discussion: https://github.com/arkenfox/user.js/pull/1595 --------- Co-authored-by: Mohammed Anas Co-authored-by: earthlng --- prefsCleaner.sh | 15 +++++++++++++-- updater.sh | 13 ++++++++++++- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 052905e..9aa89f0 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,12 +2,23 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.6 +## version: 1.7 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() ) +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + exit 1 +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + exit 1 +fi + readonly CURRDIR=$(pwd) ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed) @@ -138,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.6 ║" +echo " ║ v1.7 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." diff --git a/updater.sh b/updater.sh index bf275c5..0f544d0 100755 --- a/updater.sh +++ b/updater.sh @@ -2,12 +2,23 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.5 +## version: 3.6 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() ) +# Check if running as root and if any files have the owner/group as root/wheel. +if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then + printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + exit 1 +elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then + printf 'It looks like this script was previously run with elevated privileges, +you will need to change ownership of the following files to your user:\n' + find . -user 0 -o -group 0 + exit 1 +fi + readonly CURRDIR=$(pwd) SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null) From 7a1d0a92af95d152349830d027648fa299b9bcba Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 23 Apr 2023 09:13:13 +0000 Subject: [PATCH 13/16] v3.7 - fix syntax error --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index 0f544d0..9f4b46b 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.6 +## version: 3.7 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, From d50c772d7d28b0a49e19e5ded6dcb0c4e52717be Mon Sep 17 00:00:00 2001 From: earthlng Date: Sun, 23 Apr 2023 09:14:03 +0000 Subject: [PATCH 14/16] v1.8 - fix syntax error --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index 9aa89f0..c62f070 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.7 +## version: 1.8 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n' + printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, @@ -149,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.7 ║" +echo " ║ v1.8 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js." From 2f4b93a18fe610435f7142c3a23baa7e247d9613 Mon Sep 17 00:00:00 2001 From: bol0gna <75225753+bol0gna@users.noreply.github.com> Date: Mon, 24 Apr 2023 12:56:29 -0400 Subject: [PATCH 15/16] fix escape character, should close #1667 (#1668) --- updater.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updater.sh b/updater.sh index 9f4b46b..6a3d1f2 100755 --- a/updater.sh +++ b/updater.sh @@ -2,7 +2,7 @@ ## arkenfox user.js updater for macOS and Linux -## version: 3.7 +## version: 3.8 ## Author: Pat Johnson (@overdodactyl) ## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' + printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n" exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, From b117916207862d4785f6da32d48cbe4420372434 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 24 Apr 2023 16:58:19 +0000 Subject: [PATCH 16/16] Update prefsCleaner.sh --- prefsCleaner.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/prefsCleaner.sh b/prefsCleaner.sh index c62f070..f36732c 100755 --- a/prefsCleaner.sh +++ b/prefsCleaner.sh @@ -2,7 +2,7 @@ ## prefs.js cleaner for Linux/Mac ## author: @claustromaniac -## version: 1.8 +## version: 1.9 ## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh @@ -10,7 +10,7 @@ # Check if running as root and if any files have the owner/group as root/wheel. if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then - printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n' + printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n" exit 1 elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then printf 'It looks like this script was previously run with elevated privileges, @@ -149,7 +149,7 @@ echo -e "\n\n" echo " ╔══════════════════════════╗" echo " ║ prefs.js cleaner ║" echo " ║ by claustromaniac ║" -echo " ║ v1.8 ║" +echo " ║ v1.9 ║" echo " ╚══════════════════════════╝" echo -e "\nThis script should be run from your Firefox profile directory.\n" echo "It will remove any entries from prefs.js that also exist in user.js."