From 71a2d393f37e0dc3b77975b992b915be0e4d4ea7 Mon Sep 17 00:00:00 2001 From: earthlng Date: Mon, 10 Dec 2018 22:23:00 +0000 Subject: [PATCH] minor wording changes (#583) --- user.js | 47 ++++++++++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/user.js b/user.js index 82737da..c50d76b 100644 --- a/user.js +++ b/user.js @@ -50,7 +50,7 @@ 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0900: PASSWORDS - 1000: CACHE + 1000: CACHE / SESSION (RE)STORE / FAVICONS 1200: HTTPS (SSL/TLS / OCSP / CERTS / HSTS / HPKP / CIPHERS) 1400: FONTS 1600: HEADERS / REFERERS @@ -488,7 +488,7 @@ user_pref("network.proxy.socks_remote_dns", true); user_pref("network.proxy.autoconfig_url.include_path", false); // [DEFAULT: false] /* 0707: disable (or setup) DNS-over-HTTPS (DoH) [FF60+] * TRR = Trusted Recursive Resolver - * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result + * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats but always use native result * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare) * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ * [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/ @@ -546,7 +546,7 @@ user_pref("browser.sessionhistory.max_entries", 10); * [3] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector ***/ user_pref("layout.css.visited_links_enabled", false); /* 0806: disable displaying javascript in history URLs ***/ -user_pref("browser.urlbar.filter.javascript", true); +user_pref("browser.urlbar.filter.javascript", true); // [DEFAULT: true] /* 0807: disable search bar LIVE search suggestions * [SETTING] Search>Provide search suggestions ***/ user_pref("browser.search.suggest.enabled", false); @@ -651,7 +651,7 @@ user_pref("security.insecure_field_warning.contextual.enabled", true); * [1] https://bugzilla.mozilla.org/1357835 ***/ user_pref("network.auth.subresource-img-cross-origin-http-auth-allow", false); -/*** [SECTION 1000]: CACHE [SETUP-CHROME] +/*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME] ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by disabling *BOTH* disk (1001) and memory (1003) cache. ETAGs can also be neutralized by modifying response headers [4]. Another solution is to use a hardened configuration @@ -691,6 +691,7 @@ user_pref("browser.cache.disk_cache_ssl", false); /* 1008: set DNS cache and expiration time (default 400 and 60, same as Tor Browser) ***/ // user_pref("network.dnsCacheEntries", 400); // user_pref("network.dnsCacheExpiration", 60); + /** SESSIONS & SESSION RESTORE ***/ /* 1020: limit Session Restore to last active tab and window * [SETUP-CHROME] This also disables the "Recently Closed Tabs" feature @@ -702,7 +703,7 @@ user_pref("browser.sessionstore.max_windows_undo", 0); * define on which sites to save extra session data: * 0=everywhere, 1=unencrypted sites, 2=nowhere ***/ user_pref("browser.sessionstore.privacy_level", 2); -/* 1022: disable resuming session from crash [SETUP-CHROME] ***/ +/* 1022: disable resuming session from crash ***/ user_pref("browser.sessionstore.resume_from_crash", false); /* 1023: set the minimum interval between session save operations * Increasing this can help on older machines and some websites, as well as reducing writes, see [1] @@ -715,6 +716,7 @@ user_pref("browser.sessionstore.interval", 30000); /* 1024: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); + /** FAVICONS ***/ /* 1030: disable favicons in shortcuts * URL shortcuts use a cached randomly named .ico file which is stored in your @@ -748,7 +750,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * [2] https://www.ssllabs.com/ssl-pulse/ ***/ user_pref("security.ssl.require_safe_negotiation", true); /* 1202: control TLS versions with min and max - * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 etc + * 1=TLS 1.0, 2=TLS 1.1, 3=TLS 1.2, 4=TLS 1.3 * [NOTE] Jul-2017: Telemetry indicates approx 2% of TLS web traffic uses 1.0 or 1.1 * [1] http://kb.mozillazine.org/Security.tls.version.* * [2] https://www.ssl.com/how-to/turn-off-ssl-3-0-and-tls-1-0-in-your-browser/ @@ -831,7 +833,7 @@ user_pref("security.mixed_content.block_object_subrequest", true); * 2=deprecated option that now maps to 1 * 3=only allowed for locally-added roots (e.g. anti-virus) * 4=only allowed for locally-added roots or for certs in 2015 and earlier - * [SETUP-WEB] When disabled, some man-in-the-middle devices (e.g. security scanners and + * [SETUP-CHROME] When disabled, some man-in-the-middle devices (e.g. security scanners and * antivirus products, may fail to connect to HTTPS sites. SHA-1 is *almost* obsolete. * [1] https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/ ***/ user_pref("security.pki.sha1_enforcement_level", 1); @@ -910,9 +912,8 @@ user_pref("font.blacklist.underline_offset", ""); user_pref("gfx.font_rendering.graphite.enabled", false); /* 1409: limit system font exposure to a whitelist [FF52+] [RESTART] * If the whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. - * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. If - * you block sites choosing fonts in 1401, this preference is irrelevant. In future, - * privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed) + * [WARNING] Creating your own probably highly-unique whitelist will raise your entropy. + * Eventually privacy.resistFingerprinting (see 4500) will cover this (and 1401 can be relaxed) * [1] https://bugzilla.mozilla.org/1121643 ***/ // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] @@ -980,10 +981,9 @@ user_pref("privacy.userContext.ui.enabled", true); user_pref("privacy.userContext.enabled", true); /* 1703: enable a private container for thumbnail loads [FF51+] ***/ user_pref("privacy.usercontext.about_newtab_segregation.enabled", true); // [DEFAULT: true in FF61+] -/* 1704: set long press behaviour on "+ Tab" button to display container menu [FF53+] - * 0=disables long press, 1=when clicked, the menu is shown - * 2=the menu is shown after X milliseconds - * [NOTE] The menu does not contain a non-container tab option +/* 1704: set behaviour on "+ Tab" button to display container menu [FF53+] [SETUP-CHROME] + * 0=no menu (default), 1=show when clicked, 2=show on long press + * [NOTE] The menu does not contain a non-container tab option (use Ctrl+T to open non-container tab) * [1] https://bugzilla.mozilla.org/1328756 ***/ user_pref("privacy.userContext.longPressBehavior", 2); @@ -1022,8 +1022,8 @@ user_pref("media.gmp-widevinecdm.autoupdate", false); * [SETTING] General>DRM Content>Play DRM-controlled content * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/ user_pref("media.eme.enabled", false); -/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" - * This is the bundled codec used for video chat in WebRTC [SETUP-WEB] ***/ +/* 1840: disable the OpenH264 Video Codec by Cisco to "Never Activate" [SETUP-WEB] + * This is the bundled codec used for video chat in WebRTC ***/ user_pref("media.gmp-gmpopenh264.enabled", false); // [HIDDEN PREF] user_pref("media.gmp-gmpopenh264.autoupdate", false); @@ -1095,7 +1095,7 @@ user_pref("dom.disable_window_open_feature.resizable", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.status", true); // [DEFAULT: true] user_pref("dom.disable_window_open_feature.titlebar", true); user_pref("dom.disable_window_open_feature.toolbar", true); -/* 2202: prevent scripts moving and resizing open windows ***/ +/* 2202: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); /* 2203: open links targeting new windows in a new tab instead * This stops malicious window sizes and some screen resolution leaks. @@ -1302,7 +1302,7 @@ user_pref("middlemouse.contentLoadURL", false); * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/ user_pref("network.http.redirection-limit", 10); /* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+] - * 0= (default), 1=allow, 2=block + * 0 (default) or 1=allow, 2=block * [NOTE] At the time of writing, causes issues with delete and backspace keys * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts ***/ // user_pref("permissions.default.shortcuts", 2); @@ -1606,8 +1606,8 @@ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs") * [SETUP-WEB] RFP is not ready for the masses, so expect some website breakage * [1] https://bugzilla.mozilla.org/418986 ***/ user_pref("privacy.resistFingerprinting", true); -/* 4502: set new window sizes to round to hundreds [FF55+] - * [SETUP-CHROME] Width will round down to multiples of 200s and height to 100s, to fit your screen. +/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] + * Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/1330882 * [2] https://hardware.metrics.mozilla.com/ ***/ @@ -2059,6 +2059,7 @@ user_pref("media.eme.chromium-api.enabled", false); // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393497 user_pref("devtools.webide.autoinstallFxdtAdapters", false); +user_pref("devtools.webide.adaptersAddonURL", ""); // 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku // [1] https://trac.torproject.org/projects/tor/ticket/16222 // [-] https://bugzilla.mozilla.org/1393582 @@ -2083,7 +2084,7 @@ user_pref("general.useragent.locale", "en-US"); // If you have disabled health reports, then this about page is useless - disable it // If you want to see what health data is present, then this must be set at default // [-] https://bugzilla.mozilla.org/1352497 -user_pref("datareporting.healthreport.about.reportUrl", "data:text/plain,"); +user_pref("datareporting.healthreport.about.reportUrl", "data:,"); // 0511: disable FlyWeb [FF49+] // Flyweb is a set of APIs for advertising and discovering local-area web servers // [1] https://flyweb.github.io/ @@ -2129,7 +2130,7 @@ user_pref("dom.idle-observers-api.enabled", false); user_pref("browser.newtabpage.directory.source", "data:text/plain,"); user_pref("browser.newtabpage.enhanced", false); user_pref("browser.newtabpage.introShown", true); -// 0512: disable Shield - replaced internally by Normandy (see 0503) [FF53+] +// 0512: disable Shield [FF53+] - renamed to app.normandy.* (see 0503) // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" // [1] https://wiki.mozilla.org/Firefox/Shield // [2] https://github.com/mozilla/normandy @@ -2187,7 +2188,7 @@ user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] // As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be // revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes // [-] https://bugzilla.mozilla.org/1458917 -user_pref("services.blocklist.update_enabled", true); +user_pref("services.blocklist.update_enabled", true); // [DEFAULT: true] // 0503: disable "Savant" Shield study [FF61+] // [-] https://bugzilla.mozilla.org/1457226 user_pref("shield.savant.enabled", false);