From 8a65c5a7bad0ec764d968b0941ebdf01bdcd2408 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sun, 6 Nov 2022 13:28:40 +0000 Subject: [PATCH] v106 (#1558) --- user.js | 236 +++++++++++--------------------------------------------- 1 file changed, 44 insertions(+), 192 deletions(-) diff --git a/user.js b/user.js index 85f1f36..6eba484 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 5 October 2022 -* version: 105 +* date: 6 November 2022 +* version: 106 * url: https://github.com/arkenfox/user.js * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -61,7 +61,7 @@ 6000: DON'T TOUCH 7000: DON'T BOTHER 8000: DON'T BOTHER: FINGERPRINTING - 9000: PERSONAL + 9000: NON-PROJECT RELATED 9999: DEPRECATED / REMOVED / LEGACY / RENAMED ******/ @@ -78,9 +78,6 @@ user_pref("browser.aboutConfig.showWarning", false); /*** [SECTION 0100]: STARTUP ***/ user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!"); -/* 0101: disable default browser check - * [SETTING] General>Startup>Always check if Firefox is your default browser ***/ -user_pref("browser.shell.checkDefaultBrowser", false); /* 0102: set startup page [SETUP-CHROME] * 0=blank, 1=home, 2=last visited page, 3=resume previous session * [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode @@ -519,10 +516,6 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false); * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://bugzilla.mozilla.org/1353705 ***/ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -/* 1271: control "Add Security Exception" dialog on SSL warnings - * 0=do neither, 1=pre-populate url, 2=pre-populate url + pre-fetch cert (default) - * [1] https://github.com/pyllyukko/user.js/issues/210 ***/ -user_pref("browser.ssl_override_behavior", 1); /* 1272: display advanced information on Insecure Connection warning pages * only works when it's possible to add an exception * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/) @@ -608,10 +601,6 @@ user_pref("media.eme.enabled", false); /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); -/* 2401: disable "Confirm you want to leave" dialog on page close - * Does not prevent JS leaks of the page close event - * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload ***/ -user_pref("dom.disable_beforeunload", true); /* 2402: prevent scripts from moving and resizing open windows ***/ user_pref("dom.disable_window_move_resize", true); /* 2403: block popup windows @@ -636,10 +625,6 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/ user_pref("browser.uitour.enabled", false); user_pref("browser.uitour.url", ""); -/* 2607: disable various developer tools in browser context - * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes - * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ -user_pref("devtools.chrome.enabled", false); /* 2608: reset remote debugging to disabled * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false] @@ -805,14 +790,12 @@ user_pref("privacy.sanitize.timeSpan", 0); 418986 - limit window.screen & CSS media queries (FF41) [TEST] https://arkenfox.github.io/TZP/tzp.html#screen 1281949 - spoof screen orientation (FF50) - 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50-99) - FF53: fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044) 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API - version: spoofed as ESR (FF102+ this is limited to Android) + version: android version spoofed as ESR OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android 1369319 - disable device sensor API 1369357 - disable site specific zoom @@ -825,7 +808,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1217290 & 1409677 - enable some fingerprinting resistance for WebGL 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist - FF58-90 + FF58+ 967895 - spoof canvas and enable site permission prompt (FF58) 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone" @@ -847,10 +830,9 @@ user_pref("privacy.sanitize.timeSpan", 0); 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78) 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) - FF91+ 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) - 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was capped at 100ms) (FF102) + 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) ***/ user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); /* 4501: enable privacy.resistFingerprinting [FF41+] @@ -1064,23 +1046,13 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla * [WHY] To prevent wasting Mozilla's time with a custom setup ***/ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] -/* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/ - // user_pref("browser.urlbar.trimURLs", ""); - // user_pref("dom.caches.enabled", ""); - // user_pref("dom.storageManager.enabled", ""); - // user_pref("dom.storage_access.enabled", ""); - // user_pref("dom.targetBlankNoOpener.enabled", ""); - // user_pref("network.cookie.thirdparty.sessionOnly", ""); - // user_pref("network.cookie.thirdparty.nonsecureSessionOnly", ""); - // user_pref("privacy.firstparty.isolate.block_post_message", ""); - // user_pref("privacy.firstparty.isolate.restrict_opener_access", ""); - // user_pref("privacy.firstparty.isolate.use_site", ""); - // user_pref("privacy.window.name.update.enabled", ""); - // user_pref("security.insecure_connection_text.enabled", ""); -/* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/ +/* 6050: prefsCleaner: reset items removed from arkenfox FF102+ ***/ // user_pref("browser.newtab.preload", ""); // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); + // user_pref("browser.ssl_override_behavior", ""); + // user_pref("devtools.chrome.enabled", ""); + // user_pref("dom.disable_beforeunload", ""); // user_pref("extensions.formautofill.available", ""); // user_pref("extensions.formautofill.addresses.supported", ""); // user_pref("extensions.formautofill.creditCards.available", ""); @@ -1089,13 +1061,12 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); /* 7001: disable APIs - * Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality - * [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts (7002). + * Location-Aware Browsing, Full Screen, offline cache (appCache) + * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002). * appCache storage capability was removed in FF90. Full screen requires user interaction ***/ // user_pref("geo.enabled", false); // user_pref("full-screen-api.enabled", false); // user_pref("browser.cache.offline.enable", false); - // user_pref("dom.vr.enabled", false); // [DEFAULT: false FF97+] /* 7002: set default permissions * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] * 0=always ask (default), 1=allow, 2=block @@ -1143,7 +1114,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies /* 7010: disable HTTP Alternative Services [FF37+] * [WHY] Already isolated with network partitioning (FF85+) ***/ // user_pref("network.http.altsvc.enabled", false); - // user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+] /* 7011: disable website control over browser right-click context menu * [WHY] Just use Shift-Right-Click ***/ // user_pref("dom.event.contextmenu.enabled", false); @@ -1195,163 +1165,45 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies [WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere ***/ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan"); -/* 8001: disable APIs ***/ - // user_pref("device.sensors.enabled", false); - // user_pref("dom.enable_performance", false); - // user_pref("dom.enable_resource_timing", false); - // user_pref("dom.gamepad.enabled", false); - // user_pref("dom.netinfo.enabled", false); // [DEFAULT: false NON-ANDROID: false ANDROID FF99+] - // user_pref("dom.webaudio.enabled", false); -/* 8002: disable other ***/ - // user_pref("browser.display.use_document_fonts", 0); - // user_pref("browser.zoom.siteSpecific", false); - // user_pref("dom.w3c_touch_events.enabled", 0); - // user_pref("media.navigator.enabled", false); - // user_pref("media.ondevicechange.enabled", false); - // user_pref("media.video_stats.enabled", false); - // user_pref("media.webspeech.synth.enabled", false); - // user_pref("webgl.enable-debug-renderer-info", false); -/* 8003: spoof ***/ - // user_pref("dom.maxHardwareConcurrency", 2); - // user_pref("font.system.whitelist", ""); // [HIDDEN PREF] - // user_pref("general.appname.override", ""); // [HIDDEN PREF] - // user_pref("general.appversion.override", ""); // [HIDDEN PREF] - // user_pref("general.buildID.override", ""); // [HIDDEN PREF] - // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] - // user_pref("general.platform.override", ""); // [HIDDEN PREF] - // user_pref("general.useragent.override", ""); // [HIDDEN PREF] - // user_pref("ui.use_standins_for_native_colors", true); +/* 8001: prefsCleaner: reset items useless for anti-fingerprinting ***/ + // user_pref("browser.display.use_document_fonts", ""); + // user_pref("browser.zoom.siteSpecific", ""); + // user_pref("device.sensors.enabled", ""); + // user_pref("dom.enable_performance", ""); + // user_pref("dom.enable_resource_timing", ""); + // user_pref("dom.gamepad.enabled", ""); + // user_pref("dom.maxHardwareConcurrency", ""); + // user_pref("dom.w3c_touch_events.enabled", ""); + // user_pref("dom.webaudio.enabled", ""); + // user_pref("font.system.whitelist", ""); + // user_pref("general.appname.override", ""); + // user_pref("general.appversion.override", ""); + // user_pref("general.buildID.override", ""); + // user_pref("general.oscpu.override", ""); + // user_pref("general.platform.override", ""); + // user_pref("general.useragent.override", ""); + // user_pref("media.navigator.enabled", ""); + // user_pref("media.ondevicechange.enabled", ""); + // user_pref("media.video_stats.enabled", ""); + // user_pref("media.webspeech.synth.enabled", ""); + // user_pref("ui.use_standins_for_native_colors", ""); + // user_pref("webgl.enable-debug-renderer-info", ""); -/*** [SECTION 9000]: PERSONAL - Non-project related but useful. If any interest you, add them to your overrides -***/ +/*** [SECTION 9000]: NON-PROJECT RELATED ***/ user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); -/* WELCOME & WHAT'S NEW NOTICES ***/ -user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch - // user_pref("startup.homepage_welcome_url", ""); - // user_pref("startup.homepage_welcome_url.additional", ""); - // user_pref("startup.homepage_override_url", ""); // What's New page after updates -/* WARNINGS ***/ - // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT: false FF94+] - // user_pref("browser.tabs.warnOnCloseOtherTabs", false); - // user_pref("browser.tabs.warnOnOpen", false); - // user_pref("browser.warnOnQuitShortcut", false); // [FF94+] - // user_pref("full-screen-api.warning.delay", 0); - // user_pref("full-screen-api.warning.timeout", 0); -/* UPDATES ***/ - // user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates - // [NOTE] You will still get prompts to update, and should do so in a timely manner - // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them - // user_pref("browser.search.update", false); // disable search engine updates (e.g. OpenSearch) - // [NOTE] This does not affect Mozilla's built-in or Web Extension search engines - // user_pref("extensions.update.enabled", false); // disable extension and theme update checks - // user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates - // [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle) - // user_pref("extensions.getAddons.cache.enabled", false); // disable extension metadata (extension detail tab) -/* APPEARANCE ***/ - // user_pref("browser.download.autohideButton", false); // [FF57+] - // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent - // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF] - // 0=no-preference, 1=reduce: with RFP this only affects chrome - // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF] - // 0=light, 1=dark: with RFP this only affects chrome -/* CONTENT BEHAVIOR ***/ - // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type" - // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX] - // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line -/* FIREFOX HOME CONTENT ***/ - // user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // Recommended by Pocket - // user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); -/* HTML5 MEDIA AUTOPLAY ***/ - // [NOTE] You can set exceptions under site permissions - // user_pref("media.autoplay.default", 5); // [FF63+] - // 0=Allow all, 1=Block non-muted media (default), 5=Block all - // [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites - // user_pref("media.autoplay.blocking_policy", 2); // disable autoplay if you interacted with the site [FF78+] - // 0=sticky (default), 1=transient, 2=user - // [1] https://support.mozilla.org/questions/1293231 // links to Autoplay Policy Documentation (PDF) -/* UX BEHAVIOR ***/ - // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing - // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+] - // user_pref("browser.tabs.closeWindowWithLastTab", false); - // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+] - // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+] - // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux] - // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART] - // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+] -/* UX FEATURES ***/ -user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+] - // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+] - // user_pref("extensions.screenshots.disabled", true); // [FF55+] - // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART] - // user_pref("reader.parse-on-load.enabled", false); // Reader View -/* OTHER ***/ - // user_pref("browser.bookmarks.max_backups", 2); -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+] - // [SETTING] General>Browsing>Recommend extensions as you browse -user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+] - // [SETTING] General>Browsing>Recommend features as you browse - // user_pref("browser.sessionstore.interval", 30000); // minimum interval between session save operations - // Increasing this may help on older machines and some websites, as well as reducing writes (1304389) - // user_pref("network.manage-offline-status", false); // see bugzilla 620472 - // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) +/* 9001: disable welcome notices ***/ +user_pref("browser.startup.homepage_override.mstone", "ignore"); +/* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/ +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); +user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); +/* 9003: disable What's New toolbar icon [FF69+] ***/ +user_pref("browser.messaging-system.whatsNewPanel.enabled", false); /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1] [1] https://github.com/arkenfox/user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!"); -/* ESR91.x still uses all the following prefs -// [NOTE] replace the * with a slash in the line above to re-enable them -// FF93 -// 7003: disable non-modern cipher suites - // [-] https://bugzilla.mozilla.org/1724072 - // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES -// FF94 -// 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402 - // [-] https://bugzilla.mozilla.org/1715507 - // user_pref("layout.css.font-visibility.level", 1); -// FF95 -// 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807 - // [-] https://bugzilla.mozilla.org/1735976 -user_pref("browser.urlbar.suggest.quicksuggest", false); -// FF96 -// 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS] - // [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running - // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows - // [-] https://bugzilla.mozilla.org/1738983 -user_pref("app.update.background.scheduling.enabled", false); -// FF97 -// 7006: onions - replaced by new 7006 "allowlist" - // [-] https://bugzilla.mozilla.org/1744006 - // user_pref("dom.securecontext.whitelist_onions", true); // 1382359 -// FF99 -// 6003: enforce CSP (Content Security Policy) - // [1] https://developer.mozilla.org/docs/Web/HTTP/CSP - // [-] https://bugzilla.mozilla.org/1754301 -user_pref("security.csp.enable", true); // [DEFAULT: true] -// FF100 -// 7009: disable HTTP2 - replaced by network.http.http2* prefs - // [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] - // [1] https://w3techs.com/technologies/details/ce-http2/all/all - // [-] https://bugzilla.mozilla.org/1752621 - // user_pref("network.http.spdy.enabled", false); - // user_pref("network.http.spdy.enabled.deps", false); - // user_pref("network.http.spdy.enabled.http2", false); - // user_pref("network.http.spdy.websockets", false); // [FF65+] -// FF102 - // 0901: set when Firefox should prompt for the primary password - // 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902) - // [-] https://bugzilla.mozilla.org/1767099 -user_pref("security.ask_for_password", 2); - // 0902: set how long in minutes Firefox should remember the primary password (0901) - // [-] https://bugzilla.mozilla.org/1767099 -user_pref("security.password_lifetime", 5); // [DEFAULT: 30] - // 6007: enforce Local Storage Next Generation (LSNG) [FF65+] - // [-] https://bugzilla.mozilla.org/1764696 -user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] -// ***/ - /* ESR102.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF103 @@ -1362,7 +1214,7 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+] user_pref("network.cookie.lifetimePolicy", 2); // 6012: disable SHA-1 certificates // [-] https://bugzilla.mozilla.org/1766687 -user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+] + // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1] // ***/ /* END: internal custom pref to test for syntax errors ***/