v106 (#1558)

2022-11-06 13:28:40 +00:00 · 2022-11-06 13:28:40 +00:00 · 8a65c5a7ba
commit 8a65c5a7ba
parent 60dd839081
1 changed files with 44 additions and 192 deletions
--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 5 October 2022
+*    date: 6 November 2022
-* version: 105
+* version: 106
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -61,7 +61,7 @@
  6000: DON'T TOUCH
  7000: DON'T BOTHER
  8000: DON'T BOTHER: FINGERPRINTING
-  9000: PERSONAL
+  9000: NON-PROJECT RELATED
  9999: DEPRECATED / REMOVED / LEGACY / RENAMED
 ******/
@ -78,9 +78,6 @@ user_pref("browser.aboutConfig.showWarning", false);
 /*** [SECTION 0100]: STARTUP ***/
 user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
 /* 0101: disable default browser check
 * [SETTING] General>Startup>Always check if Firefox is your default browser ***/
 user_pref("browser.shell.checkDefaultBrowser", false);
 /* 0102: set startup page [SETUP-CHROME]
 * 0=blank, 1=home, 2=last visited page, 3=resume previous session
 * [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode
@ -519,10 +516,6 @@ user_pref("dom.security.https_only_mode_send_http_background_request", false);
 * [1] https://wiki.mozilla.org/Security:Renegotiation
 * [2] https://bugzilla.mozilla.org/1353705 ***/
 user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 /* 1271: control "Add Security Exception" dialog on SSL warnings
 * 0=do neither, 1=pre-populate url, 2=pre-populate url + pre-fetch cert (default)
 * [1] https://github.com/pyllyukko/user.js/issues/210 ***/
 user_pref("browser.ssl_override_behavior", 1);
 /* 1272: display advanced information on Insecure Connection warning pages
 * only works when it's possible to add an exception
 * i.e. it doesn't work for HSTS discrepancies (https://subdomain.preloaded-hsts.badssl.com/)
@ -608,10 +601,6 @@ user_pref("media.eme.enabled", false);
 /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
 user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
 /* 2401: disable "Confirm you want to leave" dialog on page close
 * Does not prevent JS leaks of the page close event
 * [1] https://developer.mozilla.org/docs/Web/Events/beforeunload ***/
 user_pref("dom.disable_beforeunload", true);
 /* 2402: prevent scripts from moving and resizing open windows ***/
 user_pref("dom.disable_window_move_resize", true);
 /* 2403: block popup windows
@ -636,10 +625,6 @@ user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
 /* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
 user_pref("browser.uitour.enabled", false);
 user_pref("browser.uitour.url", "");
 /* 2607: disable various developer tools in browser context
 * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes
 * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/
 user_pref("devtools.chrome.enabled", false);
 /* 2608: reset remote debugging to disabled
 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/
 user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
@ -805,14 +790,12 @@ user_pref("privacy.sanitize.timeSpan", 0);
    418986 - limit window.screen & CSS media queries (FF41)
      [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
   1281949 - spoof screen orientation (FF50)
   1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50-99)
      FF53: fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044)
   1330890 - spoof timezone as UTC0 (FF55)
   1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
 FF56
   1369303 - spoof/disable performance API
   1333651 - spoof User Agent & Navigator API
-      version: spoofed as ESR (FF102+ this is limited to Android)
+      version: android version spoofed as ESR
      OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
   1369319 - disable device sensor API
   1369357 - disable site specific zoom
@ -825,7 +808,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
   1217290 & 1409677 - enable some fingerprinting resistance for WebGL
   1382545 - reduce fingerprinting in Animation API
   1354633 - limit MediaError.message to a whitelist
- FF58-90
+ FF58+
    967895 - spoof canvas and enable site permission prompt (FF58)
   1372073 - spoof/block fingerprinting in MediaDevices API (FF59)
      Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone"
@ -847,10 +830,9 @@ user_pref("privacy.sanitize.timeSpan", 0);
   1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78)
   1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80)
   1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
 FF91+
    531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
   1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
-   1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was capped at 100ms) (FF102)
+   1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
@ -1064,23 +1046,13 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
 * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
 * [WHY] To prevent wasting Mozilla's time with a custom setup ***/
 user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
-/* 6050: prefsCleaner: reset items removed from arkenfox FF92+ ***/
+/* 6050: prefsCleaner: reset items removed from arkenfox FF102+ ***/
   // user_pref("browser.urlbar.trimURLs", "");
   // user_pref("dom.caches.enabled", "");
   // user_pref("dom.storageManager.enabled", "");
   // user_pref("dom.storage_access.enabled", "");
   // user_pref("dom.targetBlankNoOpener.enabled", "");
   // user_pref("network.cookie.thirdparty.sessionOnly", "");
   // user_pref("network.cookie.thirdparty.nonsecureSessionOnly", "");
   // user_pref("privacy.firstparty.isolate.block_post_message", "");
   // user_pref("privacy.firstparty.isolate.restrict_opener_access", "");
   // user_pref("privacy.firstparty.isolate.use_site", "");
   // user_pref("privacy.window.name.update.enabled", "");
   // user_pref("security.insecure_connection_text.enabled", "");
 /* 6051: prefsCleaner: reset items removed from arkenfox FF102+ ***/
   // user_pref("browser.newtab.preload", "");
   // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", "");
   // user_pref("browser.newtabpage.activity-stream.feeds.snippets", "");
   // user_pref("browser.ssl_override_behavior", "");
   // user_pref("devtools.chrome.enabled", "");
   // user_pref("dom.disable_beforeunload", "");
   // user_pref("extensions.formautofill.available", "");
   // user_pref("extensions.formautofill.addresses.supported", "");
   // user_pref("extensions.formautofill.creditCards.available", "");
@ -1089,13 +1061,12 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
 /*** [SECTION 7000]: DON'T BOTHER ***/
 user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
 /* 7001: disable APIs
- * Location-Aware Browsing, Full Screen, offline cache (appCache), Virtual Reality
+ * Location-Aware Browsing, Full Screen, offline cache (appCache)
- * [WHY] The API state is easily fingerprintable. Geo and VR are behind prompts (7002).
+ * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002).
 * appCache storage capability was removed in FF90. Full screen requires user interaction ***/
   // user_pref("geo.enabled", false);
   // user_pref("full-screen-api.enabled", false);
   // user_pref("browser.cache.offline.enable", false);
   // user_pref("dom.vr.enabled", false); // [DEFAULT: false FF97+]
 /* 7002: set default permissions
 * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
 * 0=always ask (default), 1=allow, 2=block
@ -1143,7 +1114,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 /* 7010: disable HTTP Alternative Services [FF37+]
 * [WHY] Already isolated with network partitioning (FF85+) ***/
   // user_pref("network.http.altsvc.enabled", false);
   // user_pref("network.http.altsvc.oe", false); // [DEFAULT: false FF94+]
 /* 7011: disable website control over browser right-click context menu
 * [WHY] Just use Shift-Right-Click ***/
   // user_pref("dom.event.contextmenu.enabled", false);
@ -1195,163 +1165,45 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
   [WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere
 ***/
 user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan");
-/* 8001: disable APIs ***/
+/* 8001: prefsCleaner: reset items useless for anti-fingerprinting ***/
-   // user_pref("device.sensors.enabled", false);
+   // user_pref("browser.display.use_document_fonts", "");
-   // user_pref("dom.enable_performance", false);
+   // user_pref("browser.zoom.siteSpecific", "");
-   // user_pref("dom.enable_resource_timing", false);
+   // user_pref("device.sensors.enabled", "");
-   // user_pref("dom.gamepad.enabled", false);
+   // user_pref("dom.enable_performance", "");
-   // user_pref("dom.netinfo.enabled", false); // [DEFAULT: false NON-ANDROID: false ANDROID FF99+]
+   // user_pref("dom.enable_resource_timing", "");
-   // user_pref("dom.webaudio.enabled", false);
+   // user_pref("dom.gamepad.enabled", "");
-/* 8002: disable other ***/
+   // user_pref("dom.maxHardwareConcurrency", "");
-   // user_pref("browser.display.use_document_fonts", 0);
+   // user_pref("dom.w3c_touch_events.enabled", "");
-   // user_pref("browser.zoom.siteSpecific", false);
+   // user_pref("dom.webaudio.enabled", "");
-   // user_pref("dom.w3c_touch_events.enabled", 0);
+   // user_pref("font.system.whitelist", "");
-   // user_pref("media.navigator.enabled", false);
+   // user_pref("general.appname.override", "");
-   // user_pref("media.ondevicechange.enabled", false);
+   // user_pref("general.appversion.override", "");
-   // user_pref("media.video_stats.enabled", false);
+   // user_pref("general.buildID.override", "");
-   // user_pref("media.webspeech.synth.enabled", false);
+   // user_pref("general.oscpu.override", "");
-   // user_pref("webgl.enable-debug-renderer-info", false);
+   // user_pref("general.platform.override", "");
-/* 8003: spoof ***/
+   // user_pref("general.useragent.override", "");
-   // user_pref("dom.maxHardwareConcurrency", 2);
+   // user_pref("media.navigator.enabled", "");
-   // user_pref("font.system.whitelist", ""); // [HIDDEN PREF]
+   // user_pref("media.ondevicechange.enabled", "");
-   // user_pref("general.appname.override", ""); // [HIDDEN PREF]
+   // user_pref("media.video_stats.enabled", "");
-   // user_pref("general.appversion.override", ""); // [HIDDEN PREF]
+   // user_pref("media.webspeech.synth.enabled", "");
-   // user_pref("general.buildID.override", ""); // [HIDDEN PREF]
+   // user_pref("ui.use_standins_for_native_colors", "");
-   // user_pref("general.oscpu.override", ""); // [HIDDEN PREF]
+   // user_pref("webgl.enable-debug-renderer-info", "");
   // user_pref("general.platform.override", ""); // [HIDDEN PREF]
   // user_pref("general.useragent.override", ""); // [HIDDEN PREF]
   // user_pref("ui.use_standins_for_native_colors", true);
-/*** [SECTION 9000]: PERSONAL
+/*** [SECTION 9000]: NON-PROJECT RELATED ***/
   Non-project related but useful. If any interest you, add them to your overrides
 ***/
 user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!");
-/* WELCOME & WHAT'S NEW NOTICES ***/
+/* 9001: disable welcome notices ***/
-user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch
+user_pref("browser.startup.homepage_override.mstone", "ignore");
-   // user_pref("startup.homepage_welcome_url", "");
+/* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/
-   // user_pref("startup.homepage_welcome_url.additional", "");
+user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
-   // user_pref("startup.homepage_override_url", ""); // What's New page after updates
+user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
-/* WARNINGS ***/
+/* 9003: disable What's New toolbar icon [FF69+] ***/
-   // user_pref("browser.tabs.warnOnClose", false); // [DEFAULT: false FF94+]
+user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
   // user_pref("browser.tabs.warnOnCloseOtherTabs", false);
   // user_pref("browser.tabs.warnOnOpen", false);
   // user_pref("browser.warnOnQuitShortcut", false); // [FF94+]
   // user_pref("full-screen-api.warning.delay", 0);
   // user_pref("full-screen-api.warning.timeout", 0);
 /* UPDATES ***/
   // user_pref("app.update.auto", false); // [NON-WINDOWS] disable auto app updates
      // [NOTE] You will still get prompts to update, and should do so in a timely manner
      // [SETTING] General>Firefox Updates>Check for updates but let you choose to install them
   // user_pref("browser.search.update", false); // disable search engine updates (e.g. OpenSearch)
      // [NOTE] This does not affect Mozilla's built-in or Web Extension search engines
   // user_pref("extensions.update.enabled", false); // disable extension and theme update checks
   // user_pref("extensions.update.autoUpdateDefault", false); // disable installing extension and theme updates
      // [SETTING] about:addons>Extensions>[cog-wheel-icon]>Update Add-ons Automatically (toggle)
   // user_pref("extensions.getAddons.cache.enabled", false); // disable extension metadata (extension detail tab)
 /* APPEARANCE ***/
   // user_pref("browser.download.autohideButton", false); // [FF57+]
   // user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); // [FF68+] allow userChrome/userContent
   // user_pref("ui.prefersReducedMotion", 1); // disable chrome animations [FF77+] [RESTART] [HIDDEN PREF]
      // 0=no-preference, 1=reduce: with RFP this only affects chrome
   // user_pref("ui.systemUsesDarkTheme", 1); // [FF67+] [HIDDEN PREF]
      // 0=light, 1=dark: with RFP this only affects chrome
 /* CONTENT BEHAVIOR ***/
   // user_pref("accessibility.typeaheadfind", true); // enable "Find As You Type"
   // user_pref("clipboard.autocopy", false); // disable autocopy default [LINUX]
   // user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line
 /* FIREFOX HOME CONTENT ***/
   // user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false); // Recommended by Pocket
   // user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
 /* HTML5 MEDIA AUTOPLAY ***/
   // [NOTE] You can set exceptions under site permissions
   // user_pref("media.autoplay.default", 5); // [FF63+]
      // 0=Allow all, 1=Block non-muted media (default), 5=Block all
      // [SETTING] Privacy & Security>Permissions>Autoplay>Settings>Default for all websites
   // user_pref("media.autoplay.blocking_policy", 2); // disable autoplay if you interacted with the site [FF78+]
      // 0=sticky (default), 1=transient, 2=user
      // [1] https://support.mozilla.org/questions/1293231 // links to Autoplay Policy Documentation (PDF)
 /* UX BEHAVIOR ***/
   // user_pref("browser.backspace_action", 2); // 0=previous page, 1=scroll up, 2=do nothing
   // user_pref("browser.quitShortcut.disabled", true); // disable Ctrl-Q quit shortcut [LINUX] [MAC] [FF87+]
   // user_pref("browser.tabs.closeWindowWithLastTab", false);
   // user_pref("browser.tabs.loadBookmarksInTabs", true); // open bookmarks in a new tab [FF57+]
   // user_pref("browser.urlbar.decodeURLsOnCopy", true); // see bugzilla 1320061 [FF53+]
   // user_pref("general.autoScroll", false); // middle-click enabling auto-scrolling [DEFAULT: false on Linux]
   // user_pref("ui.key.menuAccessKey", 0); // disable alt key toggling the menu bar [RESTART]
   // user_pref("view_source.tab", false); // view "page/selection source" in a new window [FF68+]
 /* UX FEATURES ***/
 user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // What's New toolbar icon [FF69+]
   // user_pref("extensions.pocket.enabled", false); // Pocket Account [FF46+]
   // user_pref("extensions.screenshots.disabled", true); // [FF55+]
   // user_pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync [FF60+] [RESTART]
   // user_pref("reader.parse-on-load.enabled", false); // Reader View
 /* OTHER ***/
   // user_pref("browser.bookmarks.max_backups", 2);
 user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
      // [SETTING] General>Browsing>Recommend extensions as you browse
 user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); // disable CFR [FF67+]
      // [SETTING] General>Browsing>Recommend features as you browse
   // user_pref("browser.sessionstore.interval", 30000); // minimum interval between session save operations
      // Increasing this may help on older machines and some websites, as well as reducing writes (1304389)
   // user_pref("network.manage-offline-status", false); // see bugzilla 620472
   // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR)
 /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
   Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1]
   [1] https://github.com/arkenfox/user.js/issues/123
 ***/
 user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
 /* ESR91.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable them
 // FF93
 // 7003: disable non-modern cipher suites
   // [-] https://bugzilla.mozilla.org/1724072
   // user_pref("security.ssl3.rsa_des_ede3_sha", false); // 3DES
 // FF94
 // 1402: limit font visibility (Windows, Mac, some Linux) [FF79+] - replaced by new 1402
   // [-] https://bugzilla.mozilla.org/1715507
   // user_pref("layout.css.font-visibility.level", 1);
 // FF95
 // 0807: disable location bar contextual suggestions [FF92+] - replaced by new 0807
   // [-] https://bugzilla.mozilla.org/1735976
 user_pref("browser.urlbar.suggest.quicksuggest", false);
 // FF96
 // 0302: disable auto-INSTALLING Firefox updates via a background service + hide the setting [FF90+] [WINDOWS]
   // [SETTING] General>Firefox Updates>Automatically install updates>When Firefox is not running
   // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows
   // [-] https://bugzilla.mozilla.org/1738983
 user_pref("app.update.background.scheduling.enabled", false);
 // FF97
 // 7006: onions - replaced by new 7006 "allowlist"
   // [-] https://bugzilla.mozilla.org/1744006
   // user_pref("dom.securecontext.whitelist_onions", true); // 1382359
 // FF99
 // 6003: enforce CSP (Content Security Policy)
   // [1] https://developer.mozilla.org/docs/Web/HTTP/CSP
   // [-] https://bugzilla.mozilla.org/1754301
 user_pref("security.csp.enable", true); // [DEFAULT: true]
 // FF100
 // 7009: disable HTTP2 - replaced by network.http.http2* prefs
   // [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1]
   // [1] https://w3techs.com/technologies/details/ce-http2/all/all
   // [-] https://bugzilla.mozilla.org/1752621
   // user_pref("network.http.spdy.enabled", false);
   // user_pref("network.http.spdy.enabled.deps", false);
   // user_pref("network.http.spdy.enabled.http2", false);
   // user_pref("network.http.spdy.websockets", false); // [FF65+]
 // FF102
   // 0901: set when Firefox should prompt for the primary password
   // 0=once per session (default), 1=every time it's needed, 2=after n minutes (0902)
   // [-] https://bugzilla.mozilla.org/1767099
 user_pref("security.ask_for_password", 2);
   // 0902: set how long in minutes Firefox should remember the primary password (0901)
   // [-] https://bugzilla.mozilla.org/1767099
 user_pref("security.password_lifetime", 5); // [DEFAULT: 30]
   // 6007: enforce Local Storage Next Generation (LSNG) [FF65+]
   // [-] https://bugzilla.mozilla.org/1764696
 user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
 // ***/
 /* ESR102.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable them
 // FF103
@ -1362,7 +1214,7 @@ user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
 user_pref("network.cookie.lifetimePolicy", 2);
 // 6012: disable SHA-1 certificates
   // [-] https://bugzilla.mozilla.org/1766687
-user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1 FF102+]
+   // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1]
 // ***/
 /* END: internal custom pref to test for syntax errors ***/