diff --git a/user.js b/user.js index 14e824d..c70d519 100644 --- a/user.js +++ b/user.js @@ -1810,392 +1810,11 @@ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); // user_pref("xpinstall.signatures.required", false); // enforced extension signing (Nightly/ESR) /*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED - Documentation denoted as [-]. Numbers may be re-used. See [1] for a link-clickable, - viewer-friendly version of the deprecated bugzilla tickets. The original state of each pref - has been preserved, or changed to match the current setup, but you are advised to review them. - [NOTE] Up to FF53, to enable a section change /* FFxx to // FFxx - For FF53 on, we have bundled releases to cater for ESR. Change /* to // on the first line + Documentation denoted as [-]. Items deprecated prior to FF61 have been archived at [1], which + also provides a link-clickable, viewer-friendly version of the deprecated bugzilla tickets [1] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 ***/ user_pref("_user.js.parrot", "9999 syntax error: the parrot's deprecated!"); -/* FF42 and older -// 2604: (25+) disable page thumbnails - replaced by browser.pagethumbnails.capturing_disabled - // [-] https://bugzilla.mozilla.org/897811 -user_pref("pageThumbs.enabled", false); -// 2503: (31+) disable network API - replaced by dom.netinfo.enabled - // [-] https://bugzilla.mozilla.org/960426 -user_pref("dom.network.enabled", false); -// 2600's: (35+) disable WebSockets - // [-] https://bugzilla.mozilla.org/1091016 -user_pref("network.websocket.enabled", false); -// 1610: (36+) set DNT "value" to "not be tracked" [FF21+] - // [1] http://kb.mozillazine.org/Privacy.donottrackheader.value - // [-] https://bugzilla.mozilla.org/1042135#c101 - // user_pref("privacy.donottrackheader.value", 1); -// 2023: (37+) disable camera autofocus callback - // The API will be superseded by the WebRTC Capture and Stream API - // [1] https://developer.mozilla.org/docs/Archive/B2G_OS/API/CameraControl - // [-] https://bugzilla.mozilla.org/1107683 -user_pref("camera.control.autofocus_moving_callback.enabled", false); -// 0415: (41+) disable reporting URLs (safe browsing) - removed or replaced by various - // [-] https://bugzilla.mozilla.org/1109475 -user_pref("browser.safebrowsing.reportErrorURL", ""); // browser.safebrowsing.reportPhishMistakeURL -user_pref("browser.safebrowsing.reportGenericURL", ""); // removed -user_pref("browser.safebrowsing.reportMalwareErrorURL", ""); // browser.safebrowsing.reportMalwareMistakeURL -user_pref("browser.safebrowsing.reportMalwareURL", ""); // removed -user_pref("browser.safebrowsing.reportURL", ""); // removed -// 0702: (41+) disable HTTP2 (draft) - // [-] https://bugzilla.mozilla.org/1132357 -user_pref("network.http.spdy.enabled.http2draft", false); -// 1804: (41+) disable plugin enumeration - // [-] https://bugzilla.mozilla.org/1169945 -user_pref("plugins.enumerable_names", ""); -// 2803: (42+) clear passwords on shutdown - // [-] https://bugzilla.mozilla.org/1102184 - // user_pref("privacy.clearOnShutdown.passwords", false); -// 5002: (42+) disable warning when a domain requests full screen - // replaced by setting full-screen-api.warning.timeout to zero - // [-] https://bugzilla.mozilla.org/1160017 - // user_pref("full-screen-api.approval-required", false); -// ***/ -/* FF43 -// 0410's: disable safebrowsing urls & updates - replaced by various - // [-] https://bugzilla.mozilla.org/1107372 - // user_pref("browser.safebrowsing.gethashURL", ""); // browser.safebrowsing.provider.google.gethashURL - // user_pref("browser.safebrowsing.updateURL", ""); // browser.safebrowsing.provider.google.updateURL -user_pref("browser.safebrowsing.malware.reportURL", ""); // browser.safebrowsing.provider.google.reportURL -// 0420's: disable tracking protection - replaced by various - // [-] https://bugzilla.mozilla.org/1107372 - // user_pref("browser.trackingprotection.gethashURL", ""); // browser.safebrowsing.provider.mozilla.gethashURL - // user_pref("browser.trackingprotection.updateURL", ""); // browser.safebrowsing.provider.mozilla.updateURL -// 1803: remove plugin finder service - // [1] http://kb.mozillazine.org/Pfs.datasource.url - // [-] https://bugzilla.mozilla.org/1202193 -user_pref("pfs.datasource.url", ""); -// 5003: disable new search panel UI - // [-] https://bugzilla.mozilla.org/1119250 - // user_pref("browser.search.showOneOffButtons", false); -// ***/ -/* FF44 -// 0414: disable safebrowsing's real-time binary checking (google) [FF43+] - // [-] https://bugzilla.mozilla.org/1237103 -user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safebrowsing.appRepURL -// 1200's: block rc4 whitelist - // [-] https://bugzilla.mozilla.org/1215796 -user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); -// 2300's: disable SharedWorkers - // [1] https://trac.torproject.org/projects/tor/ticket/15562 - // [-] https://bugzilla.mozilla.org/1207635 -user_pref("dom.workers.sharedWorkers.enabled", false); -// 2403: disable scripts changing images - // [TEST] https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_img_src2 - // [-] https://bugzilla.mozilla.org/773429 - // user_pref("dom.disable_image_src_set", true); -// ***/ -/* FF45 -// 1021b: disable deferred level of storing extra session data 0=all 1=http-only 2=none - // extra session data contains contents of forms, scrollbar positions, cookies and POST data - // [-] https://bugzilla.mozilla.org/1235379 -user_pref("browser.sessionstore.privacy_level_deferred", 2); -// ***/ -/* FF46 -// 0340: disable health report - // [-] https://bugzilla.mozilla.org/1234526 -user_pref("datareporting.healthreport.service.enabled", false); // [HIDDEN PREF] -user_pref("datareporting.healthreport.documentServerURI", ""); // [HIDDEN PREF] -// 0341: disable FHR (Firefox Health Report) v2 data being sent to Mozilla servers - // [-] https://bugzilla.mozilla.org/1234522 -user_pref("datareporting.policy.dataSubmissionEnabled.v2", false); -// 0414: disable safebrowsing pref - replaced by browser.safebrowsing.downloads.remote.url - // [-] https://bugzilla.mozilla.org/1239587 -user_pref("browser.safebrowsing.appRepURL", ""); // Google application reputation check -// 0420: disable polaris (part of Tracking Protection, never used in stable) - // [-] https://bugzilla.mozilla.org/1235565 - // user_pref("browser.polaris.enabled", false); -// 0510: disable "Pocket" [FF39+] - replaced by extensions.pocket.* - // [-] https://bugzilla.mozilla.org/1215694 -user_pref("browser.pocket.enabled", false); -user_pref("browser.pocket.api", ""); -user_pref("browser.pocket.site", ""); -user_pref("browser.pocket.oAuthConsumerKey", ""); -// ***/ -/* FF47 -// 0330b: set unifiedIsOptIn to make sure telemetry respects OptIn choice and that telemetry - // is enabled ONLY for people that opted into it, even if unified Telemetry is enabled - // [-] https://bugzilla.mozilla.org/1236580 -user_pref("toolkit.telemetry.unifiedIsOptIn", true); // [HIDDEN PREF] -// 0340b: disable about:healthreport page UNIFIED - // [-] https://bugzilla.mozilla.org/1236580 -user_pref("datareporting.healthreport.about.reportUrlUnified", "data:text/plain,"); -// 0807: disable history manipulation - // [1] https://developer.mozilla.org/docs/Web/API/History_API - // [-] https://bugzilla.mozilla.org/1249542 -user_pref("browser.history.allowPopState", false); -user_pref("browser.history.allowPushState", false); -user_pref("browser.history.allowReplaceState", false); -// ***/ -/* FF48 -// 0806: disable 'unified complete': 'Search with [default search engine]' - // [-] http://techdows.com/2016/05/firefox-unified-complete-aboutconfig-preference-removed.html - // [-] https://bugzilla.mozilla.org/1181078 -user_pref("browser.urlbar.unifiedcomplete", false); -// ***/ -/* FF49 -// 0372: disable "Hello" - // [1] https://www.mozilla.org/privacy/archive/hello/2016-03/ - // [2] https://security.stackexchange.com/questions/94284/how-secure-is-firefox-hello - // [-] https://bugzilla.mozilla.org/1287827 -user_pref("loop.enabled", false); -user_pref("loop.server", ""); -user_pref("loop.feedback.formURL", ""); -user_pref("loop.feedback.manualFormURL", ""); -user_pref("loop.facebook.appId", ""); -user_pref("loop.facebook.enabled", false); -user_pref("loop.facebook.fallbackUrl", ""); -user_pref("loop.facebook.shareUrl", ""); -user_pref("loop.logDomains", false); -// 2201: disable new window scrollbars being hidden - // [-] https://bugzilla.mozilla.org/1257887 -user_pref("dom.disable_window_open_feature.scrollbars", true); -// 2303: disable push notification (UDP wake-up) - // [-] https://bugzilla.mozilla.org/1265914 -user_pref("dom.push.udp.wakeupEnabled", false); -// ***/ -/* FF50 -// 0101: disable Windows10 intro on startup [WINDOWS] - // [-] https://bugzilla.mozilla.org/1274633 -user_pref("browser.usedOnWindows10.introURL", ""); -// 0308: disable plugin update notifications - // [-] https://bugzilla.mozilla.org/1277905 -user_pref("plugins.update.notifyUser", false); -// 0410: disable "Block dangerous and deceptive content" - replaced by browser.safebrowsing.phishing.enabled - // [-] https://bugzilla.mozilla.org/1025965 - // user_pref("browser.safebrowsing.enabled", false); -// 1266: disable rc4 ciphers - // [1] https://trac.torproject.org/projects/tor/ticket/17369 - // [-] https://bugzilla.mozilla.org/1268728 - // [-] https://www.fxsitecompat.com/en-CA/docs/2016/rc4-support-has-been-completely-removed/ -user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); -user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); -user_pref("security.ssl3.rsa_rc4_128_md5", false); -user_pref("security.ssl3.rsa_rc4_128_sha", false); -// 1809: remove Mozilla's plugin update URL - // [-] https://bugzilla.mozilla.org/1277905 -user_pref("plugins.update.url", ""); -// ***/ -/* FF51 -// 0702: disable SPDY - // [-] https://bugzilla.mozilla.org/1248197 -user_pref("network.http.spdy.enabled.v3-1", false); -// 1851: delay play of videos until they're visible - // [1] https://bugzilla.mozilla.org/1180563 - // [-] https://bugzilla.mozilla.org/1262053 -user_pref("media.block-play-until-visible", true); -// 2504: disable virtual reality devices - // [-] https://bugzilla.mozilla.org/1250244 -user_pref("dom.vr.oculus050.enabled", false); -// ***/ -/* FF52 -// 1601: disable referer from an SSL Website - // [-] https://bugzilla.mozilla.org/1308725 -user_pref("network.http.sendSecureXSiteReferrer", false); -// 1850: disable Adobe EME "Primetime CDM" (Content Decryption Module) - // [1] https://trac.torproject.org/projects/tor/ticket/16285 - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1329538,1337121 // FF52 - // [-] https://bugzilla.mozilla.org/1329543 // FF53 -user_pref("media.gmp-eme-adobe.enabled", false); -user_pref("media.gmp-eme-adobe.visible", false); -user_pref("media.gmp-eme-adobe.autoupdate", false); -// 2405: disable WebTelephony API - // [1] https://wiki.mozilla.org/WebAPI/Security/WebTelephony - // [-] https://bugzilla.mozilla.org/1309719 -user_pref("dom.telephony.enabled", false); -// ***/ -/* FF53 -// 1265: block rc4 fallback - // [-] https://bugzilla.mozilla.org/1130670 -user_pref("security.tls.unrestricted_rc4_fallback", false); -// 1806: disable Acrobat, Quicktime, WMP (the string = min version number allowed) - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1317108,1317109,1317110 -user_pref("plugin.scan.Acrobat", "99999"); -user_pref("plugin.scan.Quicktime", "99999"); -user_pref("plugin.scan.WindowsMediaPlayer", "99999"); -// 2022: disable screensharing - // [-] https://bugzilla.mozilla.org/1329562 -user_pref("media.getusermedia.screensharing.allow_on_old_platforms", false); -// 2507: disable keyboard fingerprinting - // [-] https://bugzilla.mozilla.org/1322736 -user_pref("dom.beforeAfterKeyboardEvent.enabled", false); -// ***/ -/* FF54 -// 0415: disable reporting URLs (safe browsing) - // [-] https://bugzilla.mozilla.org/1288633 -user_pref("browser.safebrowsing.reportMalwareMistakeURL", ""); -user_pref("browser.safebrowsing.reportPhishMistakeURL", ""); -// 1830: block websites detecting DRM is disabled - // [-] https://bugzilla.mozilla.org/1242321 -user_pref("media.eme.apiVisible", false); -// 2425: disable Archive Reader API - // i.e. reading archive contents directly in the browser, through DOM file objects - // [-] https://bugzilla.mozilla.org/1342361 -user_pref("dom.archivereader.enabled", false); -// ***/ -/* FF55 -// 0209: disable geolocation on non-secure origins [FF54+] - // [1] https://bugzilla.mozilla.org/1269531 - // [-] https://bugzilla.mozilla.org/1072859 -user_pref("geo.security.allowinsecure", false); -// 0336: disable "Heartbeat" (Mozilla user rating telemetry) [FF37+] - // [1] https://trac.torproject.org/projects/tor/ticket/18738 - // [-] https://bugzilla.mozilla.org/1361578 -user_pref("browser.selfsupport.enabled", false); // [HIDDEN PREF] -user_pref("browser.selfsupport.url", ""); -// 0360: disable new tab "pings" - // [-] https://bugzilla.mozilla.org/1241390 -user_pref("browser.newtabpage.directory.ping", "data:text/plain,"); -// 0861: disable saving form history on secure websites - // [-] https://bugzilla.mozilla.org/1361220 -user_pref("browser.formfill.saveHttpsForms", false); -// 0863: disable Form Autofill [FF54+] - replaced by extensions.formautofill.* - // [-] https://bugzilla.mozilla.org/1364334 -user_pref("browser.formautofill.enabled", false); -// 2410: disable User Timing API - // [1] https://trac.torproject.org/projects/tor/ticket/16336 - // [-] https://bugzilla.mozilla.org/1344669 -user_pref("dom.enable_user_timing", false); -// 2507: disable keyboard fingerprinting (physical keyboards) [FF38+] - // The Keyboard API allows tracking the "read parameter" of pressed keys in forms on - // web pages. These parameters vary between types of keyboard layouts such as QWERTY, - // AZERTY, Dvorak, and between various languages, e.g. German vs English. - // [WARNING] Don't use if Android + physical keyboard - // [1] https://developer.mozilla.org/docs/Web/API/KeyboardEvent/code - // [2] https://www.privacy-handbuch.de/handbuch_21v.htm - // [-] https://bugzilla.mozilla.org/1352949 -user_pref("dom.keyboardevent.code.enabled", false); -// 5015: disable tab animation - replaced by toolkit.cosmeticAnimations.enabled - // [-] https://bugzilla.mozilla.org/1352069 -user_pref("browser.tabs.animate", false); -// 5016: disable fullscreeen animation - replaced by toolkit.cosmeticAnimations.enabled - // [-] https://bugzilla.mozilla.org/1352069 -user_pref("browser.fullscreen.animate", false); -// ***/ -/* FF56 -// 0515: disable Screenshots (rollout pref only) [FF54+] - // [-] https://bugzilla.mozilla.org/1386333 - // user_pref("extensions.screenshots.system-disabled", true); -// 0517: disable Form Autofill [FF55+] - replaced by extensions.formautofill.available - // [-] https://bugzilla.mozilla.org/1385201 -user_pref("extensions.formautofill.experimental", false); -// ***/ -/* FF57 -// 0374: disable "social" integration - // [1] https://developer.mozilla.org/docs/Mozilla/Projects/Social_API - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1388902,1406193 (some leftovers were removed in FF58) -user_pref("social.whitelist", ""); -user_pref("social.toast-notifications.enabled", false); -user_pref("social.shareDirectory", ""); -user_pref("social.remote-install.enabled", false); -user_pref("social.directories", ""); -user_pref("social.share.activationPanelEnabled", false); -user_pref("social.enabled", false); // [HIDDEN PREF] -// 1830: disable DRM's EME WideVineAdapter [FF55+] - // [-] https://bugzilla.mozilla.org/1395468 -user_pref("media.eme.chromium-api.enabled", false); -// 2608: disable WebIDE extension downloads (Valence) - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1393497 -user_pref("devtools.webide.autoinstallFxdtAdapters", false); -user_pref("devtools.webide.adaptersAddonURL", ""); -// 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku - // [1] https://trac.torproject.org/projects/tor/ticket/16222 - // [-] https://bugzilla.mozilla.org/1393582 -user_pref("browser.casting.enabled", false); -// 5022: hide recently bookmarked items (you still have the original bookmarks) [FF49+] - // [-] https://bugzilla.mozilla.org/1401238 -user_pref("browser.bookmarks.showRecentlyBookmarked", false); -// ***/ -/* FF58 -// 0351: disable sending of crash reports [FF51+] - replaced by *.autoSubmit2 - // [-] https://bugzilla.mozilla.org/1424373 -user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); -// ***/ -/* FF59 -// 0203: disable using OS locale, force APP locale - replaced by intl.locale.requested - // [-] https://bugzilla.mozilla.org/1414390 -user_pref("intl.locale.matchOS", false); -// 0204: set APP locale - replaced by intl.locale.requested - // [-] https://bugzilla.mozilla.org/1414390 -user_pref("general.useragent.locale", "en-US"); -// 0340b: disable about:healthreport page (which connects to Mozilla for locale/css+js+json) - // If you have disabled health reports, then this about page is useless - disable it - // If you want to see what health data is present, then this must be set at default - // [-] https://bugzilla.mozilla.org/1352497 -user_pref("datareporting.healthreport.about.reportUrl", "data:,"); -// 0511: disable FlyWeb [FF49+] - // Flyweb is a set of APIs for advertising and discovering local-area web servers - // [1] https://flyweb.github.io/ - // [2] https://wiki.mozilla.org/FlyWeb/Security_scenarios - // [3] https://www.ghacks.net/2016/07/26/firefox-flyweb/ - // [-] https://bugzilla.mozilla.org/1374574 -user_pref("dom.flyweb.enabled", false); -// 1007: disable randomized FF HTTP cache decay experiments - // [1] https://trac.torproject.org/projects/tor/ticket/13575 - // [-] https://bugzilla.mozilla.org/1430197 -user_pref("browser.cache.frecency_experiment", -1); -// 1242: enable Mixed-Content-Blocker to use the HSTS cache but disable the HSTS Priming requests [FF51+] - // Allow resources from domains with an existing HSTS cache record or in the HSTS preload list - // to be upgraded to HTTPS internally but disable sending out HSTS Priming requests, because - // those may cause noticeable delays e.g. requests time out or are not handled well by servers - // [NOTE] If you want to use the priming requests make sure 'use_hsts' is also true - // [1] https://bugzilla.mozilla.org/1246540#c145 - // [-] https://bugzilla.mozilla.org/1424917 -user_pref("security.mixed_content.use_hsts", true); -user_pref("security.mixed_content.send_hsts_priming", false); -// 1606: set the default Referrer Policy [FF53+] - replaced by network.http.referer.defaultPolicy - // [-] https://bugzilla.mozilla.org/587523 -user_pref("network.http.referer.userControlPolicy", 3); -// 1804: disable plugins using external/untrusted scripts with XPCOM or XPConnect - // [-] (part8) https://bugzilla.mozilla.org/1416703#c21 -user_pref("security.xpconnect.plugin.unrestricted", false); -// 2022: disable screensharing domain whitelist - // [-] https://bugzilla.mozilla.org/1411742 -user_pref("media.getusermedia.screensharing.allowed_domains", ""); -// 2023: disable camera stuff - // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 -user_pref("camera.control.face_detection.enabled", false); -// 2202: prevent scripts from changing the status text - // [-] https://bugzilla.mozilla.org/1425999 -user_pref("dom.disable_window_status_change", true); -// 2416: disable idle observation - // [-] (part7) https://bugzilla.mozilla.org/1416703#c21 -user_pref("dom.idle-observers-api.enabled", false); -// ***/ -/* FF60 -// 0360: disable new tab tile ads & preload & marketing junk - // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1370930,1433133 -user_pref("browser.newtabpage.directory.source", "data:text/plain,"); -user_pref("browser.newtabpage.enhanced", false); -user_pref("browser.newtabpage.introShown", true); -// 0512: disable Shield [FF53+] - renamed to app.normandy.* (see 0503) - // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes" - // [1] https://wiki.mozilla.org/Firefox/Shield - // [2] https://github.com/mozilla/normandy - // [-] https://bugzilla.mozilla.org/1436113 -user_pref("extensions.shield-recipe-client.enabled", false); -user_pref("extensions.shield-recipe-client.api_url", ""); -// 0514: disable Activity Stream [FF54+] - // [-] https://bugzilla.mozilla.org/1433324 -user_pref("browser.newtabpage.activity-stream.enabled", false); -// 2301: disable workers - // Disabling workers *will* break sites (e.g. Google Street View, Twitter) - // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed) - // [-] https://bugzilla.mozilla.org/1434934 -user_pref("dom.workers.enabled", false); -// 5000's: open "page/selection source" in a new window - // [-] https://bugzilla.mozilla.org/1418403 - // user_pref("view_source.tab", false); -// ***/ - /* ESR60.x still uses all the following prefs // [NOTE] replace the * with a slash in the line above to re-enable them // FF61