diff --git a/user.js b/user.js index 1751984..788db22 100644 --- a/user.js +++ b/user.js @@ -44,7 +44,7 @@ 0100: STARTUP 0200: GEOLOCATION 0300: QUIET FOX - 0400: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION + 0400: BLOCKLISTS / SAFE BROWSING 0500: SYSTEM ADD-ONS / EXPERIMENTS 0600: BLOCK IMPLICIT OUTBOUND 0700: HTTP* / TCP/IP / DNS / PROXY / SOCKS etc @@ -275,67 +275,28 @@ user_pref("network.captive-portal-service.enabled", false); // [FF52+] * [1] https://bugzilla.mozilla.org/1460537 ***/ user_pref("network.connectivity-service.enabled", false); -/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING / TRACKING PROTECTION - This section has security & tracking protection implications vs privacy concerns vs effectiveness - vs 3rd party 'censorship'. We DO NOT advocate no protection. If you disable Tracking Protection (TP) - and/or Safe Browsing (SB), then SECTION 0400 REQUIRES YOU HAVE uBLOCK ORIGIN INSTALLED. +/*** [SECTION 0400]: BLOCKLISTS / SAFE BROWSING (SB) + Safe Browsing has taken many steps to preserve privacy. *IF* required, a full url is never + sent to Google, only a PART-hash of the prefix, and this is hidden with noise of other real + PART-hashes. Google also swear it is anonymized and only used to flag malicious sites. + Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+) + doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - Safe Browsing is designed to protect users from malicious sites. Tracking Protection is designed - to lessen the impact of third parties on websites to reduce tracking and to speed up your browsing. - These do rely on 3rd parties (Google for SB and Disconnect for TP), but many steps, which are - continually being improved, have been taken to preserve privacy. Disable at your own risk. + #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ + [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/** BLOCKLISTS ***/ -/* 0401: enable Firefox blocklist, but sanitize blocklist url +/* 0401: enforce Firefox blocklist, but sanitize blocklist url * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/ * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true] user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists - * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications - * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be - * revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes ***/ - // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates - // user_pref("services.blocklist.addons.collection", ""); - // user_pref("services.blocklist.plugins.collection", ""); - // user_pref("services.blocklist.gfx.collection", ""); - -/** SAFE BROWSING (SB) - This sub-section has been redesigned to differentiate between "real-time"/"user initiated" data - being sent to Google from all other settings such as using local blocklists/whitelists and updating - those lists. There are NO privacy issues here. *IF* required, a full url is never sent to Google, - only a PART-hash of the prefix, and this is hidden with noise of other real PART-hashes. Google also - swear it is anonymized and only used to flag malicious sites/activity. Firefox also takes measures - such as striping out identifying parameters and storing safe browsing cookies in a separate jar. - SB v4 (FF57+) doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity) - #Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ - [1] https://wiki.mozilla.org/Security/Safe_Browsing ***/ -/* 0410: disable "Block dangerous and deceptive content" - * This covers deceptive sites such as phishing and social engineering - * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ - // user_pref("browser.safebrowsing.malware.enabled", false); - // user_pref("browser.safebrowsing.phishing.enabled", false); // [FF50+] -/* 0411: disable "Block dangerous downloads" - * This covers malware and PUPs (potentially unwanted programs) - * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ - // user_pref("browser.safebrowsing.downloads.enabled", false); -/* 0412: disable "Warn me about unwanted and uncommon software" - * [SETTING] Privacy & Security>Security>Deceptive Content and Software Protection ***/ - // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // [FF48+] - // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // [FF48+] - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); // [FF49+] - // user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); // [FF49+] -/* 0413: disable Google safebrowsing updates ***/ - // user_pref("browser.safebrowsing.provider.google.updateURL", ""); - // user_pref("browser.safebrowsing.provider.google.gethashURL", ""); - // user_pref("browser.safebrowsing.provider.google4.updateURL", ""); // [FF50+] - // user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); // [FF50+] -/* 0414: disable binaries NOT in local lists being checked by Google (real-time checking) ***/ +/* 0402: disable binaries NOT in Safe Browsing local lists being checked + * [SETUP-WEB] This is a real-time check with Google. If you want this protection, turn it on ***/ user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.url", ""); -/* 0415: disable reporting URLs ***/ +/* 0403: disable reporting URLs ***/ user_pref("browser.safebrowsing.provider.google.reportURL", ""); user_pref("browser.safebrowsing.reportPhishURL", ""); user_pref("browser.safebrowsing.provider.google4.reportURL", ""); // [FF50+] @@ -343,43 +304,15 @@ user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); / user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); // [FF54+] user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); // [FF54+] user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); // [FF54+] -/* 0416: disable 'ignore this warning' on Safe Browsing warnings +/* 0404: disable 'ignore this warning' on Safe Browsing warnings * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [1] https://bugzilla.mozilla.org/1226490 ***/ // user_pref("browser.safebrowsing.allowOverride", false); -/* 0417: disable data sharing [FF58+] ***/ +/* 0405: disable data sharing [FF58+] ***/ user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); -/** TRACKING PROTECTION (TP) - There are NO privacy concerns here, but we strongly recommend to use uBlock Origin as well, - as it offers more comprehensive and specialized lists. It also allows per domain control. ***/ -/* 0420: enable Tracking Protection in all windows - * [NOTE] TP sends DNT headers regardless of the DNT pref (see 1610) - * [1] https://wiki.mozilla.org/Security/Tracking_protection - * [2] https://support.mozilla.org/kb/tracking-protection-firefox ***/ - // user_pref("privacy.trackingprotection.pbmode.enabled", true); // [DEFAULT: true] - // user_pref("privacy.trackingprotection.enabled", true); -/* 0422: set which Tracking Protection block list to use - * [WARNING] We don't recommend enforcing this from here, as available block lists can change - * [SETTING] Privacy & Security>Content Blocking>All Detected Trackers>Change block list ***/ - // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic -/* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting [FF48+] - * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/ - * [2] https://bugzilla.mozilla.org/1237198 ***/ - // user_pref("browser.safebrowsing.blockedURIs.enabled", false); -/* 0424: disable Mozilla's tracking protection and Flash blocklist updates ***/ - // user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); - // user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); -/* 0425: disable passive Tracking Protection [FF53+] - * Passive TP annotates channels to lower the priority of network loads for resources on the tracking protection list - * [NOTE] It has no effect if TP is enabled, but keep in mind that by default TP is only enabled in Private Windows - * This is included for people who want to completely disable Tracking Protection. - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1170190,1141814 ***/ - // user_pref("privacy.trackingprotection.annotate_channels", false); - // user_pref("privacy.trackingprotection.lower_network_priority", false); - /*** [SECTION 0500]: SYSTEM ADD-ONS / EXPERIMENTS System Add-ons are a method for shipping extensions, considered to be built-in features to Firefox, that are hidden from the about:addons UI. @@ -974,7 +907,7 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] * [1] https://bugzilla.mozilla.org/1305144 ***/ user_pref("network.http.referer.hideOnionSource", true); /* 1610: ALL: enable the DNT (Do Not Track) HTTP header - * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref + * [NOTE] DNT is enforced with Tracking Protection regardless of this pref * [SETTING] Privacy & Security>Content Blocking>Send websites a "Do Not Track"... ***/ user_pref("privacy.donottrackheader.enabled", true); @@ -1848,12 +1781,6 @@ user_pref("browser.search.countryCode", "US"); // [HIDDEN PREF] // [SETTING] General>Firefox Updates>Never check for updates // [-] https://bugzilla.mozilla.org/1420514 // user_pref("app.update.enabled", false); -// 0402: enable Kinto blocklist updates [FF50+] - // What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications - // As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be - // revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes - // [-] https://bugzilla.mozilla.org/1458917 -user_pref("services.blocklist.update_enabled", true); // [DEFAULT: true] // 0503: disable "Savant" Shield study [FF61+] // [-] https://bugzilla.mozilla.org/1457226 user_pref("shield.savant.enabled", false);