michel_ouba/FF_arkenfox_user.js
michel_ouba
/
FF_arkenfox_user.js
1
0
Fork 0
Code Releases Activity

v97 (#1346)

This commit is contained in:
Thorin-Oakenpants 2022-02-14 00:15:00 +13:00 committed by GitHub
parent 58e2618b9d
commit a98b73c64e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
user.js
View File

@ -1,25 +1,24 @@
/****** /******
* name: arkenfox user.js * name: arkenfox user.js
* date: 21 January 2022 * date: 12 February 2022
* version 96 * version: 97
* url: https://github.com/arkenfox/user.js * url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
* README: * README:
1. Consider using Tor Browser if it meets your needs or fits your threat model 1. Consider using Tor Browser if it meets your needs or fits your threat model
* https://2019.www.torproject.org/about/torusers.html * https://2019.www.torproject.org/about/torusers.html
2. Required reading: Overview, Backing Up, Implementing, and Maintenance entries 2. Read the entire wiki
* https://github.com/arkenfox/user.js/wiki * https://github.com/arkenfox/user.js/wiki
3. If you skipped step 2, return to step 2 3. If you skipped step 2, return to step 2
4. Make changes 4. Make changes in a user-overrides.js
* There are often trade-offs and conflicts between security vs privacy vs anti-tracking * There are often trade-offs and conflicts between security vs privacy vs anti-tracking
and these need to be balanced against functionality & convenience & breakage and these need to be balanced against functionality & convenience & breakage
* Some site breakage and unintended consequences will happen. Everyone's experience will differ * Some site breakage and unintended consequences will happen. Everyone's experience will differ
e.g. some user data is erased on exit (section 2800), change this to suit your needs e.g. some user data is erased on exit (section 2800), change this to suit your needs
* While not 100% definitive, search for "[SETUP" tags * While not 100% definitive, search for "[SETUP" tags
e.g. third party images/videos not loading on some sites? check 1601 e.g. third party images/videos not loading on some sites? check 1601
* Take the wiki link in step 2 and read the Troubleshooting entry
5. Some tag info 5. Some tag info
[SETUP-SECURITY] it's one item, read it [SETUP-SECURITY] it's one item, read it
[SETUP-WEB] can cause some websites to break [SETUP-WEB] can cause some websites to break
@ -159,7 +158,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false);
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/ * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/
user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("datareporting.healthreport.uploadEnabled", false);
/* 0332: disable telemetry /* 0332: disable telemetry
* The "unified" pref affects the behaviour of the "enabled" pref * The "unified" pref affects the behavior of the "enabled" pref
* - If "unified" is false then "enabled" controls the telemetry module * - If "unified" is false then "enabled" controls the telemetry module
* - If "unified" is true then "enabled" only controls whether to record extended data * - If "unified" is true then "enabled" only controls whether to record extended data
* [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2] * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2]
@ -235,16 +234,16 @@ user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
* To verify the safety of certain executable files, Firefox may submit some information about the * To verify the safety of certain executable files, Firefox may submit some information about the
* file, including the name, origin, size and a cryptographic hash of the contents, to the Google * file, including the name, origin, size and a cryptographic hash of the contents, to the Google
* Safe Browsing service which helps Firefox determine whether or not the file should be blocked * Safe Browsing service which helps Firefox determine whether or not the file should be blocked
* [SETUP-SECURITY] If you do not understand this, or you want this protection, then override it ***/ * [SETUP-SECURITY] If you do not understand this, or you want this protection, then override this ***/
user_pref("browser.safebrowsing.downloads.remote.enabled", false); user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.url", ""); // user_pref("browser.safebrowsing.downloads.remote.url", ""); // Defense-in-depth
/* 0404: disable SB checks for unwanted software /* 0404: disable SB checks for unwanted software
* [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/ * [SETTING] Privacy & Security>Security>... "Warn you about unwanted and uncommon software" ***/
// user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); // user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
// user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); // user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
/* 0405: disable "ignore this warning" on SB warnings [FF45+] /* 0405: disable "ignore this warning" on SB warnings [FF45+]
* If clicked, it bypasses the block for that session. This is a means for admins to enforce SB * If clicked, it bypasses the block for that session. This is a means for admins to enforce SB
* [TEST] see github wiki APPENDIX A: Test Sites: Section 5 * [TEST] see https://github.com/arkenfox/user.js/wiki/Appendix-A-Test-Sites#-mozilla
* [1] https://bugzilla.mozilla.org/1226490 ***/ * [1] https://bugzilla.mozilla.org/1226490 ***/
// user_pref("browser.safebrowsing.allowOverride", false); // user_pref("browser.safebrowsing.allowOverride", false);
@ -263,7 +262,9 @@ user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: fals
/* 0604: disable link-mouseover opening connection to linked server /* 0604: disable link-mouseover opening connection to linked server
* [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/ * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/
user_pref("network.http.speculative-parallel-limit", 0); user_pref("network.http.speculative-parallel-limit", 0);
/* 0605: enforce no "Hyperlink Auditing" (click tracking) /* 0605: disable mousedown speculative connections on bookmarks and history [FF98+] ***/
user_pref("browser.places.speculativeConnect.enabled", false);
/* 0610: enforce no "Hyperlink Auditing" (click tracking)
* [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
// user_pref("browser.send_pings", false); // [DEFAULT: false] // user_pref("browser.send_pings", false); // [DEFAULT: false]
@ -306,7 +307,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
* [WARNING] If false, this will break the fallback for some security features * [WARNING] If false, this will break the fallback for some security features
* [SETUP-CHROME] If you use a proxy and you understand the security impact * [SETUP-CHROME] If you use a proxy and you understand the security impact
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
// user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF] // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96]
/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+] /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
* 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
* see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3] * see "doh-rollout.home-region": USA Feb 2020, Canada July 2021 [3]
@ -323,8 +324,7 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
* Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com" * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
* [NOTE] This does not affect explicit user action such as using search buttons in the * [NOTE] This does not affect explicit user action such as using search buttons in the
* dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)
* [SETUP-CHROME] If you don't, or rarely, type URLs, or you use a default search * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/
* engine that respects privacy, then you probably don't need this ***/
user_pref("keyword.enabled", false); user_pref("keyword.enabled", false);
/* 0802: disable location bar domain guessing /* 0802: disable location bar domain guessing
* domain guessing intercepts DNS "hostname not found errors" and resends a * domain guessing intercepts DNS "hostname not found errors" and resends a
@ -338,7 +338,7 @@ user_pref("browser.fixup.alternate.enabled", false);
user_pref("browser.urlbar.trimURLs", false); user_pref("browser.urlbar.trimURLs", false);
/* 0804: disable live search suggestions /* 0804: disable live search suggestions
* [NOTE] Both must be true for the location bar to work * [NOTE] Both must be true for the location bar to work
* [SETUP-CHROME] Change these if you trust and use a privacy respecting search engine * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
* [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/ * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
user_pref("browser.search.suggest.enabled", false); user_pref("browser.search.suggest.enabled", false);
user_pref("browser.urlbar.suggest.searches", false); user_pref("browser.urlbar.suggest.searches", false);
@ -452,11 +452,11 @@ user_pref("browser.shell.shortcutFavicons", false);
user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
/** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/ /** SSL (Secure Sockets Layer) / TLS (Transport Layer Security) ***/
/* 1201: require safe negotiation /* 1201: require safe negotiation
* Blocks connections (SSL_ERROR_UNSAFE_NEGOTIATION) to servers that don't support RFC 5746 [2] * Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
* as they're potentially vulnerable to a MiTM attack [3]. A server without RFC 5746 can be * MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations
* safe from the attack if it disables renegotiations but the problem is that the browser can't * but the problem is that the browser can't know that. Setting this pref to true is the only way for the
* know that. Setting this pref to true is the only way for the browser to ensure there will be * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
* no unsafe renegotiations on the channel between the browser and the server. * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
* [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4] * [STATS] SSL Labs (July 2021) reports over 99% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation * [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746 * [2] https://datatracker.ietf.org/doc/html/rfc5746
@ -580,7 +580,7 @@ user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1601: control when to send a cross-origin referer /* 1601: control when to send a cross-origin referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match * 0=always (default), 1=only if base domains match, 2=only if hosts match
* [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
* If "2" is too strict, then override to "0" and use Smart Referer (Strict mode + add exceptions) ***/ * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
user_pref("network.http.referer.XOriginPolicy", 2); user_pref("network.http.referer.XOriginPolicy", 2);
/* 1602: control the amount of cross-origin information to send [FF52+] /* 1602: control the amount of cross-origin information to send [FF52+]
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
@ -598,7 +598,7 @@ user_pref("_user.js.parrot", "1700 syntax error: the parrot's bit the dust!");
* [SETTING] General>Tabs>Enable Container Tabs ***/ * [SETTING] General>Tabs>Enable Container Tabs ***/
user_pref("privacy.userContext.enabled", true); user_pref("privacy.userContext.enabled", true);
user_pref("privacy.userContext.ui.enabled", true); user_pref("privacy.userContext.ui.enabled", true);
/* 1702: set behaviour on "+ Tab" button to display container menu on left click [FF74+] /* 1702: set behavior on "+ Tab" button to display container menu on left click [FF74+]
* [NOTE] The menu is always shown on long press and right click * [NOTE] The menu is always shown on long press and right click
* [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/ * [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true); // user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
@ -766,8 +766,10 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
user_pref("browser.contentblocking.category", "strict"); user_pref("browser.contentblocking.category", "strict");
/* 2702: disable ETP web compat features [FF93+] /* 2702: disable ETP web compat features [FF93+]
* [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
* Opener Heuristics are granted for 30 days and Redirect Heuristics for 15 minutes, see [3]
* [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/ * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/ * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
* [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
// user_pref("privacy.antitracking.enableWebcompat", false); // user_pref("privacy.antitracking.enableWebcompat", false);
/* 2710: enable state partitioning of service workers [FF96+] ***/ /* 2710: enable state partitioning of service workers [FF96+] ***/
user_pref("privacy.partition.serviceWorkers", true); user_pref("privacy.partition.serviceWorkers", true);
@ -781,7 +783,6 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"
* sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission * sharedWorkers and serviceWorkers. serviceWorkers require an "Allow" permission
* [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed * [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow * [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow
* If using FPI the syntax must be https://example.com/^firstPartyDomain=example.com
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
user_pref("network.cookie.lifetimePolicy", 2); user_pref("network.cookie.lifetimePolicy", 2);
/* 2802: delete cache on exit [FF96+] /* 2802: delete cache on exit [FF96+]
@ -952,7 +953,7 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
* [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/ * [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/
user_pref("browser.link.open_newwindow.restriction", 0); user_pref("browser.link.open_newwindow.restriction", 0);
/* 4520: disable WebGL (Web Graphics Library) /* 4520: disable WebGL (Web Graphics Library)
* [SETUP-WEB] If you need it then enable it. RFP still randomizes canvas for naive scripts ***/ * [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/
user_pref("webgl.disabled", true); user_pref("webgl.disabled", true);
/*** [SECTION 5000]: OPTIONAL OPSEC /*** [SECTION 5000]: OPTIONAL OPSEC
@ -1029,8 +1030,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
// user_pref("browser.download.folderList", 2); // user_pref("browser.download.folderList", 2);
/*** [SECTION 5500]: OPTIONAL HARDENING /*** [SECTION 5500]: OPTIONAL HARDENING
Not recommended. Keep in mind that these can cause breakage and performance Not recommended. Overriding these can cause breakage and performance issues,
issues, are mostly fingerpintable, and the threat model is practically zero they are mostly fingerprintable, and the threat model is practically nonexistent
***/ ***/
user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!"); user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
/* 5501: disable MathML (Mathematical Markup Language) [FF51+] /* 5501: disable MathML (Mathematical Markup Language) [FF51+]
@ -1125,7 +1126,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("geo.enabled", false); // user_pref("geo.enabled", false);
// user_pref("full-screen-api.enabled", false); // user_pref("full-screen-api.enabled", false);
// user_pref("browser.cache.offline.enable", false); // user_pref("browser.cache.offline.enable", false);
// user_pref("dom.vr.enabled", false); // user_pref("dom.vr.enabled", false); // [DEFAULT: false FF97+]
/* 7002: set default permissions /* 7002: set default permissions
* Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+] * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
* 0=always ask (default), 1=allow, 2=block * 0=always ask (default), 1=allow, 2=block
@ -1159,7 +1160,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF] // user_pref("security.ssl.disable_session_identifiers", true); // [HIDDEN PREF]
/* 7006: onions /* 7006: onions
* [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/ * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/
// user_pref("dom.securecontext.whitelist_onions", true); // 1382359
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144 // user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers /* 7007: referers
@ -1344,6 +1344,10 @@ user_pref("browser.urlbar.suggest.quicksuggest", false);
// [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows // [1] https://support.mozilla.org/kb/enable-background-updates-firefox-windows
// [-] https://bugzilla.mozilla.org/1738983 // [-] https://bugzilla.mozilla.org/1738983
user_pref("app.update.background.scheduling.enabled", false); user_pref("app.update.background.scheduling.enabled", false);
// FF97
// 7006: onions - replaced by new 7006 "allowlist"
// [-] https://bugzilla.mozilla.org/1744006
// user_pref("dom.securecontext.whitelist_onions", true); // 1382359
// ***/ // ***/
/* END: internal custom pref to test for syntax errors ***/ /* END: internal custom pref to test for syntax errors ***/