tidy
This commit is contained in:
Thorin-Oakenpants
GitHub
parent
9cc132e69d
commit
f0b5e3649d
23
user.js
23
user.js
|
|
@ -116,7 +116,7 @@ user_pref("browser.newtabpage.activity-stream.telemetry", false);
|
|||
/* 0105b: disable Activity Stream Snippets
|
||||
* Runs code received from a server (aka Remote Code Execution) and sends information back to a metrics server
|
||||
* [1] https://abouthome-snippets-service.readthedocs.io/ ***/
|
||||
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
|
||||
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); // [DEFAULT: false FF89+]
|
||||
/* 0105c: disable Activity Stream Top Stories, Pocket-based and/or sponsored content ***/
|
||||
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
|
||||
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
|
||||
|
|
@ -273,9 +273,9 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
|
|||
Firefox also takes measures such as striping out identifying parameters and since SBv4 (FF57+)
|
||||
doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity)
|
||||
|
||||
#Required reading [#] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
|
||||
[1] https://wiki.mozilla.org/Security/Safe_Browsing
|
||||
[2] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
|
||||
[1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
|
||||
[2] https://wiki.mozilla.org/Security/Safe_Browsing
|
||||
[3] https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work
|
||||
***/
|
||||
/* 0410: disable SB (Safe Browsing)
|
||||
* [WARNING] Do this at your own risk! These are the master switches.
|
||||
|
|
@ -425,8 +425,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
|
|||
your environment (no unwanted eyeballs), your device (restricted access), your device's
|
||||
unattended state (locked, encrypted, forensic hardened). Likewise, you may want to check
|
||||
the items cleared on shutdown in section 2800.
|
||||
[NOTE] The urlbar is also commonly referred to as the location bar and address bar
|
||||
#Required reading [#] https://xkcd.com/538/
|
||||
[1] https://xkcd.com/538/
|
||||
***/
|
||||
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
|
||||
/* 0801: disable location bar using search
|
||||
|
|
@ -657,7 +656,9 @@ user_pref("security.tls.version.enable-deprecated", false);
|
|||
user_pref("security.tls.enable_0rtt_data", false);
|
||||
|
||||
/** OCSP (Online Certificate Status Protocol)
|
||||
#Required reading [#] https://scotthelme.co.uk/revocation-is-broken/ ***/
|
||||
[1] https://scotthelme.co.uk/revocation-is-broken/
|
||||
[2] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
|
||||
***/
|
||||
/* 1211: control when to use OCSP fetching (to confirm current validity of certificates)
|
||||
* 0=disabled, 1=enabled (default), 2=enabled for EV certificates only
|
||||
* OCSP (non-stapled) leaks information about the sites you visit to the CA (cert authority)
|
||||
|
|
@ -815,7 +816,7 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
|
|||
scheme+host+port+path: https://example.com:8888/foo/bar.html
|
||||
scheme+host+port: https://example.com:8888
|
||||
---
|
||||
#Required reading [#] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
|
||||
[1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
|
||||
***/
|
||||
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
|
||||
/* 1601: ALL: control when images/links send a referer
|
||||
|
|
@ -1250,8 +1251,8 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
|
|||
user_pref("network.cookie.cookieBehavior", 1);
|
||||
user_pref("browser.contentblocking.category", "custom");
|
||||
/* 2702: set third-party cookies (if enabled, see 2701) to session-only
|
||||
[NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
|
||||
.nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
|
||||
* [NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
|
||||
* .nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
|
||||
* [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/ ***/
|
||||
user_pref("network.cookie.thirdparty.sessionOnly", true);
|
||||
user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true); // [FF58+]
|
||||
|
|
@ -1449,7 +1450,7 @@ user_pref("privacy.firstparty.isolate", true);
|
|||
1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+)
|
||||
FF78+
|
||||
1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+)
|
||||
1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+)
|
||||
1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (Windows, Mac, some Linux) (FF80+)
|
||||
1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+)
|
||||
***/
|
||||
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
|
||||
|
|
|
|||
Loading…
Reference in New Issue