1
0
Commit Graph

1325 Commits

Author SHA1 Message Date
Thorin-Oakenpants
d5f297ed42
5000s: disable what's new 2019-11-08 18:06:35 +00:00
earthlng
c13dbdf40d 1201 update (#838)
https://wiki.mozilla.org/Security:Renegotiation describes

> **the new default behaviour** that was introduced in experimental mozilla-central nightly versions on 2010-02-08

where the last step is

> - should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message

and then after talking about breakage ...

> The above defaults may break some client/server environments where a Server is still using old software and requires renegotiation.

mentions workarounds to reduce said breakage:

> In order to give such environments a way to keep using Firefox (et.al.) to connect to their vulnerable server infrastructure, the following preferences are available:

specifically talking about the first 2 prefs listed there, one allowing to specify a list of hosts "where renegotiation may be performed" and the 2nd one "completely disables the new protection mechanisms".
But both those prefs were removed in FF38, meaning that since then it's no longer possible to disable the default behaviour that is "should the server (or a MITM) request **renegotiation**, Mozilla will terminate the connection with an error message".

But all of this is about the **re**-negotiation part and not negotiation. And nowhere does it say "insecure" renegotiation, which, as I read it, means that FF will terminate the connection for any kind of **renegotiation**, safe or unsafe.

1201 controls the negotiation part:

> This pref controls the behaviour during the initial negotiation between client and server.
> If set to true, a Mozilla client will reject all connection attempts to servers that are still using the old SSL/TLS protocol and which might be vulnerable to the attack.
> Setting this preference to “true” is the only way to guarantee full protection against the attack.

I think "servers that are still using the old SSL/TLS protocol" actually means servers that **only** support the old protocols.
Servers still supporting those old protocols in addition to some new protocol versions should not be affected by this pref because FF will be able to negotiate to use one of the newer protocol versions.

Ergo lets fix the title and remove the line about renegotiation support because I think that's irrelevant.


ps. the sslpulse link is nice and I'd like to keep it somewhere but it doesn't really fit in 1201 IMO so I moved it to 1202.
2019-11-09 05:42:21 +13:00
earthlng
6173104a9e re-add relevant deprecated items for ESR users (#837)
makes the prefsCleaner scripts useful again for users updating from ESR60 to ESR68
2019-11-09 05:30:03 +13:00
earthlng
895f8d01d5 FF70+: shield studies no longer tied to FHR (#836)
https://bugzilla.mozilla.org/1569330
2019-11-09 02:01:33 +13:00
Thorin-Oakenpants
65dfad5c76
2701: UI changes 2019-11-06 11:37:24 +00:00
Thorin-Oakenpants
16756646bb
remove DoH, closes #790 2019-10-31 09:49:12 +00:00
Thorin-Oakenpants
e4f80225d8
FF72: FPI & IPv6 2019-10-28 12:12:52 +00:00
Thorin-Oakenpants
539750d2f2
FF70 hidden/default changes 2019-10-27 04:41:27 +00:00
Thorin-Oakenpants
d91226ed55
tweakin' 2019-10-20 23:59:16 +00:00
Thorin-Oakenpants
301fcd059d
1003: capacity no longer hidden 2019-10-20 23:36:48 +00:00
Thorin-Oakenpants
1cc9a08a18
remove ESR60.x deprecated
These are archived in #123
2019-10-20 22:40:53 +00:00
Thorin-Oakenpants
5d1857ddd8
start 70 commits 2019-10-20 22:32:37 +00:00
Thorin-Oakenpants
226af6f679
69 final 2019-10-20 22:20:50 +00:00
Thorin-Oakenpants
5b82afd5bd
webgl.dxgl.enabled, closes #814 2019-10-15 09:27:44 +00:00
Thorin-Oakenpants
1b6239eab8
remove 0804, closes #808
if anyone can show me how this stops history leaks, then I'll put it back with a note saying it's been broken since FF61
2019-10-14 01:13:27 +00:00
Thorin-Oakenpants
624e50faac
replace ` with ' 2019-10-05 17:51:34 +00:00
Thorin-Oakenpants
a9e9392172
add some SB back, see #803 2019-10-05 17:47:25 +00:00
Thorin-Oakenpants
201210111e
char fix 2019-10-05 15:12:21 +00:00
Thorin-Oakenpants
dc4d9e4dae
revamp 0200s (#807), closes #0806
- split geo related vs language/locale related
- rip out intl.locale.requested
- rip out intl.regional_prefs.use_os_locales
- add intl.charset.fallback.override
2019-10-06 04:04:41 +13:00
Thorin-Oakenpants
e1b0eae740 goodbye http and other stuff (#801)
* goodbye http and other stuff

* dead link

* put back asmjs [1] ref

* 0805 test

* typo

* 1222 refs

* 1222 FF version

FYI: https://bugzilla.mozilla.org/show_bug.cgi?id=629558

* 2684: security delay ref

* ESR stuff

* ping ref

* 2684 ref

* 0606: give the standard it's correct name

https://html.spec.whatwg.org/multipage/links.html#hyperlink-auditing

* 0805 test instructions

* tweakin'
2019-09-21 16:20:10 +00:00
Thorin-Oakenpants
be0ccf6460
2300: service workers, closes #786 2019-09-17 12:43:50 +12:00
Thorin-Oakenpants
7c0a327b06
cache, closes #778 2019-09-16 15:25:30 +00:00
Thorin-Oakenpants
a35cba3914
2651: android UI breakage, closes #795 2019-09-12 16:22:09 +00:00
Thorin-Oakenpants
d503d96db0
0320+0321: redundant prefs, closes #793 2019-09-12 15:50:54 +00:00
Thorin-Oakenpants
7311cfdf84
remove 1002, closes #792 2019-09-09 21:43:50 +00:00
rusty-snake
3a9440aeea 0707: Add mode 5 (#789) 2019-09-08 11:38:37 +00:00
Thorin-Oakenpants
3210ab0ca8
370: pocket -> 5000s, closes #787 2019-09-07 07:22:32 +00:00
Thorin-Oakenpants
2c734612f6
ummm .. beta
OK, did that all back to front... alpha is when we're working on the diffs .. beta is when we finished it
2019-09-04 21:40:04 +00:00
Thorin-Oakenpants
a12dd83b1f
69-alpha, fixes #766 2019-09-04 21:36:50 +00:00
earthlng
44d9ceaf05 various tidyups 2019-09-04 01:40:33 +12:00
Thorin-Oakenpants
be9d9ac9ca
2701: tidyup 2019-09-03 03:34:16 +00:00
Thorin-Oakenpants
66cdb72927
FF69: deprecated 2019-09-02 07:07:50 +00:00
Thorin-Oakenpants
953b96431e
4000: RFP info re 1330467
it rode the train in 69... after a bumpy ride in 68 where it was backed out. Note: it still has some issues. Suggest users wipe the site permissions once upgraded to 69
2019-09-02 06:45:30 +00:00
Thorin-Oakenpants
4d72ad90b0
2701: cookies default FF69+ 2019-09-02 18:33:00 +12:00
Thorin-Oakenpants
810045eb39
1802: remove intervalInMinues
with `plugins.click_to_play` deprecated in FF69, no-one here is sure if `intervalInMinutes` still applies to Flash or even works, and no-one here cares about Flash. Happy to let Mozilla just keep restricting it more and more until it's deprecated in early 2020. Note: we already disable flash anyway in pref 1803.
2019-09-01 21:03:53 +00:00
Thorin-Oakenpants
b47982bb9a
2030: again 2019-09-01 20:32:53 +00:00
Thorin-Oakenpants
0691b8babe
2032: fix description
from earthlng 
> it blocks **all media** autoplay "until in foreground", not just audio.
> Source: https://dxr.mozilla.org/mozilla-central/source/toolkit/content/widgets/browser-custom-element.js#1141
2019-09-01 19:22:28 +00:00
Thorin-Oakenpants
8d1c95c650
2030: autoplay changes
When ESR60 hits end of life, we should remove that value 2
2019-09-01 19:16:36 +00:00
Thorin-Oakenpants
19484e1a56
2805: see #774 2019-09-01 14:47:17 +00:00
Thorin-Oakenpants
755ebf88fb
start 69 commits 2019-09-01 06:27:24 +00:00
Thorin-Oakenpants
d26ea4f39e
68 final 2019-08-31 14:51:08 +00:00
Thorin-Oakenpants
a0f3da208f
0390: better reference
- EFF has pretty pictures and stuff and explains the issues (replaces wikipedia which people can still search for)
- tor issue doesn't hold anything important (out it goes)
- moz wiki page I'll leave in for the bugzilla links if someone wants to research how it's all meant to work
2019-08-28 16:33:06 +00:00
Thorin-Oakenpants
5166811bd5
1003: closes #772 2019-08-21 13:01:12 +00:00
Thorin-Oakenpants
86bfdd1470
tweak: middlemouse.paste for Linux 2019-08-21 04:08:40 +00:00
Thorin-Oakenpants
90ef9e63eb
oophs I meant 68-beta 2019-08-19 04:54:30 +00:00
Thorin-Oakenpants
f2200fd442
68-alpha (for earthlng diffs) 2019-08-19 04:52:53 +00:00
Thorin-Oakenpants
aff595b6ea
1704: remove the obvious 2019-08-04 19:17:38 +00:00
Thorin-Oakenpants
6618bf5f76
media.autoplay.allow-muted, closes #756 2019-07-23 14:02:26 +00:00
Thorin-Oakenpants
9aa8e27ef4
68 deprecated 2019-07-17 10:09:39 +00:00
Thorin-Oakenpants
9c782fbf57
2032: add default 2019-07-15 17:07:35 +00:00
Thorin-Oakenpants
931462b30b
RFP stuff
https://hg.mozilla.org/mozilla-central/rev/c96e81ba64f3#l1.14
2019-07-15 16:16:39 +00:00
Aeriem
469bbc1ab3 remove 0864 (#760)
https://bugzilla.mozilla.org/show_bug.cgi?id=1492587
2019-07-16 03:49:14 +12:00
Thorin-Oakenpants
11dcc54b61
0321 tweak
`url` and `discover` prefs stop the recommendations, the `enabled` pref hides the leftover recommended section and "Find more add-ons" button
2019-07-09 03:16:40 +00:00
claustromaniac
d40d7dbabd
0805 test info 2019-06-30 10:32:38 -03:00
Thorin-Oakenpants
b80c515e88
2010: WebGL setup tag #605 2019-06-29 02:52:41 +00:00
Thorin-Oakenpants
ed735f875c
2001: WebRTC setup tag #605 2019-06-29 02:44:37 +00:00
Thorin-Oakenpants
55b720faec
letterboxing, add setup tag see #728 2019-06-28 05:30:43 +00:00
Thorin-Oakenpants
31567c7938
0321: recommendations discovery in about:addons 2019-06-28 05:00:19 +00:00
Thorin-Oakenpants
8f939c91fe
0320: UI change : get add-ons->recommendations 2019-06-28 04:47:55 +00:00
Thorin-Oakenpants
27bd07d496
5000s: userChrome / userContent 2019-06-28 04:22:50 +00:00
Thorin-Oakenpants
42281a9e52
2212: popup events 2019-06-28 04:15:54 +00:00
Thorin-Oakenpants
8f40c97fd1
the return of the jedi
https://bugzilla.mozilla.org/show_bug.cgi?id=1444133
2019-06-28 04:11:46 +00:00
Thorin-Oakenpants
23c884a5f8
prefs no longer hidden 2019-06-26 10:14:24 +00:00
Thorin-Oakenpants
51089fbad9
start 68-alpha 2019-06-26 10:12:48 +00:00
Thorin-Oakenpants
83b4ada670
67 archive 2019-06-26 09:05:08 +00:00
Thorin-Oakenpants
e338186953
4500 fix alignment 2019-06-15 16:47:25 +00:00
Thorin-Oakenpants
fa61a7c25b
1202: cleanup
I don't think we need a 4 yr old article to explain the concept of `.min` (or `.max`), it's pretty self explanatory (and SSL 3 is obsolete). Three lines of text culled, and one of the remaining http links eliminated as a bonus. Enjoy the saved bytes and mouse-scrolling.
2019-06-15 16:34:29 +00:00
Thorin-Oakenpants
fc545b4d27
remove 1406 css font loading api #744, #731 2019-06-12 13:33:58 +00:00
Thorin-Oakenpants
9e7f9de56f
remove 1402, see #744 2019-06-11 15:47:34 +00:00
Thorin-Oakenpants
690a93b71d
remove: 1407, see #744 2019-06-11 15:09:24 +00:00
Thorin-Oakenpants
a92c4086bb
2622: middlemouse.paste, closes #735 2019-06-10 00:38:20 +00:00
Thorin-Oakenpants
9b7771fe76
1401: document fonts => active, see #731
- https://github.com/ghacksuserjs/ghacks-user.js/issues/731#issuecomment-500255686
- reverting my change from last release
2019-06-10 00:06:15 +00:00
Thorin-Oakenpants
2265b73521
1406: css.font-loading-api=> inactive, closes #731 2019-06-09 23:56:40 +00:00
Thorin-Oakenpants
01aae1b346
2426: IntersectionObserver=> inactive, closes #737 2019-06-09 23:29:58 +00:00
Thorin-Oakenpants
f53b996cfa
toolkit.telemetry.cachedClientID, closes #739
Read the linked issue
2019-06-07 17:49:42 +00:00
Thorin-Oakenpants
a633622d11
67-beta 2019-05-28 14:45:07 +00:00
Thorin-Oakenpants
caaf76e3fb
remove 2705 2019-05-28 14:42:44 +00:00
Thorin-Oakenpants
8811a28c56
2705: document.cookie max lifetime
https://bugzilla.mozilla.org/show_bug.cgi?id=1529836
2019-05-28 14:04:09 +00:00
Thorin-Oakenpants
fdc9db9a08
1600s revamp
- no need to enforce defaults (except the second cross-origin) = less items in prefs and about:support
- simplify header info
- add in that you need an extension for real control: i.e for most people, e.g I use uMatrix and have never can to whitelist anything. Kolanich has been on settings of 2 for years and only found one broken site: these are anecdotal and don;t reflect the real world: which is why the settings are pretty relaxed
- move the broken info out of header and onto the pref in a setup tag
- reference: https://github.com/ghacksuserjs/ghacks-user.js/issues/716#issuecomment-488527274
- thanks Kolanich and 🐈
2019-05-26 08:43:12 +00:00
Thorin-Oakenpants
c079c3c632
0110: clean up 2019-05-26 06:07:41 +00:00
Thorin-Oakenpants
6f76a9bfd2
2030 new default 2019-05-26 05:51:13 +00:00
Thorin-Oakenpants
dfab1516ef
FF67+ deprecated 2019-05-26 05:33:57 +00:00
Thorin-Oakenpants
57339d09b1
2618 -> RFP ALTs 2019-05-26 05:16:17 +00:00
Thorin-Oakenpants
ed23a88c08
save 87bytes 2019-05-24 22:50:24 +00:00
Thorin-Oakenpants
dae1087082
2660 enabledScopes, closes #729 2019-05-23 21:11:45 +00:00
Thorin-Oakenpants
7a103b0c23
FPI: 1330467 backed out
now that stable has landed.. I'll leave the text in place
2019-05-21 22:23:23 +00:00
Thorin-Oakenpants
5d5a9acaa4
FPI: 69+ isolate pdfjs range-based requests 2019-05-14 06:48:49 +00:00
Thorin-Oakenpants
76c476ee3c
2204: replace [test]
old test: https://developer.mozilla.org/samples/domref/fullscreen.html
- for me the video comes up as "no video with supported format and mime type", so may not be practical for all users
2019-05-12 13:52:53 +00:00
Thorin-Oakenpants
b3c6561ba8
2203: change [test]
It's the same test (thanks gk)
2019-05-12 13:44:12 +00:00
Thorin-Oakenpants
a4c2bb80aa
2429 remove default tag 2019-05-12 02:48:06 +00:00
Thorin-Oakenpants
a173d30d4e
RFP 68+ isolate site permissions 2019-05-10 22:34:24 +00:00
Thorin-Oakenpants
fc801db06a
RFP stuff 2019-05-08 15:43:41 +00:00
Thorin-Oakenpants
540f5ce868
FF68+ letterboxing changes 2019-05-08 05:18:16 +00:00
Thorin-Oakenpants
473e88c784
spring cleaning, part 3: see #716 2019-05-05 17:28:47 +00:00
Thorin-Oakenpants
da4cfce10f
RFP: OS spoof changes FF68+ 2019-05-03 13:19:55 +00:00
Thorin-Oakenpants
7394f2f553
2027: remove, #716
default false since forever
2019-05-03 07:36:04 +00:00
Thorin-Oakenpants
329719fe25
0400s: more cleanup, see #710 2019-05-03 02:03:56 +00:00
Thorin-Oakenpants
59a85bcdda
spring cleaning, part 2: see #716
- 0910 same as default for desktop. Android is the opposite, must be for a reason. Android is not really my concern.
- 1005: always been inactive: one less warning to deal with
- 1008: always been inactive. defaults are 60, 60
2019-05-03 00:35:04 +00:00
Thorin-Oakenpants
dab27cd143
spring cleaning, part 1: see #716
All of these are the same as default, checked back to ESR60 and Ff60. Except 2211 which is not considered an issue by TB for example, and it doesn't enhance anything IMO
2019-05-03 00:09:05 +00:00
Thorin-Oakenpants
1ff14e31c0
1201: TLS max -> inactive
Lets be consistent, we don't make min active as it alters your FP, and the risk is super low (updated the telemetry stat: down from 2% to 0.5%). Default max is now 4 anyway (don't care about ESR - they should be using the v60 archive).
2019-05-02 00:47:14 +00:00
Thorin-Oakenpants
c55ecbd8b2
0701: IPv6, MOAR info 2019-05-02 00:30:27 +00:00
Thorin-Oakenpants
99eb835e7a
merge 0603 + 0608
- also remove reference which is pretty much useless
2019-04-30 14:26:48 +00:00
Thorin-Oakenpants
7bb0bfefe1
combine search suggestions, add tag, see #609
also remove `browser.urlbar.userMadeSearchSuggestionsChoice`
2019-04-30 13:46:41 +00:00
Thorin-Oakenpants
600f9677e9
1820+1825+1830 changes, closes #709 2019-04-30 09:10:42 +00:00
Thorin-Oakenpants
11f40f8a84
1800s remove: gmp/cdm update prefs, see #709 2019-04-30 08:25:06 +00:00
Thorin-Oakenpants
c3a74a7c6e
2615: remove obsolete note
1445942 was resolved in FF66
2019-04-30 07:21:08 +00:00
Thorin-Oakenpants
9da3cf4be8
1840: openh264: remove, see #709
Instead of being inactive, remove this. WebRTC is already blocked. And it can also be controlled by 1820. Redundant and does nothing extra for privacy, security etc
2019-04-29 18:21:01 +00:00
Thorin-Oakenpants
50869a734f
[setup-*] always goes after [notes] 2019-04-29 18:13:47 +00:00
Thorin-Oakenpants
bb788682c9
fixup: remove duplicate pref 2019-04-29 17:44:53 +00:00
Thorin-Oakenpants
50afeb1861
0205: -> inactive, closes #0707 2019-04-29 17:14:23 +00:00
Thorin-Oakenpants
675577fb8d
1800: remove redundant flash prefs, closes #714 2019-04-29 11:12:05 +00:00
Thorin-Oakenpants
b28677a594
1825: widevine update to inactive, see #709
- at worse, the update pref causes a security risk. I'll leave it in for now
2019-04-29 06:32:47 +00:00
Thorin-Oakenpants
59930d4697
0402, remove redundant pref, see #709 2019-04-29 05:29:53 +00:00
Thorin-Oakenpants
579aa3aa9c
0402: tidy up, see #710 2019-04-29 05:27:16 +00:00
Thorin-Oakenpants
ed687fc7ca
1820: update -> inactive, see #709
At best disabling the background update of gmp means not only an extra item for those who wish to use it (e.g widevine, netflix) to have to deal with, but also a time delay in getting the actual download. At worst, it could cause users to use an old dll (security risk).

I will leave it in, for now, but am seriously considering removing it, so don't cry if I do.
2019-04-29 05:06:43 +00:00
Thorin-Oakenpants
8ffbd81813
remove SB & TP see #710
- SB: disabling it nothing to enhance privacy/security etc if changed from default
- SB: I will not provide the prefs or encourage users to disable these, especially given that there is a UI
- SB: the urls are redundant
- SB: note: the binary checks stays
- TP section is out of date (or soon will be), I'm not maintaining it, it has a UI and is best handled there
2019-04-29 04:30:59 +00:00
Thorin-Oakenpants
4119be3a86
typo 2019-04-28 13:10:04 +00:00
Thorin-Oakenpants
8d874401fa
pre FF61 deprecated -> archive
This is all archived in the sticky at the end of the first post
2019-04-28 12:56:27 +00:00
Thorin-Oakenpants
8a86097997
1820s: GMP: remove three prefs, see #709 2019-04-28 11:10:15 +00:00
Thorin-Oakenpants
7a9763d129
2740: add setup tag etc, closes #706 2019-04-28 04:30:38 +00:00
Thorin-Oakenpants
a39516ff0e
case consistency when using service worker* 2019-04-28 04:02:19 +00:00
Thorin-Oakenpants
3e5e1bfdd2
2740 -> inactive, see #706 2019-04-28 03:48:55 +00:00
Thorin-Oakenpants
7b667db766
2304 + 2305 -> inactive, see #706 2019-04-28 03:37:07 +00:00
Thorin-Oakenpants
6f8d0263df
0303 + 0304 + 0305: remove, closes #708 2019-04-28 02:55:45 +00:00
Thorin-Oakenpants
25b8b404fb
2305+2306: musical chairs #706 2019-04-27 19:02:14 +00:00
Thorin-Oakenpants
528d0de6b4
2305: permission also applies to push 2019-04-27 17:39:53 +00:00
Thorin-Oakenpants
c9c1671e4a
2010+2012: simplify WebGL, closes #699 2019-04-27 16:18:48 +00:00
Thorin-Oakenpants
8765231de0
0801: keyword.enabled, closes #702
- explain pitfalls, add keyword tip, add setup tag
- given the searchbar is hidden by default in new FF installs, a lot of people could find this incredibly annoying (not being able to hit enter), including users who have changed their search engine - hence the setup tag
2019-04-27 16:12:25 +00:00
Thorin-Oakenpants
053808ba97
1001: remove dead wood
- these are not needed, you can view your cache in about:cache, or look at your `profile/cache2` folder (at least for portable Firefox), the remaining pref is enough to achieve the desired result
- browser.cache.disk.smart_size.first_run is set internally (for me it got automatically reset to modified false)
- the other two prefs are just more things for users to have deal with if they want to use disk cache
2019-04-27 14:03:02 +00:00
Thorin-Oakenpants
2d0182ce6e
1001: add setup tag
- remove tag from section header (chrome)
- add tag to pref (perf)
- mention that we clear on close
2019-04-27 13:53:02 +00:00
Thorin-Oakenpants
98f65da430
remove dead setup tags 2019-04-27 07:33:30 +00:00
Thorin-Oakenpants
6a0c44d0a4
2517: should be warning, not setup
If it's inactive then it's a warning. We can still go through the js and add setup-harden tags for a few inactive items, which I will do
2019-04-27 07:03:28 +00:00
Thorin-Oakenpants
882d25f725
2610: SVG: should be warning, not setup 2019-04-27 07:00:40 +00:00
Thorin-Oakenpants
c3210d1be9
1241: insecure passive: add setup tag 2019-04-27 06:55:58 +00:00
Thorin-Oakenpants
d4f7590c83
2212: add setup tag
- doesn't need any more than that. users can fiddle with it to find what works for them: I'm sure this breaks a lot of website "features"
2019-04-24 08:39:11 +00:00
Thorin-Oakenpants
d6ccf7ba64
0860 form history: add setup tag / warning
- Used setup-web since it relates to actual web pages, even though it doesn't break them
- Added the tag because it's an item that is likely to get attention / troubleshooting
- Added a warning tag to make the risk more apparent.
- Slight edit to the 2803 references
2019-04-24 08:12:31 +00:00
Thorin-Oakenpants
0922215670
1840 openh264 -> inactive
WebRTC is already disabled
2019-04-24 07:46:47 +00:00
Thorin-Oakenpants
f849e1c602
WOFF2 -> inactive 2019-04-24 06:39:59 +00:00
Thorin-Oakenpants
986c900193
RFP tidy up 2019-04-23 05:50:35 +00:00
Thorin-Oakenpants
b8367959da
mathml: a better test 2019-04-23 05:33:06 +00:00
Thorin-Oakenpants
b05cfc32de
HTTP2 tweak 2019-04-23 04:04:22 +00:00
Thorin-Oakenpants
358ddfdfce
pdfjs - add setup tag 2019-04-22 15:38:26 +00:00
Thorin-Oakenpants
87959d621c
2010: remove pdf webgl
it's default false, and I want to simplify webgl 2010+2012
2019-04-22 15:20:16 +00:00
Thorin-Oakenpants
4989928c1e
2026: remove (canvas.capture*)
Disabled back when first added as a stop gap measure, never checked on since. TB has this at true, so I think we can get rid of it
2019-04-22 14:34:07 +00:00
Thorin-Oakenpants
c2775a3441
0860 form history info, closes #691 2019-04-22 14:15:58 +00:00
Thorin-Oakenpants
50d31a7aa2
2701 cookies add setup-web tag 2019-04-22 13:31:15 +00:00
Thorin-Oakenpants
9fbe3080c5
2651: add setup-chrome tag 2019-04-22 13:28:07 +00:00
Thorin-Oakenpants
8a98cd1890
tidying up 2019-04-22 13:12:47 +00:00
Thorin-Oakenpants
2d62b9f729
2654 (open with) -> inactive 2019-04-22 12:23:39 +00:00
Thorin-Oakenpants
bb7f8df647
2650 -> inactive 2019-04-22 12:16:33 +00:00
Thorin-Oakenpants
373602f0f0
mathml -> inactive 2019-04-22 12:12:30 +00:00
Thorin-Oakenpants
e56665ecd1
HWA -> inactive 2019-04-22 12:05:21 +00:00
Thorin-Oakenpants
59d056de27
document fonts -> inactive 2019-04-22 12:00:46 +00:00
Thorin-Oakenpants
d41372a7f0
2421 should be a warning
it's not setup tag, because any change (it is inactive) does not help performance, in fact the opposite
2019-04-22 11:50:01 +00:00
Thorin-Oakenpants
f62f781645
HTTP2 -> inactive 2019-04-22 11:41:34 +00:00
Thorin-Oakenpants
408d1d0e26
FPI 68+ change 2019-04-19 05:54:57 +00:00
Thorin-Oakenpants
d491cf1e89
readme changes 2019-04-19 02:11:21 +00:00
Thorin-Oakenpants
ca0f2a5a88
0302b-> inactive: ext auto-updates closes #690 2019-04-19 01:39:07 +00:00
Thorin-Oakenpants
fd10c35049
0606 some default info 2019-04-17 03:31:27 +00:00
Thorin-Oakenpants
6ed3581cb0
5000s: CRF 67+ 2019-04-15 16:31:17 +00:00
Thorin-Oakenpants
c2034617f0
2429 default true 67+ 2019-04-15 14:59:23 +00:00
Thorin-Oakenpants
6231d6ebed
5000s add new about:config warning pref 2019-04-15 14:54:55 +00:00
Thorin-Oakenpants
411805b05c
2618 no longer hidden 67+ 2019-04-15 14:49:22 +00:00
Thorin-Oakenpants
8c12f4bb14
1840 no longer hidden 67+ 2019-04-15 14:46:39 +00:00
Thorin-Oakenpants
e3349d0f07
2212 defaults [67+ change] 2019-04-15 14:17:52 +00:00
Thorin-Oakenpants
92082621d6
start 67 commits 2019-04-15 14:15:54 +00:00
Thorin-Oakenpants
54f86f4be6
Update user.js 2019-04-15 12:55:15 +00:00
Thorin-Oakenpants
585415b534
RFP: prefers-color-scheme 67+ 2019-04-11 02:02:26 +00:00
Thorin-Oakenpants
99586c4a3b
enabled scopes breakage info, closes #674 2019-04-08 14:24:41 +00:00
earthlng
8419b4d71b autoplay option "Prompt" was removed in FF66 (#686)
* autoplay option "Prompt" was removed in FF66
source: https://hg.mozilla.org/integration/autoland/rev/2e48b6769911
2019-04-09 01:44:11 +12:00
Thorin-Oakenpants
79e316a26f
2618: better info, #682 2019-04-03 10:50:59 +00:00
Thorin-Oakenpants
26a70f3cd7
2618: setup-chrome tag, closes #682 2019-04-03 10:43:44 +00:00
Thorin-Oakenpants
bee47f33cd
66-beta 2019-03-27 04:35:42 +00:00
earthlng
2fcec590b4
Update user.js (#676)
- to avoid confusion with the setting tag, split the prefs into separate numbers, thus shove 2031->2031, reuse 2031
- remove the default value notation as Mozilla will roll out default change gradually to users
2019-03-26 19:05:55 +00:00
Thorin-Oakenpants
3c4b312cc7
2030: default didn't change
not putting the setup-web tag back in, as users now have site exceptions
2019-03-19 19:58:15 +00:00
Thorin-Oakenpants
0354895a2e
2030: add [setting] for autoplay 2019-03-19 09:00:39 +00:00
Thorin-Oakenpants
462db2062c
2030: remove setup tag
If Firefox see fit to set this as 1 by now, then breakage is probably rare, and I'm not encouraging users to reduce security/privacy etc from default
2019-03-17 22:43:27 +00:00
earthlng
d9e24e5095 Update user.js (#667) 2019-03-18 07:07:15 +13:00
Thorin-Oakenpants
b1aa1f5619
2030: default change 2019-03-16 22:51:58 +00:00
Thorin-Oakenpants
a349662f69
66 deprecated prefs 2019-03-16 22:44:24 +00:00
Thorin-Oakenpants
28a7226235
4510: clarify this is the chrome 2019-03-16 22:36:31 +00:00
Thorin-Oakenpants
97f08ad3cd
4504: RFP letterboxing, closes #659 2019-03-16 22:34:45 +00:00
Thorin-Oakenpants
68584a3397
some 2505+RFP clarity, closes #661 2019-03-13 15:15:23 +00:00
Thorin-Oakenpants
8b4f45774a
4607+RFP clarity, closes #656 2019-03-13 14:46:33 +00:00
Thorin-Oakenpants
f8428dcc0a
a better test
- more metrics covered/displayed
- test page site is https
2019-03-07 14:55:03 +00:00
Thorin-Oakenpants
6d6cd5f410
2802 applies to 2803, closes #658 2019-03-05 03:26:39 +00:00
Thorin-Oakenpants
eae8434853
start 66 commits 2019-02-26 07:53:21 +00:00
Thorin-Oakenpants
2cff24f12e
65 final 2019-02-26 05:42:32 +00:00
Thorin-Oakenpants
60be8be5ec
UNC and extensions, closes #651 2019-02-17 03:51:44 +00:00
Thorin-Oakenpants
981dd83c15
clarify themes info, closes #648 2019-02-17 16:34:34 +13:00
Thorin-Oakenpants
5c703f0262
65-beta 2019-02-09 10:05:45 +00:00
Thorin-Oakenpants
de0ebbed21
0343: even MOAR clarification 2019-02-08 11:38:17 +00:00
Thorin-Oakenpants
e448015704
0343: clarify where
TAAR is extension recommendations in the "Add-ons Manager" (not sure how it's displayed)
CFR is extension recommendations as you browse the web, via a drop down panel
2019-02-07 16:55:04 +00:00
Thorin-Oakenpants
d3b1ed45ad
RFP: UA spoof is now 60+8's 2019-02-07 15:14:08 +00:00
earthlng
ed140425ea move shit around 2019-02-08 03:41:23 +13:00
Thorin-Oakenpants
3847f97f41
some more 65+ diffs, #610 2019-02-07 13:41:15 +00:00
Thorin-Oakenpants
d81e8ae583
i need a break 2019-02-07 11:11:16 +00:00
Thorin-Oakenpants
7a8381d894
typo 2019-02-07 11:01:31 +00:00
Thorin-Oakenpants
649699ad22
0609: disable connectivity service #610 2019-02-07 11:00:07 +00:00
Thorin-Oakenpants
1d5289dd94
RFP 67+ 2019-02-06 16:59:28 +00:00
Thorin-Oakenpants
74c8f294d6
0306: extension metadata, closes #615 2019-02-05 04:51:07 +00:00
Thorin-Oakenpants
a0508eccf6
capital letter after [note] 2019-02-04 13:41:56 +00:00
Thorin-Oakenpants
25acd9f63e
2703 again
- description needs to stay changed from just cookies since it also clears site data
- keep the info about n days out of it, it's just messy (ESR users should be on version 60)
- get the values correct (I mixed them up earlier)
- fixup [setting] path
- leave in one (of two) extra [notes] I previously added
2019-02-04 13:40:45 +00:00
Thorin-Oakenpants
74a08114a8
2701: refix setting 2019-02-04 13:28:29 +00:00
Thorin-Oakenpants
71ffc661b2
2701 again 2019-02-04 13:26:19 +00:00
Thorin-Oakenpants
e432a22693
0306: moar info #615
see https://github.com/ghacksuserjs/ghacks-user.js/issues/615#issuecomment-460243162 - checking for updates is not a trigger, having an update **and** applying it is
2019-02-04 13:08:41 +00:00
Thorin-Oakenpants
f06c78f897
update cookie settings info 2019-02-05 02:00:19 +13:00
Thorin-Oakenpants
847eb80877
0306 => inactive, closes #615
whatever we thought it may have done in the past, it doesn't do that now as far as we know. And it's not an issue since we allow extension update-CHECKs anyway.
2019-02-04 06:39:29 +00:00
Thorin-Oakenpants
ec0e58099f
pointer events -> RFP ALTS 2019-02-01 13:53:04 +00:00
Thorin-Oakenpants
e6eb473071
dom.storage_access.enabled
regardless of this pref setting: the permissions.sqlite file will still be abused to store a flag for this for every single site you connect to (as third party?) - fun.
2019-02-01 13:41:00 +00:00
Thorin-Oakenpants
f1b892bc1c
clean up "Firefox Data Collection & Use" (#627)
* clean up "Firefox Data Collection & Use"
  - telemetry prefs to 330's
  - Firefox Data Collection & Use prefs to 340's (but leave crash reports in 350s)
  - move `app.shield.optoutstudies.enabled` to 330's - this is an internal pref which controls if you get the system addon
  - make notes that `datareporting.healthreport.uploadEnabled` controls studies and ext recommendations
  - split crash reports better to reflex the UI setting
2019-02-02 00:57:22 +13:00
Thorin-Oakenpants
524b5f79dc
setting changes re cookies 2019-01-31 18:42:59 +00:00
Thorin-Oakenpants
24f2e1d982
disable storage access api
see: https://old.reddit.com/r/firefox/comments/alnn3f/storageaccessapi_permissions/effg5tp/
2019-01-31 16:16:59 +00:00
Thorin-Oakenpants
c6060e5645
storage access api 2019-01-31 16:03:39 +00:00
Thorin-Oakenpants
f047fe93c0
remove 0850f
`browser.urlbar.maxHistoricalSearchSuggestions` is default 0 is FF60 thru to FF66. It is also default 0 in ESR60.1 thru 60.5. (at least on Windows)

IDK if this has ever been used, maybe android, in which case it's probably useful?
2019-01-30 16:14:39 +00:00
Thorin-Oakenpants
6147fed61c
and the rest of the 0850's
The location bar dropdown cannot be disabled via prefs except with css, in which case the whole thing is hidden regardless of he above prefs. So there is no point in making any of them active. This is also in line with what we can achieve with relaxed and hardened tags / sticky issues - that is we can find a better balance, Shoulder surfers is a low risk, not even Tor Browser disables this stuff. People need to take responsibility and/or use common sense. Sure, we can leave em in for users to know about and enable if they want. End of story.

userChrome.css code is
```css
/* locationbar dropdown FF65+ */
#PopupAutoCompleteRichResult {display: none!important;}
```
2019-01-30 15:44:08 +00:00
Thorin-Oakenpants
54f79604da Make Firefox Great Again (#626)
* location bar changes
* if the dropdown is going to be used, then no point hiding search engines on the bottom line
2019-01-30 15:06:32 +00:00
Thorin-Oakenpants
2f351fa5ce
0702: http2 websockets
might as well add it: needs t be taken into consideration when looking at the whole http2 thing. Will be interesting to see what Tor Browser does with it in ESR68
2019-01-30 14:09:39 +00:00
earthlng
d9a87b3ac4
FF65 removals (#624) 2019-01-30 12:27:53 +00:00
Thorin-Oakenpants
95b75a065d
up date info on what cookies control #622 2019-01-30 10:23:42 +00:00
Thorin-Oakenpants
1c09ec36e3
0306: extra info, closes #615 2019-01-18 04:24:13 +00:00
Thorin-Oakenpants
f1e6d164f7
start 65 commits 2019-01-17 05:19:11 +00:00
Thorin-Oakenpants
3b90e6e592
end of v64 2019-01-17 05:11:29 +00:00
Thorin-Oakenpants
45bd5ccc02
PB Mode: ref added 2019-01-16 02:07:06 +00:00
Thorin-Oakenpants
7bf5790f2b
RFP: FF66 changes to UA HTTP Headers 2019-01-11 05:14:59 +00:00
Thorin-Oakenpants
075d6fe6e4
2615: s/cut keys: bug fix in 66+ 2019-01-11 05:09:14 +00:00
Thorin-Oakenpants
4604cf0d4e
references to other prefs s/be explicit 2018-12-21 11:02:40 +00:00
Thorin-Oakenpants
ac4e764c37
http2, altsvc, ssl session ids vs FPI vs TB #571 2018-12-18 15:54:57 +00:00
Thorin-Oakenpants
5bd5f6b28e
0912: HTTP Auth sub-resources #585 (#602) 2018-12-18 01:41:37 +13:00
earthlng
55c2cacbce 0335: toolkit.telemetry.coverage.opt-out (#600) 2018-12-17 22:43:45 +13:00
Thorin-Oakenpants
4badc42879
0105b: kill snippets endpoint #528
it's too hard to follow AS changes, and work out if disabling showing items (basic toggling of show/hide sections etc) actually stops downloading a localized local copy etc. For items we actually want to block, let the endpoint slaughter begin.
2018-12-17 09:36:26 +00:00
Thorin-Oakenpants
da80e39064
0105s: description s/be self explanatory #578
when filtered and 0105a is not shown, AS doesn't mean anything
2018-12-16 17:37:42 +00:00
Thorin-Oakenpants
c1d6d81528
add PERF tags to wasm, asm.js, closes #599 2018-12-16 14:10:32 +00:00
Thorin-Oakenpants
d5ece0f6f4 1700s: revamp Containers header #585 (#596) 2018-12-14 07:05:43 +00:00
Thorin-Oakenpants
f6ea20a8b0
0335: Telemetry Coverage endpoint
let's just coverage-our-ass on this one

While I don't mind telemetry (development needs meaningful feedback to better the product), and I trust the data is not PII, and/or anonymized into buckets etc (you can check this you know), and I understand this one needs to be outside the Telemetry pref in order to gather the one-time ping ... and I trust Mozilla's motives ... I'm starting to get a little annoyed at the non-stop incessant increasing telemetry bullshittery and ass-fuckery around sending data home, and the lengths some Mozilla devs will go to, to hide this info (hidden prefs, access denied tickets to hide discussion of what should be public, and even **not even adhering to their own documentation**).

I will also be killing as many Activity Stream endpoints as well - as long as they are in line with our js - pocket, snippets, onboarding etc. And I will add those from personal as inactive for end-users - eg cfr
2018-12-13 17:28:16 +00:00
Thorin-Oakenpants
645492e82f
grammar, case, etc, closes #594
thanks @Just-me-ghacks
2018-12-14 04:49:50 +13:00
earthlng
15c68dc344 disable System Add-on updates (#595)
remember the new Coverage Telemetry shit? with a **hidden** opt-out pref? guess what, they are already collecting for 3 months ...

https://bugzilla.mozilla.org/show_bug.cgi?id=1487578 - **3 months ago**: "I see data coming in that looks reasonable"

guess what else ...

"It has also replaced the previous version that was there (from bug 1480194)" and oh, surprise surprise, 1480194 is ACCESS DENIED!

they're not just using private tickets to hide security critical information from potential hackers and blackhats, no they also use it to hide shady AF things. Things that they fully know are shady as fuck and that they absolutely know a lot of people would not like. There's simply no other reason why they'd do that

but wait, that's not all. If you think an opt-out pref that 99% of people wouldn't know about even if it showed up in about:config BUT ALSO HAPPENS TO BE HIDDEN is kind of questionable, well ... the system addon that they use for this shit apparently looked or still looks for `toolkit.telemetry.coverage.opt-out` [1] instead of `toolkit.coverage.opt-out` as their documentation [2] claims

[1] https://github.com/mozilla/one-off-system-add-ons/pull/131/files#diff-6e0cbf76986d04383ccb32a29ef27a7aR25
[2] https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/docs/data/coverage-ping.rst#l32

It's time to opt out of all that shit for good. Disable system addon updates and kill it at the root

> In FF61 and lower, you will not get any System Add-on updates except when you update Firefox

on its own that's not true. You will get SA updates unless you disable app update checks + auto install. Let's just remove that as well.
2018-12-14 03:21:57 +13:00
Thorin-Oakenpants
04b797f1aa
0209: remove trailing space
@Just-me-ghacks 💋
2018-12-13 11:14:44 +00:00
Thorin-Oakenpants
e60abd6c44
64-beta 2018-12-12 17:17:33 +00:00
Thorin-Oakenpants
d55b8176ad
dyslexia and/or dementia 2018-12-12 16:52:12 +00:00
Thorin-Oakenpants
31adbba774
5000s: disable CFR 2018-12-12 16:34:27 +00:00
Thorin-Oakenpants
879f0abf28
2201: more garbage 2018-12-12 13:21:24 +00:00
earthlng
3916e38681 taking out the garbage (#590) 2018-12-13 02:02:38 +13:00
Thorin-Oakenpants
51ac69874b
0105* remove // has setting 2018-12-12 11:58:48 +00:00
earthlng
2d956d04f3 move 1260 to 122x (#591)
* move 1260 to 122x

"disable or limit SHA-1 certificates" is about certs, not ciphers.
Because CERTS is 1st in the title I moved it to the 1st item there because it's arguably also the most important of the lot (and renumbered the rest)
We can also drop HSTS from the subgroup title because there's nothing HSTS left atm.
2018-12-13 00:52:49 +13:00
Thorin-Oakenpants
9d6bfb650c
disable Telemetry Coverage (#589) 2018-12-13 00:29:29 +13:00
Thorin-Oakenpants
ccdd4decf0
Pocket: 0510->0370
Pocket is no longer a System Add-on in FF64+
2018-12-12 08:25:25 +00:00
Thorin-Oakenpants
88b747ef36
0911: remove it, #585
it is default false in FF59+
2018-12-11 17:42:19 +00:00
Thorin-Oakenpants
c6ebe36165
1022: resume from crash=>inactive, closes #575 2018-12-11 17:28:21 +00:00
Thorin-Oakenpants
7684e83aba
0102 add SR info #575 2018-12-11 17:18:26 +00:00
Thorin-Oakenpants
26b874bed7
1020: remove max_windows #575 2018-12-11 16:43:11 +00:00
earthlng
61be5ae563 all Deprecations + new ADB extension prefs (#587) 2018-12-12 05:07:28 +13:00
Thorin-Oakenpants
ef1e61ebcd
start 64-alpha 2018-12-11 16:05:07 +00:00
Thorin-Oakenpants
205c48d9d3
final 63 release 2018-12-11 15:49:31 +00:00
earthlng
0e1b0a4b6e move 0370 to 0105b (#586) 2018-12-12 04:40:29 +13:00
Thorin-Oakenpants
778dc89bb6
2002 WebRTC tests #580
FYI, the https://www.privacytools.io/webrtc.html test in our wiki is 404, so I gave it a strikethru and added this one. This is also handy for 2001, but do we need to double up on it? We're only disabling WebRTC because of IP leaks, so I don't see the point in testing if WebRTC is disabled.
2018-12-11 00:40:03 +00:00
Thorin-Oakenpants
23733097a9
2302 FF version 2018-12-11 00:13:07 +00:00
earthlng
71a2d393f3 minor wording changes (#583) 2018-12-11 11:23:00 +13:00
Thorin-Oakenpants
74ebacc0dd
obey rules for [setting] tag location #578
all setting tags must be between `/* ... ***/`
2018-12-10 19:52:48 +00:00
Thorin-Oakenpants
45e3b3a0e0
2682: put correct version back
0a67cdec8b (comments)
2018-12-10 19:35:41 +00:00
Thorin-Oakenpants
5c85e61bb4 4000: remove old FPI notes (#581) 2018-12-10 18:36:07 +00:00
Thorin-Oakenpants
0a67cdec8b
#578 cleanups (#576)
- cleanup of tags placement, order consistency, and to use square brackets (allows usage elsewhere to not get tagged, eg 1402)
- other bits and bobs
2018-12-11 07:18:26 +13:00
Thorin-Oakenpants
b85668c2cd
make description & info & notes concurrent #574 2018-12-08 04:10:13 +13:00
Thorin-Oakenpants
786839ffc1
2701: fix split multi-[notes] 2018-12-06 08:16:01 +00:00
Thorin-Oakenpants
8313f2e01a
1020: fix description
Session Restore cannot be disabled in Normal mode, it is also used internally. FYI: PB Mode does not use Session Restore. The description is still not 100%, as it refers to what is restored, not what is kept in the recovery.jsonlz4 (at least for tabs)
2018-12-06 05:41:25 +00:00
Thorin-Oakenpants
0a87c99a0e
1203: ssl session ids are 24hrs 2018-12-05 20:58:07 +00:00
Thorin-Oakenpants
91fed43fc7
0703 atl-svc, better ref, #571 2018-12-05 20:36:20 +00:00
Thorin-Oakenpants
74f029566e
enforce DOMHighResTimeStamp API #491
flipped true in FF54: https://bugzilla.mozilla.org/show_bug.cgi?id=1026804 but unsure when the pref itself was introduced. note: other timing prefs were always in 2400's see 4602: [2411] disable resource/navigation timing / 4603: [2412] disable timing attacks
2018-12-04 10:34:02 +00:00
Thorin-Oakenpants
571be93ae0
proper case convention after tags
Can't believe I did this. Out of 32 `[setup*` and  9 `[warning]` tags (excluding the readme), I let one capital letter get past me, the bastard!
2018-12-04 10:26:44 +00:00
Thorin-Oakenpants
11b16c9c6d
move PB mode into STARTUP section #567 2018-12-04 08:51:19 +00:00
Thorin-Oakenpants
c4ec4dbc77
move 0000 to personal #567
it has zero to do with privacy etc, and in fact most users will only ever encounter it once (and check the box) when they first go to about:config, so it's not even useful as an override or a new profile IMO. This removes one of three numbers that don't have a section
2018-12-04 08:34:36 +00:00
Thorin-Oakenpants
67998eb4af
section naming convention consistency 2018-12-04 08:27:52 +00:00
Thorin-Oakenpants
834857b564
tag sections #567 2018-12-04 20:03:19 +13:00
Thorin-Oakenpants
25923f1acd
add index #567 2018-12-04 06:03:11 +00:00
Thorin-Oakenpants
85eaba2571
TAG! You're it! #545 2018-12-04 18:36:03 +13:00
earthlng
db56940422
typos 2018-11-29 14:10:08 +00:00
claustromaniac
b182946ae4
Tor-related warnings (#551)
Also reworded some stuff.
2018-11-24 05:19:24 +00:00
Thorin-Oakenpants
2ae3a3e4e1
1700s: enable containers, #438
AFAIK there's no technical reasons for containers to be disabled in FF63+
2018-11-21 23:53:00 +00:00
Thorin-Oakenpants
0ff610c056
there is no spoon 2018-11-20 18:14:23 +00:00
Thorin-Oakenpants
661a314e28
RFP: pointerEvent.pointerid 2018-11-20 17:36:04 +00:00
Thorin-Oakenpants
643cba63cf
Activity Stream is no longer a System Add-on 2018-11-19 03:00:40 +00:00
Thorin-Oakenpants
36b90cd5e6
1830: remove hiding the DRM UI
out of interest, it no longer requires a restart
2018-11-19 00:34:56 +00:00
Thorin-Oakenpants
299a03663f
0351: move *autoSubmit to deprecated
https://github.com/ghacksuserjs/ghacks-user.js/issues/302#issuecomment-359245047
2018-11-19 00:12:07 +00:00
Thorin-Oakenpants
13550d18a1
update [SETTING] info (#538) 2018-11-19 12:56:12 +13:00
Thorin-Oakenpants
c12eb0fdc6
0201b+2305 Permissions API info 2018-11-18 12:56:51 +00:00
Thorin-Oakenpants
acbf881b1f
saving the world bytes at a time 2018-11-15 15:47:21 +00:00
Thorin-Oakenpants
7351e561c4
1243: mixed OBJECT_SUBREQUESTS 2018-11-15 07:06:34 +00:00
Thorin-Oakenpants
4e42bad6a1
0201: default geo=> inactive, #533 2018-11-14 17:12:03 +00:00
Thorin-Oakenpants
b85e748b53
2204: FS API=>inactive, #533 2018-11-13 18:56:51 +00:00
Thorin-Oakenpants
0cc4007eda
1202: tls.min => inactive #533
TLS 1.0 and 1.1 are still secure. Sure, later versions are more secure, but 98% of the web is already upgraded - less than 2% of sites use < v1.2. So it's not very likely you would come across a site that requires it, but if you did, what's the point in breaking it. Mozilla and Chrome already have plans to deprecate TLS 1.0 & 1.1, and force that last 2% of sites.

TLS settings can be FP'ed without JS. By sticking with the defaults, I do not see any security issues, but an increase in potential anti-FPing. TBH, the chances of either (i.e being FP'ed with TLS as a entropy point, or being compromised due to TLS<1.2) are slim to non anyway.

Any arguments, please see @earthlng
2018-11-13 16:19:23 +00:00
Thorin-Oakenpants
3003f2dd85
make up yer mind
stick it back in for two releases - pref gets removed in FF65 anyway
2018-11-13 15:30:39 +00:00
Thorin-Oakenpants
ce48306a0d
finalize beta 2018-11-13 15:12:20 +00:00
Thorin-Oakenpants
3423d39fa9
2517 Media Capabilities => inactive
see f214e4bc4e (comments)
2018-11-13 15:11:01 +00:00
Thorin-Oakenpants
4834472107
remove 0426 content blocking 2018-11-13 15:01:35 +00:00
Thorin-Oakenpants
f214e4bc4e
2517: disable Media Capabilities API (for now) 2018-11-13 08:42:49 +00:00
Thorin-Oakenpants
8fd6061bcc
0426: enforce CB 2018-11-13 08:19:19 +00:00
Thorin-Oakenpants
92acb6b2f7
saving the world, one byte at a time 2018-11-12 00:06:19 +00:00
earthlng
b6b9733afa remove old information (#531)
Pants said "We do not need to keep anything for ESR users. ESR users are on v60, and we have an archived 60 for them."
This isn't even affecting ESR60 but only older versions.
2018-11-08 04:14:32 +13:00
claustromaniac
89bc0bee16 scheme+host+path+port -> scheme+host+port+path (#530) 2018-11-04 14:44:20 +00:00
earthlng
f8fc465d0a 2701: add new descriptions and new value (#527) 2018-10-30 04:40:24 +13:00
earthlng
58fa4e9b6d
0514: disable snippets, top stories, telemetry 2018-10-29 14:26:49 +00:00
Thorin-Oakenpants
afee555045
FPI: isolate postMessage... 2018-10-28 16:46:22 +00:00
Thorin-Oakenpants
e8bfa93696
0410s: SBv4 & cookies, #520 2018-10-25 00:13:50 +00:00
Thorin-Oakenpants
1abe1fd4df
4702: buildID cleanup, closes 518 2018-10-24 10:15:37 +00:00
Thorin-Oakenpants
24f7847f73
2703: make value 3 info clearer 2018-10-23 16:13:23 +00:00
earthlng
56206f77ba removed, renamed or hidden in v63.0 (#523)
* removed, renamed or hidden in v63.0

- 0301a - do you want to add the `[NOTE] Firefox currently checks every 12 hrs  ...` to `0302a` ? The problem is it also checks for updates every time you open/reload about:preferences and in Menu>Help>About Firefox regardless of when the last check was.

- 0513 - removed because follow-on-search is no longer a deletable system addon

- 2703 - do we just remove `3=for n days` or add a [NOTE] that value 3 was remove in FF63 or something?

- `browser.ctrlTab.recentlyUsedOrder` replaces `browser.ctrlTab.previews` but it now defaults to true. No need to list the new one under 5000 IMO

* Update user.js

* 1031 add more info

https://bugzilla.mozilla.org/show_bug.cgi?id=1453751#c28

* 0301a: remove update-check timing info

* 2703: add version deprecation for value 3
2018-10-24 04:45:31 +13:00
Thorin-Oakenpants
587194ce84
1403: icon fonts: flip, make inactive, closes #521 2018-10-20 01:35:37 +00:00
Thorin-Oakenpants
7aac6d476a
1270: link to 1201, #519 2018-10-16 12:01:42 +00:00
Thorin-Oakenpants
9e073ea5d5
1201: SSL renegotiation -> active, closes #519 2018-10-16 11:57:32 +00:00
Thorin-Oakenpants
732c438148
0710: disable GIO... #442 2018-10-14 12:11:56 +00:00
Thorin-Oakenpants
58931bc15d
start 63 commits 2018-10-11 11:25:03 +00:00
Thorin-Oakenpants
21b18cbe49
finalize 62 2018-10-11 10:46:35 +00:00
Thorin-Oakenpants
cbcd293e68
RFP: spoof/suppress Pointer Events
https://bugzilla.mozilla.org/show_bug.cgi?id=1363508
2018-10-11 05:50:09 +00:00
earthlng
aacf5d4a0b
update 1031 description 2018-09-30 15:30:32 +00:00
earthlng
b2fc9bc266
remove 0421: privacy.trackingprotection.ui.enabled
- pref removed in FF63 (https://bugzilla.mozilla.org/1476879)
- when we added it the default was false
- default is true since FF57
- it's only an UI thing

ergo we don't need to move it to 9999
2018-09-30 15:20:36 +00:00
Thorin-Oakenpants
1c6c5ea2ff
1000s: cache header section #496 2018-09-13 05:09:07 +00:00
Thorin-Oakenpants
36c791c4bc
remove 2661: *webextensions.keep*
Added in FF51 with defaults false and never changed since
2018-09-12 22:23:59 +00:00
earthlng
ee213f2bab infos about default values (#504)
* more infos

* add colons

not all EOL comments for defaults start with `// default` (23). The common string is `default:` (27 incl. these ones) with or without preceding or trailing spaces
2018-09-13 10:17:56 +12:00
Thorin-Oakenpants
01a978e33a
add 0864: dom.forms.datetime, closes #495 2018-09-11 16:43:18 +00:00
Thorin-Oakenpants
6717bc0674
1024: toolkit.winRegisterApplicationRestart 2018-09-09 20:46:35 +00:00
Thorin-Oakenpants
11a94c7e32
4503: add bugzilla 2018-09-09 20:43:56 +00:00
earthlng
b7c0e816a0 remove ESR52 grouping in 9999 (#499) 2018-09-10 08:33:43 +12:00
Thorin-Oakenpants
8b5547a973
4504: browser.startup.blankWindow 2018-09-08 17:23:48 +00:00
Thorin-Oakenpants
f0c29cf8a6
62-beta 2018-09-08 16:37:12 +00:00
earthlng
9e342deaf2 update 1803 after Java removal (#494) 2018-09-06 04:59:04 +12:00
Thorin-Oakenpants
c805dd8b3b
62 deprecated/removed prefs 2018-09-05 09:30:42 +00:00
earthlng
f2065a463c move 1007 to 9999 (#493)
`browser.cache.frecency_experiment` is a dead pref since FF59: https://bugzilla.mozilla.org/1430197

proof: https://dxr.mozilla.org/mozilla-esr60/search?q=frecency_experiment
 - the pref still exists but is not used anymore ie dead pref
2018-08-30 05:10:28 +12:00
Thorin-Oakenpants
299489c701
1000s: cache description/info, closes #436 2018-08-28 08:27:45 +00:00
Thorin-Oakenpants
50a578c32a
remove extra spaces 2018-08-28 07:57:21 +00:00
Thorin-Oakenpants
7d417da5fd
0701: IPv6 info tweak, closes #437 2018-08-25 06:09:28 +00:00
Thorin-Oakenpants
9a46fafb53
1203: remove TLS fallback-limit
Currently enforcing the default at 3, it gets changed to 4 for FF62, and will get deprecated some stage soon - https://bugzilla.mozilla.org/show_bug.cgi?id=1479501
2018-08-20 14:52:06 +00:00
Thorin-Oakenpants
6fb2f25e65
4700: revamp, closes #485 2018-08-17 09:09:01 +00:00
Thorin-Oakenpants
9e67f982ab
2720: enforce IDB=enabled 2018-08-17 07:50:33 +00:00
Thorin-Oakenpants
5b6ed92da4
0701: disable IPv6, closes #437 2018-08-17 07:15:47 +00:00
Thorin-Oakenpants
776e32c27f
0850d: remove browser.urlbar.autoFill.typed
It is deprecated in FF62 ( https://bugzilla.mozilla.org/show_bug.cgi?id=1239708 ), and is already covered by the other pref in 0850d (for ESR60.x users)
2018-08-16 14:34:32 +00:00
earthlng
9e1c368cd9 move dom.battery.enabled back to 2500 from 9999 (#486)
* move dom.battery.enabled back to 2500 from 9999

* make it inactive, clear out old links
2018-08-16 07:04:25 +12:00
earthlng
572d16d5a5 change cookies from block all to allow 1st party (#477)
* change cookies from block all to allow 1st party

see https://github.com/ghacksuserjs/ghacks-user.js/issues/439

* and fixup readme as well
2018-08-15 17:56:40 +12:00
earthlng
0145ccfec3 add empty lines for subgroups in 0400 + 1200 (#482) 2018-08-12 15:11:23 +12:00
earthlng
c2c8e6227c more info for 2026-28 (#481) 2018-08-12 15:01:03 +12:00
earthlng
ab404680df remove [SETTING-ESR52] lines (#475) 2018-08-09 15:30:57 +12:00
Thorin-Oakenpants
cfa2da8fea
start 62 commits 2018-08-09 03:28:54 +00:00
Thorin-Oakenpants
b3b3ae4660
finalize 61 2018-08-08 14:34:08 +00:00
Thorin-Oakenpants
cbea3adc7e
FPI & IP addresses FF63+ 2018-07-17 02:58:51 +00:00
earthlng
4813aa549b
Update user.js 2018-07-11 13:59:52 +02:00
Thorin-Oakenpants
a81d013e45
61-beta 2018-07-06 12:25:41 +00:00
Thorin-Oakenpants
c9543519c7
0100s: startpage, home+newwindow, newtab
FF61 introduced quite a few changes, including removing the ability to set a blank startpage in the UI, and a new Home options tab with unified Activity Stream (AS) defaults and dropdown options. Because the only way to stop AS on startup is to enforce a blank page (pref 0102), and setting this auto changes `home+newwindow` (0103) and `newtab` (0104) to a blank page, then we're just going to go ahead and enforce that on all of them.

For more info see the discussion in #426
2018-07-05 15:32:19 +00:00
Thorin-Oakenpants
d34894e965
2730 + 2750: Storage API + Offline Cache
ESR52.x doesn't use the new site storage UI. FF61+ the issue is resolved, so let's enforce offline cache (2730) as false again
2018-07-05 10:16:20 +00:00
Thorin-Oakenpants
70abeda9d4
2730 + 2750: Storage API + Offline Cache
https://bugzilla.mozilla.org/show_bug.cgi?id=1450448#c20
2018-07-04 16:49:26 +00:00
Thorin-Oakenpants
dceef9d1db
0503: disable savant 2018-07-04 12:53:21 +00:00
Thorin-Oakenpants
9386fb5581
61 deprecated/removed prefs 2018-07-04 09:41:30 +00:00
Thorin-Oakenpants
56acb4cff5
disable UNC paths 2018-07-04 09:15:44 +00:00
Thorin-Oakenpants
1eac4185d2
4500: RFP geo reverted 63+ 2018-06-26 03:48:47 +00:00
Thorin-Oakenpants
05021ac62e
2300: workers, fixes #446 2018-06-20 05:05:48 +00:00
Thorin-Oakenpants
a4a9b9a675
cleanup #426
Both deprecated in FF61, but we'll remove them from the user.js
- `services.blocklist.signing.enforced` is default true since FF50
- `browser.storageManager.enabled` only controls "Site Data" UI visibility
2018-06-04 00:23:16 +00:00
Thorin-Oakenpants
c61e633236
0707: added ref link 2018-06-01 04:32:52 +00:00
Thorin-Oakenpants
8783ae9ce8
start 61 commits 2018-05-31 01:35:51 +00:00
Thorin-Oakenpants
3264fbd9c3
finalize 60 2018-05-31 01:27:20 +00:00
earthlng
b8b3a4f7ed
enable DNT header by default
pros and cons: see https://github.com/ghacksuserjs/ghacks-user.js/issues/422#issuecomment-392789507 + follow-up comments
2018-05-29 19:06:06 +02:00
Thorin-Oakenpants
9b1cf28e89
0101: cleanup laterrun #434 2018-05-29 16:09:02 +00:00
Thorin-Oakenpants
acc5a1c2df
0101 welcomes+whatsnew -> 5000s #434 2018-05-29 02:25:54 +00:00
Thorin-Oakenpants
f113cf84c3
0101: cleanup rights.3 #434 2018-05-27 21:40:47 +00:00
Thorin-Oakenpants
3e5667fb34
0101: more cleanup, #434 2018-05-26 18:48:38 +00:00
Thorin-Oakenpants
3edf7af85e
0101: cleanup, see #434 2018-05-26 16:45:46 +00:00
Thorin-Oakenpants
01bd2a4f6d
0422: TP block lists: deduplicate, fixes #434 2018-05-25 15:44:27 +00:00
Thorin-Oakenpants
f60a87f97f
2730s: cleanup/removal #434
2732 was just enforcing default since at least FF52, and 2733 has never been used, was only there for info. Offline Cache or appCache (2730) is already behind a prompt (2731), and is already limited (in FF60+) to HTTPS (2730b).
2018-05-25 14:44:44 +00:00
Thorin-Oakenpants
449e32a8ca
2202: cleanup #434
both these removed prefs are enforcing the default in ESR52.x and FF60+ (and I assume FF52+) branches
2018-05-25 04:28:03 +00:00
Thorin-Oakenpants
35a9d3d1e1
0505: system add-on updates, fixes #172
Note: I am not 100% sure what happens with an app update. If this is divorced from that check now, you should be able to get FF updated without any system addons. We'll have to wait until 62 needs an update to test it. In the meantime I've edited the [NOTE]. I've also left this inactive (eg imagine if they pushed a critical update for formfill), so this is an end-user decision. Added to sticky to revisit this pref
2018-05-25 04:03:59 +00:00
Thorin-Oakenpants
c66d1b08e7
remove network.http.fast-fallback-to-IPv4 #433
the default is true anyway for ESR52.x and FF60+ (and I assume for FF52+) branches
2018-05-25 02:07:10 +00:00
Thorin-Oakenpants
0a63b6545d
4500: tweak 2018-05-23 17:53:16 +00:00
Thorin-Oakenpants
a8051b88e4
1803: 3rd time's a charm 2018-05-23 17:41:25 +00:00
Thorin-Oakenpants
87ce12925d
1803: tweak 2018-05-23 17:21:49 +00:00
Thorin-Oakenpants
d6a7531c67
1803: flash/java/npapi fixes #433 2018-05-23 17:05:29 +00:00
Thorin-Oakenpants
3a77e18ae8
RFP: OS locale & HTTP Accept-Language header
https://bugzilla.mozilla.org/show_bug.cgi?id=1459089 . When/if it gets uplifted to 61, I'll update.
2018-05-23 11:07:06 +00:00
Thorin-Oakenpants
a635ae5dfb
2730 + 2750: Storage API + Offline Cache
https://bugzilla.mozilla.org/show_bug.cgi?id=1450448
2018-05-23 08:55:19 +00:00
earthlng
02bac31e6a nits (#423) 2018-05-17 04:31:28 +12:00
Thorin-Oakenpants
e5d23f6b40
60-beta 2018-05-15 20:40:12 +00:00
Thorin-Oakenpants
67360332ab
FF60+ parrot info 2018-05-15 15:44:37 +00:00
earthlng
b880c9da61
add network.ftp.enabled 2018-05-11 18:14:40 +02:00
Thorin-Oakenpants
1b0c9f66d9
2600s renumber/reorder #368 2018-05-08 04:13:53 +12:00
Thorin-Oakenpants
7eda26a1d0
2600s numbering part1 2018-05-07 15:51:50 +00:00
Thorin-Oakenpants
b89e247263
0707: DoH, fixes #410 2018-05-07 14:57:42 +00:00
Thorin-Oakenpants
35fd4e343c
2671 cleanup #368 2018-05-06 20:41:14 +00:00
Thorin-Oakenpants
47cf0e1640
2617 pdfjs tweak #368
that trims 3 lines off with a little formatting
2018-05-06 18:41:10 +00:00
Thorin-Oakenpants
5e7258ba2d
remove 0705, fixes #418 2018-05-06 17:07:09 +00:00
Thorin-Oakenpants
6e6a993494
2672 punycode tweak #368 2018-05-06 16:57:00 +00:00
Thorin-Oakenpants
772fa4e06e
geo changes, fixes #415
NOTE: RFP still blocks geo, but this will be reverted at some stage: see https://bugzilla.mozilla.org/show_bug.cgi?id=1441295
2018-05-06 13:10:30 +00:00
Thorin-Oakenpants
78dc31f6d6
remove 5 prefs #418 2018-05-06 12:30:40 +00:00
Thorin-Oakenpants
459396ed5b
2626: remove useragent.compatMode #368
I see no point in keeping this to enforce a default that FF itself doesn't use - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox
-  "... is an optional compatibility token that some Gecko-based browsers may choose to incorporate, to achieve maximum compatibility with websites that expect Firefox"
2018-05-06 10:00:13 +00:00
Thorin-Oakenpants
88b08c79cd
2685 tweak 2018-05-05 18:44:52 +00:00
Thorin-Oakenpants
cf269c982b
fixup number ref 2018-05-05 18:26:33 +00:00
earthlng
36c11cb5d4 2600: downloads + extensions regroup (#417)
* 2600: downloads + extensions regroup

* fixup
2018-05-06 06:14:57 +12:00
Thorin-Oakenpants
517b8665c0
2685 fixup 2018-05-05 17:01:09 +00:00
earthlng
149aab6b1e 2600: security regroup (#416)
* 2600: security regroup

* fixup
2018-05-06 04:21:21 +12:00
earthlng
c5a1a038d2
5000: remove view_source.tab (moved to 9999) 2018-05-05 14:40:20 +02:00
Thorin-Oakenpants
cd322f39a4
2613: restrictedDomains 2018-05-04 21:55:51 +00:00
Thorin-Oakenpants
8f2b674910
60 deprecated/removed part2 2018-05-04 21:42:47 +00:00
Thorin-Oakenpants
7d65d8c173
4503 mozAddonManager => active 2018-05-04 21:18:45 +00:00
Thorin-Oakenpants
8b6eec2b46
RFP ESR version spoof info
The last one-off ESR cycle of 8 releases is now behind us, new algorithm for FF60+ is back to 7 releases per ESR numbering, starting at 60... 67... etc. Note: This does not do anything for Aurora or Nightly spoofing the next ESR early (but we have until Nightly 67 before this becomes a problem). The ticket 1418162 was meant to cover this but instead was just used for the new algorithm. There is currently no ticket for the Aurora/Nightly issue - but never fear, Pants is here!! It is not forgotten, and I have emails with Tom Ritter et al on it
2018-05-04 18:30:44 +00:00
Thorin-Oakenpants
13164a2d0d
4500s: RFP disable WebGL debug renderer info (60+) 2018-05-04 17:23:26 +00:00
Thorin-Oakenpants
c4a1583e99
60 RFP Alternatives 2018-05-04 17:11:34 +00:00