Merge remote-tracking branch 'chapril/master'

Merge remote-tracking branch 'origin/master'
typos #1342 (#1343 )
2022-01-23 10:54:24 +01:00 · 2022-01-23 10:52:39 +01:00 · 2022-01-22 01:49:48 +00:00 · 2022-01-21 03:48:06 +00:00
1 changed files with 11 additions and 4 deletions
--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 * name: arkenfox user.js
-* date: 9 December 2021
-* version 96-alpha
+* date: 21 January 2022
+* version 96
 * url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt

@ -757,11 +757,18 @@ user_pref("extensions.postDownloadThirdPartyPrompt", false);
 /*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/
 user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
 /* 2701: enable ETP Strict Mode [FF86+]
- * [NOTE] ETP Strict Mode enables Total Cookie Protection (TCP)
+ * ETP Strict Mode enables Total Cookie Protection (TCP)
+ * [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
+ * cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared
 * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
 * [SETTING] to add site exceptions: Urlbar>ETP Shield
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
 user_pref("browser.contentblocking.category", "strict");
+/* 2702: disable ETP web compat features [FF93+]
+ * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
+ * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
+ * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12 ***/
+   // user_pref("privacy.antitracking.enableWebcompat", false);
 /* 2710: enable state partitioning of service workers [FF96+] ***/
 user_pref("privacy.partition.serviceWorkers", true);

@ -1082,7 +1089,7 @@ user_pref("dom.targetBlankNoOpener.enabled", true); // [DEFAULT: true]
 * string is restored if the tab reverts back to the original page. This change prevents some cross-site attacks
 * [TEST] https://arkenfox.github.io/TZP/tests/windownamea.html ***/
 user_pref("privacy.window.name.update.enabled", true); // [DEFAULT: true]
-/* 0607: enforce Local Storage Next Generation (LSNG) [FF65+] ***/
+/* 6007: enforce Local Storage Next Generation (LSNG) [FF65+] ***/
 user_pref("dom.storage.next_gen", true); // [DEFAULT: true FF92+]
 /* 6008: enforce no First Party Isolation [FF51+]
 * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701),
Author	SHA1	Message	Date
Michel	7745388062	Merge remote-tracking branch 'chapril/master'	2022-01-23 10:54:24 +01:00
Michel	4c9cf7cae2	Merge remote-tracking branch 'origin/master'	2022-01-23 10:52:39 +01:00
fabrizio	10044fcaf7	typos #1342 (#1343 )	2022-01-22 01:49:48 +00:00
Thorin-Oakenpants	ac0820a5dc	add last bits about ETP Strict/dFPI, closes #1337	2022-01-21 03:48:06 +00:00