0cc4007eda
TLS 1.0 and 1.1 are still secure. Sure, later versions are more secure, but 98% of the web is already upgraded - less than 2% of sites use < v1.2. So it's not very likely you would come across a site that requires it, but if you did, what's the point in breaking it. Mozilla and Chrome already have plans to deprecate TLS 1.0 & 1.1, and force that last 2% of sites. TLS settings can be FP'ed without JS. By sticking with the defaults, I do not see any security issues, but an increase in potential anti-FPing. TBH, the chances of either (i.e being FP'ed with TLS as a entropy point, or being compromised due to TLS<1.2) are slim to non anyway. Any arguments, please see @earthlng
user.js
A user.js is a configuration file that can control hundreds of Firefox settings. For a more technical breakdown and explanation, you can read more on the overview wiki page.
ghacks user.js
The ghacks user.js is a template which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
Everyone, experts included, should at least read the implementation wiki page, as it contains important information regarding a few ghacks user.js settings.
Sitemap: Releases, changelogs, Wiki, stickies. diffs
acknowledgments
Literally thousands of sources, references and suggestions. That said...
- Martin Brinkmann at ghacks 1
- The ghacks community and commentators
- 12bytes
- The 12bytes article now uses this user.js and supplements it with an additonal JS hosted at GitLab
1 The ghacks user.js was an independent project by Thorin-Oakenpants started in early 2015 and was first published at ghacks in August 2015. With Martin Brinkmann's blessing, it will keep the ghacks name.
