mirror/ arkenfox-user.js
1
1
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-05-25 05:26:13 +02:00
Code Issues Wiki

Merge 5f3f9bfa49 into 33a84b608c

This commit is contained in:
Thorin-Oakenpants 2024-05-11 01:29:56 +00:00 committed by GitHub
parent 33a84b608c 5f3f9bfa49
commit 2131a365ba
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 40 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
user.js
View File

@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
* date: 5 February 2024
* version: 122
* date: 15 May 2024
* version: 125
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -35,7 +35,7 @@
- It is recommended to not use the updater, or you will get a later version which may cause issues.
So you should manually append your overrides (and keep a copy), and manually update when you
change ESR releases (arkenfox is already past that release)
- If you decide to keep updating, then the onus is on - also see section 9999
- If you decide to keep updating, then the onus is on you - also see section 9999
* INDEX:
@ -95,8 +95,8 @@ user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtabpage.enabled", false);
/* 0105: disable sponsored content on Firefox Home (Activity Stream)
* [SETTING] Home>Firefox Home Content ***/
user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] Pocket > Sponsored Stories
user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Sponsored shortcuts
user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+]
user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Shortcuts>Sponsored shortcuts
/* 0106: clear default topsites
* [NOTE] This does not block you from adding your own ***/
user_pref("browser.newtabpage.activity-stream.default.sites", "");
@ -158,9 +158,6 @@ user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
user_pref("toolkit.coverage.endpoint.base", "");
/* 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
* Defense-in-depth: currently covered by 0331 ***/
user_pref("browser.ping-centre.telemetry", false);
/* 0335: disable Firefox Home (Activity Stream) telemetry ***/
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
@ -303,12 +300,14 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
* [1] https://bugzilla.mozilla.org/1348275 ***/
user_pref("browser.urlbar.speculativeConnect.enabled", false);
/* 0802: disable location bar contextual suggestions
* [SETTING] Privacy & Security>Address Bar>Suggestions from...
* [NOTE] The UI is controlled by the .enabled pref
* [SETTING] Search>Address Bar>Suggestions from...
* [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+]
// user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false]
// user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false]
// user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false]
/* 0803: disable live search suggestions
* [NOTE] Both must be true for the location bar to work
* [NOTE] Both must be true for live search to work in the location bar
* [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
* [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
user_pref("browser.search.suggest.enabled", false);
@ -321,8 +320,9 @@ user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
// user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false]
// user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: true FF125+]
/* 0810: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (2811)
@ -332,7 +332,7 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa
user_pref("browser.formfill.enable", false);
/* 0815: disable tab-to-search [FF85+]
* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
* [SETTING] Search>Address Bar>When using the address bar, suggest>Search engines ***/
// user_pref("browser.urlbar.suggest.engines", false);
/* 0820: disable coloring of visited links
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
@ -412,7 +412,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
* [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4]
* [STATS] SSL Labs (April 2024) reports over 99.6% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@ -583,6 +583,11 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false]
user_pref("pdfjs.enableScripting", false); // [FF86+]
/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
/* 2630: disable content analysis by DLP (Data Loss Prevention) agents
* DLP agents are background processes on managed computers that allow enterprises to monitor locally running
* applications for data exfiltration events, which they can allow/block based on customer defined DLP policies.
* [1] https://github.com/chromium/content_analysis_sdk */
user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false]
/** DOWNLOADS ***/
/* 2651: enable user interaction for security by always asking where to download
@ -698,7 +703,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+)
***/
user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
/* 4001: enable FPP in PB mode [FF114+]
* [NOTE] In FF119+, FPP for all modes (7106) is enabled with ETP Strict (2701) ***/
// user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
@ -720,7 +725,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
418986 - limit window.screen & CSS media queries (FF41)
1281949 - spoof screen orientation (FF50)
1330890 - spoof timezone as UTC0 (FF55)
1330890 - spoof timezone as UTC (FF55)
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
FF56
1333651 - spoof User Agent & Navigator API
@ -740,7 +745,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
1372073 - spoof/block fingerprinting in MediaDevices API (FF59)
Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone"
Block: suppresses the ondevicechange event
1039069 - warn when language prefs are not set to "en*" (also see 0210, 0211) (FF59)
1039069 - warn when language prefs are not set to "en*" (FF59)
1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59)
Spoofing mimics the content language of the document. Currently it only supports en-US.
Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
@ -796,6 +801,12 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
* [WARNING] DO NOT USE unless testing, see [1] comment 12
* [1] https://bugzilla.mozilla.org/1635603 ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
/* 4506: disable RFP spoof english prompt [FF59+]
* 0=prompt, 1=disabled, 2=enabled (requires RFP)
* [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset.
* [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale.
* [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/
user_pref("privacy.spoof_english", 1);
/* 4510: disable using system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
@ -867,7 +878,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
* [1] https://bugzilla.mozilla.org/1281959 ***/
// user_pref("browser.download.forbid_open_with", true);
/* 5010: disable location bar suggestion types
* [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/
* [SETTING] Search>Address Bar>When using the address bar, suggest ***/
// user_pref("browser.urlbar.suggest.history", false);
// user_pref("browser.urlbar.suggest.bookmark", false);
// user_pref("browser.urlbar.suggest.openpage", false);
@ -1108,7 +1119,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
// user_pref("dom.webnotifications.enabled", false);
/* 7019: disable Push Notifications [FF44+]
* [WHY] Push requires subscription
* [WHY] Website "push" requires subscription, and the API is required for CRLite (1224)
* [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
* [1] https://support.mozilla.org/kb/push-notifications-firefox ***/
// user_pref("dom.push.enabled", false);
@ -1119,6 +1130,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
* [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/
// user_pref("media.peerconnection.enabled", false);
/* 7021: enable GPC (Global Privacy Control) in non-PB windows
* [WHY] Passive and active fingerprinting. Mostly redundant with Tracking Protection
* in ETP Strict (2701) and sanitizing on close (2800s) ***/
// user_pref("privacy.globalprivacycontrol.enabled", true);
/*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING
[WHY] They are insufficient to help anti-fingerprinting and do more harm than good
@ -1210,6 +1225,11 @@ user_pref("security.family_safety.mode", 0);
// 0711: disable skipping DoH when parental controls are enabled [FF70+]
// [-] https://bugzilla.mozilla.org/1586941
user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
// FF123
// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
// Defense-in-depth: currently covered by 0331
// [-] https://bugzilla.mozilla.org/1868988
user_pref("browser.ping-centre.telemetry", false);
// ***/
/* END: internal custom pref to test for syntax errors ***/