mirror/ arkenfox-user.js
1
1
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-05-23 04:46:09 +02:00
Code Issues Wiki

v115.1 (#1703) 

The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. This will better align ESR115 users' defaults with AF moving forward
This commit is contained in:
Thorin-Oakenpants 2023-08-27 01:49:42 +00:00 committed by GitHub
parent 576da2e236
commit 61a9f9d37a
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
user.js
View File

@ -1,6 +1,6 @@
/****** /******
* name: arkenfox user.js * name: arkenfox user.js
* date: 26 July 2023 * date: 27 August 2023
* version: 115 * version: 115
* url: https://github.com/arkenfox/user.js * url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@ -18,7 +18,6 @@
* Some site breakage and unintended consequences will happen. Everyone's experience will differ * Some site breakage and unintended consequences will happen. Everyone's experience will differ
e.g. some user data is erased on exit (section 2800), change this to suit your needs e.g. some user data is erased on exit (section 2800), change this to suit your needs
* While not 100% definitive, search for "[SETUP" tags * While not 100% definitive, search for "[SETUP" tags
e.g. third party images/videos not loading on some sites? check 1601
5. Some tag info 5. Some tag info
[SETUP-SECURITY] it's one item, read it [SETUP-SECURITY] it's one item, read it
[SETUP-WEB] can cause some websites to break [SETUP-WEB] can cause some websites to break
@ -42,13 +41,13 @@
0300: QUIETER FOX 0300: QUIETER FOX
0400: SAFE BROWSING 0400: SAFE BROWSING
0600: BLOCK IMPLICIT OUTBOUND 0600: BLOCK IMPLICIT OUTBOUND
0700: DNS / DoH / PROXY / SOCKS / IPv6 0700: DNS / DoH / PROXY / SOCKS
0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
0900: PASSWORDS 0900: PASSWORDS
1000: DISK AVOIDANCE 1000: DISK AVOIDANCE
1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
1400: FONTS 1400: FONTS
1600: HEADERS / REFERERS 1600: REFERERS
1700: CONTAINERS 1700: CONTAINERS
2000: PLUGINS / MEDIA / WEBRTC 2000: PLUGINS / MEDIA / WEBRTC
2400: DOM (DOCUMENT OBJECT MODEL) 2400: DOM (DOCUMENT OBJECT MODEL)
@ -255,20 +254,8 @@ user_pref("browser.places.speculativeConnect.enabled", false);
* [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/ * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
// user_pref("browser.send_pings", false); // [DEFAULT: false] // user_pref("browser.send_pings", false); // [DEFAULT: false]
/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS / IPv6 ***/ /*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS ***/
user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!"); user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
/* 0701: disable IPv6
* IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming
* your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4
* [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause
* [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6
* [NOTE] This is an application level fallback. Disabling IPv6 is best done at an
* OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
* then this won't make much difference. If you are masking your IP, then it can only help.
* [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
* [TEST] https://ipleak.org/
* [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
user_pref("network.dns.disableIPv6", true);
/* 0702: set the proxy server to do any DNS lookups when using SOCKS /* 0702: set the proxy server to do any DNS lookups when using SOCKS
* e.g. in Tor, this stops your local DNS server from knowing your Tor destination * e.g. in Tor, this stops your local DNS server from knowing your Tor destination
* as a remote Tor node will handle the DNS request * as a remote Tor node will handle the DNS request
@ -308,13 +295,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/ /*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
/* 0801: disable location bar using search
* Don't leak URL typos to a search engine, give an error message instead
* Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
* [NOTE] This does not affect explicit user action such as using search buttons in the
* dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)
* [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/
user_pref("keyword.enabled", false);
/* 0802: disable location bar domain guessing /* 0802: disable location bar domain guessing
* domain guessing intercepts DNS "hostname not found errors" and resends a * domain guessing intercepts DNS "hostname not found errors" and resends a
* request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
@ -527,18 +507,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
// user_pref("layout.css.font-visibility.standard", 1); // user_pref("layout.css.font-visibility.standard", 1);
// user_pref("layout.css.font-visibility.trackingprotection", 1); // user_pref("layout.css.font-visibility.trackingprotection", 1);
/*** [SECTION 1600]: HEADERS / REFERERS /*** [SECTION 1600]: REFERERS
full URI: https://example.com:8888/foo/bar.html?id=1234 full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port+path: https://example.com:8888/foo/bar.html
scheme+host+port: https://example.com:8888 scheme+host+port: https://example.com:8888
[1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
***/ ***/
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1601: control when to send a cross-origin referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
* If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
user_pref("network.http.referer.XOriginPolicy", 2);
/* 1602: control the amount of cross-origin information to send [FF52+] /* 1602: control the amount of cross-origin information to send [FF52+]
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 2); user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
@ -571,17 +546,6 @@ user_pref("media.peerconnection.ice.default_address_only", true);
/* 2020: disable GMP (Gecko Media Plugins) /* 2020: disable GMP (Gecko Media Plugins)
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/ * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
// user_pref("media.gmp-provider.enabled", false); // user_pref("media.gmp-provider.enabled", false);
/* 2021: disable widevine CDM (Content Decryption Module)
* [NOTE] This is covered by the EME master switch (2022) ***/
// user_pref("media.gmp-widevinecdm.enabled", false);
/* 2022: disable all DRM content (EME: Encryption Media Extension)
* Optionally hide the setting which also disables the DRM prompt
* [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
* [SETTING] General>DRM Content>Play DRM-controlled content
* [TEST] https://bitmovin.com/demos/drm
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false);
// user_pref("browser.eme.ui.enabled", false);
/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/ /*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!"); user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
@ -631,8 +595,6 @@ user_pref("network.IDN_show_punycode", true);
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/ * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
user_pref("pdfjs.disabled", false); // [DEFAULT: false] user_pref("pdfjs.disabled", false); // [DEFAULT: false]
user_pref("pdfjs.enableScripting", false); // [FF86+] user_pref("pdfjs.enableScripting", false); // [FF86+]
/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/
user_pref("network.protocol-handler.external.ms-windows-store", false);
/* 2623: disable permissions delegation [FF73+] /* 2623: disable permissions delegation [FF73+]
* Currently applies to cross-origin geolocation, camera, mic and screen-sharing * Currently applies to cross-origin geolocation, camera, mic and screen-sharing
* permissions, and fullscreen requests. Disabling delegation means any prompts * permissions, and fullscreen requests. Disabling delegation means any prompts
@ -933,8 +895,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
/* 5015: disable Windows taskbar preview [WINDOWS] ***/ /* 5015: disable Windows taskbar preview [WINDOWS] ***/
// user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false] // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
/* 5016: discourage downloading to desktop /* 5016: discourage downloading to desktop
* 0=desktop, 1=downloads (default), 2=last used * 0=desktop, 1=downloads (default), 2=custom
* [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/
// user_pref("browser.download.folderList", 2); // user_pref("browser.download.folderList", 2);
/* 5017: disable Form Autofill /* 5017: disable Form Autofill
* If .supportedCountries includes your region (browser.search.region) and .supported * If .supportedCountries includes your region (browser.search.region) and .supported
@ -949,6 +911,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
// user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF] // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/ /* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
// user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false); // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
/* 5021: disable location bar using search
* Don't leak URL typos to a search engine, give an error message instead
* Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
* [NOTE] This does not affect explicit user action such as using search buttons in the
* dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/
// user_pref("keyword.enabled", false);
/*** [SECTION 5500]: OPTIONAL HARDENING /*** [SECTION 5500]: OPTIONAL HARDENING
Not recommended. Overriding these can cause breakage and performance issues, Not recommended. Overriding these can cause breakage and performance issues,
@ -989,6 +957,25 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
// user_pref("javascript.options.wasm", false); // user_pref("javascript.options.wasm", false);
/* 5507: disable rendering of SVG OpenType fonts ***/ /* 5507: disable rendering of SVG OpenType fonts ***/
// user_pref("gfx.font_rendering.opentype_svg.enabled", false); // user_pref("gfx.font_rendering.opentype_svg.enabled", false);
/* 5508: disable all DRM content (EME: Encryption Media Extension)
* Optionally hide the UI setting which also disables the DRM prompt
* [SETTING] General>DRM Content>Play DRM-controlled content
* [TEST] https://bitmovin.com/demos/drm
* [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
// user_pref("media.eme.enabled", false);
// user_pref("browser.eme.ui.enabled", false);
/* 5509: disable IPv6 if using a VPN
* This is an application level fallback. Disabling IPv6 is best done at an OS/network
* level, and/or configured properly in system wide VPN setups.
* If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause
* [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
* [TEST] https://ipleak.org/
* [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
// user_pref("network.dns.disableIPv6", true);
/* 5510: control when to send a cross-origin referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
// user_pref("network.http.referer.XOriginPolicy", 2);
/*** [SECTION 6000]: DON'T TOUCH ***/ /*** [SECTION 6000]: DON'T TOUCH ***/
user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@ -1037,6 +1024,8 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
// user_pref("extensions.formautofill.creditCards.available", ""); // user_pref("extensions.formautofill.creditCards.available", "");
// user_pref("extensions.formautofill.creditCards.supported", ""); // user_pref("extensions.formautofill.creditCards.supported", "");
// user_pref("middlemouse.contentLoadURL", ""); // user_pref("middlemouse.contentLoadURL", "");
/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/
// user_pref("network.protocol-handler.external.ms-windows-store", "");
/*** [SECTION 7000]: DON'T BOTHER ***/ /*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@ -1082,7 +1071,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144 // user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers /* 7007: referers
* [WHY] Only cross-origin referers (1600s) need control ***/ * [WHY] Only cross-origin referers (1602, 5510) matter ***/
// user_pref("network.http.sendRefererHeader", 2); // user_pref("network.http.sendRefererHeader", 2);
// user_pref("network.http.referer.trimmingPolicy", 0); // user_pref("network.http.referer.trimmingPolicy", 0);
/* 7008: set the default Referrer Policy [FF59+] /* 7008: set the default Referrer Policy [FF59+]