diff --git a/user.js b/user.js index 4798b8a..1772671 100644 --- a/user.js +++ b/user.js @@ -1,7 +1,7 @@ /****** * name: arkenfox user.js -* date: 18 October 2023 -* version: 118 +* date: 20 November 2023 +* version: 119 * urls: https://github.com/arkenfox/user.js [repo] * : https://arkenfox.github.io/gui/ [interactive] * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt @@ -40,7 +40,7 @@ * INDEX: 0100: STARTUP - 0200: GEOLOCATION / LANGUAGE / LOCALE + 0200: GEOLOCATION 0300: QUIETER FOX 0400: SAFE BROWSING 0600: BLOCK IMPLICIT OUTBOUND @@ -100,7 +100,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // * [NOTE] This does not block you from adding your own ***/ user_pref("browser.newtabpage.activity-stream.default.sites", ""); -/*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/ +/*** [SECTION 0200]: GEOLOCATION ***/ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!"); /* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+] * Optionally enable logging to the console (defaults to false) ***/ @@ -109,16 +109,8 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/ /* 0202: disable using the OS's geolocation service ***/ user_pref("geo.provider.ms-windows-location", false); // [WINDOWS] user_pref("geo.provider.use_corelocation", false); // [MAC] -user_pref("geo.provider.use_gpsd", false); // [LINUX] +user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF] user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX] -/* 0210: set preferred language for displaying pages - * [SETTING] General>Language and Appearance>Language>Choose your preferred language... - * [TEST] https://addons.mozilla.org/about ***/ -user_pref("intl.accept_languages", "en-US, en"); -/* 0211: use en-US locale regardless of the system or region locale - * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/ -user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] /*** [SECTION 0300]: QUIETER FOX ***/ user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!"); @@ -268,7 +260,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost user_pref("network.proxy.socks_remote_dns", true); /* 0703: disable using UNC (Uniform Naming Convention) paths [FF61+] * [SETUP-CHROME] Can break extensions for profiles on network shares - * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/ + * [1] https://bugzilla.mozilla.org/1413868 ***/ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF] /* 0704: disable GIO as a potential proxy bypass vector * Gvfs/GIO has a set of supported protocols like obex, network, archive, computer, @@ -297,8 +289,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/ // user_pref("network.trr.mode", 3); -/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/ -user_pref("network.dns.skipTRR-when-parental-control-enabled", false); /* 0712: set DoH provider * The custom uri is the value shown when you "Choose provider>Custom>" * [NOTE] If you USE custom then "network.trr.uri" should be set the same @@ -311,11 +301,11 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!"); /* 0801: disable location bar making speculative connections [FF56+] * [1] https://bugzilla.mozilla.org/1348275 ***/ user_pref("browser.urlbar.speculativeConnect.enabled", false); -/* 0802: disable location bar contextual suggestions [FF92+] +/* 0802: disable location bar contextual suggestions * [SETTING] Privacy & Security>Address Bar>Suggestions from... * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/ user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] -user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); +user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] /* 0803: disable live search suggestions * [NOTE] Both must be true for the location bar to work * [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine @@ -354,6 +344,10 @@ user_pref("browser.formfill.enable", false); * [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use) * [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/ // user_pref("layout.css.visited_links_enabled", false); +/* 0830: enable separate default search engine in Private Windows and its UI setting + * [SETTING] Search>Default Search Engine>Choose a different default search engine for Private Windows only ***/ +user_pref("browser.search.separatePrivateDefault", true); // [FF70+] +user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+] /*** [SECTION 0900]: PASSWORDS [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas @@ -396,7 +390,7 @@ user_pref("browser.sessionstore.privacy_level", 2); /* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS] * [1] https://bugzilla.mozilla.org/603903 ***/ user_pref("toolkit.winRegisterApplicationRestart", false); -/* 1006: disable favicons in shortcuts +/* 1006: disable favicons in shortcuts [WINDOWS] * URL shortcuts use a cached randomly named .ico file which is stored in your * profile/shortcutCache directory. The .ico remains after the shortcut is deleted * If set to false then the shortcuts use a generic Firefox icon ***/ @@ -417,7 +411,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!"); * but the problem is that the browser can't know that. Setting this pref to true is the only way for the * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site? - * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4] + * [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4] * [1] https://wiki.mozilla.org/Security:Renegotiation * [2] https://datatracker.ietf.org/doc/html/rfc5746 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 @@ -462,7 +456,7 @@ user_pref("security.cert_pinning.enforcement_level", 2); * 0 = disabled * 1 = consult CRLite but only collect telemetry * 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results - * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+, default FF100+) + * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default) * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071 * [2] https://blog.mozilla.org/security/tag/crlite/ ***/ user_pref("security.remote_settings.crlite_filters.enabled", true); @@ -471,7 +465,7 @@ user_pref("security.pki.crlite_mode", 2); /** MIXED CONTENT ***/ /* 1241: disable insecure passive content (such as images) on https pages ***/ // user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244) -/* 1244: enable HTTPS-Only mode in all windows [FF76+] +/* 1244: enable HTTPS-Only mode in all windows * When the top-level is HTTPS, insecure subresources are also upgraded (silent fail) * [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site") * [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions) @@ -603,12 +597,13 @@ user_pref("browser.download.manager.addToRecentDocs", false); user_pref("browser.download.always_ask_before_handling_new_types", true); /** EXTENSIONS ***/ -/* 2660: lock down allowed extension directories - * [SETUP-CHROME] This will break extensions, language packs, themes and any other - * XPI files which are installed outside of profile and application directories +/* 2660: limit allowed extension directories + * 1=profile, 2=user, 4=application, 8=system, 16=temporary, 31=all + * The pref value represents the sum: e.g. 5 would be profile and application directories + * [SETUP-CHROME] Breaks usage of files which are installed outside allowed directories * [1] https://archive.is/DYjAM ***/ user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF] -user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] + // user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15] /* 2661: disable bypassing 3rd party extension install prompts [FF82+] * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/ user_pref("extensions.postDownloadThirdPartyPrompt", false); @@ -625,7 +620,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ * [SETTING] to add site exceptions: Urlbar>ETP Shield * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/ -user_pref("browser.contentblocking.category", "strict"); +user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF] /* 2702: disable ETP web compat features [FF93+] * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants * Opener and redirect heuristics are granted for 30 days, see [3] @@ -703,7 +698,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1330890 - spoof timezone as UTC0 (FF55) 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55) FF56 - 1369303 - spoof/disable performance API 1333651 - spoof User Agent & Navigator API version: android version spoofed as ESR (FF119 or lower) OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android @@ -716,7 +710,6 @@ user_pref("privacy.sanitize.timeSpan", 0); 1369309 - spoof media statistics 1382499 - reduce screen co-ordinate fingerprinting in Touch API 1217290 & 1409677 - enable some fingerprinting resistance for WebGL - 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist FF58+ 1372073 - spoof/block fingerprinting in MediaDevices API (FF59) @@ -741,7 +734,7 @@ user_pref("privacy.sanitize.timeSpan", 0); 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82) 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1) - 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100) + 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100-115) 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102) 1422237 - return "srgb" with color-gamut (FF110) 1794628 - return "none" with inverted-colors (FF114) @@ -973,10 +966,9 @@ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000] * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/ user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false] -/* 6009: enforce SmartBlock shims [FF81+] - * In FF96+ these are listed in about:compat +/* 6009: enforce SmartBlock shims (about:compat) [FF81+] * [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/ -user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true] +user_pref("extensions.webcompat.enable_shims", true); // [HIDDEN PREF] [DEFAULT: true] /* 6010: enforce no TLS 1.0/1.1 downgrades * [TEST] https://tls-v1-1.badssl.com:1010/ ***/ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false] @@ -987,38 +979,13 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false] /* 6012: enforce Quarantined Domains [FF115+] * [WHY] https://support.mozilla.org/kb/quarantined-domains */ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true] -/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/ - // user_pref("beacon.enabled", ""); - // user_pref("browser.startup.blankWindow", ""); - // user_pref("browser.newtab.preload", ""); - // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", ""); - // user_pref("browser.newtabpage.activity-stream.feeds.snippets", ""); - // user_pref("browser.region.network.url", ""); - // user_pref("browser.region.update.enabled", ""); - // user_pref("browser.ssl_override_behavior", ""); - // user_pref("devtools.chrome.enabled", ""); - // user_pref("dom.disable_beforeunload", ""); - // user_pref("dom.disable_open_during_load", ""); - // user_pref("extensions.formautofill.available", ""); - // user_pref("extensions.formautofill.addresses.supported", ""); - // user_pref("extensions.formautofill.creditCards.available", ""); - // user_pref("extensions.formautofill.creditCards.supported", ""); - // user_pref("middlemouse.contentLoadURL", ""); -/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ +/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/ // user_pref("accessibility.force_disabled", ""); - // user_pref("browser.fixup.alternate.enabled", ""); // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", ""); // user_pref("network.protocol-handler.external.ms-windows-store", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", ""); // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", ""); // user_pref("privacy.partition.serviceWorkers", ""); -/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/ - // user_pref("browser.cache.offline.enable", ""); - // user_pref("extensions.formautofill.heuristics.enabled", ""); - // user_pref("network.cookie.lifetimePolicy", ""); - // user_pref("privacy.clearsitedata.cache.enabled", ""); - // user_pref("privacy.resistFingerprinting.testGranularityMask", ""); - // user_pref("security.pki.sha1_enforcement_level", ""); /*** [SECTION 7000]: DON'T BOTHER ***/ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!"); @@ -1103,7 +1070,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] // user_pref("privacy.partition.network_state.ocsp_cache", true); - // user_pref("privacy.query_stripping.enabled", true); // [FF101+] [ETP FF102+] + // user_pref("privacy.query_stripping.enabled", true); // [FF101+] // user_pref("privacy.trackingprotection.enabled", true); // user_pref("privacy.trackingprotection.socialtracking.enabled", true); // user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true] @@ -1160,7 +1127,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan /*** [SECTION 9000]: NON-PROJECT RELATED ***/ user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!"); /* 9001: disable welcome notices ***/ -user_pref("browser.startup.homepage_override.mstone", "ignore"); +user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF] /* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/ user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); @@ -1209,6 +1176,15 @@ user_pref("security.family_safety.mode", 0); // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion // [-] https://bugzilla.mozilla.org/1697151 // user_pref("permissions.delegation.enabled", false); +// FF119 +// 0211: use en-US locale regardless of the system or region locale + // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1] + // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 + // [-] https://bugzilla.mozilla.org/1846224 + // user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF] +// 0711: disable skipping DoH when parental controls are enabled [FF70+] + // [-] https://bugzilla.mozilla.org/1586941 +user_pref("network.dns.skipTRR-when-parental-control-enabled", false); // ***/ /* END: internal custom pref to test for syntax errors ***/