mirror/ arkenfox-user.js
1
1
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-05-12 01:06:10 +02:00
Code Issues Wiki
1,997 Commits 2 Branches 104 Tags 3.8 MiB
Commit Graph

1997 Commits

Author SHA1 Message Date
Thorin-Oakenpants c8c86262d7
enforce SmartBlock shims 2021-12-12 13:51:25 +00:00
Thorin-Oakenpants f836e55363
tidy ETP stuff 2021-12-12 13:31:01 +00:00
Thorin-Oakenpants 8cdb30cc08
make cookie pref active 
@SkewedZeppelin ... https://github.com/arkenfox/user.js/issues/1051#issuecomment-991806497
 2021-12-12 00:26:12 +00:00
Thorin-Oakenpants 54810e333f
typo 2021-12-11 19:17:43 +00:00
Thorin-Oakenpants 7ec13c0323
sharedWorkers tweak 
tested in FF91+. Seems as if sharedWorkers no longer requires an explicit `Allow`
 2021-12-11 12:22:00 +00:00
Thorin-Oakenpants af109d4696
tweak 7016 2021-12-11 11:15:34 +00:00
Thorin-Oakenpants 460951df9e
tidy, add instructions 2021-12-11 09:37:45 +00:00
Thorin-Oakenpants 93874bda43
rename 2021-12-11 09:14:59 +00:00
Thorin-Oakenpants 4ebabbb569
Delete arkenfox-clear-deprecated.js 2021-12-11 09:13:51 +00:00
Thorin-Oakenpants 1f0dc1853d
merge scratchpads into one 2021-12-11 09:13:09 +00:00
Thorin-Oakenpants 13e5fe17b1
remove rfpalts (#1288) 2021-12-11 06:56:43 +00:00
Thorin-Oakenpants ec7cb6a491
2702: partition service workers 2021-12-09 17:17:52 +00:00
Thorin-Oakenpants d9f49bdf1f
make 7017 clearer 2021-12-09 16:17:53 +00:00
Thorin-Oakenpants d5bc6715cd
remove web workers section 
farewell parrot
 2021-12-09 16:14:36 +00:00
Thorin-Oakenpants 8860c90abf
make service workers inactive 
currently 3rd party service workers are blocked in FF95 when dFPI is enabled (which this version has should anyone update to 96-alpha)
   - but I get an error even on first party - https://arkenfox.github.io/TZP/tzp.html#storage
   - I get : service worker | test : enabled | failed: SecurityError
in FF96+ service workers they are covered by dFPI
  - see https://bugzilla.mozilla.org/show_bug.cgi?id=1731999
 2021-12-09 14:31:41 +00:00
Thorin-Oakenpants 4d5abd6cc3
tweak 8000 title 
lets not encourage non-RFP users to see this as a sign to use them
 2021-12-09 14:18:25 +00:00
Thorin-Oakenpants de28689e76
flip from FPI to dFPI 
I will tidy and expand 2700 entries later
 2021-12-09 14:13:39 +00:00
Thorin-Oakenpants 5d508e4242
move LSNG to don't touch 2021-12-09 14:05:47 +00:00
Thorin-Oakenpants 1fc43574d6
move "cookie" permission info into 2801 2021-12-09 14:00:21 +00:00
Thorin-Oakenpants 83602baa38
misc site storage/data prefs 
been inactive since jesus was a baby
 2021-12-09 13:47:57 +00:00
Thorin-Oakenpants 0634a568ef
remove redundant site data prefs 
we've never used these
- service workers are disabled (or soon to be covered by dFPI when enabled) and sanitizing is already done (or will be done via enhanced cookie cleaning)
- storage API, storage access API: we sanitize on close, and sites are isolated by eTLD+1
 2021-12-09 13:45:46 +00:00
Thorin-Oakenpants 97322d6e8b
various inactive FPI prefs 2021-12-09 12:31:38 +00:00
Thorin-Oakenpants f7bba92c71
cleanout FPI section 
farewell parrot
 2021-12-09 12:28:45 +00:00
Thorin-Oakenpants fe75baa79f
move DNT to DON'T BOTHER 2021-12-09 11:44:51 +00:00
Thorin-Oakenpants 72cc4d176e
0706: network.proxy.allow_bypass, closes #1292 2021-12-09 11:41:18 +00:00
Thorin-Oakenpants 7e1b92567c
95 final 2021-12-08 12:13:47 +00:00
Thorin-Oakenpants fec5168203
95 deprecated 2021-12-08 04:28:47 +00:00
Thorin-Oakenpants b60a888da3
update WebRTC, closes #1282 2021-12-06 14:45:47 +00:00
Thorin-Oakenpants ec595c3b95
fixup duplicate line 2021-12-05 19:59:33 +00:00
Thorin-Oakenpants 9d61992c8c
don't clear offlineApps on shutdown, #1291 
- in v94 we switched to cookies lifetime as session, so users could use site exceptions to retain selected cookies (to stay logged in one assumes)
- that mean not deleting all cookies on shutdown
- but some login methods/types require more than cookies and also need the "site data" part of "cookies + site data" - that's the offlineApps part
- note: all site data (and cookies) is still cleared on close except site exceptions
 2021-12-05 19:49:32 +00:00
Thorin-Oakenpants fd860e6c69
flip RFP newwin max values, closes #1286 2021-12-04 10:23:59 +00:00
Thorin-Oakenpants d1d20b897a
wiki cleanup (#1289) 2021-12-04 09:36:09 +00:00
Thorin-Oakenpants cf0102f71e
fixup: from being flogged to death by overseers 
thanks @dngray, also save some precious bytes .. polar bears know about scarce resources
 2021-12-02 09:34:34 +00:00
Thorin-Oakenpants 4dc5372257
0603: network.predictor.enable-prefetch 
make active for Nighty users - see https://bugzilla.mozilla.org/show_bug.cgi?id=1506194
 2021-11-30 13:29:19 +00:00
Thorin-Oakenpants c2ddfd60bf
tidy 79-91 removed items 2021-11-28 13:22:46 +00:00
Thorin-Oakenpants 47de4f520b
tidy 5505 2021-11-28 09:01:39 +00:00
Thorin-Oakenpants 27977a16ad
2652: browser.download.alwaysOpenPanel 
FYI: https://bugzilla.mozilla.org/1738372

There is a small privacy issue with shoulder surfers, but in reality, this just needs to happen IMO
- we already prompt where to save, but even if we didn't, we also know we clicked or initiated a download
   - unless it's a drive by or user-gesture trickery - which is why we prompt
- the download icon is shown (if hidden) and the throbber/accent color go to work
- users can always click the icon to show entries (and open folder etc)
- this maintains the current behavior in FF94
 2021-11-25 06:49:38 +00:00
Thorin-Oakenpants 4b393b9b12
start 95-alpha 2021-11-24 01:09:10 +00:00
Thorin-Oakenpants 6027aaa45d
fixup warnOnQuitShortcut 2021-11-23 12:02:50 +00:00
Thorin-Oakenpants cbfb8abf15
94 final 2021-11-23 07:11:43 +00:00
Thorin-Oakenpants 58d0161b67
add warnOnQuitShortcut, closes #1270 2021-11-23 07:05:01 +00:00
Thorin-Oakenpants 6b351a9458
fixup trade-offs 
anti-fingerprinting doesn't fit here: it's not a major component or priority of this user.js, and only a few prefs outside RFP (as a robust built-in browser solution that defeats naive scripts) have anything to do with it
 2021-11-22 18:15:53 +00:00
Thorin-Oakenpants c9e4cac618
tweak webRTC 
webRTC will be overhauled... but not today... in the meantime
- remove dead link before @dngray has a hernia
- correctly refer to the type of IP leak
 2021-11-22 18:08:07 +00:00
Thorin-Oakenpants 34bd3c5a04
consolidate/simplify sanitizing, fixes #1256 
move all sanitizing on exit prefs into 2800

switch to cookie lifetime as session
- now users can utilize exceptions (as allow)
- session cookies still block service workers (which we disable anyway)
- we still block 3rd party cookies (until we move to dFPI)
- we still have defense in depth for 3rd party cookies with 2803
- we still bulk sanitize offlineApps on exit: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
   - i.e you get to keep the cookies only IF you add an exception

add `privacy.clearsitedata.cache.enabled`
 2021-11-22 05:40:49 +00:00
Thorin-Oakenpants 2f88ca2e40
misc 
- move DoH so it has room to grow
- tidy privacy.clearOnShutdown, privacy.cpd
 2021-11-18 01:28:21 +00:00
Thorin-Oakenpants e2e7f9c647
font vis changes (#1275) 2021-11-16 11:56:20 +00:00
Thorin-Oakenpants f8932dced1
remove ambiguous line 
The point was that google have said (stated in policy, but fuck knows where that is located these days) that it is anonymized and not used for tracking. It's an API used by **_4 billion devices_** - the API has privacy policies for use. If a whistleblower or someone else found out that google was using this to enhance their user profiling, then all hell would break loose. And they don't even need this to fuel their ad revenue. It is provided, gratis, to the web to help ensure security - they wouldn't dare taint it and get it caught up in a privacy scandal involving **+4 billion devices_**. And in all this time (since 2007), there has been no such whistleblower or proof it is used to track or announcements by google of changes to the contrary.

Anyway, a quick search brings up
- Here is their policy - https://www.google.com/intl/en_us/privacy/browsing.html - it's empty and points to
- https://www.google.com/intl/en/chrome/privacy/
   - and if you scroll down to "Safe Browsing practices" it doesn't say anything about privacy policies for the API itself (or the owner of the API) - it just spells out what happens in chrome
- I'm not going to bother to look any further and find a history of policy changes

Anyway, this is Firefox and hashes are part hashes bundled with other real hashes - and we turned off real time binary checks. So this line can fuck the fuck off. It was meant to reassure those who want the security of real-time binary checks, that privacy "shouldn't" be an issue, but I'm not going to expand on it
 2021-11-07 06:48:45 +00:00
Thorin-Oakenpants 17beb468f1
tweak 1510 default info 2021-11-04 22:44:23 +00:00
Thorin-Oakenpants bd59131d3e
default changes, missed one 2021-11-04 22:38:16 +00:00
Thorin-Oakenpants 0f8217ad60
cleanup sanitizing-on-close prefs 2021-11-04 16:18:35 +00:00