Skip to content

Commit 0f14e03

Browse files
Thorin-OakenpantsThorin-Oakenpants
authored
v140.1 (#2013)
1 parent 9103afa commit 0f14e03

File tree

1 file changed

+36
-22
lines changed

1 file changed

+36
-22
lines changed

user.js

Lines changed: 36 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/******
22
* name: arkenfox user.js
3-
* date: 14 August 2025
3+
* date: 4 November 2025
44
* version: 140
55
* urls: https://github.com/arkenfox/user.js [repo]
66
* : https://arkenfox.github.io/gui/ [interactive]
@@ -23,6 +23,7 @@
2323
[SETUP-SECURITY] it's one item, read it
2424
[SETUP-WEB] can cause some websites to break
2525
[SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related)
26+
[SETUP-HARDEN] prefs you may like to add to overrides
2627
6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080
2728
2829
* RELEASES: https://github.com/arkenfox/user.js/releases
@@ -83,7 +84,7 @@ user_pref("browser.aboutConfig.showWarning", false);
8384
user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
8485
/* 0102: set startup page [SETUP-CHROME]
8586
* 0=blank, 1=home, 2=last visited page, 3=resume previous session
86-
* [NOTE] Session Restore is cleared with history (2811+), and not used in Private Browsing mode
87+
* [NOTE] Session Restore is cleared if history is also cleared (2811+), and not used in Private Browsing mode
8788
* [SETTING] General>Startup>Restore previous session ***/
8889
user_pref("browser.startup.page", 0);
8990
/* 0103: set HOME+NEWWINDOW page
@@ -292,7 +293,7 @@ user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+]
292293
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
293294
// user_pref("browser.urlbar.clipboard.featureGate", false);
294295
/* 0808: disable recent searches [FF120+]
295-
* [NOTE] Recent searches are cleared with history (2811+)
296+
* [NOTE] Recent searches are cleared if history is cleared (2811+)
296297
* [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
297298
// user_pref("browser.urlbar.recentsearches.featureGate", false);
298299
/* 0810: disable search and form history
@@ -309,7 +310,7 @@ user_pref("browser.formfill.enable", false);
309310
/* 0820: disable coloring of visited links
310311
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
311312
* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
312-
* attacks. Don't forget clearing history on exit (2811+). However, social engineering [2#limits][4][5]
313+
* attacks. History can also be cleared on exit (2811+). However, social engineering [2#limits][4][5]
313314
* and advanced targeted timing attacks could still produce usable results
314315
* [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
315316
* [2] https://dbaron.org/mozilla/visited-privacy
@@ -621,7 +622,12 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
621622
* [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
622623
// user_pref("privacy.antitracking.enableWebcompat", false);
623624

624-
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
625+
/*** [SECTION 2800]: SHUTDOWN & SANITIZING
626+
We enable sanitizeOnShutdown to help prevent 1st party website tracking across sessions.
627+
We consider history/downloads, which are not accessible to websites, as orthogonal and exempt these
628+
629+
[SETUP-HARDEN] to clear all history/downloads on close, add the appropriate overrides from 2800's
630+
***/
625631
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
626632
/* 2810: enable Firefox to clear items on shutdown
627633
* [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811+), or manually via site data (2820+) and
@@ -632,11 +638,11 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true);
632638
/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/
633639
/* 2811: set/enforce clearOnShutdown items (if 2810 is true) [SETUP-CHROME] [FF128+] ***/
634640
user_pref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT: true]
635-
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [DEFAULT: true]
641+
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false); // [DEFAULT: true]
636642
// user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [DEFAULT: false]
637643
/* 2812: set/enforce clearOnShutdown items [FF136+] ***/
638-
user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [DEFAULT: true]
639-
user_pref("privacy.clearOnShutdown_v2.downloads", true); // [HIDDEN]
644+
user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", false); // [DEFAULT: true]
645+
user_pref("privacy.clearOnShutdown_v2.downloads", false); // [HIDDEN]
640646
user_pref("privacy.clearOnShutdown_v2.formdata", true);
641647
/* 2813: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
642648
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811+)
@@ -658,10 +664,10 @@ user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
658664
* [SETTING] Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data ***/
659665
user_pref("privacy.clearSiteData.cache", true);
660666
user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
661-
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
667+
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
662668
// user_pref("privacy.clearSiteData.siteSettings", false);
663669
/* 2821: set manual "Clear Data" items [FF136+] ***/
664-
user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true);
670+
user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", false);
665671
user_pref("privacy.clearSiteData.formdata", true);
666672

667673
/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS ***/
@@ -670,10 +676,10 @@ user_pref("privacy.clearSiteData.formdata", true);
670676
* [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/
671677
user_pref("privacy.clearHistory.cache", true); // [DEFAULT: true]
672678
user_pref("privacy.clearHistory.cookiesAndStorage", false);
673-
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); // [DEFAULT: true]
679+
user_pref("privacy.clearHistory.historyFormDataAndDownloads", false); // [DEFAULT: true]
674680
// user_pref("privacy.clearHistory.siteSettings", false); // [DEFAULT: false]
675681
/* 2831: set manual "Clear History" items [FF136+] ***/
676-
user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [DEFAULT: true]
682+
user_pref("privacy.clearHistory.browsingHistoryAndDownloads", false); // [DEFAULT: true]
677683
user_pref("privacy.clearHistory.formdata", true);
678684

679685
/** SANITIZE MANUAL: TIMERANGE ***/
@@ -701,10 +707,10 @@ user_pref("privacy.sanitize.timeSpan", 0);
701707
https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
702708
1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+)
703709
1887682 - use fdlibm's sin, cos and tan in jsmath (FF134+)
704-
1978414 - various (FF143+)
705-
1954194: available screen resolution: return a fixed offset height from screen per platform when not full screen
706-
1978414: hardwareConcurrency: return 2 (existing RFPTarget)
707-
1977836: maxTouchPoints: return multi-touch as 5
710+
1954194 - available screen resolution: return a fixed offset height from screen per platform when not full screen (FF143+)
711+
1984333 - hardwareConcurrency: less than 8 return 4 else return 8 (FF143+)
712+
1977836 - maxTouchPoints: return multi-touch as 5 (FF143+)
713+
1917607 - subtly randomize WebGL's readPixels (FF145+)
708714
***/
709715
user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
710716
/* 4001: enable FPP in PB mode [FF114+]
@@ -736,7 +742,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
736742
[WARNING] DO NOT USE extensions to alter RFP protected metrics
737743
738744
418986 - limit window.screen & CSS media queries (FF41)
739-
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
740745
FF56
741746
1333651 - spoof User Agent & Navigator API
742747
JS: spoofed as Windows 10, OS X 10.15, Android 10, or Linux
@@ -761,7 +766,10 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
761766
Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
762767
1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62)
763768
1479239 - return "no-preference" with prefers-reduced-motion (FF63)
764-
1363508 & 1826051 - spoof/suppress Pointer Events (FF64, FF132)
769+
1363508 & 1826051 & 1957658 - spoof/suppress Pointer Events, spoof maxTouchPoints (FF64, FF132, FF143, ESR140.2)
770+
FF64: maxTouchPoints: 0 = desktop
771+
FF132: maxTouchPoints: 0 = mac | 10 = windows, linux, mobile
772+
FF143/140.2: maxTouchPoints: 0 = mac, linux | 10 = windows | 5 = mobile
765773
1492766 - spoof pointerEvent.pointerid (FF65)
766774
1485266 - disable exposure of system colors to CSS or canvas (FF67)
767775
1494034 - return "light" with prefers-color-scheme (FF67)
@@ -778,6 +786,7 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
778786
1794628 - return "none" with inverted-colors (FF114)
779787
1787790 - normalize system fonts (FF128)
780788
1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128)
789+
1656377 - spoof pointerEvents azimuthAngle and altitudeAngle (FF131)
781790
1834307 - always use smooth scrolling (FF132)
782791
1918202 - spoof screen orientation based on spoofed screen size and platform (FF132)
783792
previously FF50+ it always returned landscape-primary and an angle of 0
@@ -791,7 +800,9 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
791800
1781277 - return 10GiB for storage estimate until persistent-storage granted (FF142, ESR140.1)
792801
1972600 - spoof network connection for HTMLMediaElement preload (FF142, ESR140.1)
793802
1975851 - return true for navigator.onLine (FF142, ESR140.1)
794-
1973265 - disable WebCodecs API (FF142?)
803+
1973265 - disable WebCodecs API (FF142)
804+
1984333 - spoof navigator.hardwareConcurrency as 4 except mac return 8 (FF143+)
805+
previously FF55+ it returned 2
795806
***/
796807
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
797808
/* 4501: enable RFP
@@ -833,9 +844,10 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
833844
user_pref("privacy.spoof_english", 1);
834845
/* 4507: skip browser.startup.blankWindow if RFP is used [FF136+] ***/
835846
// user_pref("privacy.resistFingerprinting.skipEarlyBlankFirstPaint", true); // [DEFAULT: true]
836-
/* 4510: disable using system colors
837-
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
838-
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
847+
/* 4510: enforce Contrast Control off [FF138+]
848+
* 0=automatic, 1=off, 2=custom
849+
* [SETTING] General>Language and Appearance>Contrast Control ***/
850+
// user_pref("browser.display.document_color_use", 1); // [DEFAULT: 1 NON-WINDOWS]
839851
/* 4511: disable using system accent colors ***/
840852
user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS]
841853
/* 4512: enforce links targeting new windows to open in a new tab instead
@@ -1049,6 +1061,8 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
10491061
// user_pref("privacy.cpd.history", "");
10501062
// user_pref("privacy.cpd.offlineApps", "");
10511063
// user_pref("privacy.cpd.sessions", "");
1064+
/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF140+ ***/
1065+
// user_pref("browser.display.use_system_colors", "");
10521066

10531067
/*** [SECTION 7000]: DON'T BOTHER ***/
10541068
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");

0 commit comments

Comments
 (0)