11/******
22* name: arkenfox user.js
3- * date: 27 August 2023
4- * version: 115
3+ * date: 17 September 2023
4+ * version: 117
55* url: https://github.com/arkenfox/user.js
66* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
77
3333 - If you are not using arkenfox v102-1... (not a definitive list)
3434 - 2815: clearOnShutdown cookies + offlineApps should be false
3535 - 9999: switch the appropriate deprecated section(s) back on
36+ * ESR115
37+ - use https://github.com/arkenfox/user.js/releases/tag/115.1
3638
3739* INDEX:
3840
@@ -283,15 +285,23 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
283285 * [SETUP-CHROME] If you use a proxy and you understand the security impact
284286 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
285287 // user_pref("network.proxy.allow_bypass", false);
286- /* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
287- * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off
288+ /* 0710: enable DNS-over-HTTPS (DoH) [FF60+]
289+ * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off (no rollout)
288290 * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
289291 * [SETTING] Privacy & Security>DNS over HTTPS
290292 * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
291293 * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
292294 * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
293295 * [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
294- // user_pref("network.trr.mode", 5);
296+ // user_pref("network.trr.mode", 3);
297+ /* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/
298+ user_pref ( "network.dns.skipTRR-when-parental-control-enabled" , false ) ;
299+ /* 0712: set DoH provider
300+ * The custom uri is the value shown when you "Choose provider>Custom>"
301+ * [NOTE] If you USE custom then "network.trr.uri" should be set the same
302+ * [SETTING] Privacy & Security>DNS over HTTPS>Increased/Max>Choose provider ***/
303+ // user_pref("network.trr.uri", "https://example.dns");
304+ // user_pref("network.trr.custom_uri", "https://example.dns");
295305
296306/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
297307user_pref ( "_user.js.parrot" , "0800 syntax error: the parrot's ceased to be!" ) ;
@@ -443,12 +453,6 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
443453user_pref ( "security.OCSP.require" , true ) ;
444454
445455/** CERTS / HPKP (HTTP Public Key Pinning) ***/
446- /* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
447- * 0=disable detecting Family Safety mode and importing the root
448- * 1=only attempt to detect Family Safety mode (don't import the root)
449- * 2=detect Family Safety mode and import the root
450- * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/
451- user_pref ( "security.family_safety.mode" , 0 ) ;
452456/* 1223: enable strict PKP (Public Key Pinning)
453457 * 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict
454458 * [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/
@@ -499,7 +503,7 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true);
499503user_pref ( "_user.js.parrot" , "1400 syntax error: the parrot's bereft of life!" ) ;
500504/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
501505 * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
502- * In normal windows: uses the first applicable: RFP (4506) over TP over Standard
506+ * In normal windows: uses the first applicable: RFP over TP over Standard
503507 * In Private Browsing windows: uses the most restrictive between normal and private
504508 * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
505509 * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/
@@ -769,7 +773,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
769773***/
770774user_pref ( "_user.js.parrot" , "4500 syntax error: the parrot's popped 'is clogs" ) ;
771775/* 4501: enable privacy.resistFingerprinting
772- * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
776+ * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar
773777 * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
774778 * [NOTE] pbmode applies if true and the original pref is false
775779 * [1] https://bugzilla.mozilla.org/418986 ***/
@@ -799,8 +803,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
799803 * [WARNING] DO NOT USE unless testing, see [1] comment 12
800804 * [1] https://bugzilla.mozilla.org/1635603 ***/
801805 // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
802- /* 4506: set RFP's font visibility level (1402) [FF94+] ***/
803- // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
804806/* 4510: disable using system colors
805807 * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
806808user_pref ( "browser.display.use_system_colors" , false ) ; // [DEFAULT: false NON-WINDOWS]
@@ -967,7 +969,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
967969/* 5509: disable IPv6 if using a VPN
968970 * This is an application level fallback. Disabling IPv6 is best done at an OS/network
969971 * level, and/or configured properly in system wide VPN setups.
970- * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause
972+ * [SETUP-WEB] PR_CONNECT_RESET_ERROR
971973 * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
972974 * [TEST] https://ipleak.org/
973975 * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
@@ -976,6 +978,11 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
976978 * 0=always (default), 1=only if base domains match, 2=only if hosts match
977979 * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
978980 // user_pref("network.http.referer.XOriginPolicy", 2);
981+ /* 5511: set DoH bootstrap address [FF89+]
982+ * Firefox uses the system DNS to initially resolve the IP address of your DoH server.
983+ * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox
984+ * won't use the system DNS. If the IP doesn't match then DoH won't work ***/
985+ // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF]
979986
980987/*** [SECTION 6000]: DON'T TOUCH ***/
981988user_pref ( "_user.js.parrot" , "6000 syntax error: the parrot's 'istory!" ) ;
@@ -1116,11 +1123,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
11161123/* 7017: disable service workers
11171124 * [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/
11181125 // user_pref("dom.serviceWorkers.enabled", false);
1119- /* 7018: disable Web Notifications
1126+ /* 7018: disable Web Notifications [FF22+]
11201127 * [WHY] Web Notifications are behind a prompt (7002)
11211128 * [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
1122- // user_pref("dom.webnotifications.enabled", false); // [FF22+]
1123- // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
1129+ // user_pref("dom.webnotifications.enabled", false);
11241130/* 7019: disable Push Notifications [FF44+]
11251131 * [WHY] Push requires subscription
11261132 * [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
@@ -1212,5 +1218,26 @@ user_pref("network.cookie.lifetimePolicy", 2);
12121218 // user_pref("browser.cache.offline.enable", false);
12131219// ***/
12141220
1221+ /* ESR115.x still uses all the following prefs
1222+ // [NOTE] replace the * with a slash in the line above to re-enable active ones
1223+ // FF116
1224+ // 4506: set RFP's font visibility level (1402) [FF94+]
1225+ // [-] https://bugzilla.mozilla.org/1838415
1226+ // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
1227+ // FF117
1228+ // 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS]
1229+ // 0=disable detecting Family Safety mode and importing the root
1230+ // 1=only attempt to detect Family Safety mode (don't import the root)
1231+ // 2=detect Family Safety mode and import the root
1232+ // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
1233+ // [-] https://bugzilla.mozilla.org/1844908
1234+ user_pref("security.family_safety.mode", 0);
1235+ // 7018: disable service worker Web Notifications [FF44+]
1236+ // [WHY] Web Notifications are behind a prompt (7002)
1237+ // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/
1238+ // [-] https://bugzilla.mozilla.org/1842457
1239+ // user_pref("dom.webnotifications.serviceworker.enabled", false);
1240+ // ***/
1241+
12151242/* END: internal custom pref to test for syntax errors ***/
12161243user_pref ( "_user.js.parrot" , "SUCCESS: No no he's not dead, he's, he's restin'!" ) ;
0 commit comments