11/******
22* name: arkenfox user.js
3- * date: 4 May 2023
4- * version: 112
3+ * date: 26 July 2023
4+ * version: 115
55* url: https://github.com/arkenfox/user.js
66* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
77
@@ -116,7 +116,6 @@ user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
116116user_pref ( "intl.accept_languages" , "en-US, en" ) ;
117117/* 0211: use en-US locale regardless of the system or region locale
118118 * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
119- * [TEST] https://arkenfox.github.io/TZP/tests/formatting.html
120119 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
121120user_pref ( "javascript.use_us_english_locale" , true ) ; // [HIDDEN PREF]
122121
@@ -296,10 +295,11 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
296295 * [WARNING] If false, this will break the fallback for some security features
297296 * [SETUP-CHROME] If you use a proxy and you understand the security impact
298297 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
299- // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96]
298+ // user_pref("network.proxy.allow_bypass", false);
300299/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
301- * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
300+ * 0=default, 2=increased ( TRR (Trusted Recursive Resolver) first) , 3=max ( TRR only) , 5=off
302301 * see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
302+ * [SETTING] Privacy & Security>DNS over HTTPS
303303 * [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
304304 * [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
305305 * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
@@ -602,9 +602,6 @@ user_pref("browser.uitour.enabled", false);
602602/* 2608: reset remote debugging to disabled
603603 * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/
604604user_pref ( "devtools.debugger.remote-enabled" , false ) ; // [DEFAULT: false]
605- /* 2611: disable middle mouse click opening links from clipboard
606- * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/
607- user_pref ( "middlemouse.contentLoadURL" , false ) ;
608605/* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
609606 * 0 (default) or 1=allow, 2=block
610607 * [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/
@@ -642,6 +639,8 @@ user_pref("network.protocol-handler.external.ms-windows-store", false);
642639 * for these will show/use their correct 3rd party origin
643640 * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/
644641user_pref ( "permissions.delegation.enabled" , false ) ;
642+ /* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
643+ user_pref ( "browser.tabs.searchclipboardfor.middleclick" , false ) ; // [DEFAULT: false NON-LINUX]
645644
646645/** DOWNLOADS ***/
647646/* 2651: enable user interaction for security by always asking where to download
@@ -727,10 +726,6 @@ user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true]
727726 * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
728727user_pref ( "privacy.clearOnShutdown.cookies" , true ) ; // Cookies
729728user_pref ( "privacy.clearOnShutdown.offlineApps" , true ) ; // Site Data
730- /* 2816: set cache to clear on exit [FF96+]
731- * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
732- * [1] https://bugzilla.mozilla.org/1671182 ***/
733- // user_pref("privacy.clearsitedata.cache.enabled", true);
734729
735730/** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/
736731/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME]
@@ -758,11 +753,11 @@ user_pref("privacy.sanitize.timeSpan", 0);
758753/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
759754 RFP covers a wide range of ongoing fingerprinting solutions.
760755 It is an all-or-nothing buy in: you cannot pick and choose what parts you want
756+ [TEST] https://arkenfox.github.io/TZP/tzp.html
761757
762758 [WARNING] DO NOT USE extensions to alter RFP protected metrics
763759
764760 418986 - limit window.screen & CSS media queries (FF41)
765- [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
766761 1281949 - spoof screen orientation (FF50)
767762 1330890 - spoof timezone as UTC0 (FF55)
768763 1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
@@ -801,19 +796,23 @@ user_pref("privacy.sanitize.timeSpan", 0);
801796 1595823 - return audioContext sampleRate as 44100 (FF72)
802797 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74)
803798 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78)
799+ 1506364 - return "no-preference" with prefers-contrast (FF80)
804800 1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80)
805801 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
806802 531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
807803 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
808804 1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
809805 1422237 - return "srgb" with color-gamut (FF110)
806+ 1794628 - return "none" with inverted-colors (FF114)
810807***/
811808user_pref ( "_user.js.parrot" , "4500 syntax error: the parrot's popped 'is clogs" ) ;
812- /* 4501: enable privacy.resistFingerprinting [FF41+]
809+ /* 4501: enable privacy.resistFingerprinting
813810 * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
814811 * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
812+ * [NOTE] pbmode applies if true and the original pref is false
815813 * [1] https://bugzilla.mozilla.org/418986 ***/
816- user_pref ( "privacy.resistFingerprinting" , true ) ;
814+ user_pref ( "privacy.resistFingerprinting" , true ) ; // [FF41+]
815+ // user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
817816/* 4502: set new window size rounding max values [FF55+]
818817 * [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen
819818 * [1] https://bugzilla.mozilla.org/1330882 ***/
@@ -822,7 +821,7 @@ user_pref("privacy.window.maxInnerHeight", 900);
822821/* 4503: disable mozAddonManager Web API [FF57+]
823822 * [NOTE] To allow extensions to work on AMO, you also need 2662
824823 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
825- user_pref ( "privacy.resistFingerprinting.block_mozAddonManager" , true ) ; // [HIDDEN PREF]
824+ user_pref ( "privacy.resistFingerprinting.block_mozAddonManager" , true ) ; // [HIDDEN PREF FF57-108 ]
826825/* 4504: enable RFP letterboxing [FF67+]
827826 * Dynamically resizes the inner window by applying margins in stepped ranges [2]
828827 * If you use the dimension pref, then it will only apply those resolutions.
@@ -838,7 +837,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
838837 * [WARNING] DO NOT USE unless testing, see [1] comment 12
839838 * [1] https://bugzilla.mozilla.org/1635603 ***/
840839 // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
841- // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
842840/* 4506: set RFP's font visibility level (1402) [FF94+] ***/
843841 // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
844842/* 4510: disable using system colors
@@ -941,12 +939,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
941939/* 5017: disable Form Autofill
942940 * If .supportedCountries includes your region (browser.search.region) and .supported
943941 * is "detect" (default), then the UI will show. Stored data is not secure, uses JSON
944- * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
945942 * [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses
946943 * [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/
947944 // user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
948945 // user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
949- // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
950946/* 5018: limit events that can cause a pop-up ***/
951947 // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
952948/* 5019: disable page thumbnail collection ***/
@@ -1021,6 +1017,9 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
10211017 * Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
10221018 * [WHY] To prevent wasting Mozilla's time with a custom setup ***/
10231019user_pref ( "extensions.webcompat-reporter.enabled" , false ) ; // [DEFAULT: false]
1020+ /* 6012: enforce Quarantined Domains [FF115+]
1021+ * [WHY] https://support.mozilla.org/kb/quarantined-domains */
1022+ user_pref ( "extensions.quarantinedDomains.enabled" , true ) ; // [DEFAULT: true]
10241023/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/
10251024 // user_pref("beacon.enabled", "");
10261025 // user_pref("browser.startup.blankWindow", "");
@@ -1037,16 +1036,16 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
10371036 // user_pref("extensions.formautofill.addresses.supported", "");
10381037 // user_pref("extensions.formautofill.creditCards.available", "");
10391038 // user_pref("extensions.formautofill.creditCards.supported", "");
1039+ // user_pref("middlemouse.contentLoadURL", "");
10401040
10411041/*** [SECTION 7000]: DON'T BOTHER ***/
10421042user_pref ( "_user.js.parrot" , "7000 syntax error: the parrot's pushing up daisies!" ) ;
10431043/* 7001: disable APIs
1044- * Location-Aware Browsing, Full Screen, offline cache (appCache)
1045- * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002).
1046- * appCache storage capability was removed in FF90 . Full screen requires user interaction ***/
1044+ * Location-Aware Browsing, Full Screen
1045+ * [WHY] The API state is easily fingerprintable.
1046+ * Geo is behind a prompt (7002) . Full screen requires user interaction ***/
10471047 // user_pref("geo.enabled", false);
10481048 // user_pref("full-screen-api.enabled", false);
1049- // user_pref("browser.cache.offline.enable", false);
10501049/* 7002: set default permissions
10511050 * Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
10521051 * 0=always ask (default), 1=allow, 2=block
@@ -1194,16 +1193,34 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false);
11941193***/
11951194user_pref ( "_user.js.parrot" , "9999 syntax error: the parrot's shuffled off 'is mortal coil!" ) ;
11961195/* ESR102.x still uses all the following prefs
1197- // [NOTE] replace the * with a slash in the line above to re-enable them
1196+ // [NOTE] replace the * with a slash in the line above to re-enable active ones
11981197// FF103
1199- // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
1198+ // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
12001199 // 0=keep until they expire (default), 2=keep until you close Firefox
12011200 // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
12021201 // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761
12031202user_pref("network.cookie.lifetimePolicy", 2);
12041203// 6012: disable SHA-1 certificates
12051204 // [-] https://bugzilla.mozilla.org/1766687
12061205 // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1]
1206+ // FF114
1207+ // 2816: set cache to clear on exit [FF96+]
1208+ // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
1209+ // [1] https://bugzilla.mozilla.org/1671182
1210+ // [-] https://bugzilla.mozilla.org/1821651
1211+ // user_pref("privacy.clearsitedata.cache.enabled", true);
1212+ // 4505: experimental RFP [FF91+]
1213+ // [-] https://bugzilla.mozilla.org/1824235
1214+ // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
1215+ // 5017: disable Form Autofill heuristics
1216+ // Heuristics controls Form Autofill on forms without @autocomplete attributes
1217+ // [-] https://bugzilla.mozilla.org/1829670
1218+ // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
1219+ // FF115
1220+ // 7001: disable offline cache (appCache)
1221+ // [NOTE] appCache storage capability was removed in FF90
1222+ // [-] https://bugzilla.mozilla.org/1677718
1223+ // user_pref("browser.cache.offline.enable", false);
12071224// ***/
12081225
12091226/* END: internal custom pref to test for syntax errors ***/
0 commit comments