11/******
22* name: arkenfox user.js
3- * date: 26 July 2023
3+ * date: 27 August 2023
44* version: 115
55* url: https://github.com/arkenfox/user.js
66* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
1818 * Some site breakage and unintended consequences will happen. Everyone's experience will differ
1919 e.g. some user data is erased on exit (section 2800), change this to suit your needs
2020 * While not 100% definitive, search for "[SETUP" tags
21- e.g. third party images/videos not loading on some sites? check 1601
2221 5. Some tag info
2322 [SETUP-SECURITY] it's one item, read it
2423 [SETUP-WEB] can cause some websites to break
4241 0300: QUIETER FOX
4342 0400: SAFE BROWSING
4443 0600: BLOCK IMPLICIT OUTBOUND
45- 0700: DNS / DoH / PROXY / SOCKS / IPv6
44+ 0700: DNS / DoH / PROXY / SOCKS
4645 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
4746 0900: PASSWORDS
4847 1000: DISK AVOIDANCE
4948 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
5049 1400: FONTS
51- 1600: HEADERS / REFERERS
50+ 1600: REFERERS
5251 1700: CONTAINERS
5352 2000: PLUGINS / MEDIA / WEBRTC
5453 2400: DOM (DOCUMENT OBJECT MODEL)
@@ -255,20 +254,8 @@ user_pref("browser.places.speculativeConnect.enabled", false);
255254 * [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
256255 // user_pref("browser.send_pings", false); // [DEFAULT: false]
257256
258- /*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS / IPv6 ***/
257+ /*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS ***/
259258user_pref ( "_user.js.parrot" , "0700 syntax error: the parrot's given up the ghost!" ) ;
260- /* 0701: disable IPv6
261- * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming
262- * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4
263- * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause
264- * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6
265- * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an
266- * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
267- * then this won't make much difference. If you are masking your IP, then it can only help.
268- * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
269- * [TEST] https://ipleak.org/
270- * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
271- user_pref ( "network.dns.disableIPv6" , true ) ;
272259/* 0702: set the proxy server to do any DNS lookups when using SOCKS
273260 * e.g. in Tor, this stops your local DNS server from knowing your Tor destination
274261 * as a remote Tor node will handle the DNS request
@@ -308,13 +295,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
308295
309296/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
310297user_pref ( "_user.js.parrot" , "0800 syntax error: the parrot's ceased to be!" ) ;
311- /* 0801: disable location bar using search
312- * Don't leak URL typos to a search engine, give an error message instead
313- * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
314- * [NOTE] This does not affect explicit user action such as using search buttons in the
315- * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)
316- * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/
317- user_pref ( "keyword.enabled" , false ) ;
318298/* 0802: disable location bar domain guessing
319299 * domain guessing intercepts DNS "hostname not found errors" and resends a
320300 * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
@@ -527,18 +507,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
527507 // user_pref("layout.css.font-visibility.standard", 1);
528508 // user_pref("layout.css.font-visibility.trackingprotection", 1);
529509
530- /*** [SECTION 1600]: HEADERS / REFERERS
510+ /*** [SECTION 1600]: REFERERS
531511 full URI: https://example.com:8888/foo/bar.html?id=1234
532512 scheme+host+port+path: https://example.com:8888/foo/bar.html
533513 scheme+host+port: https://example.com:8888
534514 [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
535515***/
536516user_pref ( "_user.js.parrot" , "1600 syntax error: the parrot rests in peace!" ) ;
537- /* 1601: control when to send a cross-origin referer
538- * 0=always (default), 1=only if base domains match, 2=only if hosts match
539- * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
540- * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
541- user_pref ( "network.http.referer.XOriginPolicy" , 2 ) ;
542517/* 1602: control the amount of cross-origin information to send [FF52+]
543518 * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
544519user_pref ( "network.http.referer.XOriginTrimmingPolicy" , 2 ) ;
@@ -571,17 +546,6 @@ user_pref("media.peerconnection.ice.default_address_only", true);
571546/* 2020: disable GMP (Gecko Media Plugins)
572547 * [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
573548 // user_pref("media.gmp-provider.enabled", false);
574- /* 2021: disable widevine CDM (Content Decryption Module)
575- * [NOTE] This is covered by the EME master switch (2022) ***/
576- // user_pref("media.gmp-widevinecdm.enabled", false);
577- /* 2022: disable all DRM content (EME: Encryption Media Extension)
578- * Optionally hide the setting which also disables the DRM prompt
579- * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
580- * [SETTING] General>DRM Content>Play DRM-controlled content
581- * [TEST] https://bitmovin.com/demos/drm
582- * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
583- user_pref ( "media.eme.enabled" , false ) ;
584- // user_pref("browser.eme.ui.enabled", false);
585549
586550/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
587551user_pref ( "_user.js.parrot" , "2400 syntax error: the parrot's kicked the bucket!" ) ;
@@ -631,8 +595,6 @@ user_pref("network.IDN_show_punycode", true);
631595 * [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
632596user_pref ( "pdfjs.disabled" , false ) ; // [DEFAULT: false]
633597user_pref ( "pdfjs.enableScripting" , false ) ; // [FF86+]
634- /* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/
635- user_pref ( "network.protocol-handler.external.ms-windows-store" , false ) ;
636598/* 2623: disable permissions delegation [FF73+]
637599 * Currently applies to cross-origin geolocation, camera, mic and screen-sharing
638600 * permissions, and fullscreen requests. Disabling delegation means any prompts
@@ -933,8 +895,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
933895/* 5015: disable Windows taskbar preview [WINDOWS] ***/
934896 // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
935897/* 5016: discourage downloading to desktop
936- * 0=desktop, 1=downloads (default), 2=last used
937- * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
898+ * 0=desktop, 1=downloads (default), 2=custom
899+ * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/
938900 // user_pref("browser.download.folderList", 2);
939901/* 5017: disable Form Autofill
940902 * If .supportedCountries includes your region (browser.search.region) and .supported
@@ -949,6 +911,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
949911 // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
950912/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
951913 // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
914+ /* 5021: disable location bar using search
915+ * Don't leak URL typos to a search engine, give an error message instead
916+ * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
917+ * [NOTE] This does not affect explicit user action such as using search buttons in the
918+ * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/
919+ // user_pref("keyword.enabled", false);
952920
953921/*** [SECTION 5500]: OPTIONAL HARDENING
954922 Not recommended. Overriding these can cause breakage and performance issues,
@@ -989,6 +957,25 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
989957 // user_pref("javascript.options.wasm", false);
990958/* 5507: disable rendering of SVG OpenType fonts ***/
991959 // user_pref("gfx.font_rendering.opentype_svg.enabled", false);
960+ /* 5508: disable all DRM content (EME: Encryption Media Extension)
961+ * Optionally hide the UI setting which also disables the DRM prompt
962+ * [SETTING] General>DRM Content>Play DRM-controlled content
963+ * [TEST] https://bitmovin.com/demos/drm
964+ * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
965+ // user_pref("media.eme.enabled", false);
966+ // user_pref("browser.eme.ui.enabled", false);
967+ /* 5509: disable IPv6 if using a VPN
968+ * This is an application level fallback. Disabling IPv6 is best done at an OS/network
969+ * level, and/or configured properly in system wide VPN setups.
970+ * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause
971+ * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
972+ * [TEST] https://ipleak.org/
973+ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
974+ // user_pref("network.dns.disableIPv6", true);
975+ /* 5510: control when to send a cross-origin referer
976+ * 0=always (default), 1=only if base domains match, 2=only if hosts match
977+ * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
978+ // user_pref("network.http.referer.XOriginPolicy", 2);
992979
993980/*** [SECTION 6000]: DON'T TOUCH ***/
994981user_pref ( "_user.js.parrot" , "6000 syntax error: the parrot's 'istory!" ) ;
@@ -1037,6 +1024,8 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
10371024 // user_pref("extensions.formautofill.creditCards.available", "");
10381025 // user_pref("extensions.formautofill.creditCards.supported", "");
10391026 // user_pref("middlemouse.contentLoadURL", "");
1027+ /* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/
1028+ // user_pref("network.protocol-handler.external.ms-windows-store", "");
10401029
10411030/*** [SECTION 7000]: DON'T BOTHER ***/
10421031user_pref ( "_user.js.parrot" , "7000 syntax error: the parrot's pushing up daisies!" ) ;
@@ -1082,7 +1071,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
10821071 // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
10831072 // user_pref("network.http.referer.hideOnionSource", true); // 1305144
10841073/* 7007: referers
1085- * [WHY] Only cross-origin referers (1600s) need control ***/
1074+ * [WHY] Only cross-origin referers (1602, 5510) matter ***/
10861075 // user_pref("network.http.sendRefererHeader", 2);
10871076 // user_pref("network.http.referer.trimmingPolicy", 0);
10881077/* 7008: set the default Referrer Policy [FF59+]
0 commit comments