arkenfox / user.js Goto Github PK

snip

Before we revamp the 2300 section, which I will rename as Web Workers, I think it's important we understand what they are. This issue is for discussing that, and any ramifications: security/privacy.

NOTE: also see #60 which mentions the FBI exploit, CVEs (might be fixed but there will be more), latest Pwn2Own exploit, add-on breakage (find another add-on or talk to the developer).

Web Workers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API

• Worker: https://developer.mozilla.org/en-US/docs/Web/API/Worker
• ServiceWorker: https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorker_API
• SharedWorker : https://developer.mozilla.org/en-US/docs/Web/API/SharedWorker
• ChromeWorker: https://developer.mozilla.org/en-US/docs/Web/API/ChromeWorker
• Push API: https://developer.mozilla.org/en/docs/Web/API/Push_API
• Notification API: https://developer.mozilla.org/en-US/docs/Web/API/Notifications_API

Worker

• A worker is an object that runs a named JavaScript file
• A worker runs in a global context that is different from the current window
• A worker is a background task that can be easily created and can send messages back to its creator
• Workers may in turn spawn new workers as long as those workers are hosted within the same origin as the parent page

Service Worker

• Service workers only run over HTTPS
• Service workers essentially act as proxy servers that sit between web applications, and the browser and network
• A service worker is an event-driven worker
• A service worker takes the form of a JavaScript file that can control the web page/site it is associated with, intercepting and modifying navigation and resource requests, and caching resources
• A service worker is run in a worker context: it therefore has no DOM access
• Service Worker APIs are hidden (in Firefox) and cannot be used when the user is in private browsing mode.

Shared Worker

• Shared workers are workers that can be utilized by multiple scripts running in different windows, tabs, iFrames, etc., as long as they are in the same domain as the worker.

Chrome Worker

• Chrome Workers are a Firefox-only type of worker that you can use if you want to use workers in extensions

functions/apis of interest available to web workers:

• Broadcast Channel API: same origin communication between browsing contexts (windows/tabs/iframes)
• Cache API: can control cache storage
• Channel Messaging API: direct communication via SharedWorker between browsing contexts (windows/tabs/iframes)
• Worker: workers can spawn new workers

Security concerns

• [bad] no restriction with local access: running workers from file:// - this needs to be checked. Chrome blocks this by default, other browsers do/did not.
• [good] Worker scripts must be external files with the same scheme as their calling page
  i.e: you cannot load a script from a data: URL or javascript: URL
  : an https: page cannot start worker scripts that begin with http: URLs
• [mention] loads of CVEs! more to come? exploit at very recent pawn2own?

Privacy concerns

• can communicate over same origin between contexts - ie. across different windows, tabs, iframes
• Push API and Notification API (note: As of Firefox 44, the permissions for Notifications and Push have been merged) - messages delivered whether or not the web app is in the foreground, or even currently loaded
• granular control over cache

When gfx.downloadable_fonts.woff2.enabled is set to "false" then some web pages doesn't show navigation and other icons. Instead there is just a empty placeholder without functionality meaning.

Is there any concern not to set it back to default, that's the value "true"?

snip

1. user_pref("browser.backspace_action", 2); - if it's not a privacy issue, can I set it to 5-6?

2. user_pref("browser.privatebrowsing.autostart", true); - why is this commented out?

3. user_pref("browser.sessionhistory.max_total_viewers", 0); - is it a privacy / security issue living this commented out?

4. user_pref("clipboard.autocopy", false); - is this Linux only?

5. Is commenting out
   user_pref("media.eme.enabled", false);
user_pref("browser.eme.ui.enabled", false);
user_pref("media.eme.apiVisible", false);
   good for entropy? Do they pose a privacy / security risk if left enabled?

6. I removed these from my user.js because I think they raise your entropy:
   (please let me know if I got it wrong)

user_pref("media.flac.enabled", true);
user_pref("media.mediasource.enabled", true);
user_pref("media.mediasource.mp4.enabled", true);
user_pref("media.mediasource.webm.audio.enabled", true);
user_pref("media.mp4.enabled", true);
user_pref("media.ogg.enabled", false);
user_pref("media.ogg.flac.enabled", false);
user_pref("media.opus.enabled", false);
user_pref("media.raw.enabled", false);
user_pref("media.wave.enabled", false);
user_pref("media.webm.enabled", true);
user_pref("media.wmf.enabled", true);
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
user_pref("security.ssl3.rsa_des_ede3_sha", false);
user_pref("security.ssl3.rsa_rc4_128_md5", false);
user_pref("security.ssl3.rsa_rc4_128_sha", false);

write up a pull-request to set this one to true and give props to @crssi

I propose that we start using version numbers to match Firefox. When the user.js is ready for the next stable, eg 52, I commit changes to the date and version number and create a release. I assume the release will be an archived version of all files (so far license and use4r.js) - right?

This way users can easily get the version that is applicable to their FF - starting from 51+. I know it doesn't exactly help ESR but is a good starting point i.e take version 45-51 as applicable and uncomment deprecated for ESR 45, etc - any pref active not used in code is harmless, if that makes sense.

So, should we do this? Change the current user.js to version 51, change the release date to today, and make a release with the tag 51 ?

After #10 ghacks mini diff and #208 pyllyukko monster diff ToDo's ae finished, do a diff of active values and investigate

DONE

• pref("network.stricttransportsecurity.preloadlist", true); '' ghacks: false and commented out
  • 2fcd210
• pref("network.cookie.cookieBehavior", 1); // ghacks: 2
  • no change. we choose to disallow all and tell users to use an extension for granular control
• pref("pdfjs.disabled", true); // ghacks: false
  • no change. I would rather by default use the inbuilt reader. The info is all there in the pref number description, and informed users can change to external and use anything that they consider more secure/lightweight. We don't know what every end user has as a pdf app on their system - forcing an end user by default to this is a bad strategy for us. One word .. Acrobat.
• pref("privacy.clearOnShutdown.cookies", true); // ghacks: false
  • no change: We do not want to destroy peoples cookies, especially when our default is block all and use an extension to control them. The only other thing we don't clear on shutdown is site preferences (which would upset a lot of users if sprung on them). The info is there if someone wants to clear absolutely everything
• pref("privacy.clearOnShutdown.sessions", true); // ghacks: false
  • no change: see above
• pref("extensions.update.enabled", true); // ghacks: false
  • no change: we think manual updates allow flexibility for reasons stated in the pref descriptions. Note for this and SB + TP, the readme and descriptions and js section header will point these particular pitfalls out (there will be iittle else in the section header, so it will stand out) - that's THREE places the user has been told in hard to miss terms, and the onus is on them
• pref("browser.safebrowsing.malware.enabled", true); // ghacks: false
  • no change: we choose to -SB&TP and +uBo etc
• pref("privacy.trackingprotection.enabled", true); // ghacks: false
  • no change: same as SB above
• pref("privacy.trackingprotection.pbmode.enabled", true); // ghacks: false
  • no change: same as SB above
• pref("browser.aboutHomeSnippets.updateUrl", ""); // ghacks: "https://127.0.0.1"
  • no change: pyllyukko should match .. use HTTPS re MiTM re as per TBB and discussions there over this in tor tickets
• pref("browser.newtabpage.directory.source", "data:text/plain,{}"); // ghacks: "data:text/plain,"
  • no change: keep same as TBB, should never be used due to master switches
• pref("media.gmp-manager.url", ""); // ghacks: "data:text/plain,"
  • no change: see above
• pref("browser.newtabpage.directory.ping", ""); // ghacks: "data:text/plain,"
  • no change: see above
• pref("security.ask_for_password", 0); // ghacks: 2
  • no change: it must be 2 for security.password_lifetime to apply
• pref("signon.storeWhenAutocompleteOff", false); // ghacks true
  • see discussion here pyllyukko/user.js@5e2e577
  • no change: pros and cons. Pros: possibly encourages more complex password use, is convenient, and why should sites dictate when I can and can't remember passwords. Cons: some sites should never remember passwords, like bank sites. At least with this setting, users can make their own mind up. I'll add something to the description

Does anyone have information on the new 'Site Deployment Checker' Extension? I've found only a vague, "politician type" answer with a Bug report:

...this system addon is used by mozilla to look into the integrity of its critical infrastructure like the download page by looking at real world data of certificates in use there (bug 1346017).

While I'm at it, what the scoop on 'Application Update Service Helper'? I keep all auto-update stuff disabled so I can manually check when needed. Does this interfere with anything yet?

TCP/IP OS Fingerprinting returns my actual Windows NT kernel version even though I use

user_pref("general.oscpu.override", "Windows NT 6.1");

Is there something that can be done?

Locked sticky issue for tracking of old stuff and reminders of new stuff etc

changelog at end of this issue

KEEP AN EYE ON

• 🔻 FF65
  • dom.storage_access.enabled - revisit to see if they have stopped this
  • network.trr.custom_uri
• 🔻 FF64
  • network.security.esni.enabled 1473736
• 🔻 FF57
  • security.all_resource_uri_content_accessible - see resource URI 863246
• 🔻 FF53
  • webauth.webauthn* (FF53+): https://www.w3.org/TR/webauthn/#use-cases
• 🔻 FF52
  • security.pki.certificate_transparency.mode (FF52+)
• 🔻 other
  • plugin.disable_full_page_plugin_for_types

DONE

WONTFIX

LEFTOVERS [from 18 months of ghacks comments]

// earthling other
// prevent handlerService overwrites, see chrome://browser-region/locale/region.properties
user_pref("gecko.handlerService.defaultHandlersVersion", "999");

// disable mailto handler
  // there's actually a ton of network.protocol-handler.external* prefs
  // we already block the ms-windows-store this way
user_pref("network.protocol-handler.external.mailto", false);

/*** from earthling Sept 2016 ***/
// (FF49+) enable sites to use much higher max-age values for HPKP (HTTP Public Key Pinning)
   // [sites set this in the header]
   // default value in FF49: 5184000 (60 days) -> 31536000 = 365 days in seconds
   // WARNING: can block domains for 1 year after last visit if the domain-owners mess things up or get hacked
   // !! this is only a 'max-age' maximum, not enforcing it to one year, only allowing it to be that long if
   // sites choose to use such a long max-age
   // -> also see: https://dxr.mozilla.org/mozilla-central/source/netwerk/base/security-prefs.js#100
   // https://tools.ietf.org/html/rfc7469#section-4.1
   // https://news.netcraft.com/archives/2016/03/22/secure-websites-shun-http-public-key-pinning.html
   // HPKP can be problematic for domain-owners but is a great privacy/security feature for users of those domains.
   // If some admins want to set max-age to 1 year f.e., it shows that they are confident in being able to provide
   // and maintain a secure domain-access for that long and are willing to risk huge damages to their companies if
   // they fail in doing so. Therefore limiting the usefulness of HPKP for end-users by setting a lower max max-age
   // is not in the interest of more advanced users who know what they are doing and who would like to get the most
   // out of HPKP.
user_pref("security.cert_pinning.max_max_age_seconds", 31536000);

/*** from various ***/
user_pref("mousewheel.system_scroll_override_on_root_content.enabled", false);
user_pref("browser.cache.check_doc_frequency", 1);
user_pref("devtools.cache.disabled", true);
user_pref("devtools.remote.wifi.scan", false);
user_pref("devtools.remote.wifi.visible", false);
user_pref("devtools.webide.adbAddonURL", "");
user_pref("security.warn_viewing_mixed", true); // also see bug 616712 android?
user_pref("browser.display.auto_quality_min_font_size", 0);

// from ainatar nov 10 2016
user_pref("full-screen-api.allow-trusted-requests-only", true);
user_pref("full-screen-api.pointer-lock.enabled", true);
user_pref("layers.async-video.enabled", true);
user_pref("layout.css.prefixes.webkit", true);

// not in user.js, listed 19-Feb-2017
user_pref("browser.cache.compression_level", 1); // default = 0
user_pref("media.cache_size", 0); // default = 51200
user_pref("media.hardware-video-decoding.enabled", false); // default=true

// personal stuff?
user_pref("layout.word_select.eat_space_to_next_word", false);
user_pref("layout.word_select.stop_at_punctuation", true);
user_pref("alerts.disableSlidingEffect", true);
user_pref("nglayout.enable_drag_images", false);
user_pref("browser.link.open_newwindow.override.external", 3);

CHANGELOG:

2019

• 7-May: cleared changelog
• 13-Oct: cleaned up, added some wontfix sources

...

Locked sticky issue for tracking privacy.firstparty.isolate

• Tor Uplift
• MVP Tracking
• Bugzilla META FPI ticket
• Bugzilla META partitioning ticket
• Tor Uplift Dependency Tree

Last updated: see changelog at foot

RESOLVED & ADDED TO USER.JS ^{if applicable}

🔶 FPI : privacy.firstparty.isolate

🔻 FF51

• 1260931 enable First Party Isolation
  // user_pref("privacy.firstparty.isolate", true);
• 1278037 isolate indexedDB

🔻 FF52

• 1277803 isolate favicons
• 1264562 isolate OCSP cache
• 1268726 isolate Shared Workers
• 1316283 isolate SSL session cache

🔻 FF53

• 1317927 isolate media cache

🔻 FF54

• 1323644 isolate HSTS and HPKP
• 1334690 isolate HTTP Alternative Services
• 1319773#c22 enforce FPI restriction for window.opener
  // user_pref("privacy.firstparty.isolate.restrict_opener_access", true);

🔻 FF55

• 1334693 isolate SPDY/HTTP2
• 1337893 isolate DNS cache
• 1344170 isolate blob: URI
• 1300671 isolate data://, about: URLs

🔻 FF58

• 1376971 isolate Page Info media previews to content first party
• 1376973 favicon of tabs dropdown list does not honor originAttributes
• 1409045 extensions can control privacy.firstparty.isolate

🔻 FF63

• 1473247 isolate IP addresses

🔻 FF65

• 1492607 Prevent postMessage communication across first-party when restrict_opener_access = true

🔻 FF68

• 1542309 isolate top-level domain URLs
• 1506693 isolate PDFJS range-based requests Tor 26540, resolved 8.5a5

🔻 FF69

• 1330467 isolate site permissions

🔻 FF73

• 1534339 isolate IPv6 addresses

NOTABLE RESOLVED BREAKAGE

• 1418931 - FPI & IDB clearing on close or manually via clear recent/all history
  • fixed in FF58+
• 1381197 - FPI & cookies
  • fixed in FF59+
• 1384657 Pocket & FPI
  • fixed in FF66+

PENDING

• 444222 window.name
• cross-domain / login issues
  [lots: here are some] 1319728, 1336458, 1319839, 1319761, 1316019, 1340949 - breaks FF Sync's Manage Accounts
• 1371651 about:cache is broken
• 1397624 option to restrict FPI to PB mode
• 1398414 css visited links
• 1422056 isolate site permissions by OA
• 1475811 entering urls in addressbar violates FPI
• 1549587 dynamic FPI

INVALID / WONTFIX

• 1312655 checkbox in about:preferences#privacy for privacy.firstparty.isolate

CHANGELOG

this is now obsolete: FPI is not being worked on: it is superceeded by dFPI

...

I am in the middle of 52 upgrades + changes, revamping passwords section, revamping 800 section, waiting to commit 1600 section revamp, trying to close out the wiki and readme (and have a life and do my other sh*t) .... anyway, I just moved the following pref from the 0800 section where it does not fit, and for the life of me can't remember (or added it before it launched and never fully explored it) what the heck it actually achieves.

/* 3025: disable search reset (about:searchreset) (FF51+)
 * http://www.ghacks.net/2016/08/19/firefox-51-search-restore-feature/ ***/
user_pref("browser.search.reset.enabled", false);
user_pref("browser.search.reset.whitelist", "");

At first glance it doesn't seem to do anything. It does not block the page or disable the buttons in about:searchreset.. Nor does not disable the button "Restore Default Search Engines" in Options>Search (which I am loathe to click right now, but could do a test later). I'm a bit preoccupied with a dozen things. Can someone please tell me exactly what this does. I would like to either dismiss the pref or clarify exactly what it does.

"setting is under" - 9 instances + "settings are under" - 3 instances
eg: [SETTING] Options>Search>Provide search suggestions

snip

moved from Issue #60

@zymase wrote:

FYI there is (at least) one Firefox add-on which will not perform correctly with dom.workers.enabled set to false : Country Flags & IP Whois

I've had difficulty finding the culprit when I noticed that Country Flags & IP Whois wasn't displaying the country flag & IP address in the urlbar because switching dom.workers.enabled to default = true wouldn't make it before restarting Firefox.

If it is possible, and that's what I was doing, to set dom.workers.enabled to true on a per-site basis (Google Street View mainly, here) it leads to a choice setting vs. add-on when an add-on won't run if set to false. I'm keeping the add-on in this case because I really use it quite a lot.

@Thorin-Oakenpants wrote:

If it is possible, and that's what I was doing, to set dom.workers.enabled to true on a per-site basis

When XUL goes, AFAIK, web extensions will not allow add-ons to change (maybe even to read) preferences that are not their own. Extensions to flip prefs will be obsolete. That said, we have until 57 (and after that the ESR extended life). Also e10s is almost enforced, just to make matters a little tougher.

There are quite a few add-ons that flip prefs with whitelists. Maybe you can hunt one down and all it would need is a little code change - but, IMO, that's not a very elegant solution as it doesn't handle multiple pages on the fly. Probably easier, a simple toggle button extension of which there are hundreds of these, but no idea if any are e10s compliant.

@zymase wrote (and got a 👍 from @Atavic):

If it weren't this Country Flags & IP Whois Firefox add-on which requires dom.workers.enabled set to its default true value to perform I'd include dom.workers.enabled to a Custom Buttons (Firefox add-on itself) button called Pref Toggler (http://custombuttons.sourceforge.net/forum/viewtopic.php?f=4&t=381) which allows a quick access & edit to about:config settings chosen by the user. But as I said when it comes to an add-on which requires a default about:config setting to be left unchanged then it's either the add-on or the setting when this add-on runs and performs on each and every Web page.

I'll add that I was surprised that a very add-on depended on dom.workers.enabled, when I thought up to now that this setting concerned Web sites only.

@Thorin-Oakenpants wrote:

FWIW: Flagfox does all this and more, and is e10s. I'm always wary of these sorts of things (yes I know country data is local csvs etc) - you want to be careful what data is being sent to who (and how, is it https) in order to look info up (and is it automated or only when you go to check?).

@zymase wrote (and got a 👍 from @Atavic):

The country flag and server IP is performed automatically, the DB is local (included in the add-on) but the IP Whois is only performed on demand. So there's no automatic external call.

Concerning the IP Whois the one used by the add-on is, IMO, clumsy. I've mentioned this together with an improvement proposition for performing Whois with another site, on the add-on's GitHub page at andy-portmen/country-flags#1

I really like this add-on, runs fine and allows the user to have quick and substantial info about the visited site .... but it needs dom.workers.enabled set to true ...

@Atavic wrote:

@zymase Good hints!

Based on pyllyukko's user.js, something like

// Start in private browsing mode
// https://wiki.mozilla.org/Private_Browsing
// user_pref("browser.privatebrowsing.autostart", true);
// user_pref("extensions.ghostery.privateBrowsing", true);

• Should I add an explanation that PB means no retained session data such as history, cookies etc? Part of this js' appeal is the descriptions and notes.
• And where to put it. I would like to put it in startup 0100, as it doesn't singularly fit in another section, eg 0800 (forms, history) and 2700 (cookies/dom)

/******
user.js * date: 18 Feb 2017 vs pyllyukko user.js
what pyllyukko has that we doesn't
******/

• DONE: 4d0e582
  user_pref("network.IDN_show_punycode", true);
• DONE: b73324e
  user_pref("browser.ssl_override_behavior", 1);
• DONE: df1e1e4
  user_pref("security.csp.enable", true);
• DONE: e0e7fc4 (added to deprecated (48+))
  user_pref("dom.mozTCPSocket.enabled", false);
• DONE: de21ffd
  user_pref("security.csp.experimentalEnabled", true);
  ==
• WONTFIX (I am not messing with people's search engines)
  // user_pref("browser.search.defaultenginename", "DuckDuckGo");
• WONTFIX: deprecated approx FF29
  user_pref("browser.sessionstore.postdata", 0);
• WONTFIX: deprecated approx FF32
  user_pref("network.seer.enabled", false);
• WONTFIX: deprecated approx FF33
  user_pref("plugins.hide_infobar_for_outdated_plugin", false);
• WONTFIX: both deprecated, the first approx FF37
  user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false);
  user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false);
• WONTFIX: deprecated approx FF41 (note: still two returns in DXR, not used)
  user_pref("browser.newtab.url", "about:blank");
• WONTFIX: deprecated (not sure when)
  user_pref("browser.sessionstore.enabled", false);
• WONTFIX: same as default
  user_pref("devtools.debugger.force-local", true);
• WONTFIX: no longer in DXR
  user_pref("plugin.state.libgnome-shell-browser-plugin", 0);
• WONTFIX: see #32 - this is legacy code and does absolutely nothing
  user_pref("browser.formfill.expire_days", 1);
• WONTFIX: see #32 - this is legacy code and does absolutely nothing
  user_pref("browser.download.manager.retention", 0); // (hidden pref)

---original post--
See: pyllyukko/user.js#205 (comment)

I will compare us to pyllyukko and output

• What we has that pyllyukko doesn't (large list to dump on pastebin, keep our numbering/order/comments to help with dissection and analysis of it)
• What pyllyukko has that we doesn't (small list, I can paste the items here)
  Results given to each party to work through.

Then we can decide what to add/discard

Hello,
I have recently been experiencing some issues with ghack. This is the first of many.

Steps to reproduce:
1- Get latest firefox nightly on Arch Linux.
2- Try to go to 'about:preferences#privacy' and notice how everything is blank an empty
3- Click on an other tab
4- Try clicking on the privacy tab and notice how the tab doesn't change.

Solution:
Remove 1004.

Just using a new issue to deal with this rather than OT elsewhere.

Here is a pastebin which expires in 24hrs.

Because every single non user_pref line is modified, I have taken the opportunity to do more than that. All up:

• formatted as discussed earlier which creates foldable preference numbers
• where a numbered item had user_pref lines punctuated by comments, I did something about it (eg all the current 3021 items) so that every single foldable item has a number
• acronyms are expanded eg DHE, DRM, CDM etc where needed
• all version notations are now (xx) for deprecated and (FFxx) for introduced
• removed all instances of "i" and "author" and used 1st person plural (if indeed even needed anymore)
• removed ghacks html tags
• reviewed/checked all warning tags (got rid of some) and added setup tags: they now use [WARNING] and [SETUP]
• removed all the rubbish from the doc header section and rewrote a quick readme to make some things painfully clear. PS: the readme is not done, but the little readme in the user.js covers all the really important stuff, is seriously short, simple, and easy to read
• did away with the troubleshooting list, you'll see why (hated maintaining that list)
• those painfully clear things are also made painfully clear in those sections or preferences, some rewording.
• a few descriptions were slightly reworded, or two liners moved into one
• made a few other words/phrases etc uniform
• went over it a half dozen times

The idea, without going overboard, with the [WARNING] and [SETUP] tags is that warning is more about (major) site breaking etc and setup is stuff that is optional or should be looked at when setting up - doh! By that, I mean that 90% of the 270+ numbered items cause zero breakage or issues, 5% are optional i.e the user can make an informed decision and knows the drawbacks (eg keeping history), and the rest are items that cause site breakage or are bad to implement etc. The two tags can be used in conjunction (i.e more than one tag per item), they can be at the end of a section title, at the end of a preference number title, in a comment at the end of a user_pref line, in the middle of a section description, or at the start of a item's warning section etc.

@earthlng I have tested it for syntax, etc. Do one of your compares to make sure no pref values got changed, or prefs switched between active/inactive. And then make any changes you want and pastebin me back a version. Make any changes you want (ignore passwords/referrers sections), because this is a one time deal since 70% of the lines are going to change. Take your time.

@everyone else - if you want to proof-read it when you have some time, or offer suggestions, go for it. I can do the commit when we're all happy.

FYI... @Thorin-Oakenpants you can delete this post after reading
Nothing new, but there are some sites identified
network.http.sendSecureXSiteReferrer = false > breaks login at aliexpress
dom.indexedDB.enabled = false > breaks Outlook Web Access (at least on Exchange 2013)
full-screen-api.enabled = false > breaks fullscreen video (youtube, etc...)

Cheers

This section IMO doesn't really belong in the main js, which is meant to be for privacy, security, FP'ing tweaks. I originally added webm as the default differed (but not any more) and I wanted to view them occasionally. Then feature creep happened - partly because of the changes and migration on the web from flash to html5 (I wanted to make sure all the youtube boxes came up ticked, so users can ditch flash more comfortably), and now it's expanded to include flac and so on. It ended up under the "media" section over the course of it's lifespan so far. I think it's still good information to have, but I see no security issues here.

In FF52 the defaults for all are true, so we differ on 5 of them. Is this FP'able in any way? Does it really matter?

/* currently as in the user.js ***/
/* 2025: enable/disable various media types [SETUP] ***/
user_pref("media.mp4.enabled", true);
user_pref("media.flac.enabled", true); // (FF51+)
user_pref("media.ogg.enabled", false);
user_pref("media.ogg.flac.enabled", false); // (FF51+)
user_pref("media.opus.enabled", false);
user_pref("media.raw.enabled", false);
user_pref("media.wave.enabled", false);
user_pref("media.webm.enabled", true);
user_pref("media.wmf.enabled", true); // https://www.youtube.com/html5 - for the two H.264 entries

I propose setting the lot to true, commenting them all out, and moving to the personal section. At the very least, this removes ambiguity over privacy/security concerns, and reduces any possible breakage.

v51.0 vs v52.0

/***************************************************
 * diffs between FF prefs v51.0 and v52.0
 *
 * prefs: 2833
 *        2717 matching prefs
 *         116 diffs ( 55 new, 38 gone, 23 different )
/***************************************************/

new in v52

• pref("signon.autofillForms.http", false); 3e27f5b
• pref("security.insecure_field_warning.contextual.enabled", true); 3e27f5b
• pref("network.http.referer.XOriginTrimmingPolicy", 0); f87a860
• pref("network.cookie.leave-secure-alone", true); 7be1dad
• pref("font.system.whitelist", ""); 6a04e89
• pref("security.pki.certificate_transparency.mode");
  • see comment
  • NOTE: added to Issue #20 for later

removed, renamed or hidden in v52

• pref("dom.telephony.enabled", false); 0226102
• pref("media.gmp-eme-adobe.enabled", true); 0226102
• pref("media.gmp-eme-adobe.visible", true); 0226102
• pref("network.http.sendSecureXSiteReferrer", true); 38bfb4c

changed in v52

• pref("browser.search.geoip.timeout", 3000); // prev: 2000 0201
• pref("javascript.options.wasm", true); // prev: false 6504744
• pref("network.captive-portal-service.enabled", true); // prev: false 0603b
• pref("network.predictor.enable-prefetch", true); // prev: false 0608
• pref("security.pki.sha1_enforcement_level", 3); // prev: 4 1260
• pref("dom.w3c_touch_events.enabled", 2); // prev: 0 2509
• pref("media.ondevicechange.enabled", true); // prev: false 2511

ignore

==NEW

* pref("app.update.timerFirstInterval", 30000);
* pref("browser.migrate.chrome.history.limit", 0);
* pref("browser.migrate.chrome.history.maxAgeInDays", 0);
* pref("browser.tabs.crashReporting.requestEmail", false);
* pref("browser.tabs.delayHidingAudioPlayingIconMS", 3000);
* pref("devtools.debugger.client-source-maps-enabled", true);
* pref("devtools.layoutview.enabled", false);
* pref("devtools.webconsole.filter.debug", true);
* pref("devtools.webconsole.filter.net", false);
* pref("devtools.webconsole.ui.filterbar", false);
* pref("dom.audiochannel.audioCompeting.allAgents", false);
* pref("dom.forms.datetime.timepicker", false);
* pref("dom.gamepad.extensions.enabled", false);
* pref("dom.idle_period.throttled_length", 10000);
* pref("dom.manifest.onappinstalled", false);
* pref("dom.requestIdleCallback.enabled", false);
* pref("dom.select_events.textcontrols.enabled", false);
* pref("dom.w3c_pointer_events.implicit_capture", false);
* pref("dom.webnotifications.requireinteraction.count", 3);
* pref("dom.webnotifications.requireinteraction.enabled", false);
* pref("gfx.canvas.skiagl.dynamic-cache", true);
* pref("identity.fxaccounts.contextParam", "fx_desktop_v3");
* pref("idle_queue.long_period", 50);
* pref("idle_queue.min_period", 3);
* pref("layers.draw-mask-debug", false);
* pref("layout.accessiblecaret.hide_carets_for_mouse_input", true);
* pref("layout.idle_period.required_quiescent_frames", 2);
* pref("layout.idle_period.time_limit", 1);
* pref("logging.config.clear_on_startup", true); [zilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1239686)
  * IF logging this clears the log on restart go see the DXR code
* pref("media.dormant-on-pause-timeout-ms", -1);
* pref("media.navigator.load_adapt.encoder_only", true);
* pref("media.peerconnection.dtmf.enabled", true); [zilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1313406)
* pref("media.wmf.vp9.enabled", false);
* pref("narrate.filter-voices", true);
* pref("network.auth.private-browsing-sso", false);
* pref("network.http.max_response_header_size", 393216);
* pref("network.http.spdy.default-hpack-buffer", 65536);
* pref("plugins.favorfallback.mode", "never");
* pref("plugins.favorfallback.rules", "");
* pref("prompts.authentication_dialog_abuse_limit", 3); [CVE](https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419) - will enforce if it changes
* pref("security.csp.enableStrictDynamic", true);
* pref("security.enterprise_roots.enabled", false);
* pref("security.mixed_content.hsts_priming_cache_timeout", 10080);
* pref("security.sandbox.windows.log.stackTraceDepth", 0);
* pref("services.sync.log.logger.engine.extension-storage", "Debug");
* pref("services.sync.validation.interval", 86400);
* pref("services.sync.validation.maxRecords", 100);
* pref("services.sync.validation.percentageChance", 10);
* pref("webextensions.storage.sync.enabled", false);
* pref("webextensions.storage.sync.serverURL", "https://webextensions.settings.services.mozilla.com/v1");

==REMOVED or HIDDEN

* pref("app.update.cert.requireBuiltIn", false);
* pref("bidi.support", 1);
* pref("browser.search.redirectWindowsSearch", true);
* pref("devtools.command-button-pick.enabled", true);
* pref("devtools.debugger.promise", false);
* pref("dom.apps.reset-permissions", false);
* pref("dom.cellbroadcast.enabled", false);
* pref("dom.icc.enabled", false);
* pref("dom.image.picture.enabled", true);
* pref("dom.image.srcset.enabled", true);
* pref("dom.manifest.oninstall", false);
* pref("dom.MediaError.message.enabled", false);
* pref("dom.mobileconnection.enabled", false);
* pref("dom.mozApps.debug", false);
* pref("dom.mozApps.maxLocalId", 1000);
* pref("dom.mozApps.signed_apps_installable_from", "https://marketplace.firefox.com");
* pref("dom.sms.defaultServiceId", 0);
* pref("dom.sms.enabled", false);
* pref("dom.sms.maxReadAheadEntries", 0);
* pref("dom.sms.requestStatusReport", true);
* pref("dom.sms.strict7BitEncoding", false);
* pref("dom.telephony.defaultServiceId", 0);
* pref("dom.undo_manager.enabled", false);
* pref("dom.voicemail.defaultServiceId", 0);
* pref("dom.voicemail.enabled", false);
* pref("layout.css.masking.enabled", true);
* pref("media.decoder.heuristic.dormant.enabled", true);
* pref("media.decoder.heuristic.dormant.timeout", 10000);
* pref("media.format-reader.ogg", true);
* pref("media.wave.decoder.enabled", true);
* pref("media.webm.intel_decoder.enabled", false);
* pref("network.http.enable-packaged-apps", false);
* pref("network.http.signed-packages.enabled", false);
* pref("security.apps.privileged.CSP.default", "default-src * data: blob:; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'");

==CHANGED

pref("browser.shell.skipDefaultBrowserCheckOnFirstRun", false); // prev: true
pref("devtools.apps.forbidden-permissions", "embed-apps"); // prev: "embed-apps,embed-widgets"
pref("devtools.responsive.html.enabled", true); // prev: false
// https://developer.mozilla.org/en-US/docs/Web/API/Document/onselectionchange
pref("dom.select_events.enabled", true); // prev: false
pref("gfx.content.azure.backends", "direct2d1.1,skia,cairo"); // prev: "direct2d1.1,cairo"
pref("layout.css.grid.enabled", true); // prev: false
pref("layout.css.touch_action.enabled", true); // prev: false
pref("layout.accessiblecaret.enabled_on_touch", true); // prev: false
pref("layout.accessiblecaret.use_long_tap_injector", false); // prev: true
pref("media.decoder-doctor.notifications-allowed", `big long string`
pref("media.wmf.disable-d3d11-for-dlls", `massive long string not repeating here`
pref("memory.low_commit_space_threshold_mb", 128); // prev: 256
pref("memory.low_virtual_memory_threshold_mb", 128); // prev: 256
pref("narrate.voice", " { \"default\": \"automatic\" }"); // prev: "automatic"
pref("services.sync.registerEngines", `big long string`
pref("services.sync.sendTabToDevice.enabled", true); // prev: false

Do you know what section in the user.js would cause the player controls YouTube to break or become missing>

I thought I would start a thread on known PB mode issues/problems. Personally, I don't think I know of any real benefits to PB mode over a controlled normal mode, and quite a few downsides. I'll start the ball rolling by mentioning one item

You cannot see or control PB mode cookies, or so called "private cookies". So essentially, until you close Firefox, your cookies that you accept will be retained. Good luck to people who think running PB mode for days on end is a good idea

• https://bugzilla.mozilla.org/show_bug.cgi?id=823941
• I believe this is the reason cookie addons fail in PB mode as well
• Even running clear all cookies does not remove them
• Here's a Wilders post which is interesting reading - https://www.wilderssecurity.com/threads/issues-with-firefox-in-private-browsing-mode.393254/

This is why I always think its better to start in normal mode and flick open a new private window when needed. Indeed, without closing FF, just closing all PB Mode windows clears the data, and the next PB Mode window starts anew - as evidence by the tracking id PoC at http://www.radicalresearch.co.uk/lab/hstssupercookies

• normal window: Your tracking id was set. wzezgm
• new PB window: Your tracking id was set. l0ndfz (and then close all PB Mode windows)
• new PB window: Your tracking id was set. 9ub0k6

Maybe Francois can tell what benefits PB mode offers that we can't achieve in normal mode already using smarts

If 0304 is set to false, then 0305 does not to be forced to false.

I think the 1000s cache section could do with a little love. My thoughts are the header section (or some items) needs a [SETUP] tag and information on session restores (crash recovery etc).

I gave pk some instructions the other day on how to trigger a FF crash. I'll repost them here. I need to make sure that all the session restore and resume from crash is grouped together, and to make sure it is clear what needs to be done to enable them.

As far I can see dom.workers.enabled was security problematic and fixed in previous versions of FF.
Is this one safe to be true now?
Not asking for a change. I have a few pages (fe. https://regex101.com/r/bR8lT1/1) where I would need workers and asking if it is safe to enable in my user.js.
Thank you gang

proposals

• A: remove 1214 period, I'm sorry but I trust the mozilla specialists more on this than @pyllyukko
  • Pants says: I am open to making all of 1214 commented out and adding more to the description, but will not remove.
  • 1214 needs renaming
  • earthling says: renamed it, but wontchange atm so we match @pyllyukko's user.js
• B: split 1210 into 1210 and 1210a or something like that.
  • Pants says: No problems with splitting it
  • earthling says: wontchange atm so we match @pyllyukko's user.js
• C: add the 2 static-rsa prefs, but definitely as inactive
  • Pants says: yes, what do we call it?
  • earthling says: pull request pending

original post

I looked at our current settings and I want to share some of my observations.

https://badssl.com/
https://www.howsmyssl.com/
https://wiki.mozilla.org/Security/Server_Side_TLS
https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH

https://dh2048.badssl.com/ => we break dh2048 due to user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
The eff article explicitly names that pref and recommends to disable it even though it talks about 1024-bit primes being presumably broken by the NSA, and that pref uses a 2048-bit prime.
There's also this sentence from the mozilla wiki for "Modern compatibility":

• DHE is removed entirely because it is slow in comparison with ECDHE, and all modern clients support elliptic curve key exchanges.

It doesn't say it's easy to break only that it's slow. Do we assume the NSA can also break DHE with a 2048-bit prime, or should we comment out that pref for less breakage (and recommend it only for the paranoid?) - because according to badssl.com dh2048 is still secure.
If we keep it, we may want to rename 1210 to 'disable DHE (Diffie-Hellman Key Exchange)' and remove the 1024 bit part.

'Modern compatibility' ciphers and the matching pref:

1. ECDHE-ECDSA-AES256-GCM-SHA384 => security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384
2. ECDHE-RSA-AES256-GCM-SHA384 => security.ssl3.ecdhe_rsa_aes_256_gcm_sha384
3. ECDHE-ECDSA-CHACHA20-POLY1305 => security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256
4. ECDHE-RSA-CHACHA20-POLY1305 => security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256
5. ECDHE-ECDSA-AES128-GCM-SHA256 => security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256
6. ECDHE-RSA-AES128-GCM-SHA256 => security.ssl3.ecdhe_rsa_aes_128_gcm_sha256
7. ECDHE-ECDSA-AES256-SHA384 => security.ssl3.ecdhe_ecdsa_aes_256_sha
8. ECDHE-RSA-AES256-SHA384 => security.ssl3.ecdhe_rsa_aes_256_sha
9. ECDHE-ECDSA-AES128-SHA256 => security.ssl3.ecdhe_ecdsa_aes_128_sha (disabled by 1214)
10. ECDHE-RSA-AES128-SHA256 => security.ssl3.ecdhe_rsa_aes_128_sha (disabled by 1214)

Interestingly Firefox sends them in a different order (see howsmyssl.com).
Instead of 1-8 its 5,6,3,4,1,2,7,8
When 9+10 are enabled the order is 5,6,3,4,1,2,7,9,8,10
(+ TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA at the end [11+12], for the 2 remaining ones that we still allow)

The Rationales explain some of it:
In Modern compatibility:
AES256-GCM is prioritized above its 128 bits variant, and ChaCha20 because we assume that most modern devices support AESNI instructions and thus benefit from fast and constant time AES.

While in Intermediate compatibility (default):
ChaCha20 is prefered as the fastest and safest in-software cipher, followed by AES128. Unlike the modern configuration, we do not assume clients support AESNI and thus do not prioritize AES256 above 128 and ChaCha20. There has been discussions on whether AES256 extra security was worth its computing cost in software (without AESNI), and the results are far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.

Well, anyhow, there's nothing we can do about it anyway.

Apart from the 10 modern ciphers (2 of which we have disabled) we only support 2 older ones: security.ssl3.rsa_aes_128_sha and security.ssl3.rsa_aes_256_sha, which is why static-rsa (https://static-rsa.badssl.com/) still works, but it's listed with an ! and not a red warning sign.

The only other thing that I really don't like is that https://incomplete-chain.badssl.com/ still works.
But maybe this can be fixed if security.nocertdb is set to true; I haven't tested this because I really don't like the current implementation behind that pref.

IMO we should remove 1214, because the 128bit in AES is not the problem, 5+6 have them also.
And the 2 prefs in 1214 are part of the 10 modern ciphers.
Perhaps we were a bit overeager when we added 1214, without really understanding it. (?)

Hey... pardon my stupidity, but what exactly is cleared when privacy.clearOnShutdown.sessions = true?

i'm not aware of 'dom.event.contextmenu.enabled' breaking JS context menus - rather the JS context menu is placed under the default FF context menu, so you have both - if you want to use the JS menu, press Esc once

current descrip:

'[WARNING] This will break sites' functionality such as Dropbox'

might want to change that to reflect what i stated above?

/* 0850b: disable location bar dropdown
 * This controls the maximum number of entries that can appear in the location bar dropdown.
 * Zero completely disables it. If you want ANY dropdown functionality, this must be changed ***/

Zero does not completely disables it.

/* 0850c: disable location bar suggestion types
 * [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest
 * [NOTE] If you wish to enable these suggestions, make sure 0850a and 0850b are at default ***/

0850b doesn't need to be at default to enable... actually can be anything, but results are funny.

0850a is a master switch, since you have the false value, I don't see a reason to force 0850b to 0.

Is there a reason that search suggestion from bookmarked and opened tabs are disabled?

I am using the following:
browser.urlbar.maxRichResults = 8
browser.urlbar.suggest.bookmark = true
browser.urlbar.suggest.openpage = true

Just can't see any privacy problems here, only productivity improvements.

Also accessibility.typeaheadfind = true seems nice productivity improvement.

For dom.event.contextmenu.enabled I am not sure about privacy/security (?), but some pages (outlook web access for example) provides additional control over context menu.

dom.event.contextmenu.enable, currently under 2200 UI Meddling. Issue created because someone else queried it - so lets discuss it.

Personally, I find it annoying that sites remove my right click context, and only a handful of sites I use use it (for enhanced functionality/features), and it is handy - but I just bypass that functionality, or use a secondary browser. While it nicely fits in the section, it really, IMO, has no privacy issues.

The other issue is, how widespread is sites abusing this, if at all. What does setting a nothing right click context achieve (is this the ruse they use to disable selecting text?). I have no idea because its been disabled for me for years.

IF there are no security (and privacy) concerns, then should this be moved to the personal section?

Locked sticky issue for tracking privacy.resistFingerprinting

• Tor Uplift
• MVP Tracking
• Bugzilla META RFP ticket
• Tor Uplift Dependency Tree
• Mozilla Support: Firefox's protection against fingerprinting

Last updated: see changelog at foot (regularly cleaned out)

RESOLVED & ADDED TO USER.JS ^{if applicable}

🔻 FF41

• 418986 enable privacy.resistFingerprinting (limit window.screen & CSS media etc)
  // user_pref("privacy.resistFingerprinting", true);

🔻 FF50

• 1281949 spoof screen orientation
• 1281963 hide the contents of navigator.plugins and navigator.mimeTypes
  • FF53: 1324044 fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray

🔻 FF55

• 1330890 spoof timezone as UTC 0
  • FF58: 818634 deprecates Date.toLocaleFormat
  • FF60: 1409973 fixes Date.toLocaleDateString and Intl.DateTimeFormat
• 1330882 new window sizes to round to hundreds & override prefs
  // user_pref("privacy.window.maxInnerWidth", 1600);
  // user_pref("privacy.window.maxInnerHeight", 900);
• 1360039 spoof navigator.hardwareConcurrency as 2
• 1217238 reduce precision of time exposed by javascript

🔻 FF56

• 1369303 spoof/disable performance API
• 1333651 & 1383495 & 1396468 spoof navigator API
  • FF57: 1393283 spoof as ESR instead of 10s
  • FF59: 1415488 UA leaks over HTTP CONNECT method - fixed as a result of 1419771
  • FF59: 1404608 do not lie about OS (limit to Windows, OSX, Android, or Linux)
  • FF59: 1418672 due to ESR being out of whack and Aurora/Nightly sometimes being ahead of ESR releases, the value is now temporally hardcoded to 52
  • FF60: 1418162 ESR algorithm fixed for 60+7's
  • FF63: 1472618 navigator.platform returns "Win32" (but JS UA still shows 64bit)
  • FF66: 1509829 upstream Tor 26146 reduce UA HTTP headers to two OSes (Windows, Android)
  • FF67: 1511763 ESR cadence fixed to 60+8's
  • FF68: 1511434 UA Spoof -> Windows 10, OS 10.14, Android 8.1
  • FF78: 1599188 version algorithm hardcoded in 78+ to cadence 13
  • FF78: 1635011 UA Spoof -> OS 10.15, Android 9.0
• 1369319 disable device sensors
• 1369357 disable site specific zoom
• 1337161 hide gamepads from content
• 1372072 spoof network information API as "unknown"
• 1372069 block geolocation requests
  • FF63: 1441295 reverted: RFP no longer blocks geo
• 1333641 disable WebSpeech API

🔻 FF57

• 1369309 spoof media statistics
• 1382499 reduce screen co-ordinate fingerprinting in Touch API
• 1217290 enable fingerprinting resistance for WebGL
  • FF58: 1409677 WebGL issues
• 1382545 reduce fingerprinting in Animation API
• 1354633 limit MediaError.message to a whitelist
• 1382533 enable fingerprinting resistance for Presentation API
• 1384330 disable mozAddonManager Web API
  // user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);

🔻 FF58

• 967895 prompt (site permission) before allowing canvas data extraction
  • FF59: 1413780 when RFP=true include canvas in site permissions panel
  • FF59: 1376865 reduce canvas prompt fatigue by only prompting when user initiated (controlled by a temp pref privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts )
  • FF61: 1412961 RFP breaks extensions using canvas eg Screenshots:

  • until then, you can open about:debugging>Add-ons, click the extension's manifest.url and on that page, right click >View Page Info>Permissions and set a canvas exception

  • FF62: 1453916 Fixes more extension + canvas issues
• 1397611 extensions can control privacy.resistFingerprinting
• 1424341 FYI ONLY: Timing: not added to user.js: RFP timing & timer precision
  // privacy.reduceTimerPrecision
  // privacy.resistFingerprinting.reduceTimerPrecision.microseconds

🔻 FF59

• 1372073 spoof/block fingerprinting in MediaDevices API
• 1039069 warn when language prefs are set to non en-US
  • privacy.spoof_english (pref is used internally AFAICT, we should not meddle with it)
  • at this stage the pref has not been added to the user.js, but the bugzilla has
• 1222285 spoof keyboard events and suppress keyboard modifier events
  • FF59.0.2: 1433592 don't spoof/suppress CTRL key
  • FF60: 1438795 fixes keydown/keyup events
  • Test: https://w3c.github.io/uievents/tools/key-event-viewer.html

🔻 FF60

• 1337157 disable WebGL debug renderer info (see 2011)
• 1425462 FYI ONLY: Timing: not added to user.js: RFP timing precision jitter
  // privacy.resistFingerprinting.reduceTimerPrecision.jitter

🔻 FF62

• 1459089 [Firefox for Android] HTTP Accept-Language header no longer leaks OS locale

🔻 FF63

• 1479239 return no-preference with prefers-reduced-motion

🔻 FF64

• 1363508 spoof/suppress Pointer Events

🔻 FF65

• 1492766 pointerEvent.pointerid

🔻 FF67

• 1485266 enforce ui.use_standins_for_native_colors=true (2618)
• 1407366 RFP letterboxing
  // user_pref("privacy.resistFingerprinting.letterboxing", true);
  // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", "");
  • FF68: 1548634 stepped ranges
• 1485264 FYI: remove dom.event.highrestimestamp.enabled
• 1494034 enforce light with prefers-color-scheme - see MDN for this standard added in FF67

🔻 FF68

• 1492587 possible date picker locale leak fix

🔻 FF70

• 1564422 spoof audioContext outputLatency per OS

🔻 FF72

• 1595823 spoof audioContext sampleRate

🔻 FF74

• 1607316 spoof pointer as coarse and hover as none on android

🔻 FF78

• 1621433 randomize canvas
  • note: as of writing, isPointInPath and isPointInStroke still use the white-canvas

🔻 FF80

• 1653987 font visibility is restricted to BaseFonts (non Android)
  • click here
  • the lists are hardcoded lists with two parts kBaseFonts and kLangPackFonts
  • note: this is the same as setting layout.css.font-visibility.level = 1

🔻 FF82

• 1461454 spoof smooth=true and powerEfficient=false for Supported Media in MediaCapabilities

CHANGELOG

2020

• May 6: cleaned out changelog
• May 6: 1635011 (rfp os spoof changes) → FF78+ (under FF56 section)
• May 15: added entries for FF74 and FF78
• Jul 29: 1653987 (font visibility) → FF80+
• Nov 11: 1461454 (mediaCapabilities) → FF82+
• Dec 26: removed followups, pending, and invalid/wontfix sections since I'm not maintaining them and they're out of date

...

In case you were wondering about these redo section issues (there are more coming):

• the user.js has been one person's vision of how to structure it, order it, word it, where to put items, with some feedback in a wordpress forum, with over two years of adding items, usually at the end although I did try to leave gaps, and I did do some sort of revamps over the releases
• github affords us the chance to have really decent discussions (and arguments) in a proper collaborative environment, in order to whip this puppy into shape, and to overhaul all the inconsistencies, logic, wording, and more. The sky's the limit. Synergy and all that stuff.
• I want to revamp these sections (we don't need to do all of them) before I do a 52 release, that way, after the 52 release, the majority of changes will be minimal
• And after the revamps, Martin will do an article, and people who come and fork will then have less upheaval and commits etc.
• Basically, this is two years worth of everyone making my mess better :)

Section 1200 needs some love. I know @earthlng has some ideas for this section. I definitely want ciphers grouped together in say a 1250s. This is all about the order, numbering, wording. Don't want to get into discussions on the merits of turning things on and off or technical discussions on cipher suites and how curves are better than squares xD.

Hello.

I use recommended add-ons. Everything was fine until this time. But with the release of Firefox 53, everything has changed. I sometimes began to lose forms of filling in the login and password on many sites.

The 1600: Referers section needs some love. We have some changes coming up in the next release (52). These are

• Deprecated in 52+
  1601: network.http.sendSecureXSiteReferrer

• New in 52+ (currently in section 9999)
  // 1600's: restrict the contents of referrers attached to cross-origin requests (FF52+)
  // 0- 1- 2-scheme+hostname+port
  // user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
  // 1600's: default referrer fallback override? (FF52+?)
  // 0-no-referer 1-same-origin 2-strict-origin-when-cross-origin
  // 3-no-referrer-when-downgrade (default)
  // https://bugzilla.mozilla.org/show_bug.cgi?id=1304623
  // user_pref("network.http.referer.userControlPolicy", 3);

I also came across this article released today: https://scotthelme.co.uk/a-new-security-header-referrer-policy/ which nicely describes what each type of referer does exactly. Might be a good ref for you @pyllyukko

The 1600's section currently has only one active pref, and recommends using an add-on. In 52, it could be completely inactive - this doesn't seem right - surely some of these 7 prefs by default could be tightened up? And I think the section still needs better explanation (It's getting a bit confusing). I don;t mind losing all the numbering and starting from scratch, so it's logical. @fmarier 's opinion here would be great. Especially what the inactive defaults should be. Do we set them at FF defaults, or at most private or at a balance for less site breakage - and the new ones, what do we do with those: the first of which I have not filled in what 0 or 1 means, and I'd also like someone else to confirm what I already have is ok/right, including the descriptions.

The shutdown section needs a some love. Using words like "stuff" in 2803 is lame. I'm also not happy with the 2803a and 2804a numbering. Those 2 prefs need to be clarified exactly what they are doing as well. Especially 2803a, because we are shutting down, so how can that differ from what is already in 2803. As for 2804a, does it close current tabs/windows (but leave FF open) or what. I need to do some testing in a nilla FF.

Also, the section header could expanded a tad to explain clearing session data vs keeping it - a bit like the new 0800 (forms etc) section.

from @Atavic

FF 52.0 ESR

// Show favicons in web notifications.
pref("alerts.showFavicons", false);

// No Favicons, Thanks!
pref("browser.chrome.favicons, false);

See here for browser.shell.shortcutFavicons

we currently have (and it will need a tidy up/check for FF53, I think some of these may have fallen off be not longer applicable, eg 2652 probably won't apply).

EDIT: doh! of course 2652 will apply until e10s is enforced! - end edit

/* 2650: start the browser in e10s mode (FF48+)
 * After restarting the browser, you can check whether it's enabled by visiting
 * about:support and checking that "Multiprocess Windows" = 1
 * use force-enable and extensions.e10sblocksenabling if you have add-ons ***/
   // user_pref("browser.tabs.remote.autostart", true);
   // user_pref("browser.tabs.remote.autostart.2", true); // (FF49+)
   // user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)
   // user_pref("extensions.e10sBlocksEnabling", false);
/* 2651: control e10s number of container processes
 * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/
 * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/
   // user_pref("dom.ipc.processCount", 4);
/* 2652: enable console shim warnings for extensions that don't have the flag 'multiprocessCompatible' as true ***/
user_pref("dom.ipc.shims.enabledWarnings", true);
/* 2660: enforce separate content process for file://URLs (FF53+?)
 * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911
 * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/
user_pref("browser.tabs.remote.separateFileUriProcess", true);

there is also this from FF53 stable

/* enable WebExtension addon code to run in a separate process (webext-oop) (FF53+)
 * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process */
   // pref("extensions.webextensions.remote", false);

and to add for info

security.sandbox.content.level

This makes sense to put right at the start of the js, and it nicely takes a chunk out of the 2600's which is rather big and messy. Note: we still have to deal with containers later on as well in a new section.

Dec 2019:

• Closing this issue. This list wasn't really maintained (and there are lots more Firefox bugs like this, just not necessarily tagged as Tor Uplift). RFP and FPI specific bugs are on other sticky issues.

Locked sticky issue for tracking other Tor Uplift items of interest (after RFP #7 and FPI #8 )

• Tor Uplift
• MVP Tracking
• Bugzilla META Tor Uplift ticket
• Tor Uplift Dependency Tree

Last updated: see changelog at foot

RESOLVED & ADDED TO USER.JS ^{if applicable}

🔻 FF52

• 1121643 only expose whitelisted system fonts (FF52+)
  // user_pref("font.system.whitelist", ""); // (hidden pref)

🔻 FF56

• 1266495 remove <isindex>

🔻 FF57

• 1388881 Stylo respects mathml.disabled
• 863246 disable/limit resource://, chrome:// and about:// URI leaks
  ❗ security.all_resource_uri_content_accessible - may add this to user.js [reminder]
  [TEST] https://www.browserleaks.com/firefox
  [1] https://trac.torproject.org/projects/tor/ticket/8725

🔻 FF59

• 1222924 stop exposing moz-icon URL scheme

🔻 FF60

• 1359076 disable all Device Sensor APIs except orientation
  • here's an article
• 1382359 treat .onion as a secure context

🔻 FF64

• 680300 restrict discoverability of protocol handlers
• 583181 don't expose navigator.buildID to web content - compat info

🔻 FF68

• 1541958 nsUserInfo removed
  • original ticket: 1433350 remnant code, windows user name/accounts etc loaded into memory, was available to extensions, blah blah, read the ticket

🔻 FF70

• 467035 dtd locale leaks

CHANGELOG

• Dec 19th 2019: closing this issue

...

• date: 13-March-2017
• foreword: Here are the changes since the last changelog (except this is the first!). While we are continually improving and making changes, rest assured all the important 52 bits and bobs have been covered.
• note: the comments in the code snippets below are for this changelog's commentary

changelog:

• if you're not willing to do some reading (a lot!) this user.js is not for you
• from the 116 pref-changes in FF52 (that we discussed here) we ...
  • added 6
  • deprecated 4
  • had 6 already covered
  • and ignored the rest (at least for now)
    • if we missed something important please let us know (here)
• lots of formatting changes, we hope you like it
  • sorry for changing 50%+ of lines --- Paaants! I told you we should've done this earlier!
• a bunch of re-numbering and re-ordering
• we removed all the informational Sections from the user.js
  • 9996: PALEMOON SPECIFIC
  • 9998: TO INVESTIGATE - TOR UPLIFT + 9999: TO INVESTIGATE - OTHER
    • meta: tor uplift: privacy.resistFingerprinting
    • meta: tor uplift: privacy.firstparty.isolate
    • meta: tor uplift: the rest
    • sticky: items to investigate keep an eye on
  • APPENDIX B: FIREFOX ADD-ONS
  • APPENDIX C: TEST SITES

ok ... let's get to the good stuff now ... prefs, prefs, prefs and some more prefs ...

• we reworked the Referrer Header section
  (thanks to @fmarier [our resident mozilla Security Engineer] and everyone else who helped!)

user_pref("network.http.referer.XOriginPolicy", 1); // Beware! This can cause breakage! see section 1600
user_pref("network.http.referer.spoofSource", false); // enforcing FF52 default value
user_pref("network.http.referer.trimmingPolicy", 0); // enforcing FF52 default value
user_pref("network.http.referer.XOriginTrimmingPolicy", 0); // enforcing FF52 default value -- new in FF52
user_pref("network.http.sendRefererHeader", 2); // enforcing FF52 default value
// user_pref("network.http.referer.userControlPolicy", 3); // not in FF52 - new in FF53

• new Prefs for Firefox 52.0

user_pref("javascript.options.wasm", false); // default: true -- if you want to use WebAssembly comment this one out
user_pref("network.cookie.leave-secure-alone", true); // enforcing FF52 default value
user_pref("security.insecure_field_warning.contextual.enabled", true); // enforcing FF52 default value
user_pref("signon.autofillForms.http", false); // enforcing FF52 default value

• other new additions since user.js v51

user_pref("browser.ssl_override_behavior", 1);
user_pref("browser.urlbar.suggest.bookmark", false); // you may not like this
user_pref("browser.urlbar.suggest.openpage", false); // ... or this
user_pref("browser.xul.error_pages.expert_bad_cert", true);
user_pref("network.IDN_show_punycode", true); // you may not like this if you're using a non-latin alphabet
user_pref("security.csp.enable", true); // enforcing FF52 default value
user_pref("security.csp.experimentalEnabled", true); // experimental - yes we're adventurous - use on your own risk !!

• added some prefs that are commented out by default

// user_pref("accessibility.typeaheadfind", true);
// user_pref("browser.privatebrowsing.autostart", true);
// user_pref("font.system.whitelist", "");
// user_pref("security.ssl3.rsa_aes_128_sha", false);
// user_pref("security.ssl3.rsa_aes_256_sha", false);

• activated previously commented-out prefs

user_pref("browser.link.open_newwindow.restriction", 0); // this will open some popup-windows in a tab instead
user_pref("network.stricttransportsecurity.preloadlist", true); // we also changed the value to true !!! -- default: true
user_pref("privacy.clearOnShutdown.openWindows", false); // we also changed the value to false !!! -- default: false
user_pref("privacy.cpd.openWindows", false); // we also changed the value to false !!! -- default: false
user_pref("privacy.donottrackheader.enabled", false); // we also changed the value to false !!! -- default: false

• changed the value of one pref

user_pref("browser.sessionhistory.max_entries", 10); // previously: 4

• removed prefs from the user.js

user_pref("browser.search.reset.enabled", false);
user_pref("browser.search.reset.whitelist", "");

• commented out

user_pref("clipboard.autocopy", false);
user_pref("general.appname.override", "Netscape");
user_pref("general.appversion.override", "5.0 (Windows)");
user_pref("general.buildID.override", "20100101");
user_pref("general.oscpu.override", "Windows NT 6.1");
user_pref("general.platform.override", "Win32");
user_pref("privacy.cpd.downloads", true);

• deprecated
  • browser.usedOnWindows10.introURL
  • dom.battery.enabled (still exists but is no longer necessary in FF52+)
  • dom.mozTCPSocket.enabled (was never in the user.js)
  • dom.telephony.enabled
  • media.gmp-eme-adobe.autoupdate
  • media.gmp-eme-adobe.enabled
  • media.gmp-eme-adobe.visible
  • network.http.sendSecureXSiteReferrer

• plus we fixed some typos and other minor things
  => we're trying our best but grammar nazis are very welcome

• we also changed one of the URL-prefs so we can log all your browsing history
  => seriously, you should never use something like this without reading it from top to bottom
  => no seriously - don't worry - we would never do that (or would we?)

Thanks to everyone who contributed - we appreciate it a lot!

any and all help, suggestions, recommendations, links, tips and tricks, questions, thank you's or whathaveyou - signup/login and start typing

Just putting here some settings I have stumbled upon.
I haven't investigate into those yet, so don't kill me, please. :)
Some might be deprecated already, some might not be existing, etc.

• browser.addon-watch.deactivate-after-idle-ms
  browser.addon-watch.interval
  browser.addon-watch.percentage-limit
  • wontfix: commented by @earthlng: only for Nightly; we don't need this
• browser.customizemode.tip0.shown
  • wontfix: I would guess, like a firstrun, its already been triggered for everyone
• browser.formfill.expire_days
  • see #10
• browser.sessionstore.enabled
  • wontfix: deprecated
• browser.xul.error_pages.enabled
  • wontfix: commented by @earthlng: false is bad, true is default; we don't need this
• network.http.use-cache
  • wontfix: deprecated
• toolkit.telemetry.optoutSample
  • wontfix: deprecated and not messing with telemetry settings (just master switches, urls, ids)
• toolkit.telemetry.previousBuildID
  • wontfix: deprecated
• toolkit.telemetry.rejected
  • wontfix: deprecated
• toolkit.telemetry.server_owner
  • wontfix: not messing with telemetry settings (just master switches, urls, ids)
• browser.download.manager.quitBehavior
  • wontfix: see http://kb.mozillazine.org/Browser.download.manager.quitBehavior
    don't really know what would be the best for wider audience... or default (the value = 0) or is this privacy issue (then the value = 2)
• media.hardware-video-decoding.enabled
  • wontfix: not messing with video playback (only those accessible via options)
• dom.maxHardwareConcurrency
  • wontfix: at this stage

==

• browser.sessionstore.restore_on_demand
  • NFI .. why do we get lists dumped on us

I am out for a few days.
If anyone already know for some of those, I would be happy for your comment.

network.http.enablePerElementReferrer is commented out in user.js [ghacks]-0.11.js as well as in, here, ghacks-user.js-51.0 but with no additional information.

I read at https://www.anonymous-proxy.eu/firefox-privacy-tuning.php (mentioning this page because info on above setting is hard to find),

Mozilla's Firefox has introduced an experimental "per-element referrer" feature which is transmitting HTTP referrer for particular elements such as:
Hyperlink
Picture
Frame
Clickable area

That sites advises to set it to false (default=true). But not sure the setting is still experimental and not sure as well that site is right.

I've set it to false,

// Disable per-element HTTP referrer (HTTP referrer for particular elements such as Hyperlink, Picture, Frame, Clickable area)
// https://www.anonymous-proxy.eu/firefox-privacy-tuning.php
user_pref("network.http.enablePerElementReferrer", false); // Default=true

What would the experts say?

I notice that reader.parse-on-load.enabled = false to disable Reader View. What is the reasoning behind this choice? I'm having a hard time understanding what privacy downside there is since switching to this view does not result in any more network request (according to the Network log).

v53.0 vs v54.0

119 diffs ( 54 new, 55 gone, 10 different )

new in v54.0:

• pref("browser.formautofill.enabled", false); ec03969
• pref("browser.newtabpage.activity-stream.enabled", false); 1621cd5
• pref("browser.urlbar.usepreloadedtopurls.enabled", false); 1a04c13
• MistakeURLs: d3e1fe3
  • https://hg.mozilla.org/mozilla-central/rev/077f42a9964c#l10.1
  • pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
  • pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
  • pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
  • pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
• pref("dom.ipc.processCount.extension", 1); dd01dd5
• pref("extensions.screenshots.system-disabled", true); - f61c951
• pref("geo.security.allowinsecure", true); f3a0e8d
• pref("network.http.referer.hideOnionSource", false); ffd8980
• pref("privacy.firstparty.isolate.restrict_opener_access", true); da73ca1
• pref("security.sandbox.logging.enabled", false); dd01dd5
• pref("security.data_uri.inherit_security_context", true);
  • added to "items to keep an eye on: issue 20

removed, renamed or hidden in v54.0:

Done - see 82432a3

• pref("browser.safebrowsing.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url="); https://hg.mozilla.org/mozilla-central/rev/077f42a9964c#l10.1
• pref("browser.safebrowsing.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url="); https://hg.mozilla.org/mozilla-central/rev/077f42a9964c#l10.1
• pref("dom.archivereader.enabled", false); 1342361
• pref("media.eme.apiVisible", true); 1242321

changed in v54.0:

• pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/"); // prev: "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/"
  => Migrate the blocklist preferences to new URI
• pref("media.peerconnection.ice.tcp", true); // prev: false - ab7dfb7

ignore

==NEW

pref("apz.allow_with_webrender", false);
pref("browser.formautofill.loglevel", "Warn"); // see master switch to disable
pref("browser.urlbar.usepreloadedtopurls.expire_days", 14); // see master switch to disable
pref("browser.storageManager.pressureNotification.minIntervalMS", 1200000);
pref("browser.storageManager.pressureNotification.usageThresholdGB", 5);
pref("devtools.gridinspector.showGridOutline", false);
pref("devtools.source-map.locations.enabled", false);
pref("dom.forms.select.customstyling", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1339966
pref("dom.ipc.plugins.forcedirect.enabled", true); // we do not support flash
pref("dom.moduleScripts.enabled", false); // ECMAScripts
pref("dom.timeout.max_consecutive_callbacks", 5);
pref("dom.vr.puppet.enabled", false);
pref("dom.vr.test.enabled", false);
pref("extensions.e10sMultiBlocksEnabling", true); // leave e10s experimental staging alone
pref("gfx.downloadable_fonts.keep_variation_tables", false);
pref("gfx.downloadable_fonts.otl_validation", false);
pref("gfx.webrender.enabled", true);
pref("image.mem.animated.discardable", false);
pref("image.mem.shared", false);
   // ^^ https://bugzilla.mozilla.org/show_bug.cgi?id=1331944
   // ^^ https://bugzilla.mozilla.org/show_bug.cgi?id=1339202
pref("intl.tsf.associate_imc_only_when_imm_ime_is_active", false);
pref("intl.tsf.hack.ms_japanese_ime.do_not_associate_imc_on_win10", true);
pref("intl.uidirection", -1);
pref("layers.advanced.border-layers", false);
pref("layers.advanced.caret-layers", false);
pref("layout.css.text-justify.enabled", false);
pref("layout.scrollbars.always-layerize-track", false);
/* https://developer.mozilla.org/en-US/docs/Mozilla/QA/Marionette ***/
pref("marionette.enabled", false);
pref("marionette.forcelocal", true);
pref("marionette.log.level", "info");
pref("marionette.port", 2828);
pref("marionette.prefs.recommended", true);
pref("media.eme.vp9-in-mp4.enabled", false);
pref("media.ffmpeg.low-latency.enabled", false);
pref("services.sync.engine.bookmarks.validation.interval", 86400);
pref("services.sync.engine.bookmarks.validation.maxRecords", 1000);
pref("services.sync.engine.bookmarks.validation.percentageChance", 10);
pref("signon.masterPasswordReprompt.timeout_ms", 900000);
pref("network.throttle.enable", true);
pref("network.throttle.resume-for", 2000);
pref("network.throttle.suspend-for", 2000);

==REMOVED or HIDDEN

pref("browser.newtabpage.remote", false);
pref("browser.newtabpage.remote.content-signing-test", false);
pref("browser.newtabpage.remote.keys", "");
pref("browser.newtabpage.remote.mode", "production");
pref("browser.newtabpage.remote.version", "1");
pref("devtools.sourcemap.locations.enabled", false);
pref("devtools.toolbox.toolbarSpec", '["splitconsole", "paintflashing toggle","scratchpad","resize toggle","screenshot --fullpage --file", "rulers", "measure"]');
pref("gfx.font_rendering.cleartype.always_use_for_content", false);
pref("gfx.font_rendering.cleartype.use_for_downloadable_fonts", true);
pref("intl.uidirection.ar", "rtl");
pref("intl.uidirection.fa", "rtl");
pref("intl.uidirection.he", "rtl");
pref("intl.uidirection.ug", "rtl");
pref("intl.uidirection.ur", "rtl");
// https://bugzilla.mozilla.org/show_bug.cgi?id=1343941
pref("layers.allow-d3d9-fallback", false);
pref("layers.prefer-d3d9", false);
pref("layout.css.object-fit-and-position.enabled", true);
pref("layout.css.unprefixing-service.enabled", true);
// remove HTTP1 Pipeline Support: https://bugzilla.mozilla.org/show_bug.cgi?id=1340655
pref("network.http.pipelining", false);
pref("network.http.pipelining.abtest", false);
pref("network.http.pipelining.aggressive", false);
pref("network.http.pipelining.max-optimistic-requests", 4);
pref("network.http.pipelining.maxrequests", 32);
pref("network.http.pipelining.maxsize", 300000);
pref("network.http.pipelining.read-timeout", 30000);
pref("network.http.pipelining.reschedule-on-timeout", true);
pref("network.http.pipelining.reschedule-timeout", 1500);
pref("network.http.pipelining.ssl", false);
pref("network.http.proxy.pipelining", false);
pref("pointer-lock-api.prefixed.enabled", false);
pref("security.sandbox.windows.log", false);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1296767#c125
pref("services.sync.jpake.firstMsgMaxTries", 300);
pref("services.sync.jpake.lastMsgMaxTries", 300);
pref("services.sync.jpake.maxTries", 10);
pref("services.sync.jpake.pollInterval", 1000);
pref("services.sync.jpake.serverURL", "https://setup.services.mozilla.com/");
pref("services.sync.log.logger.service.jpakeclient", "Debug");
pref("services.sync.log.logger.userapi", "Debug");
pref("services.sync.miscURL", "misc/");
pref("services.sync.privacyURL", "https://services.mozilla.com/privacy-policy/");
pref("services.sync.scheduler.sync11.singleDeviceInterval", 86400);
pref("services.sync.serverURL", "https://auth.services.mozilla.com/");
pref("services.sync.statusURL", "https://services.mozilla.com/status/");
pref("services.sync.syncKeyHelpURL", "https://services.mozilla.com/help/synckey");
pref("services.sync.termsURL", "https://services.mozilla.com/tos/");
pref("services.sync.userURL", "user/");
// ---------------------------------------------------------------------------------------
// renamed to 'services.sync.engine.bookmarks.validation.*'
pref("services.sync.validation.interval", 86400);
pref("services.sync.validation.maxRecords", 100);
pref("services.sync.validation.percentageChance", 10);
// https://bugzilla.mozilla.org/show_bug.cgi?id=1313045
pref("toolkit.identity.debug", false);
pref("toolkit.identity.enabled", false);

==CHANGED

pref("browser.safebrowsing.provider.google4.lists", "goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto"); // prev: "goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto"
pref("dom.event.highrestimestamp.enabled", true); // prev: false
pref("dom.ipc.plugins.asyncdrawing.enabled", true); // prev: false // we do not support flash
pref("extensions.blocklist.detailsURL", "https://blocked.cdn.mozilla.net/"); // prev: "https://www.mozilla.com/%LOCALE%/blocklist/"
pref("extensions.blocklist.itemURL", "https://blocked.cdn.mozilla.net/%blockID%.html"); // prev: "https://blocklist.addons.mozilla.org/%LOCALE%/%APP%/blocked/%blockID%"
pref("font.name-list.serif.x-math", "..."); // removed 'Symbol' from the list
pref("layout.css.clip-path-shapes.enabled", true); // prev: false
pref("security.mixed_content.hsts_priming_cache_timeout", 604800); // prev: 10080

Use this issue to suggest scripts for our wiki section Further Hardening: Extension Scripts. We're looking for scripts that enhance privacy and security, and block tracking and fingerprinting.

Please try to stick to general/global or major site specific scripts (such as google), rather than obscure sites no one really cares about.

Please note: The comments here will be regularly cleaned out to keep this sticky usable

If you start FF in "normal" mode, any new private windows will display a badge/icon in the top right (a mask image). (Side note: themes do not load either)

If you start FF in PB mode, there is no PB mode icon shown anywhere. If you then open a new "normal" window, there is no difference to that visually from the PB mode window (I have never started in PB mode so I would like to clarify this).

I have tested this with multiple vanilla FF52s. To me, this either a bit of a failure and/or ambiguous. @fmarier

==
below are three concurrent profiles (vanilla FF52), all with Options>Privacy>History>Firefox will use custom settings, starting in "normal" mode (i.e "always use PB mode" is unchecked), with spawned PB windows (just reusing the image from the wiki to show the PB mode badge and loss of theme)

And here is a browser.privatebrowsing.autostart->true. If you spawn a "new window" or a "new private window", they are indistinguishable

==
So am I missing something here?

• The wording in options is "ALWAYS use PB mode", which at face value means that if you start in PB you can only spawn PB mode windows - regardless of the command (new window or new private window).
• ^^ Is this correct? @fmarier
• If this is true (start PB mode = ONLY PB mode windows), then why even allow the command "new window". This is misleading. It should be disabled IMO or (to keep the ctrl-n which people use) the icon changed to the same as "new private window" - whatever, also needs to cover context menus/menus/hamburger buttons/key-combos?. It needs to be clear.
• Also, why is the PB mode badge missing. This should, IMO, be enforced. See this from mozilla support: "Private Browsing windows have a purple mask at the top", but also "When Firefox is set to Never remember history you won't see a purple mask at the top of each window, even though you are effectively in Private Browsing mode". Who dreamed that up?
• While people should be responsible for their own tweaks etc, what if an addon or script changed the start mode back to normal. An end-user wouldn't pick up on it.

I do not start in PB mode myself (never have until now), but read/assumed that you could spawn a "normal" window (because the menu item/key-combo/hamburger buttons/context menus are all there) - indeed I have suggested this to others to test if the cause of an issue was PB mode (recently it was containers not working, then SDC addons not working - and both times the reply was, yes, that's it - not 100% sure if that means they followed my advice exactly - I'm guessing not)

So which is it: PB start mode->new window-> is this a normal window or a private window?

v52.0 vs v53.0

133 diffs ( 74 new, 38 gone, 21 different )

new in v53.0:

• pref("browser.storageManager.enabled", false); 5cf2de5
• pref("browser.tabs.remote.separateFileUriProcess", false); #82 49e2025
• pref("browser.urlbar.decodeURLsOnCopy", false); see comment , 7496b87
• pref("dom.IntersectionObserver.enabled", false); 8ca3176
• pref("extensions.webextensions.remote", false); #82 49e2025
• pref("svg.disabled", false); 2671 551427f
  • FUKYEAH™ 👍 but inactive due to youtube 💩
• since defaults are false, added to investigate/keep an eye on sticky
  • pref("dom.dialog_element.enabled", false);
• since defaults are false, added to investigate/keep an eye on sticky
  • pref("privacy.trackingprotection.annotate_channels", false);
  • pref("privacy.trackingprotection.lower_network_priority", false);
• since defaults are false, added to investigate/keep an eye on sticky
  • pref("security.webauth.webauthn", false);
  • pref("security.webauth.webauthn_enable_softtoken", false);
  • pref("security.webauth.webauthn_enable_usbtoken", false);
• pref("network.http.referer.userControlPolicy", 3); 1606
• pref("privacy.userContext.longPressBehavior", 0);
  • this will be dealt with in #91 : create containers section (containers are off by default in 53)
• pref("services.blocklist.pinning.enabled", true);
  • leaving enabled for now, added to investigate/keep an eye on sticky
• pref("plugins.navigator.hidden_ctp_plugin", "");
  • ignoring this. flash needs to die. our user.js blocks flash by default. see earthlng's comments below for more info and/or read 1294341

removed, renamed or hidden in v53.0:

See d87bcfd

• pref("dom.beforeAfterKeyboardEvent.enabled", false); 1322736
• pref("media.getusermedia.screensharing.allow_on_old_platforms", false); 1329562 2d7af132a40c
• pref("plugin.scan.Acrobat", "5.0"); 1317109
• pref("plugin.scan.Quicktime", "5.0"); 1317110
• pref("plugin.scan.WindowsMediaPlayer", "7.0"); 1317108
• pref("security.tls.unrestricted_rc4_fallback", false); 1130670

changed in v53.0:

(striked ones changed in a beta version but the change didn't land in stable)

• pref("webextensions.storage.sync.enabled", true); // prev: false ec5fdfc
• pref("browser.crashReports.unsubmittedCheck.enabled", true); // prev: false 0351
• pref("browser.migrate.automigrate.enabled", true); // prev: false 3023
• pref("browser.safebrowsing.provider.google4.gethashURL", ""); // prev: somethingsomething 0410c
• pref("media.getusermedia.browser.enabled", false); // prev: true 2022
• pref("network.predictor.enable-prefetch", false); // prev: true 0608
• pref("security.pki.certificate_transparency.mode", 0); // prev: 1 already keeping an eye on (#20)
• pref("security.tls.version.max", 4); // prev: 3 1202
• pref("webgl.enable-debug-renderer-info", true); // prev: false 2011

ignore

==NEW

pref("browser.formautofill.experimental", false);
pref("browser.safebrowsing.temporary.take_v4_completion_result", false);
pref("devtools.command-button-pick.enabled", true);
pref("devtools.debugger.call-stack-visible", false);
pref("devtools.debugger.end-panel-collapsed", false);
pref("devtools.debugger.pending-selected-location", "{}");
pref("devtools.debugger.scopes-visible", false);
pref("devtools.debugger.start-panel-collapsed", false);
pref("devtools.debugger.tabs", "[]");
pref("devtools.gridinspector.showGridLineNumbers", false);
pref("devtools.gridinspector.showInfiniteLines", false);
pref("devtools.inspector.colorWidget.enabled", false);
pref("devtools.screenshot.audio.enabled", true);
pref("devtools.screenshot.clipboard.enabled", false);
pref("devtools.webconsole.filter.css", false);
pref("dom.forms.selectSearch", false);
pref("dom.ipc.processCount.webLargeAllocation", 10);
pref("dom.largeAllocationHeader.enabled", true);
pref("dom.select_popup_in_parent.enabled", false);
pref("dom.storage.testing", false);
pref("extensions.getAddons.themes.browseURL", "https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox");
pref("extensions.webcompat-reporter.enabled", false);
pref("extensions.webcompat-reporter.newIssueEndpoint", "https://webcompat.com/issues/new");
pref("extensions.webextensions.identity.redirectDomain", "extensions.allizom.org");
pref("extensions.webextensions.themes.enabled", false);
pref("identity.fxaccounts.settings.devices.uri", "https://accounts.firefox.com/settings/clients?service=sync&context=fx_desktop_v3");
pref("layers.geometry.basic.enabled", true);
pref("layers.geometry.opengl.enabled", true);
pref("layers.gpu-process.enabled", true);
pref("layout.animation.prerender.absolute-limit-x", 4096);
pref("layout.animation.prerender.absolute-limit-y", 4096);
pref("layout.animation.prerender.partial", false);
pref("layout.animation.prerender.viewport-ratio-limit-x", "1.125");
pref("layout.animation.prerender.viewport-ratio-limit-y", "1.125");
pref("layout.css.display-flow-root.enabled", true);
pref("layout.css.font-variations.enabled", false);
pref("media.cubeb.log_level", "");
pref("media.decoder.recycle.enabled", false);
pref("media.gpu-process-decoder", true);
pref("media.wmf.allow-unsupported-resolutions", false);
pref("network.standard-url.enable-rust", false);
pref("places.frecency.redirectSourceVisitBonus", 25);
pref("plugins.flashBlock.enabled", false);
pref("privacy.history.custom", false);
pref("privacy.permissionPrompts.showCloseButton", false);
pref("privacy.temporary_permission_expire_time_ms", 3600000);
pref("security.mixed_content.hsts_priming_request_timeout", 3000);
pref("services.blocklist.pinning.bucket", "pinning");
pref("services.blocklist.pinning.checked", 0);
pref("services.blocklist.pinning.collection", "pins");
pref("urlclassifier.flashAllowExceptTable", "testexcept-flashallow-simple,except-flashallow-digest256");
pref("urlclassifier.flashAllowTable", "test-flashallow-simple,allow-flashallow-digest256");
pref("urlclassifier.flashExceptTable", "testexcept-flash-simple,except-flash-digest256");
pref("urlclassifier.flashSubDocExceptTable", "testexcept-flashsubdoc-simple,except-flashsubdoc-digest256");
pref("urlclassifier.flashSubDocTable", "test-flashsubdoc-simple,block-flashsubdoc-digest256");
pref("urlclassifier.flashTable", "test-flash-simple,block-flash-digest256");
pref("webgl.max-acceptable-fb-status-invals", 0);
pref("webgl.max-perf-warnings", 0);

==REMOVED or HIDDEN

/*** we have none of these ***/
pref("accessibility.ipc_architecture.enabled", true);
pref("browser.preferences.animateFadeIn", false);
pref("browser.tabs.dontfocusfordialogs", true);
pref("browser.uitour.readerViewTrigger", "^https:\\/\\/www\\.mozilla\\.org\\/[^\\/]+\\/firefox\\/reading\\/start");
pref("devtools.apps.forbidden-permissions", "embed-apps");
pref("devtools.netmonitor.statistics", true);
pref("dom.details_element.enabled", true);
pref("dom.mozInputMethod.enabled", false);
pref("dom.mozNetworkStats.enabled", false);
pref("dom.mozPermissionSettings.enabled", false);
pref("dom.mozSettings.allowForceReadOnly", false);
pref("dom.mozSettings.enabled", false);
pref("dom.mozSettings.SettingsDB.debug.enabled", false);
pref("dom.mozSettings.SettingsDB.verbose.enabled", false);
pref("dom.mozSettings.SettingsManager.debug.enabled", false);
pref("dom.mozSettings.SettingsManager.verbose.enabled", false);
pref("dom.mozSettings.SettingsRequestManager.debug.enabled", false);
pref("dom.mozSettings.SettingsRequestManager.verbose.enabled", false);
pref("dom.mozSettings.SettingsService.debug.enabled", false);
pref("dom.mozSettings.SettingsService.verbose.enabled", false);
pref("dom.node.rootNode.enabled", false);
pref("dom.presentation.discovery.legacy.enabled", false);
pref("dom.system_update.debug", false);
pref("dom.system_update.enabled", false);
pref("gecko.handlerService.allowRegisterFromDifferentHost", false);
pref("gfx.prefer-mesa-llvmpipe", false);
pref("image.mozsamplesize.enabled", false);
pref("layout.css.display-contents.enabled", true);
pref("network.standard-url.encode-utf8", true);
pref("network.standard-url.escape-utf8", true);
pref("security.ssl.enable_npn", true);
pref("security.ssl.false_start.require-npn", false);

==CHANGED

pref("browser.addon-watch.ignore", "[\"[email protected]\",\"[email protected]\",\"[email protected]\",\"fx-devtools\",\"[email protected]\"]"); // prev: "[\"[email protected]\",\"[email protected]\",\"[email protected]\",\"fx-devtools\"]"
pref("browser.migrate.chrome.history.limit", 2000); // prev: 0
pref("browser.migrate.chrome.history.maxAgeInDays", 180); // prev: 0
pref("browser.safebrowsing.provider.mozilla.lists", "base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256"); // prev: "base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256"
pref("devtools.jsonview.enabled", true); // prev: false
pref("devtools.netmonitor.har.defaultFileName", "Archive %date"); // prev: "Archive %y-%m-%d %H-%M-%S"
pref("devtools.toolbox.toolbarSpec", '["splitconsole", "paintflashing toggle","scratchpad","resize toggle","screenshot --fullpage --file", "rulers", "measure"]'); // prev: '["splitconsole", "paintflashing toggle","scratchpad","resize toggle","screenshot --fullpage", "rulers", "measure"]'
pref("lightweightThemes.recommendedThemes", /*** big long string ***/); // prev: /*** big long string ***/
pref("media.decoder-doctor.notifications-allowed", /*** big long string ***/); // prev: /*** big long string ***/
pref("media.dormant-on-pause-timeout-ms", 5000); // prev: -1
pref("media.navigator.audio.full_duplex", true); // prev: false
pref("places.frecency.permRedirectVisitBonus", 50); // prev: 0
pref("places.frecency.tempRedirectVisitBonus", 40); // prev: 0
pref("services.sync.engine.tabs.filteredUrls", "^(about:.*|resource:.*|chrome:.*|wyciwyg:.*|file:.*|blob:.*)$"); // prev: "^(about:.*|chrome://weave/.*|wyciwyg:.*|file:.*|blob:.*)$"
pref("urlclassifier.disallow_completions", /*** big long string ***/); // prev: /*** big long string ***/