A user.js is a configuration file that can control Firefox settings - for a more technical breakdown and explanation, you can read more in the wiki
๐ฉ the arkenfox user.js
The arkenfox user.js is a template which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
Everyone, experts included, should at least read the wiki, as it contains important information regarding a few user.js settings. There is also an interactive current release, thanks to icpantsparti2.
Note that we do not recommend connecting over Tor on Firefox. Use the Tor Browser if your threat model calls for it, or for accessing hidden services.
Also be aware that the arkenfox user.js is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.
When gfx.downloadable_fonts.woff2.enabled is set to "false" then some web pages doesn't show navigation and other icons. Instead there is just a empty placeholder without functionality meaning.
Is there any concern not to set it back to default, that's the value "true"?
we currently have (and it will need a tidy up/check for FF53, I think some of these may have fallen off be not longer applicable, eg 2652 probably won't apply).
EDIT: doh! of course 2652 will apply until e10s is enforced! - end edit
/* 2650: start the browser in e10s mode (FF48+) * After restarting the browser, you can check whether it's enabled by visiting * about:support and checking that "Multiprocess Windows" = 1 * use force-enable and extensions.e10sblocksenabling if you have add-ons ***/// user_pref("browser.tabs.remote.autostart", true);// user_pref("browser.tabs.remote.autostart.2", true); // (FF49+)// user_pref("browser.tabs.remote.force-enable", true); // (hidden pref)// user_pref("extensions.e10sBlocksEnabling", false);/* 2651: control e10s number of container processes * [1] http://www.ghacks.net/2016/02/15/change-how-many-processes-multi-process-firefox-uses/ * [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1207306 ***/// user_pref("dom.ipc.processCount", 4);/* 2652: enable console shim warnings for extensions that don't have the flag 'multiprocessCompatible' as true ***/user_pref("dom.ipc.shims.enabledWarnings",true);/* 2660: enforce separate content process for file://URLs (FF53+?) * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1147911 * [2] http://www.ghacks.net/2016/11/27/firefox-53-exclusive-content-process-for-local-files/ ***/user_pref("browser.tabs.remote.separateFileUriProcess",true);
there is also this from FF53 stable
/* enable WebExtension addon code to run in a separate process (webext-oop) (FF53+) * [1] https://wiki.mozilla.org/WebExtensions/Implementing_APIs_out-of-process */// pref("extensions.webextensions.remote", false);
and to add for info
security.sandbox.content.level
This makes sense to put right at the start of the js, and it nicely takes a chunk out of the 2600's which is rather big and messy. Note: we still have to deal with containers later on as well in a new section.
*pref("app.update.timerFirstInterval",30000);*pref("browser.migrate.chrome.history.limit",0);*pref("browser.migrate.chrome.history.maxAgeInDays",0);*pref("browser.tabs.crashReporting.requestEmail",false);*pref("browser.tabs.delayHidingAudioPlayingIconMS",3000);*pref("devtools.debugger.client-source-maps-enabled",true);*pref("devtools.layoutview.enabled",false);*pref("devtools.webconsole.filter.debug",true);*pref("devtools.webconsole.filter.net",false);*pref("devtools.webconsole.ui.filterbar",false);*pref("dom.audiochannel.audioCompeting.allAgents",false);*pref("dom.forms.datetime.timepicker",false);*pref("dom.gamepad.extensions.enabled",false);*pref("dom.idle_period.throttled_length",10000);*pref("dom.manifest.onappinstalled",false);*pref("dom.requestIdleCallback.enabled",false);*pref("dom.select_events.textcontrols.enabled",false);*pref("dom.w3c_pointer_events.implicit_capture",false);*pref("dom.webnotifications.requireinteraction.count",3);*pref("dom.webnotifications.requireinteraction.enabled",false);*pref("gfx.canvas.skiagl.dynamic-cache",true);*pref("identity.fxaccounts.contextParam","fx_desktop_v3");*pref("idle_queue.long_period",50);*pref("idle_queue.min_period",3);*pref("layers.draw-mask-debug",false);*pref("layout.accessiblecaret.hide_carets_for_mouse_input",true);*pref("layout.idle_period.required_quiescent_frames",2);*pref("layout.idle_period.time_limit",1);*pref("logging.config.clear_on_startup",true);[zilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1239686)*IFloggingthisclearsthelogonrestartgoseetheDXRcode*pref("media.dormant-on-pause-timeout-ms",-1);*pref("media.navigator.load_adapt.encoder_only",true);*pref("media.peerconnection.dtmf.enabled",true);[zilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1313406)*pref("media.wmf.vp9.enabled",false);*pref("narrate.filter-voices",true);*pref("network.auth.private-browsing-sso",false);*pref("network.http.max_response_header_size",393216);*pref("network.http.spdy.default-hpack-buffer",65536);*pref("plugins.favorfallback.mode","never");*pref("plugins.favorfallback.rules","");*pref("prompts.authentication_dialog_abuse_limit",3);[CVE](https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419) - will enforce if it changes*pref("security.csp.enableStrictDynamic",true);*pref("security.enterprise_roots.enabled",false);*pref("security.mixed_content.hsts_priming_cache_timeout",10080);*pref("security.sandbox.windows.log.stackTraceDepth",0);*pref("services.sync.log.logger.engine.extension-storage","Debug");*pref("services.sync.validation.interval",86400);*pref("services.sync.validation.maxRecords",100);*pref("services.sync.validation.percentageChance",10);*pref("webextensions.storage.sync.enabled",false);*pref("webextensions.storage.sync.serverURL","https://webextensions.settings.services.mozilla.com/v1");
Because every single non user_pref line is modified, I have taken the opportunity to do more than that. All up:
formatted as discussed earlier which creates foldable preference numbers
where a numbered item had user_pref lines punctuated by comments, I did something about it (eg all the current 3021 items) so that every single foldable item has a number
acronyms are expanded eg DHE, DRM, CDM etc where needed
all version notations are now (xx) for deprecated and (FFxx) for introduced
removed all instances of "i" and "author" and used 1st person plural (if indeed even needed anymore)
removed ghacks html tags
reviewed/checked all warning tags (got rid of some) and added setup tags: they now use [WARNING] and [SETUP]
removed all the rubbish from the doc header section and rewrote a quick readme to make some things painfully clear. PS: the readme is not done, but the little readme in the user.js covers all the really important stuff, is seriously short, simple, and easy to read
did away with the troubleshooting list, you'll see why (hated maintaining that list)
those painfully clear things are also made painfully clear in those sections or preferences, some rewording.
a few descriptions were slightly reworded, or two liners moved into one
made a few other words/phrases etc uniform
went over it a half dozen times
The idea, without going overboard, with the [WARNING] and [SETUP] tags is that warning is more about (major) site breaking etc and setup is stuff that is optional or should be looked at when setting up - doh! By that, I mean that 90% of the 270+ numbered items cause zero breakage or issues, 5% are optional i.e the user can make an informed decision and knows the drawbacks (eg keeping history), and the rest are items that cause site breakage or are bad to implement etc. The two tags can be used in conjunction (i.e more than one tag per item), they can be at the end of a section title, at the end of a preference number title, in a comment at the end of a user_pref line, in the middle of a section description, or at the start of a item's warning section etc.
@earthlng I have tested it for syntax, etc. Do one of your compares to make sure no pref values got changed, or prefs switched between active/inactive. And then make any changes you want and pastebin me back a version. Make any changes you want (ignore passwords/referrers sections), because this is a one time deal since 70% of the lines are going to change. Take your time.
@everyone else - if you want to proof-read it when you have some time, or offer suggestions, go for it. I can do the commit when we're all happy.
extensions.systemAddon* - we will pick up from release diffs
browser.newtabpage.remote* - we will pick up from release diffs (currently off)
looks like they are legacy/deprecated #87 (FF53->54 diffs)
javascript.options.mem.high_water_mark
Garbage collector releases memory back to the system. Default 128
RAM is good, default 128mb is minuscule
browser.safebrowsing.provider.google.lists and browser.safebrowsing.provider.mozilla.lists
the URL is gone, that's enough for future-proofing. I know that's not what this was proposed for, but the speed gain by blanking them is practically zero
deprecated (at least in FF53+; not on DXR)
browser.search.redirectWindowsSearch
config.trim_on_minimize
content.interrupt.parsing
toolkit.crashreporter.enabled
timer intervals - not playing with these since we know allow update checks, otherwise master switches eg for search updates or experiments, will do (365 days in seconds = 31536000)
devtools.telemetry.tools.opened.version - removed in 62
LEFTOVERS [from 18 months of ghacks comments]
click to expland
// earthling other// prevent handlerService overwrites, see chrome://browser-region/locale/region.propertiesuser_pref("gecko.handlerService.defaultHandlersVersion","999");// disable mailto handler// there's actually a ton of network.protocol-handler.external* prefs// we already block the ms-windows-store this wayuser_pref("network.protocol-handler.external.mailto",false);/*** from earthling Sept 2016 ***/// (FF49+) enable sites to use much higher max-age values for HPKP (HTTP Public Key Pinning)// [sites set this in the header]// default value in FF49: 5184000 (60 days) -> 31536000 = 365 days in seconds// WARNING: can block domains for 1 year after last visit if the domain-owners mess things up or get hacked// !! this is only a 'max-age' maximum, not enforcing it to one year, only allowing it to be that long if// sites choose to use such a long max-age// -> also see: https://dxr.mozilla.org/mozilla-central/source/netwerk/base/security-prefs.js#100// https://tools.ietf.org/html/rfc7469#section-4.1// https://news.netcraft.com/archives/2016/03/22/secure-websites-shun-http-public-key-pinning.html// HPKP can be problematic for domain-owners but is a great privacy/security feature for users of those domains.// If some admins want to set max-age to 1 year f.e., it shows that they are confident in being able to provide// and maintain a secure domain-access for that long and are willing to risk huge damages to their companies if// they fail in doing so. Therefore limiting the usefulness of HPKP for end-users by setting a lower max max-age// is not in the interest of more advanced users who know what they are doing and who would like to get the most// out of HPKP.user_pref("security.cert_pinning.max_max_age_seconds",31536000);/*** from various ***/user_pref("mousewheel.system_scroll_override_on_root_content.enabled",false);user_pref("browser.cache.check_doc_frequency",1);user_pref("devtools.cache.disabled",true);user_pref("devtools.remote.wifi.scan",false);user_pref("devtools.remote.wifi.visible",false);user_pref("devtools.webide.adbAddonURL","");user_pref("security.warn_viewing_mixed",true);// also see bug 616712 android?user_pref("browser.display.auto_quality_min_font_size",0);// from ainatar nov 10 2016user_pref("full-screen-api.allow-trusted-requests-only",true);user_pref("full-screen-api.pointer-lock.enabled",true);user_pref("layers.async-video.enabled",true);user_pref("layout.css.prefixes.webkit",true);// not in user.js, listed 19-Feb-2017user_pref("browser.cache.compression_level",1);// default = 0user_pref("media.cache_size",0);// default = 51200user_pref("media.hardware-video-decoding.enabled",false);// default=true// personal stuff?user_pref("layout.word_select.eat_space_to_next_word",false);user_pref("layout.word_select.stop_at_punctuation",true);user_pref("alerts.disableSlidingEffect",true);user_pref("nglayout.enable_drag_images",false);user_pref("browser.link.open_newwindow.override.external",3);
user_pref("browser.backspace_action", 2); - if it's not a privacy issue, can I set it to 5-6?
user_pref("browser.privatebrowsing.autostart", true); - why is this commented out?
user_pref("browser.sessionhistory.max_total_viewers", 0); - is it a privacy / security issue living this commented out?
user_pref("clipboard.autocopy", false); - is this Linux only?
Is commenting out user_pref("media.eme.enabled", false); user_pref("browser.eme.ui.enabled", false); user_pref("media.eme.apiVisible", false);
good for entropy? Do they pose a privacy / security risk if left enabled?
I removed these from my user.js because I think they raise your entropy:
(please let me know if I got it wrong)
As far I can see dom.workers.enabled was security problematic and fixed in previous versions of FF.
Is this one safe to be true now?
Not asking for a change. I have a few pages (fe. https://regex101.com/r/bR8lT1/1) where I would need workers and asking if it is safe to enable in my user.js.
Thank you gang
/*** we have none of these ***/pref("accessibility.ipc_architecture.enabled",true);pref("browser.preferences.animateFadeIn",false);pref("browser.tabs.dontfocusfordialogs",true);pref("browser.uitour.readerViewTrigger","^https:\\/\\/www\\.mozilla\\.org\\/[^\\/]+\\/firefox\\/reading\\/start");pref("devtools.apps.forbidden-permissions","embed-apps");pref("devtools.netmonitor.statistics",true);pref("dom.details_element.enabled",true);pref("dom.mozInputMethod.enabled",false);pref("dom.mozNetworkStats.enabled",false);pref("dom.mozPermissionSettings.enabled",false);pref("dom.mozSettings.allowForceReadOnly",false);pref("dom.mozSettings.enabled",false);pref("dom.mozSettings.SettingsDB.debug.enabled",false);pref("dom.mozSettings.SettingsDB.verbose.enabled",false);pref("dom.mozSettings.SettingsManager.debug.enabled",false);pref("dom.mozSettings.SettingsManager.verbose.enabled",false);pref("dom.mozSettings.SettingsRequestManager.debug.enabled",false);pref("dom.mozSettings.SettingsRequestManager.verbose.enabled",false);pref("dom.mozSettings.SettingsService.debug.enabled",false);pref("dom.mozSettings.SettingsService.verbose.enabled",false);pref("dom.node.rootNode.enabled",false);pref("dom.presentation.discovery.legacy.enabled",false);pref("dom.system_update.debug",false);pref("dom.system_update.enabled",false);pref("gecko.handlerService.allowRegisterFromDifferentHost",false);pref("gfx.prefer-mesa-llvmpipe",false);pref("image.mozsamplesize.enabled",false);pref("layout.css.display-contents.enabled",true);pref("network.standard-url.encode-utf8",true);pref("network.standard-url.escape-utf8",true);pref("security.ssl.enable_npn",true);pref("security.ssl.false_start.require-npn",false);
==CHANGED
pref("browser.addon-watch.ignore","[\"[email protected]\",\"[email protected]\",\"[email protected]\",\"fx-devtools\",\"[email protected]\"]");// prev: "[\"[email protected]\",\"[email protected]\",\"[email protected]\",\"fx-devtools\"]"pref("browser.migrate.chrome.history.limit",2000);// prev: 0pref("browser.migrate.chrome.history.maxAgeInDays",180);// prev: 0pref("browser.safebrowsing.provider.mozilla.lists","base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256");// prev: "base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256"pref("devtools.jsonview.enabled",true);// prev: falsepref("devtools.netmonitor.har.defaultFileName","Archive %date");// prev: "Archive %y-%m-%d %H-%M-%S"pref("devtools.toolbox.toolbarSpec",'["splitconsole", "paintflashing toggle","scratchpad","resize toggle","screenshot --fullpage --file", "rulers", "measure"]');// prev: '["splitconsole", "paintflashing toggle","scratchpad","resize toggle","screenshot --fullpage", "rulers", "measure"]'pref("lightweightThemes.recommendedThemes",/*** big long string ***/);// prev: /*** big long string ***/pref("media.decoder-doctor.notifications-allowed",/*** big long string ***/);// prev: /*** big long string ***/pref("media.dormant-on-pause-timeout-ms",5000);// prev: -1pref("media.navigator.audio.full_duplex",true);// prev: falsepref("places.frecency.permRedirectVisitBonus",50);// prev: 0pref("places.frecency.tempRedirectVisitBonus",40);// prev: 0pref("services.sync.engine.tabs.filteredUrls","^(about:.*|resource:.*|chrome:.*|wyciwyg:.*|file:.*|blob:.*)$");// prev: "^(about:.*|chrome://weave/.*|wyciwyg:.*|file:.*|blob:.*)$"pref("urlclassifier.disallow_completions",/*** big long string ***/);// prev: /*** big long string ***/
Closing this issue. This list wasn't really maintained (and there are lots more Firefox bugs like this, just not necessarily tagged as Tor Uplift). RFP and FPI specific bugs are on other sticky issues.
Locked sticky issue for tracking other Tor Uplift items of interest (after RFP #7 and FPI #8 )
The 1600's section currently has only one active pref, and recommends using an add-on. In 52, it could be completely inactive - this doesn't seem right - surely some of these 7 prefs by default could be tightened up? And I think the section still needs better explanation (It's getting a bit confusing). I don;t mind losing all the numbering and starting from scratch, so it's logical. @fmarier 's opinion here would be great. Especially what the inactive defaults should be. Do we set them at FF defaults, or at most private or at a balance for less site breakage - and the new ones, what do we do with those: the first of which I have not filled in what 0 or 1 means, and I'd also like someone else to confirm what I already have is ok/right, including the descriptions.
Should I add an explanation that PB means no retained session data such as history, cookies etc? Part of this js' appeal is the descriptions and notes.
And where to put it. I would like to put it in startup 0100, as it doesn't singularly fit in another section, eg 0800 (forms, history) and 2700 (cookies/dom)
FYI there is (at least) one Firefox add-on which will not perform correctly with dom.workers.enabled set to false : Country Flags & IP Whois
I've had difficulty finding the culprit when I noticed that Country Flags & IP Whois wasn't displaying the country flag & IP address in the urlbar because switching dom.workers.enabled to default = true wouldn't make it before restarting Firefox.
If it is possible, and that's what I was doing, to set dom.workers.enabled to true on a per-site basis (Google Street View mainly, here) it leads to a choice setting vs. add-on when an add-on won't run if set to false. I'm keeping the add-on in this case because I really use it quite a lot.
If it is possible, and that's what I was doing, to set dom.workers.enabled to true on a per-site basis
When XUL goes, AFAIK, web extensions will not allow add-ons to change (maybe even to read) preferences that are not their own. Extensions to flip prefs will be obsolete. That said, we have until 57 (and after that the ESR extended life). Also e10s is almost enforced, just to make matters a little tougher.
There are quite a few add-ons that flip prefs with whitelists. Maybe you can hunt one down and all it would need is a little code change - but, IMO, that's not a very elegant solution as it doesn't handle multiple pages on the fly. Probably easier, a simple toggle button extension of which there are hundreds of these, but no idea if any are e10s compliant.
If it weren't this Country Flags & IP Whois Firefox add-on which requires dom.workers.enabled set to its default true value to perform I'd include dom.workers.enabled to a Custom Buttons (Firefox add-on itself) button called Pref Toggler (http://custombuttons.sourceforge.net/forum/viewtopic.php?f=4&t=381) which allows a quick access & edit to about:config settings chosen by the user. But as I said when it comes to an add-on which requires a default about:config setting to be left unchanged then it's either the add-on or the setting when this add-on runs and performs on each and every Web page.
I'll add that I was surprised that a very add-on depended on dom.workers.enabled, when I thought up to now that this setting concerned Web sites only.
FWIW: Flagfox does all this and more, and is e10s. I'm always wary of these sorts of things (yes I know country data is local csvs etc) - you want to be careful what data is being sent to who (and how, is it https) in order to look info up (and is it automated or only when you go to check?).
The country flag and server IP is performed automatically, the DB is local (included in the add-on) but the IP Whois is only performed on demand. So there's no automatic external call.
Concerning the IP Whois the one used by the add-on is, IMO, clumsy. I've mentioned this together with an improvement proposition for performing Whois with another site, on the add-on's GitHub page at andy-portmen/country-flags#1
I really like this add-on, runs fine and allows the user to have quick and substantial info about the visited site .... but it needs dom.workers.enabled set to true ...
Is there a reason that search suggestion from bookmarked and opened tabs are disabled?
I am using the following: browser.urlbar.maxRichResults = 8 browser.urlbar.suggest.bookmark = true browser.urlbar.suggest.openpage = true
Just can't see any privacy problems here, only productivity improvements.
Also accessibility.typeaheadfind = true seems nice productivity improvement.
For dom.event.contextmenu.enabled I am not sure about privacy/security (?), but some pages (outlook web access for example) provides additional control over context menu.
I propose that we start using version numbers to match Firefox. When the user.js is ready for the next stable, eg 52, I commit changes to the date and version number and create a release. I assume the release will be an archived version of all files (so far license and use4r.js) - right?
This way users can easily get the version that is applicable to their FF - starting from 51+. I know it doesn't exactly help ESR but is a good starting point i.e take version 45-51 as applicable and uncomment deprecated for ESR 45, etc - any pref active not used in code is harmless, if that makes sense.
So, should we do this? Change the current user.js to version 51, change the release date to today, and make a release with the tag 51 ?
This section IMO doesn't really belong in the main js, which is meant to be for privacy, security, FP'ing tweaks. I originally added webm as the default differed (but not any more) and I wanted to view them occasionally. Then feature creep happened - partly because of the changes and migration on the web from flash to html5 (I wanted to make sure all the youtube boxes came up ticked, so users can ditch flash more comfortably), and now it's expanded to include flac and so on. It ended up under the "media" section over the course of it's lifespan so far. I think it's still good information to have, but I see no security issues here.
In FF52 the defaults for all are true, so we differ on 5 of them. Is this FP'able in any way? Does it really matter?
/* currently as in the user.js ***//* 2025: enable/disable various media types [SETUP] ***/user_pref("media.mp4.enabled",true);user_pref("media.flac.enabled",true);// (FF51+)user_pref("media.ogg.enabled",false);user_pref("media.ogg.flac.enabled",false);// (FF51+)user_pref("media.opus.enabled",false);user_pref("media.raw.enabled",false);user_pref("media.wave.enabled",false);user_pref("media.webm.enabled",true);user_pref("media.wmf.enabled",true);// https://www.youtube.com/html5 - for the two H.264 entries
I propose setting the lot to true, commenting them all out, and moving to the personal section. At the very least, this removes ambiguity over privacy/security concerns, and reduces any possible breakage.
Before we revamp the 2300 section, which I will rename as Web Workers, I think it's important we understand what they are. This issue is for discussing that, and any ramifications: security/privacy.
NOTE: also see #60 which mentions the FBI exploit, CVEs (might be fixed but there will be more), latest Pwn2Own exploit, add-on breakage (find another add-on or talk to the developer).
A worker is an object that runs a named JavaScript file
A worker runs in a global context that is different from the current window
A worker is a background task that can be easily created and can send messages back to its creator
Workers may in turn spawn new workers as long as those workers are hosted within the same origin as the parent page
Service Worker
Service workers only run over HTTPS
Service workers essentially act as proxy servers that sit between web applications, and the browser and network
A service worker is an event-driven worker
A service worker takes the form of a JavaScript file that can control the web page/site it is associated with, intercepting and modifying navigation and resource requests, and caching resources
A service worker is run in a worker context: it therefore has no DOM access
Service Worker APIs are hidden (in Firefox) and cannot be used when the user is in private browsing mode.
Shared Worker
Shared workers are workers that can be utilized by multiple scripts running in different windows, tabs, iFrames, etc., as long as they are in the same domain as the worker.
Chrome Worker
Chrome Workers are a Firefox-only type of worker that you can use if you want to use workers in extensions
functions/apis of interest available to web workers:
Broadcast Channel API: same origin communication between browsing contexts (windows/tabs/iframes)
Cache API: can control cache storage
Channel Messaging API: direct communication via SharedWorker between browsing contexts (windows/tabs/iframes)
Worker: workers can spawn new workers
Security concerns
[bad] no restriction with local access: running workers from file:// - this needs to be checked. Chrome blocks this by default, other browsers do/did not.
[good] Worker scripts must be external files with the same scheme as their calling page
i.e: you cannot load a script from a data: URL or javascript: URL
: an https: page cannot start worker scripts that begin with http: URLs
[mention] loads of CVEs! more to come? exploit at very recent pawn2own?
Privacy concerns
can communicate over same origin between contexts - ie. across different windows, tabs, iframes
Push API and Notification API (note: As of Firefox 44, the permissions for Notifications and Push have been merged) - messages delivered whether or not the web app is in the foreground, or even currently loaded
/* 0850b: disable location bar dropdown
* This controls the maximum number of entries that can appear in the location bar dropdown.
* Zero completely disables it. If you want ANY dropdown functionality, this must be changed ***/
Zero does not completely disables it.
/* 0850c: disable location bar suggestion types
* [SETTING] Options>Privacy>Location Bar>When using the location bar, suggest
* [NOTE] If you wish to enable these suggestions, make sure 0850a and 0850b are at default ***/
0850b doesn't need to be at default to enable... actually can be anything, but results are funny.
0850a is a master switch, since you have the false value, I don't see a reason to force 0850b to 0.
I am in the middle of 52 upgrades + changes, revamping passwords section, revamping 800 section, waiting to commit 1600 section revamp, trying to close out the wiki and readme (and have a life and do my other sh*t) .... anyway, I just moved the following pref from the 0800 section where it does not fit, and for the life of me can't remember (or added it before it launched and never fully explored it) what the heck it actually achieves.
At first glance it doesn't seem to do anything. It does not block the page or disable the buttons in about:searchreset.. Nor does not disable the button "Restore Default Search Engines" in Options>Search (which I am loathe to click right now, but could do a test later). I'm a bit preoccupied with a dozen things. Can someone please tell me exactly what this does. I would like to either dismiss the pref or clarify exactly what it does.
I thought I would start a thread on known PB mode issues/problems. Personally, I don't think I know of any real benefits to PB mode over a controlled normal mode, and quite a few downsides. I'll start the ball rolling by mentioning one item
You cannot see or control PB mode cookies, or so called "private cookies". So essentially, until you close Firefox, your cookies that you accept will be retained. Good luck to people who think running PB mode for days on end is a good idea
This is why I always think its better to start in normal mode and flick open a new private window when needed. Indeed, without closing FF, just closing all PB Mode windows clears the data, and the next PB Mode window starts anew - as evidence by the tracking id PoC at http://www.radicalresearch.co.uk/lab/hstssupercookies
normal window: Your tracking id was set. wzezgm
new PB window: Your tracking id was set. l0ndfz (and then close all PB Mode windows)
new PB window: Your tracking id was set. 9ub0k6
Maybe Francois can tell what benefits PB mode offers that we can't achieve in normal mode already using smarts
no change. we choose to disallow all and tell users to use an extension for granular control
pref("pdfjs.disabled", true); // ghacks: false
no change. I would rather by default use the inbuilt reader. The info is all there in the pref number description, and informed users can change to external and use anything that they consider more secure/lightweight. We don't know what every end user has as a pdf app on their system - forcing an end user by default to this is a bad strategy for us. One word .. Acrobat.
no change: We do not want to destroy peoples cookies, especially when our default is block all and use an extension to control them. The only other thing we don't clear on shutdown is site preferences (which would upset a lot of users if sprung on them). The info is there if someone wants to clear absolutely everything
no change: we think manual updates allow flexibility for reasons stated in the pref descriptions. Note for this and SB + TP, the readme and descriptions and js section header will point these particular pitfalls out (there will be iittle else in the section header, so it will stand out) - that's THREE places the user has been told in hard to miss terms, and the onus is on them
no change: pros and cons. Pros: possibly encourages more complex password use, is convenient, and why should sites dictate when I can and can't remember passwords. Cons: some sites should never remember passwords, like bank sites. At least with this setting, users can make their own mind up. I'll add something to the description
Hello,
I have recently been experiencing some issues with ghack. This is the first of many.
Steps to reproduce:
1- Get latest firefox nightly on Arch Linux.
2- Try to go to 'about:preferences#privacy' and notice how everything is blank an empty
3- Click on an other tab
4- Try clicking on the privacy tab and notice how the tab doesn't change.
foreword: Here are the changes since the last changelog (except this is the first!). While we are continually improving and making changes, rest assured all the important 52 bits and bobs have been covered.
note: the comments in the code snippets below are for this changelog's commentary
changelog:
if you're not willing to do some reading (a lot!) this user.js is not for you
ok ... let's get to the good stuff now ... prefs, prefs, prefs and some more prefs ...
we reworked the Referrer Header section
(thanks to @fmarier [our resident mozilla Security Engineer] and everyone else who helped!)
user_pref("network.http.referer.XOriginPolicy",1);// Beware! This can cause breakage! see section 1600user_pref("network.http.referer.spoofSource",false);// enforcing FF52 default valueuser_pref("network.http.referer.trimmingPolicy",0);// enforcing FF52 default valueuser_pref("network.http.referer.XOriginTrimmingPolicy",0);// enforcing FF52 default value -- new in FF52user_pref("network.http.sendRefererHeader",2);// enforcing FF52 default value// user_pref("network.http.referer.userControlPolicy", 3); // not in FF52 - new in FF53
new Prefs for Firefox 52.0
user_pref("javascript.options.wasm",false);// default: true -- if you want to use WebAssembly comment this one outuser_pref("network.cookie.leave-secure-alone",true);// enforcing FF52 default valueuser_pref("security.insecure_field_warning.contextual.enabled",true);// enforcing FF52 default valueuser_pref("signon.autofillForms.http",false);// enforcing FF52 default value
other new additions since user.js v51
user_pref("browser.ssl_override_behavior",1);user_pref("browser.urlbar.suggest.bookmark",false);// you may not like thisuser_pref("browser.urlbar.suggest.openpage",false);// ... or thisuser_pref("browser.xul.error_pages.expert_bad_cert",true);user_pref("network.IDN_show_punycode",true);// you may not like this if you're using a non-latin alphabetuser_pref("security.csp.enable",true);// enforcing FF52 default valueuser_pref("security.csp.experimentalEnabled",true);// experimental - yes we're adventurous - use on your own risk !!
added some prefs that are commented out by default
user_pref("browser.link.open_newwindow.restriction",0);// this will open some popup-windows in a tab insteaduser_pref("network.stricttransportsecurity.preloadlist",true);// we also changed the value to true !!! -- default: trueuser_pref("privacy.clearOnShutdown.openWindows",false);// we also changed the value to false !!! -- default: falseuser_pref("privacy.cpd.openWindows",false);// we also changed the value to false !!! -- default: falseuser_pref("privacy.donottrackheader.enabled",false);// we also changed the value to false !!! -- default: false
user_pref("clipboard.autocopy",false);user_pref("general.appname.override","Netscape");user_pref("general.appversion.override","5.0 (Windows)");user_pref("general.buildID.override","20100101");user_pref("general.oscpu.override","Windows NT 6.1");user_pref("general.platform.override","Win32");user_pref("privacy.cpd.downloads",true);
deprecated
browser.usedOnWindows10.introURL
dom.battery.enabled (still exists but is no longer necessary in FF52+)
dom.mozTCPSocket.enabled (was never in the user.js)
dom.telephony.enabled
media.gmp-eme-adobe.autoupdate
media.gmp-eme-adobe.enabled
media.gmp-eme-adobe.visible
network.http.sendSecureXSiteReferrer
plus we fixed some typos and other minor things
=> we're trying our best but grammar nazis are very welcome
we also changed one of the URL-prefs so we can log all your browsing history
=> seriously, you should never use something like this without reading it from top to bottom
=> no seriously - don't worry - we would never do that (or would we?)
Thanks to everyone who contributed - we appreciate it a lot!
any and all help, suggestions, recommendations, links, tips and tricks, questions, thank you's or whathaveyou - signup/login and start typing
Use this issue to suggest scripts for our wiki section Further Hardening: Extension Scripts. We're looking for scripts that enhance privacy and security, and block tracking and fingerprinting.
Please try to stick to general/global or major site specific scripts (such as google), rather than obscure sites no one really cares about.
Please note: The comments here will be regularly cleaned out to keep this sticky usable
FYI... @Thorin-Oakenpants you can delete this post after reading
Nothing new, but there are some sites identified
network.http.sendSecureXSiteReferrer = false > breaks login at aliexpress
dom.indexedDB.enabled = false > breaks Outlook Web Access (at least on Exchange 2013)
full-screen-api.enabled = false > breaks fullscreen video (youtube, etc...)
I use recommended add-ons. Everything was fine until this time. But with the release of Firefox 53, everything has changed. I sometimes began to lose forms of filling in the login and password on many sites.
i'm not aware of 'dom.event.contextmenu.enabled' breaking JS context menus - rather the JS context menu is placed under the default FF context menu, so you have both - if you want to use the JS menu, press Esc once
current descrip:
'[WARNING] This will break sites' functionality such as Dropbox'
might want to change that to reflect what i stated above?
https://dh2048.badssl.com/ => we break dh2048 due to user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
The eff article explicitly names that pref and recommends to disable it even though it talks about 1024-bit primes being presumably broken by the NSA, and that pref uses a 2048-bit prime.
There's also this sentence from the mozilla wiki for "Modern compatibility":
DHE is removed entirely because it is slow in comparison with ECDHE, and all modern clients support elliptic curve key exchanges.
It doesn't say it's easy to break only that it's slow. Do we assume the NSA can also break DHE with a 2048-bit prime, or should we comment out that pref for less breakage (and recommend it only for the paranoid?) - because according to badssl.com dh2048 is still secure.
If we keep it, we may want to rename 1210 to 'disable DHE (Diffie-Hellman Key Exchange)' and remove the 1024 bit part.
'Modern compatibility' ciphers and the matching pref:
ECDHE-ECDSA-AES128-SHA256 => security.ssl3.ecdhe_ecdsa_aes_128_sha (disabled by 1214)
ECDHE-RSA-AES128-SHA256 => security.ssl3.ecdhe_rsa_aes_128_sha (disabled by 1214)
Interestingly Firefox sends them in a different order (see howsmyssl.com).
Instead of 1-8 its 5,6,3,4,1,2,7,8
When 9+10 are enabled the order is 5,6,3,4,1,2,7,9,8,10
(+ TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA at the end [11+12], for the 2 remaining ones that we still allow)
The Rationales explain some of it:
In Modern compatibility: AES256-GCM is prioritized above its 128 bits variant, and ChaCha20 because we assume that most modern devices support AESNI instructions and thus benefit from fast and constant time AES.
While in Intermediate compatibility (default): ChaCha20 is prefered as the fastest and safest in-software cipher, followed by AES128. Unlike the modern configuration, we do not assume clients support AESNI and thus do not prioritize AES256 above 128 and ChaCha20. There has been discussions on whether AES256 extra security was worth its computing cost in software (without AESNI), and the results are far from obvious. At the moment, AES128 is preferred, because it provides good security, is really fast, and seems to be more resistant to timing attacks.
Well, anyhow, there's nothing we can do about it anyway.
Apart from the 10 modern ciphers (2 of which we have disabled) we only support 2 older ones: security.ssl3.rsa_aes_128_sha and security.ssl3.rsa_aes_256_sha, which is why static-rsa (https://static-rsa.badssl.com/) still works, but it's listed with an ! and not a red warning sign.
The only other thing that I really don't like is that https://incomplete-chain.badssl.com/ still works.
But maybe this can be fixed if security.nocertdb is set to true; I haven't tested this because I really don't like the current implementation behind that pref.
IMO we should remove 1214, because the 128bit in AES is not the problem, 5+6 have them also.
And the 2 prefs in 1214 are part of the 10 modern ciphers.
Perhaps we were a bit overeager when we added 1214, without really understanding it. (?)
If you start FF in "normal" mode, any new private windows will display a badge/icon in the top right (a mask image). (Side note: themes do not load either)
If you start FF in PB mode, there is no PB mode icon shown anywhere. If you then open a new "normal" window, there is no difference to that visually from the PB mode window (I have never started in PB mode so I would like to clarify this).
I have tested this with multiple vanilla FF52s. To me, this either a bit of a failure and/or ambiguous. @fmarier
==
below are three concurrent profiles (vanilla FF52), all with Options>Privacy>History>Firefox will use custom settings, starting in "normal" mode (i.e "always use PB mode" is unchecked), with spawned PB windows (just reusing the image from the wiki to show the PB mode badge and loss of theme)
And here is a browser.privatebrowsing.autostart->true. If you spawn a "new window" or a "new private window", they are indistinguishable
==
So am I missing something here?
The wording in options is "ALWAYS use PB mode", which at face value means that if you start in PB you can only spawn PB mode windows - regardless of the command (new window or new private window).
If this is true (start PB mode = ONLY PB mode windows), then why even allow the command "new window". This is misleading. It should be disabled IMO or (to keep the ctrl-n which people use) the icon changed to the same as "new private window" - whatever, also needs to cover context menus/menus/hamburger buttons/key-combos?. It needs to be clear.
Also, why is the PB mode badge missing. This should, IMO, be enforced. See this from mozilla support: "Private Browsing windows have a purple mask at the top", but also "When Firefox is set to Never remember history you won't see a purple mask at the top of each window, even though you are effectively in Private Browsing mode". Who dreamed that up?
While people should be responsible for their own tweaks etc, what if an addon or script changed the start mode back to normal. An end-user wouldn't pick up on it.
I do not start in PB mode myself (never have until now), but read/assumed that you could spawn a "normal" window (because the menu item/key-combo/hamburger buttons/context menus are all there) - indeed I have suggested this to others to test if the cause of an issue was PB mode (recently it was containers not working, then SDC addons not working - and both times the reply was, yes, that's it - not 100% sure if that means they followed my advice exactly - I'm guessing not)
So which is it: PB start mode->new window-> is this a normal window or a private window?
I notice that reader.parse-on-load.enabled = false to disable Reader View. What is the reasoning behind this choice? I'm having a hard time understanding what privacy downside there is since switching to this view does not result in any more network request (according to the Network log).
pref("extensions.blocklist.url", "https://blocklists.settings.services.mozilla.com/v1/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/"); // prev: "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/%PRODUCT%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/%PING_COUNT%/%TOTAL_PING_COUNT%/%DAYS_SINCE_LAST_PING%/"
=> Migrate the blocklist preferences to new URI
pref("apz.allow_with_webrender",false);pref("browser.formautofill.loglevel","Warn");// see master switch to disablepref("browser.urlbar.usepreloadedtopurls.expire_days",14);// see master switch to disablepref("browser.storageManager.pressureNotification.minIntervalMS",1200000);pref("browser.storageManager.pressureNotification.usageThresholdGB",5);pref("devtools.gridinspector.showGridOutline",false);pref("devtools.source-map.locations.enabled",false);pref("dom.forms.select.customstyling",true);// https://bugzilla.mozilla.org/show_bug.cgi?id=1339966pref("dom.ipc.plugins.forcedirect.enabled",true);// we do not support flashpref("dom.moduleScripts.enabled",false);// ECMAScriptspref("dom.timeout.max_consecutive_callbacks",5);pref("dom.vr.puppet.enabled",false);pref("dom.vr.test.enabled",false);pref("extensions.e10sMultiBlocksEnabling",true);// leave e10s experimental staging alonepref("gfx.downloadable_fonts.keep_variation_tables",false);pref("gfx.downloadable_fonts.otl_validation",false);pref("gfx.webrender.enabled",true);pref("image.mem.animated.discardable",false);pref("image.mem.shared",false);// ^^ https://bugzilla.mozilla.org/show_bug.cgi?id=1331944// ^^ https://bugzilla.mozilla.org/show_bug.cgi?id=1339202pref("intl.tsf.associate_imc_only_when_imm_ime_is_active",false);pref("intl.tsf.hack.ms_japanese_ime.do_not_associate_imc_on_win10",true);pref("intl.uidirection",-1);pref("layers.advanced.border-layers",false);pref("layers.advanced.caret-layers",false);pref("layout.css.text-justify.enabled",false);pref("layout.scrollbars.always-layerize-track",false);/* https://developer.mozilla.org/en-US/docs/Mozilla/QA/Marionette ***/pref("marionette.enabled",false);pref("marionette.forcelocal",true);pref("marionette.log.level","info");pref("marionette.port",2828);pref("marionette.prefs.recommended",true);pref("media.eme.vp9-in-mp4.enabled",false);pref("media.ffmpeg.low-latency.enabled",false);pref("services.sync.engine.bookmarks.validation.interval",86400);pref("services.sync.engine.bookmarks.validation.maxRecords",1000);pref("services.sync.engine.bookmarks.validation.percentageChance",10);pref("signon.masterPasswordReprompt.timeout_ms",900000);pref("network.throttle.enable",true);pref("network.throttle.resume-for",2000);pref("network.throttle.suspend-for",2000);
pref("browser.safebrowsing.provider.google4.lists","goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto");// prev: "goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto"pref("dom.event.highrestimestamp.enabled",true);// prev: falsepref("dom.ipc.plugins.asyncdrawing.enabled",true);// prev: false // we do not support flashpref("extensions.blocklist.detailsURL","https://blocked.cdn.mozilla.net/");// prev: "https://www.mozilla.com/%LOCALE%/blocklist/"pref("extensions.blocklist.itemURL","https://blocked.cdn.mozilla.net/%blockID%.html");// prev: "https://blocklist.addons.mozilla.org/%LOCALE%/%APP%/blocked/%blockID%"pref("font.name-list.serif.x-math","...");// removed 'Symbol' from the listpref("layout.css.clip-path-shapes.enabled",true);// prev: falsepref("security.mixed_content.hsts_priming_cache_timeout",604800);// prev: 10080
Does anyone have information on the new 'Site Deployment Checker' Extension? I've found only a vague, "politician type" answer with a Bug report:
...this system addon is used by mozilla to look into the integrity of its critical infrastructure like the download page by looking at real world data of certificates in use there (bug 1346017).
While I'm at it, what the scoop on 'Application Update Service Helper'? I keep all auto-update stuff disabled so I can manually check when needed. Does this interfere with anything yet?
1382533 enable fingerprinting resistance for Presentation API
1384330 disable mozAddonManager Web API
// user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
๐ป FF58
967895 prompt (site permission) before allowing canvas data extraction
FF59: 1413780 when RFP=true include canvas in site permissions panel
FF59: 1376865 reduce canvas prompt fatigue by only prompting when user initiated (controlled by a temp pref privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts )
FF61: 1412961 RFP breaks extensions using canvas eg Screenshots:
until then, you can open about:debugging>Add-ons, click the extension's manifest.url and on that page, right click >View Page Info>Permissions and set a canvas exception
FF62: 1453916 Fixes more extension + canvas issues
1397611 extensions can control privacy.resistFingerprinting
1424341FYI ONLY: Timing: not added to user.js: RFP timing & timer precision
// privacy.reduceTimerPrecision
// privacy.resistFingerprinting.reduceTimerPrecision.microseconds
๐ป FF59
1372073 spoof/block fingerprinting in MediaDevices API
1039069 warn when language prefs are set to non en-US
privacy.spoof_english (pref is used internally AFAICT, we should not meddle with it)
at this stage the pref has not been added to the user.js, but the bugzilla has
1222285 spoof keyboard events and suppress keyboard modifier events
The shutdown section needs a some love. Using words like "stuff" in 2803 is lame. I'm also not happy with the 2803a and 2804a numbering. Those 2 prefs need to be clarified exactly what they are doing as well. Especially 2803a, because we are shutting down, so how can that differ from what is already in 2803. As for 2804a, does it close current tabs/windows (but leave FF open) or what. I need to do some testing in a nilla FF.
Also, the section header could expanded a tad to explain clearing session data vs keeping it - a bit like the new 0800 (forms etc) section.
dom.event.contextmenu.enable, currently under 2200 UI Meddling. Issue created because someone else queried it - so lets discuss it.
Personally, I find it annoying that sites remove my right click context, and only a handful of sites I use use it (for enhanced functionality/features), and it is handy - but I just bypass that functionality, or use a secondary browser. While it nicely fits in the section, it really, IMO, has no privacy issues.
The other issue is, how widespread is sites abusing this, if at all. What does setting a nothing right click context achieve (is this the ruse they use to disable selecting text?). I have no idea because its been disabled for me for years.
IF there are no security (and privacy) concerns, then should this be moved to the personal section?
Just putting here some settings I have stumbled upon.
I haven't investigate into those yet, so don't kill me, please. :)
Some might be deprecated already, some might not be existing, etc.
I think the 1000s cache section could do with a little love. My thoughts are the header section (or some items) needs a [SETUP] tag and information on session restores (crash recovery etc).
I gave pk some instructions the other day on how to trigger a FF crash. I'll repost them here. I need to make sure that all the session restore and resume from crash is grouped together, and to make sure it is clear what needs to be done to enable them.
network.http.enablePerElementReferrer is commented out in user.js [ghacks]-0.11.js as well as in, here, ghacks-user.js-51.0 but with no additional information.
Mozilla's Firefox has introduced an experimental "per-element referrer" feature which is transmitting HTTP referrer for particular elements such as:
Hyperlink
Picture
Frame
Clickable area
That sites advises to set it to false (default=true). But not sure the setting is still experimental and not sure as well that site is right.
I've set it to false,
// Disable per-element HTTP referrer (HTTP referrer for particular elements such as Hyperlink, Picture, Frame, Clickable area)
// https://www.anonymous-proxy.eu/firefox-privacy-tuning.php
user_pref("network.http.enablePerElementReferrer", false); // Default=true
WONTFIX: both deprecated, the first approx FF37
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false);
user_pref("network.negotiate-auth.allow-insecure-ntlm-v1-https", false);
WONTFIX: deprecated approx FF41 (note: still two returns in DXR, not used)
user_pref("browser.newtab.url", "about:blank");
In case you were wondering about these redo section issues (there are more coming):
the user.js has been one person's vision of how to structure it, order it, word it, where to put items, with some feedback in a wordpress forum, with over two years of adding items, usually at the end although I did try to leave gaps, and I did do some sort of revamps over the releases
github affords us the chance to have really decent discussions (and arguments) in a proper collaborative environment, in order to whip this puppy into shape, and to overhaul all the inconsistencies, logic, wording, and more. The sky's the limit. Synergy and all that stuff.
I want to revamp these sections (we don't need to do all of them) before I do a 52 release, that way, after the 52 release, the majority of changes will be minimal
And after the revamps, Martin will do an article, and people who come and fork will then have less upheaval and commits etc.
Basically, this is two years worth of everyone making my mess better :)
Section 1200 needs some love. I know @earthlng has some ideas for this section. I definitely want ciphers grouped together in say a 1250s. This is all about the order, numbering, wording. Don't want to get into discussions on the merits of turning things on and off or technical discussions on cipher suites and how curves are better than squares xD.