New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Candidate Options #442
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
mozilla-central is the nightly channel! (currently FF62) usually about 1 week before the next major release (FF60.0, FF61.0, etc), mozilla-beta is merged to mozilla-release, and shortly afterwards mozilla-beta is updated will all the changes from mozilla-central. So, atm, if you want to know if a pref still exists in FF60 you need to check the mozilla-release channel. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
ESR60 portable will be released for ESR60.1. New TBB alpha based on ESR60 will also be released around that time. (June 26th -ish)
all the network.protocol-handler.* stuff might be worth looking into. (create a new issue?) As for the rest, I haven't looked at everything yet but this is what I have so far: click me
user_pref("accessibility.AOM.enabled", false); // default is false atm. no idea what AOM is (?)
// apz is scrolling stuff, right? whats bad about this?
user_pref("apz.autoscroll.enabled", false);
user_pref("apz.drag.touch.enabled", false);
user_pref("apz.frame_delay.enabled", false);
user_pref("apz.keyboard.enabled", false);
user_pref("apz.keyboard.passive-listeners", false);
user_pref("browser.disableResetPrompt", true); // this?
user_pref("browser.download.manager.alertOnEXEOpen", true); // maybe add near 2654
user_pref("browser.download.panel.shown", true); // don't need this
user_pref("browser.feeds.showFirstRunUI", false); // don't need this
user_pref("browser.formfill.expire_days", 0); // covered by browser.formfill.enable=false
user_pref("browser.meta_refresh_when_inactive.disabled", true); // this?
user_pref("browser.search.useDBForOrder", true); // auto-set when you change the order of your search engines
user_pref("browser.search.widget.inNavBar", true); // 5000 ?
user_pref("browser.startup.blankWindow", true); // nothing to do with security/privacy
user_pref("browser.startup.homepage_override.buildID", "20100101"); // unnecessary and covered by browser.startup.homepage_override.mstone=ignore
user_pref("browser.tabs.extraDragSpace", false); // default false - maybe add to 5000 ? does it mess with RFP screen-size?
user_pref("browser.urlbar.default.behavior", 2); // what's this?
user_pref("clipboard.plainTextOnly", true); // interesting
// these seem useless. all 3 were runtime-set to true in my nightly62. setting fe. dictionary to false in about:config and then loading about:addons automatically resets it back to true
user_pref("extensions.ui.dictionary.hidden", false);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.locale.hidden", true);
// covered by javascript.options.wasm=false
user_pref("javascript.options.wasm_baselinejit", false);
user_pref("javascript.options.wasm_ionjit", false);
// these 3 should be covered by media.peerconnection.enabled=false
user_pref("media.peerconnection.dtmf.enabled", false);
user_pref("media.peerconnection.rtpsourcesapi.enabled", false);
user_pref("media.peerconnection.video.vp9_enabled", false);
user_pref("network.cookie.blockFutureCookies", false); // what's this?
user_pref("network.gio.supported-protocols", ""); // maybe add this? hidden pref which, if unset, defaults to "smb:,sftp:". see bug1433507
user_pref("network.http.prompt-temp-redirect", true); // maybe add this?
user_pref("network.http.rcwn.enabled", false); // race-cache-with-network - seems fine to me
user_pref("network.http.throttle.enable", false); // throttling downloads and whatnot when something more important happens (pageload, etc) - seems fine to me
user_pref("network.warnOnAboutNetworking", false); // people can disable the warning when they go to about:networking - not worth adding to the user.js IMO
user_pref("plugin.disable", true); // what's this? does this work?
user_pref("pref.advanced.javascript.disable_button.advanced", false); // disable-button? where's this button? dead pref?
user_pref("privacy.history.custom", true); // what's this?
user_pref("privacy.item.cookies", true); // what's this?
user_pref("security.mixed_content.block_object_subrequest", true); // block http-subrequests triggered by Flash - will be set to true by default soonish but I don't mind adding this already
// we have ignored Sync stuff so far
user_pref("services.sync.engine.addons", false);
user_pref("services.sync.engine.bookmarks", false);
user_pref("services.sync.engine.history", false);
user_pref("services.sync.engine.passwords", false);
user_pref("services.sync.engine.prefs", false);
user_pref("services.sync.engine.tabs", false);
user_pref("services.sync.sendVersionInfo", false);
user_pref("services.sync.telemetry.maxPayloadCount", "0");
user_pref("services.sync.telemetry.submissionInterval", "1999999999");
user_pref("webextensions.storage.sync.enabled", false); // this can mess with certain webextensions |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
https://developer.mozilla.org/en-US/docs/Web/API/Using_the_Browser_API
https://dxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#1629-1630
https://bugzilla.mozilla.org/show_bug.cgi?id=1238079
... only exposed to chrome code and probably breaks some devtools if disabled -> moved to part 9 |
Firefox 61 Site Compatibility - Privacy & Security:
|
https://dxr.mozilla.org/mozilla-central/source/modules/libpref/init/all.js#2243
seems fine to me. Since default is true, the majority of FF users will have it enabled and disabling it can probably be measured/observed by a site and makes you more unique (for no good reason IMHO) |
Hello, I'm maintaining my own user.js file since 2015 and I just recently found this project.
I found here some options (not very important) that I'd missed (and copied them into mine!), but I also found many options that I had and you don't.
Maybe 90% of these were once evaluated/dismissed, but even if there are a couple of options that I'm using which can improve the privacy of your users you might be willing to skim over these.
So, after analyzing the diff, these are only those options that I have, and you don't:
451 prefs not in ghacks user.js
113 items already in the ghacks user.js
The text was updated successfully, but these errors were encountered: