user.js
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
Bot releases are visible (Hide)
The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. Point release to fix some syntax
all changes: https://github.com/arkenfox/user.js/compare/126.0...126.1
Published by Thorin-Oakenpants 4 months ago
π¦ links:
- FF126 release notes | FF126 for developers | FF126 security advisories
- FF125.0.1 release notes | FF125 for developers | FF125 security advisories
- FF124 release notes | FF124 for developers | FF124 security advisories | FF124.0.1 security advisories
- FF123 release notes | FF123 for developers | FF123 security advisories
πͺ issues:
π© changelog summary
Except for 12 new sanitiizng prefs [1] which will not be used until FF128, there is only one new active pref that applies (spoof_english) which if you use that, should already be in your overrides. The rest are inactive, at default, or deprecated.
- new
- user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false]
- user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
- user_pref("privacy.spoof_english", 1); // [FF71+]
- // user_pref("browser.link.force_default_user_context_id_for_external_opens", true);
- // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false]
- // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // [FF127+]
- // user_pref("privacy.globalprivacycontrol.enabled", true);
- β 12 new sanitizing prefs for FF128+:
clearHistory,clearSiteData,clearOnShutdown_v2[1]
- made inactive
- // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
- // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
- deprecated
- user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // deprecated FF126
- user_pref("browser.ping-centre.telemetry", false); // deprecated FF123
[1] β It is advised that you check and add overrides if necessary for sanitizing before FF128
Published by Thorin-Oakenpants 9 months ago
π¦ links:
- FF122 release notes | FF122 for developers | FF122 security advisories
- FF121 release notes | FF121 for developers | FF121 security advisories
- FF120 release notes | FF120 for developers | FF120 security advisories
πͺ issues:
π© changelog summary
Still no pref changes, but it's been a while :) A reminder to never wait on arkenfox to update Firefox.
This release is mostly about adding information about FPP since this is now live (for non-RFP users) - also see #1804 - so the sooner this info is there, the better
Published by Thorin-Oakenpants 11 months ago
π¦ links: FF119 release notes | FF119 for developers | FF119 security advisories
πͺ issues: diffs FF118-FF119 | changelog v119
π© changelog summary
- new
- user_pref("browser.search.separatePrivateDefault", true); // [FF70+]
- user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+]
- made inactive
- // user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
- removed
- user_pref("intl.accept_languages", "en-US, en");
- deprecated
- // user_pref("javascript.use_us_english_locale", true);
- // user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
Published by Thorin-Oakenpants almost 1 year ago
π¦ links: FF118 release notes | FF118 for developers | FF118 security advisories
πͺ issues: diffs FF117-FF118 | changelog v118
π© changelog summary
- new
- user_pref("browser.download.start_downloads_in_tmp_dir", true);
- user_pref("browser.shopping.experience2023.enabled", false);
- user_pref("browser.urlbar.addons.featureGate", false);
- user_pref("browser.urlbar.mdn.featureGate", false);
- user_pref("browser.urlbar.pocket.featureGate", false);
- user_pref("browser.urlbar.trending.featureGate", false);
- user_pref("browser.urlbar.weather.featureGate", false);
- new but inactive
- // user_pref("browser.urlbar.clipboard.featureGate", false);
- // user_pref("network.trr.bootstrapAddr", "10.0.0.1");
- // user_pref("privacy.fingerprintingProtection", true);
- removed (in section 6050s for prefsCleaner)
- // user_pref("accessibility.force_disabled", "");
- // user_pref("browser.fixup.alternate.enabled", "");
- // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
- // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
- // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
- // user_pref("privacy.partition.serviceWorkers", "");
Published by Thorin-Oakenpants about 1 year ago
π¦ links:
- FF116 release notes | FF116 for developers | FF116 security advisories
- FF117 release notes | FF117 for developers | FF117 security advisories
πͺ issues: diffs FF115-FF116 | diffs FF116-FF117 | changelog v117
π© changelog from 117
- new
- user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
- // user_pref("network.trr.uri", "https://example.dns");
- // user_pref("network.trr.custom_uri", "https://example.dns");
- changed inactive value
- // user_pref("network.trr.mode", 3);
- deprecated
- // user_pref("layout.css.font-visibility.resistFingerprinting", 1);
- user_pref("security.family_safety.mode", 0);
- // user_pref("dom.webnotifications.serviceworker.enabled", false);
Published by Thorin-Oakenpants about 1 year ago
The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. Point release to better align ESR115 users' defaults with AF and the wiki moving forward - mainly the relaxing of some defaults
THIS is the release for all those who will use ESR115
πͺ issues: relaxed prefs issue | changelog v115.1
π© changelog from 115
- made inactive - moved to optional hardening or optional opsec
- // user_pref("keyword.enabled", false);
- // user_pref("media.eme.enabled", false);
- // user_pref("network.dns.disableIPv6", true);
- // user_pref("network.http.referer.XOriginPolicy", 2);
- removed (now inactive in section 6050's for prefsCleaner)
- // user_pref("network.protocol-handler.external.ms-windows-store", "");
- removed (inactive for ages)
- user_pref("media.gmp-widevinecdm.enabled", false);
Published by Thorin-Oakenpants about 1 year ago
π¦ links: FF115 release notes | FF115 for developers | FF115 security advisories
πͺ issues: diffs FF113-FF114 | diffs FF114-FF115 | changelog v115
π© changelog summary
- new
- user_pref("browser.tabs.searchclipboardfor.middleclick", false); // for linux users
- user_pref("extensions.quarantinedDomains.enabled", true); // enforcing default
- // user_pref("privacy.resistFingerprinting.pbmode", true);
- removed (now inactive in section 6050 for prefsCleaner)
- // user_pref("middlemouse.contentLoadURL", false);
- deprecated 4 inactive prefs
- // user_pref("privacy.clearsitedata.cache.enabled", true);
- // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
- // user_pref("extensions.formautofill.heuristics.enabled", false);
- // user_pref("browser.cache.offline.enable", false);
Published by Thorin-Oakenpants over 1 year ago
π¦ links: FF112 release notes | FF112 for developers | FF112 security advisories
πͺ issues: diffs FF111-FF112 | changelog v112
π© changelog summary
- cosmetic changes
Published by Thorin-Oakenpants over 1 year ago
π¦ links: FF111 release notes | FF111 for developers | FF111 security advisories
πͺ issues: diffs FF110-FF111 | changelog v111
π© changelog summary
- new (inactive in section 5000)
- // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
Published by Thorin-Oakenpants over 1 year ago
π¦ links: FF110 release notes | FF110 for developers | FF110 security advisories
πͺ issues: diffs FF109-FF110 | changelog v110
π© changelog summary
- cosmetic changes
Published by Thorin-Oakenpants over 1 year ago
π¦ links: FF109 release notes | FF109 for developers | FF109 security advisories
πͺ issues: diffs FF108-FF109 | changelog v109
π© changelog summary
- removed (now inactive in section 6050 for prefsCleaner)
- // user_pref("browser.startup.blankWindow", "");
- made inactive (now in section 5000 for optional hardening)
- // user_pref("browser.pagethumbnails.capturing_disabled", true);
- // user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
Published by Thorin-Oakenpants almost 2 years ago
π¦ links: FF108 release notes | FF108 for developers | FF108 security advisories
πͺ issues: diffs FF107-FF108 | changelog v108
π© changelog summary
- new
- user_pref("browser.urlbar.showSearchTerms.enabled", false);
- removed (now inactive in section 6050 for prefsCleaner)
- // user_pref("beacon.enabled", "");
- // user_pref("browser.region.update.enabled", "");
- removed
- // user_pref("browser.search.region", "US");
Published by Thorin-Oakenpants almost 2 years ago
π¦ links: FF107 release notes | FF107 for developers | FF107 security advisories
πͺ issues: diffs FF106-FF107 | changelog v107
π© changelog summary
- made inactive
- // user_pref("browser.region.network.url", "");
- // user_pref("browser.uitour.url", "");
- // user_pref("security.mixed_content.block_display_content", true);
- removed (now inactive in section 6050 for prefsCleaner)
- // user_pref("dom.disable_open_during_load", "");
Published by Thorin-Oakenpants almost 2 years ago
π¦ links: FF106 release notes | FF106 for developers | FF106 security advisories
πͺ issues: diffs FF105-FF106 | changelog v106
π© changelog summary
- removed (now inactive in section 6051 for prefsCleaner)
- // user_pref("browser.ssl_override_behavior", 1);
- // user_pref("devtools.chrome.enabled", false);
- // user_pref("dom.disable_beforeunload", true);
- removed: was active, moved to personal, removed with personal
- user_pref("browser.shell.checkDefaultBrowser", false);
- removed: 69 inactive prefs
- 12 prefs [were in 6050] // previously active during ESR91 cycle
- 3 prefs [were in 8000] // at default false since at least FF102
- 41 prefs [were in 9000] // non-project related prefs
- 13 prefs [were in 9999] // deprecated during ESR91 life-cycle
Published by Thorin-Oakenpants about 2 years ago
π¦ links: FF105 release notes | FF105 for developers | FF105 security advisories
πͺ issues: diffs FF104-FF105 | changelog v105
π© changelog summary
- new
- user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false);
- made inactive
- // user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
- // user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
- // user_pref("browser.sessionstore.interval", 30000);
- // user_pref("network.http.windows-sso.enabled", false);
- removed (now inactive in section 6051 for prefsCleaner)
- user_pref("browser.newtab.preload", false);
- user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
- user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
Published by fxbrit about 2 years ago
π¦ links: FF104 release notes | FF104 for developers | FF104 security advisories
πͺ issues: diffs FF103-FF104 | changelog v104
π© changelog summary
- new
- user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true);
- made inactive
- user_pref("extensions.formautofill.addresses.enabled", false);
- user_pref("extensions.formautofill.creditCards.enabled", false);
- user_pref("extensions.formautofill.heuristics.enabled", false);
- user_pref("extensions.formautofill.available", "");
- user_pref("extensions.formautofill.addresses.supported", "");
- user_pref("extensions.formautofill.creditCards.available", "");
- user_pref("extensions.formautofill.creditCards.supported", "");
- user_pref("gfx.font_rendering.opentype_svg.enabled", false);
Published by Thorin-Oakenpants about 2 years ago
π¦ links: FF103 release notes | FF103 for developers | FF103 security advisories
πͺ issues: diffs FF102-FF103 | changelog v103
π© changelog summary
- new
- user_pref("geo.provider.use_geoclue", false);
- changed
- user_pref("privacy.clearOnShutdown.cookies", true);
- user_pref("privacy.clearOnShutdown.offlineApps", true);
- made inactve
- user_pref("media.autoplay.blocking_policy", 2);
- deprecated
- user_pref("network.cookie.lifetimePolicy", 2);
- user_pref("security.pki.sha1_enforcement_level", 1);
Published by Thorin-Oakenpants over 2 years ago
π¦ links: FF102 release notes | FF102 for developers | FF102 security advisories
πͺ issues: diffs FF101-FF102 | changelog v102
- see #1495
- FF102 mistakenly left in the migration code for
network.cookie.lifetimePolicy(effectively making it deprecated), but backed that out in FF102.0.1. But there are still issues, and we want this, the ESR102 user.js version, to be stable for ESR users (and current FF102 users) - namely, when sanitizing onShutdown fails (crash, ungraceful app exit, closing the app with the OS, whatever) it triggers a sanitize onStartup fail-safe, which does not respect exceptions. This is fixed in FF103.
π© changelog from 102
- changed
- user_pref("privacy.clearOnShutdown.cookies", false);
- user_pref("privacy.clearOnShutdown.offlineApps", false);
- not deprecated
- user_pref("network.cookie.lifetimePolicy", 2);
Published by Thorin-Oakenpants over 2 years ago
OBSOLETE: use v102-1
π¦ links: FF102 release notes | FF102 for developers | FF102 security advisories
πͺ issues: diffs FF101-FF102 | changelog v102
π© changelog summary
- changed
-
user_pref("privacy.clearOnShutdown.cookies", true);reverted inv102-1 -
user_pref("privacy.clearOnShutdown.offlineApps", true);reverted inv102-1
-
- deprecated
- user_pref("dom.storage.next_gen", true);
-
user_pref("network.cookie.lifetimePolicy", 2);reverted inv102-1 - user_pref("security.ask_for_password", 2);
- user_pref("security.password_lifetime", 5);
