From 00acc684f6970abe7be5d3c09f523d22377ea74c Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Sun, 27 Nov 2022 13:23:30 -0500
Subject: [PATCH 01/20] add links for speculative connection
---
Securefox.js | 35 +++++++++++++++++++----------------
1 file changed, 19 insertions(+), 16 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 32fe6b9..7ae5554 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -11,7 +11,7 @@
* Securefox *
* "Natura non constristatur" *
* priority: provide sensible security and privacy *
- * version: 107a *
+ * version: 108 *
* url: https://github.com/yokoffing/Betterfox *
****************************************************************************/
@@ -463,18 +463,32 @@ user_pref("privacy.history.custom", true);
// [2] https://github.com/arkenfox/user.js/issues/1556
//user_pref("browser.newtab.preload", true); // DEFAULT
-// PREF: Speculative connections on New Tab page
+// PREF: Speculative Connections
// Firefox will open predictive connections to sites when the user hovers their mouse over thumbnails
// on the New Tab Page or the user starts to search in the Search Bar, or in the search field on the
-// New Tab Page. In case the user follows through with the action, the page can begin loading faster
+// New Tab Page [1]. This pref may control speculative connects for normal links, too [2].
+// The maximum number of current global half open sockets allowable when starting a new speculative connection [3].
+// In case the user follows through with the action, the page can begin loading faster
// since some of the work was already started in advance.
// [NOTE] TCP and SSL handshakes are set up in advance but page contents are not downloaded until a click on the link is registered
// [1] https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections?redirectslug=how-stop-firefox-automatically-making-connections&redirectlocale=en-US#:~:text=Speculative%20pre%2Dconnections
// [2] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests
-// [3] https://www.keycdn.com/blog/resource-hints#prefetch
-// [4] https://3perf.com/blog/link-rels/#prefetch
+// [3] https://searchfox.org/mozilla-central/rev/028c68d5f32df54bca4cf96376f79e48dfafdf08/modules/libpref/init/all.js#1280-1282
+// [4] https://www.keycdn.com/blog/resource-hints#prefetch
+// [5] https://3perf.com/blog/link-rels/#prefetch
user_pref("network.http.speculative-parallel-limit", 0);
+// PREF: Preconnect to the autocomplete URL in the address bar
+// Firefox preloads URLs that autocomplete when a user types into the address bar.
+// Connects to destination server ahead of time, to avoid TCP handshake latency.
+// [NOTE] Firefox will perform DNS lookup (if enabled) and TCP and TLS handshake,
+// but will not start sending or receiving HTTP data.
+// [1] https://www.ghacks.net/2017/07/24/disable-preloading-firefox-autocomplete-urls/
+user_pref("browser.urlbar.speculativeConnect.enabled", false);
+
+// PREF: disable mousedown speculative connections on bookmarks and history
+user_pref("browser.places.speculativeConnect.enabled", false);
+
// PREF: DNS pre-resolve
// Resolve hostnames ahead of time, to avoid DNS latency.
// In order to reduce latency, Firefox will proactively perform domain name resolution on links that
@@ -508,17 +522,6 @@ user_pref("network.dns.disablePrefetch", true);
// [9] https://web.dev/preload-critical-assets/
//user_pref("network.preload", true); // DEFAULT
-// PREF: Preconnect to the autocomplete URL in the address bar
-// Firefox preloads URLs that autocomplete when a user types into the address bar.
-// Connects to destination server ahead of time, to avoid TCP handshake latency.
-// [NOTE] Firefox will perform DNS lookup (if enabled) and TCP and TLS handshake,
-// but will not start sending or receiving HTTP data.
-// [1] https://www.ghacks.net/2017/07/24/disable-preloading-firefox-autocomplete-urls/
-user_pref("browser.urlbar.speculativeConnect.enabled", false);
-
-// PREF: disable mousedown speculative connections on bookmarks and history
-user_pref("browser.places.speculativeConnect.enabled", false);
-
// PREF: Link prefetching
// Firefox will prefetch certain links if any of the websites you are viewing uses the special prefetch-link tag.
// A directive that tells a browser to fetch a resource that will likely be needed for the next navigation.
From f9fae4f3c2f3d0f97de16029fad670d1f86d798d Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Sun, 27 Nov 2022 20:28:33 -0500
Subject: [PATCH 02/20] add GSB links
---
Securefox.js | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 7ae5554..7c264a4 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -1049,14 +1049,16 @@ user_pref("media.peerconnection.ice.default_address_only", true);
******************************************************************************/
// PREF: disable GSB (master switch)
-// Increased privacy away from Google, but less protection against threats.
-// [WARNING] Be sure to have alternate security measures if you disable Safe Browsing.
+// Increased privacy away from Google, but less protection against threats
+// [WARNING] Be sure to have alternate security measures if you disable GSB!
// [SETTING] Privacy & Security>Security>... Block dangerous and deceptive content
-// [1] https://www.wikiwand.com/en/Google_Safe_Browsing#/Privacy
-// [2] https://ashkansoltani.org/2012/02/25/cookies-from-nowhere
-// [3] https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
-// [4] https://github.com/privacyguides/privacyguides.org/discussions/423#discussioncomment-1752006
-// [5] https://github.com/privacyguides/privacyguides.org/discussions/423#discussioncomment-1767546
+// [ALTERNATIVE] Enable local checks only: https://github.com/yokoffing/Betterfox/issues/87
+// [1] https://github.com/privacyguides/privacyguides.org/discussions/423#discussioncomment-1752006
+// [2] https://github.com/privacyguides/privacyguides.org/discussions/423#discussioncomment-1767546
+// [3] https://ashkansoltani.org/2012/02/25/cookies-from-nowhere
+// [4] https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
+// [5] https://the8-bit.com/apple-proxies-google-safe-browsing-privacy/
+// [6] https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)#services-we-proxy-through-brave-servers
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
//user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
From 4b049633ab4c33dad4e0201509c61ef8dc2dfa55 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Mon, 28 Nov 2022 23:48:35 -0500
Subject: [PATCH 03/20] Update Securefox.js
---
Securefox.js | 21 ++-------------------
1 file changed, 2 insertions(+), 19 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 7c264a4..4b2fbb5 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -447,15 +447,6 @@ user_pref("privacy.history.custom", true);
/******************************************************************************
* SECTION: SPECULATIVE CONNECTIONS *
******************************************************************************/
-// [NOTE] FF85+ partitions (isolates) pooled connections, prefetch connections,
-// pre-connect connections, speculative connections, TLS session identifiers,
-// and other connections. We can take advantage of the speed of pre-connections
-// while preserving privacy. Users may relax hardening to maximize their preference.
-// For more information, see SecureFox: "PREF: State Paritioning" and "PREF: Network Partitioning" [1]
-// [1] https://github.com/yokoffing/Betterfox/blob/e9621b0062914da5fdb5f83b8da64041965b7a50/Securefox.js#L74-L108
-// [NOTE] To activate and increase network predictions, go to settings in uBlock Origin, and make this setting is DISABLED:
-// - "Disable pre-fetching (to prevent any connection for blocked network requests)"
-// [NOTE] Add prefs to "MY OVERRIDES" section to enable.
// PREF: new tab preload
// [WARNING] Disabling this may cause a delay when opening a new tab in Firefox
@@ -499,9 +490,6 @@ user_pref("browser.places.speculativeConnect.enabled", false);
// [4] http://www.mecs-press.org/ijieeb/ijieeb-v7-n5/IJIEEB-V7-N5-2.pdf
user_pref("network.dns.disablePrefetch", true);
//user_pref("network.dns.disablePrefetchFromHTTPS", true); // DEFAULT
- //user_pref("network.dnsCacheEntries", 20000);
- //user_pref("network.dnsCacheExpiration", 3600);
- //user_pref("network.dnsCacheExpirationGracePeriod", 240);
// PREF: Preload
// This tells the browser that the resource should be loaded as part of the current navigation
@@ -541,11 +529,11 @@ user_pref("network.prefetch-next", false);
// needed when the user visits a webpage (such as image.jpg and script.js), so that the next time the
// user prepares to go to that webpage (upon navigation? URL bar? mouseover?), this history can be used
// to predict what resources will be needed rather than wait for the document to link those resources.
-/// NP only performs pre-connect, not prefetch, by default, including DNS pre-resolve and TCP preconnect
+// NP only performs pre-connect, not prefetch, by default, including DNS pre-resolve and TCP preconnect
// (which includes SSL handshake). No data is actually sent to the site until a user actively clicks
// a link. However, NP is still opening TCP connections and doing SSL handshakes, so there is still
// information leakage about your browsing patterns. This isn't desirable from a privacy perspective.
-// [NOTE] Disabling DNS prefetching disables the DNS prefetching behavior of NP
+// [NOTE] Disabling DNS prefetching disables the DNS prefetching behavior of NP.
// [1] https://wiki.mozilla.org/Privacy/Reviews/Necko
// [2] https://www.ghacks.net/2014/05/11/seer-disable-firefox/
// [3] https://github.com/dillbyrne/random-agent-spoofer/issues/238#issuecomment-110214518
@@ -566,11 +554,6 @@ user_pref("network.predictor.enable-prefetch", false);
// faster since some of the work was already started in advance. Focuses on fetching a resource
// for the NEXT navigation.
//user_pref("network.predictor.enable-hover-on-ssl", false); // DEFAULT
- //user_pref("network.predictor.preresolve-min-confidence", 10); // default=60; alt=20
- //user_pref("network.predictor.preconnect-min-confidence", 20); // default=90; alt=40
- //user_pref("network.predictor.prefetch-min-confidence", 20); // default 100; alt=60
- //user_pref("network.predictor.prefetch-force-valid-for", 3600); // default=10
- //user_pref("network.predictor.prefetch-rolling-load-count", 120); // default=10
/******************************************************************************
* SECTION: SEARCH / URL BAR *
From 645de9a60484ed7649141af9ce34e960645d057a Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 29 Nov 2022 12:19:33 -0500
Subject: [PATCH 04/20] restore Beacon API
---
Securefox.js | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 4b2fbb5..dcefc05 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -148,10 +148,9 @@ user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exe
// PREF: Beacon API
// Disabling this API sometimes causes breakage:
// [TEST] https://vercel.com/
-// Instead of disable, block in uBlock Origin with rule `$ping`
-// [1] https://github.com/arkenfox/user.js/issues/1586#issuecomment-1320372943
-// [2] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon
-user_pref("beacon.enabled", false);
+// [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon
+// [2] https://github.com/arkenfox/user.js/issues/1586
+//user_pref("beacon.enabled", false);
// PREF: battery status tracking
// [NOTE] Pref remains, but API is depreciated
From 01fab3ca348cfce01a702e28326e84f0b168db1f Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 29 Nov 2022 13:35:03 -0500
Subject: [PATCH 05/20] Update Securefox.js
---
Securefox.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index dcefc05..79a51de 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -431,13 +431,13 @@ user_pref("privacy.history.custom", true);
//user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT]
//user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT]
//user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT]
-//user_pref("privacy.clearOnShutdown.offlineApps", false); // [DEFAULT]
+//user_pref("privacy.clearOnShutdown.offlineApps", true);
//user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT]
// PREF: configure site exceptions
// [NOTE] Currently, there is no way to add sites via about:config
// [SETTING] to manage site exceptions: Options>Privacy & Security>Cookies & Site Data>Manage Exceptions
-// [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question)
+// or when on the website in question: Ctrl+I>Permissions>Cookies>Allow
// For cross-domain logins, add exceptions for both sites:
// e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
// [WARNING] Be selective with what cookies you keep, as they also disable partitioning [1]
From bb9e5c1ea3cee749327fcba7f4e2b4cbaa18f1a9 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Wed, 30 Nov 2022 08:57:19 -0500
Subject: [PATCH 06/20] Update Securefox.js
---
Securefox.js | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 79a51de..4f60fea 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -633,11 +633,10 @@ user_pref("network.IDN_show_punycode", true);
// [NOTE] HTTPS-Only Mode needs to be disabled for HTTPS First to work.
// [TEST] http://example.com [upgrade]
// [TEST] http://httpforever.com/ [no upgrade]
-// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1706552
-// [2] https://web.dev/why-https-matters/
-// [3] https://www.cloudflare.com/learning/ssl/why-use-https/
+// [1] https://web.dev/why-https-matters/
+// [2] https://www.cloudflare.com/learning/ssl/why-use-https/
//user_pref("dom.security.https_first", true);
-//user_pref("dom.security.https_first_pbm", true); // default
+//user_pref("dom.security.https_first_pbm", true); // DEFAULT
/******************************************************************************
* SECTION: HTTPS-ONLY MODE *
@@ -672,7 +671,7 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
// [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945
// [2] https://blog.mozilla.org/attack-and-defense/2021/03/10/insights-into-https-only-mode/
//user_pref("dom.security.https_only_mode_send_http_background_request", true); // DEFAULT
- //user_pref("dom.security.https_only_fire_http_request_background_timer_ms", 1250); // default=3000
+ //user_pref("dom.security.https_only_fire_http_request_background_timer_ms", 2000); // default=3000
// PREF: Enable HTTPS-Only mode for local resources
//user_pref("dom.security.https_only_mode.upgrade_local", true);
From 3577f4d70c5440a916f00dd7dd40c8e72c97e88f Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Wed, 30 Nov 2022 14:14:46 -0500
Subject: [PATCH 07/20] add meta bug for HTTPS-First
---
Securefox.js | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 4f60fea..3317934 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -633,8 +633,9 @@ user_pref("network.IDN_show_punycode", true);
// [NOTE] HTTPS-Only Mode needs to be disabled for HTTPS First to work.
// [TEST] http://example.com [upgrade]
// [TEST] http://httpforever.com/ [no upgrade]
-// [1] https://web.dev/why-https-matters/
-// [2] https://www.cloudflare.com/learning/ssl/why-use-https/
+// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1704453
+// [2] https://web.dev/why-https-matters/
+// [3] https://www.cloudflare.com/learning/ssl/why-use-https/
//user_pref("dom.security.https_first", true);
//user_pref("dom.security.https_first_pbm", true); // DEFAULT
From ef04b0bd37917f24db6a3fc981c3277ff9b1b74f Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Wed, 30 Nov 2022 21:00:10 -0500
Subject: [PATCH 08/20] enforce network.dns.disablePrefetchFromHTTPS
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index 3317934..ba3bc20 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -488,7 +488,7 @@ user_pref("browser.places.speculativeConnect.enabled", false);
// [3] https://www.keycdn.com/blog/resource-hints#2-dns-prefetching
// [4] http://www.mecs-press.org/ijieeb/ijieeb-v7-n5/IJIEEB-V7-N5-2.pdf
user_pref("network.dns.disablePrefetch", true);
-//user_pref("network.dns.disablePrefetchFromHTTPS", true); // DEFAULT
+user_pref("network.dns.disablePrefetchFromHTTPS", true); // enforce DEFAULT
// PREF: Preload
// This tells the browser that the resource should be loaded as part of the current navigation
From f85d2d09a93522bb1ce0744782157c1dbcbba0c8 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Thu, 1 Dec 2022 09:03:54 -0500
Subject: [PATCH 09/20] remove warning
---
Securefox.js | 8 --------
1 file changed, 8 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index ba3bc20..18d9f37 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -1,11 +1,3 @@
-//
-/* Do not COPY+PASTE this file. If you do, only COPY+PASTE the user_pref itself.
- *
- * If you make changes to your about:config while the program is running, the
- * changes will be overwritten when the application restarts.
- *
- * To make a change to preferences, you will have to edit the user.js file.
- */
/****************************************************************************
* Securefox *
From bc3c8f84de5ce41415e84c95e38c864ae65e74ca Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Thu, 1 Dec 2022 18:22:15 -0500
Subject: [PATCH 10/20] remove link
---
Securefox.js | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 18d9f37..30e3389 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -18,8 +18,7 @@
// [NOTE] FF86: "Strict" tracking protection enables dFPI.
// [1] https://blog.mozilla.org/firefox/control-trackers-with-firefox/
// [2] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
-// [3] https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/
-// [4] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3
+// [3] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3
//user_pref("privacy.trackingprotection.enabled", true); // DEFAULT
//user_pref("privacy.trackingprotection.pbmode.enabled", true); // DEFAULT
//user_pref("browser.contentblocking.customBlockList.preferences.ui.enabled", false); // DEFAULT
From f41d06c2a494ac7868a5e10eb57b017cbe85849a Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Thu, 1 Dec 2022 18:33:02 -0500
Subject: [PATCH 11/20] remove another link
---
Securefox.js | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 30e3389..ec9c733 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -16,9 +16,8 @@
// Firefox deletes all stored site data (incl. cookies, browser storage) if the site is a known tracker and hasn’t
// been interacted with in the last 30 days.
// [NOTE] FF86: "Strict" tracking protection enables dFPI.
-// [1] https://blog.mozilla.org/firefox/control-trackers-with-firefox/
-// [2] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
-// [3] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3
+// [1] https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
+// [2] https://www.reddit.com/r/firefox/comments/l7xetb/network_priority_for_firefoxs_enhanced_tracking/gle2mqn/?web2x&context=3
//user_pref("privacy.trackingprotection.enabled", true); // DEFAULT
//user_pref("privacy.trackingprotection.pbmode.enabled", true); // DEFAULT
//user_pref("browser.contentblocking.customBlockList.preferences.ui.enabled", false); // DEFAULT
From 96bd585870091b8f0ee3db2d56a1e33490c8310b Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Fri, 2 Dec 2022 11:28:43 -0500
Subject: [PATCH 12/20] Update Securefox.js
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index ec9c733..78ae6c6 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -542,7 +542,7 @@ user_pref("network.predictor.enable-prefetch", false);
// mouse over. In case the user follows through with the action, the page can begin loading
// faster since some of the work was already started in advance. Focuses on fetching a resource
// for the NEXT navigation.
-//user_pref("network.predictor.enable-hover-on-ssl", false); // DEFAULT
+user_pref("network.predictor.enable-hover-on-ssl", false); // enforce DEFAULT
/******************************************************************************
* SECTION: SEARCH / URL BAR *
From f07fcf289e962d4e956cafd1e7e8ac8de9cc2beb Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Fri, 2 Dec 2022 12:01:58 -0500
Subject: [PATCH 13/20] Update Securefox.js
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index 78ae6c6..e120640 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -478,7 +478,7 @@ user_pref("browser.places.speculativeConnect.enabled", false);
// [3] https://www.keycdn.com/blog/resource-hints#2-dns-prefetching
// [4] http://www.mecs-press.org/ijieeb/ijieeb-v7-n5/IJIEEB-V7-N5-2.pdf
user_pref("network.dns.disablePrefetch", true);
-user_pref("network.dns.disablePrefetchFromHTTPS", true); // enforce DEFAULT
+ user_pref("network.dns.disablePrefetchFromHTTPS", true); // enforce DEFAULT
// PREF: Preload
// This tells the browser that the resource should be loaded as part of the current navigation
From 2e70eae32e0f8773f7611b436c4b47eea5eb7af9 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 6 Dec 2022 13:44:14 -0500
Subject: [PATCH 14/20] comment out region.update.enabled
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index e120640..96bcfb9 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -1104,7 +1104,7 @@ user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
// PREF: disable region updates
// [1] https://firefox-source-docs.mozilla.org/toolkit/modules/toolkit_modules/Region.html
-user_pref("browser.region.update.enabled", false);
+//user_pref("browser.region.update.enabled", false);
//user_pref("browser.region.network.url", "");
// PREF: Enforce Firefox blocklist for extensions + No hiding tabs
From 7652235ba58a07ee6373ebacac6bb6c7738a2e35 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 6 Dec 2022 15:01:11 -0500
Subject: [PATCH 15/20] comment out layout.css.font-visibility
Higher threat model issue
---
Securefox.js | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Securefox.js b/Securefox.js
index 96bcfb9..b026b6d 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -283,10 +283,10 @@ user_pref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve t
// In Private Browsing windows: uses the most restrictive between normal and private
// 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
// [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
-//user_pref("layout.css.font-visibility.standard", 1); // Normal Browsing windows with tracking protection disabled(?)
-user_pref("layout.css.font-visibility.trackingprotection", 1); // Normal Browsing windows with tracking protection enabled
-user_pref("layout.css.font-visibility.private", 1); // Private Browsing windows
//user_pref("layout.css.font-visibility.resistFingerprinting", 1); // DEFAULT
+ //user_pref("layout.css.font-visibility.trackingprotection", 1); // Normal Browsing windows with tracking protection enabled
+ //user_pref("layout.css.font-visibility.private", 1); // Private Browsing windows
+ //user_pref("layout.css.font-visibility.standard", 1); // Normal Browsing windows with tracking protection disabled(?)
/****************************************************************************
* SECTION: RESIST FINGERPRINTING (RFP) *
From 406e15fe459ff5d3538a2043d4deb402e2c2ae3d Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Fri, 9 Dec 2022 00:09:44 -0500
Subject: [PATCH 16/20] Update Securefox.js
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index b026b6d..90518af 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -542,7 +542,7 @@ user_pref("network.predictor.enable-prefetch", false);
// mouse over. In case the user follows through with the action, the page can begin loading
// faster since some of the work was already started in advance. Focuses on fetching a resource
// for the NEXT navigation.
-user_pref("network.predictor.enable-hover-on-ssl", false); // enforce DEFAULT
+//user_pref("network.predictor.enable-hover-on-ssl", false); // DEFAULT
/******************************************************************************
* SECTION: SEARCH / URL BAR *
From 0bd34c0e3855695fd4a1ccbfed5340ff7dd2e723 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Thu, 22 Dec 2022 16:43:14 -0500
Subject: [PATCH 17/20] fix missing //
#126
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index 90518af..acd560e 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -96,7 +96,7 @@ user_pref("urlclassifier.features.socialtracking.skipURLs", "*.instagram.com, *.
//user_pref("privacy.partition.network_state.ocsp_cache", true); // enabled with "Strict"
//user_pref("privacy.partition.bloburl_per_agent_cluster", true); [REGRESSIONS]
// enable APS (Always Partitioning Storage) [FF104+]
-user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); [DEFAULT: true FF109+]
+user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [DEFAULT: true FF109+]
user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [DEFAULT: false FF109+]
// PREF: Smartblock
From d822d3f15ef9d4e53185f02989cb78be1917627d Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Sat, 24 Dec 2022 10:39:45 -0500
Subject: [PATCH 18/20] mark upgrade_display-content as DEFAULT FF110
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index acd560e..58fa396 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -863,7 +863,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
//user_pref("security.mixed_content.block_display_content", true);
// PREF: upgrade passive content to use HTTPS on secure pages
-//user_pref("security.mixed_content.upgrade_display_content", true);
+//user_pref("security.mixed_content.upgrade_display_content", true); // DEFAULT [FF 110]
// PREF: block insecure downloads from secure sites
// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1660952
From e377ae10ee461c81a2b4bd67dd34c40bd2128c1a Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Sat, 24 Dec 2022 12:10:11 -0500
Subject: [PATCH 19/20] toolkit.telemetry.dap_enabled
---
Securefox.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/Securefox.js b/Securefox.js
index 58fa396..95def53 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -1147,6 +1147,7 @@ user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
+user_pref("toolkit.telemetry.dap_enabled", false); // DEFAULT [FF108]
// PREF: Corroborator
//user_pref("corroborator.enabled", false);
From 9f4f3ac94fb5c5392f720883d4a4c0dcbb9a51c4 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 27 Dec 2022 22:39:04 -0500
Subject: [PATCH 20/20] browser.helperApps.deleteTempFileOnExit now default
---
Securefox.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Securefox.js b/Securefox.js
index 95def53..5d76b47 100644
--- a/Securefox.js
+++ b/Securefox.js
@@ -352,7 +352,7 @@ user_pref("browser.sessionstore.privacy_level", 2);
// PREF: remove temp files opened with an external application
// [1] https://bugzilla.mozilla.org/302433
-user_pref("browser.helperApps.deleteTempFileOnExit", true);
+//user_pref("browser.helperApps.deleteTempFileOnExit", true); // DEFAULT [FF108]
// PREF: disable page thumbnails capturing
user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]