spacing

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: yokoffing
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: yokoffing
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: yokoffing
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

Securefox.js

@@ -690,6 +690,45 @@ user_pref("network.prefetch-next", false);
 //user_pref("network.early-hints.preconnect.enabled", true);
 //user_pref("network.early-hints.preconnect.max_connections", 10); // DEFAULT
 
+// PREF: Network Predictor (NP)
+// When enabled, it trains and uses Firefox's algorithm to preload page resource
+// by tracking past page resources. It uses a local file (history) of needed images,
+// scripts, etc. to request them preemptively when navigating.
+// [NOTE] By default, it only preconnects DNS, TCP, and SSL handshakes.
+// No data sends until clicking. With "network.predictor.enable-prefetch" enabled,
+// it also performs prefetches.
+// [1] https://wiki.mozilla.org/Privacy/Reviews/Necko
+// [2] https://www.ghacks.net/2014/05/11/seer-disable-firefox/
+// [3] https://github.com/dillbyrne/random-agent-spoofer/issues/238#issuecomment-110214518
+// [4] https://www.igvita.com/posa/high-performance-networking-in-google-chrome/#predictor
+//user_pref("network.predictor.enabled", false); // [DEFAULT: false FF144+]
+
+// PREF: Network Predictor fetch for resources ahead of time
+// Prefetch page resources based on past user behavior.
+//user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
+
+// PREF: make Network Predictor active when hovering over links
+// When hovering over links, Network Predictor uses past resource history to
+// preemptively request what will likely be needed instead of waiting for the document.
+// Predictive connections automatically open when hovering over links to speed up
+// loading, starting some work in advance.
+//user_pref("network.predictor.enable-hover-on-ssl", false); // DEFAULT
+
+// PREF: assign Network Predictor confidence levels
+// [NOTE] Keep in mind that Network Predictor must LEARN your browsing habits.
+// Editing these lower will cause more speculative connections to occur,
+// which reduces accuracy over time and has privacy implications.
+//user_pref("network.predictor.preresolve-min-confidence", 60); // DEFAULT
+//user_pref("network.predictor.preconnect-min-confidence", 90); // DEFAULT
+//user_pref("network.predictor.prefetch-min-confidence", 100); // DEFAULT
+
+// PREF: other Network Predictor values
+// [NOTE] Keep in mmind that Network Predictor must LEARN your browsing habits.
+//user_pref("network.predictor.prefetch-force-valid-for", 10); // DEFAULT; how long prefetched resources are considered valid and usable (in seconds) for the prediction modeling
+//user_pref("network.predictor.prefetch-rolling-load-count", 10); // DEFAULT; the maximum number of resources that Firefox will prefetch in memory at one time based on prediction modeling
+//user_pref("network.predictor.max-resources-per-entry", 250); // default=100
+//user_pref("network.predictor.max-uri-length", 1000); // default=500
+
 /******************************************************************************
  * SECTION: SEARCH / URL BAR                                                 *
 ******************************************************************************/
@@ -1069,10 +1108,6 @@ user_pref("editor.truncate_user_pastes", false);
 // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1695693,1719301
 //user_pref("network.http.windows-sso.enabled", false); // DEFAULT
 
-// PREF: enforce no direct attestation in passkeys [FF144+]
-// [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1981587 ***/
-//user_pref("security.webauthn.always_allow_direct_attestation", false); // [DEFAULT: false]
-
 /****************************************************************************
  * SECTION: ADDRESS + CREDIT CARD MANAGER                                   *
 ****************************************************************************/
@@ -1259,7 +1294,7 @@ user_pref("privacy.userContext.ui.enabled", true);
     //user_pref("browser.eme.ui.enabled", false);
 
 /******************************************************************************
- * SECTION: JIT & WASM                                                        *
+ * SECTION: JIT                                                              *
 ******************************************************************************/
 // PREF: Just-In-Time Compilation
 // Around half of zero-day exploits are directly related to "just in time"
@@ -1268,7 +1303,8 @@ user_pref("privacy.userContext.ui.enabled", true);
 // [1] https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/
 // [2] https://www.youtube.com/watch?v=i7qlZeDt9o4
 
-// PREF: Ion and Baseline JIT
+// PREF: JavaScript JIT
+// PREF: disable Ion and baseline JIT to harden against JS exploits
 // [NOTE] When both Ion and JIT are disabled, and trustedprincipals
 // is enabled, then Ion can still be used by extensions [4].
 // Tor Browser doesn't even ship with these disabled by default.
@@ -1278,40 +1314,31 @@ user_pref("privacy.userContext.ui.enabled", true);
 // [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1599226
 // [5] https://wiki.mozilla.org/IonMonkey
 // [6] https://github.com/arkenfox/user.js/issues/1791#issuecomment-1891273681
-//user_pref("javascript.options.baselinejit", false); // DO NOT TOUCH
+//user_pref("javascript.options.baselinejit", false);
 //user_pref("javascript.options.ion", false);
-//user_pref("javascript.options.jit_trustedprincipals", true); // HIDDEN PREF
+//user_pref("javascript.options.jit_trustedprincipals", false);
-
-// PREF: Blinterp (JIT-like)
-// You do not need to touch blinterp unless you want to go even slower
-// than the Baseline JIT (which I do not recommend).
-//user_pref("javascript.options.blinterp", false);
 
 // PREF: WebAssembly JIT [FF52+]
 // Vulnerabilities [1] have increasingly been found, including those known and fixed
 // in native programs years ago [2]. WASM has powerful low-level access, making
 // certain attacks (brute-force) and vulnerabilities more possible.
-// trustedprincipals: This controls whether WebAssembly is allowed in "privileged" contexts
-// (like your extensions or internal browser scripts).
 // [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3]
 // [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm
 // [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
 // [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes
 //user_pref("javascript.options.wasm", false);
     //user_pref("javascript.options.wasm_trustedprincipals", false);
-    //user_pref("javascript.options.wasm_baselinejit", true); // DO NOT TOUCH
+    //user_pref("javascript.options.wasm_baselinejit", false);
     //user_pref("javascript.options.wasm_optimizingjit", false);
 
 // PREF: Asm.js JIT [FF22+]
-// Asm.js is essentially the "ancestor" of WebAssembly. It was a strict subset of JavaScript
-// designed to allow browsers to pre-compile code into highly efficient machine instructions.
-// However, WebAssembly was created specifically to replace Asm.js and has done so almost entirely.
-// Disabling Asm.js removes the "legacy" risk surface without affecting your ability to run modern WebAssembly sites.
 // [1] http://asmjs.org/
 // [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js
 // [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/
-// [4] https://github.com/rh0dev/slides/blob/master/OffensiveCon2018_From_Assembly_to_JavaScript_and_back.pdf
+//user_pref("javascript.options.asmjs", false);
-//user_pref("javascript.options.asmjs", false); // DEFAULT
+
+// PREF: Blinterp (JIT-like)
+//user_pref("javascript.options.blinterp", false);
      
 /******************************************************************************
  * SECTION: VARIOUS                                                          *

install.py

@@ -99,7 +99,7 @@ def _get_default_profile_folder(firefox_root):
     print(f"Reading {config_path}...")
 
     config_parser = ConfigParser(strict=False)
-    config_parser.read(config_path, encoding = "utf8")
+    config_parser.read(config_path)
 
     path = None
     for section in config_parser.sections():
@@ -174,17 +174,12 @@ def download_betterfox(url):
 def extract_betterfox(data, profile_folder):
     zipfile = ZipFile(data)
     userjs_zipinfo = None
-    depth = 1 # default to firefox user.js living at root dir
-    if args.browser != "firefox":
-        depth = 2 # ignore the outside
     for file in zipfile.filelist:
-        path = file.filename.split("/")
+        if "/zen/" in file.filename and not args.zen:
-        if len(path)-1 != depth or (args.browser not in path and depth != 1) :
             continue
         if file.filename.endswith("user.js"):
             userjs_zipinfo = file
             userjs_zipinfo.filename = Path(userjs_zipinfo.filename).name
-            break
 
     if not userjs_zipinfo:
         raise BaseException("Could not find user.js!")
@@ -217,15 +212,18 @@ if __name__ == "__main__":
 
     default_profile_folder = _get_default_profile_folder(firefox_root)
 
-    argparser = ArgumentParser()
+    argparser = ArgumentParser(
+
+    )
     argparser.add_argument("--overrides", "-o", default=default_profile_folder.joinpath("user-overrides.js"), help="if the provided file exists, add overrides to user.js. Defaults to " + str(default_profile_folder.joinpath("user-overrides.js"))),
+    argparser.add_argument("--zen", "-z", action="store_true", default=False, help="Install user.js for the Zen browser instead. Defaults to False"),
+    
     
     advanced = argparser.add_argument_group("Advanced")
     advanced.add_argument("--betterfox-version", "-bv", default=None, help=f"Which version of Betterfox to install. Defaults to the latest compatible release for your installed Firefox version")
     advanced.add_argument("--profile-dir", "-p", "-pd", default=default_profile_folder, help=f"Which profile dir to install user.js in. Defaults to {default_profile_folder}")
     advanced.add_argument("--repository-owner", "-ro", default="yokoffing", help="owner of the Betterfox repository. Defaults to yokoffing")
     advanced.add_argument("--repository-name", "-rn", default="Betterfox", help="name of the Betterfox repository. Defaults to Betterfox")
-    advanced.add_argument("--browser", "-b", default="firefox", help="Which browser should Betterfox install to. Defaults to firefox. Available options: firefox, zen, waterfox")
     
     disable = argparser.add_argument_group("Disable functionality")
     disable.add_argument("--no-backup", "-nb", action="store_true", default=False, help="disable backup of current profile (not recommended)"),

personal/user-overrides.js

@@ -159,7 +159,7 @@ user_pref("browser.profiles.enabled", false); // disable Firefox Sync and profil
 
 /** FASTFOX ***/
 user_pref("network.http.rcwn.enabled", false);
-//user_pref("network.http.pacing.requests.enabled", false); // pacing requests
+user_pref("network.http.pacing.requests.enabled", false); // pacing requests
 
 user_pref("browser.sessionhistory.max_total_viewers", 4); // default=8
 
@@ -175,8 +175,6 @@ user_pref("signon.rememberSignons", false); // disable password manager
 user_pref("extensions.formautofill.addresses.enabled", false); // disable address manager
 user_pref("extensions.formautofill.creditCards.enabled", false); // disable credit card manager
 user_pref("accessibility.force_disabled", 1); // disable Accessibility features
-user_pref("dom.security.https_only_mode", false); // disable HTTPS Only in normal windows
-user_pref("dom.security.https_only_mode_pbm", true); // HTTPS Only in PB windows
 
 user_pref("media.eme.enabled", false); // disable DRM
 user_pref("browser.eme.ui.enabled", false); // hide the UI setting; this also disables the DRM prompt 

policies.json

@@ -14,15 +14,6 @@
             "ProviderURL": "",
             "Locked": false
         },
-
-        "FirefoxHome": {
-          "SponsoredStories": false,
-          "SponsoredTopSites": false,
-          "Stories": false
-        },
-        "GenerativeAI": {
-          "Enabled": false
-        },
         "ManualAppUpdateOnly": false,
         "ManualAppUpdateOnly_comment": "Change to true to disable auto-updates.",
         "NoDefaultBookmarks": true,
@@ -44,7 +35,7 @@
             "PreventInstalls": false,
             "Remove": [
                 "Amazon.com",
-                "eBay",
+                "eBay"
                 "Perplexity"
             ],
             "Default": "DuckDuckGo",

waterfox/README.md

@@ -1,8 +0,0 @@
-### Betterfox Aqua
-#### A user.js for Waterfox
-Just FYI: There are some long-term issues with Waterfox where the browser doesn't load certain internal settings or resets prefs after restart. For examples, see https://github.com/BrowserWorks/waterfox/issues/3196 and https://github.com/BrowserWorks/waterfox/issues/3947.
-
-> [!IMPORTANT]
-> Fork-specific files are side projects and will not update every release. When in doubt, use the standard Firefox user.js.
->
-> This is also a reminder that Waterfox is based on the [Firefox ESR](https://support.mozilla.org/kb/firefox-esr-release-cycle) release cycle.

waterfox/user.js

@@ -22,7 +22,7 @@ user_pref("browser.contentblocking.category", "strict");
 user_pref("browser.download.start_downloads_in_tmp_dir", true);
 
 /** OCSP & CERTS / HPKP ***/
-user_pref("privacy.antitracking.isolateContentScriptResources", true); // needed for next ESR if not a default pref
+//user_pref("privacy.antitracking.isolateContentScriptResources", true); // needed for next ESR if not a default pref
 user_pref("security.csp.reporting.enabled", false);
 
 /** DISK AVOIDANCE ***/
@@ -102,6 +102,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
 // visit https://github.com/yokoffing/Betterfox/blob/main/Smoothfox.js
 // Enter your scrolling overrides below this line:
 
+
 /****************************************************************************
  * START: MY OVERRIDES                                                      *
 ****************************************************************************/
@@ -109,12 +110,6 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
 // visit https://github.com/yokoffing/Betterfox/wiki/Optional-Hardening
 // Enter your personal overrides below this line:
 
-/** WATERFOX-SPECIFIC ***/
-user_pref("cookiebanners.service.mode", 0); // project depreciated
-user_pref("cookiebanners.service.mode.privateBrowsing", 0); // project depreciated
-
-//user_pref("waterfox.blocker.ui.enabled", true); // new adblocker option
-//user_pref("waterfox.blocker.enabled", true);
 
 /****************************************************************************
  * END: BETTERFOX                                                           *