From 21b2fa464b6726938a47421bf8699c5e226c9acc Mon Sep 17 00:00:00 2001
From: HJ <11689349+yokoffing@users.noreply.github.com>
Date: Mon, 21 Aug 2023 19:31:58 -0400
Subject: [PATCH] Updated Optional Hardening (markdown)

---
 Optional-Hardening.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index 9328954..ce9f31a 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -66,11 +66,14 @@ user_pref("browser.sessionstore.privacy_level", 2);
 
 ***
 
-### Secure DNS (DoH) 
-Enforce your DNS-over-HTTPS (DoH) settings. See [here](https://github.com/yokoffing/Betterfox/blob/dbaff70e63c74a856c30efbdbace5c63cf655888/Securefox.js#L612-L621).
+### Secure DNS (DoH setup)
+Mode 3 has site-exceptions with a nice UI on the error page.
+
+You can also go to `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions*
 ```
-user_pref("network.trr.uri", "PASTE_YOUR_DOH_ADDRESS_HERE");
-user_pref("network.trr.mode", 3); // enforce TRR (without System fallback)
+user_pref("network.trr.mode", 3); // Max Protection
+user_pref("network.trr.uri", "https://freedns.controld.com/x-hagezi-proplus"); // PASTE_YOUR_DOH_ADDRESS_HERE
+user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
 ```
 
 ***
@@ -88,7 +91,7 @@ user_pref("network.http.referer.XOriginPolicy", 1);
 
 ***
 
-## Fingerprinting
+### Fingerprinting
 Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup>
 
 Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>