From 2c6b9d0c2bd839d3dcd083094f519bd3347cb63f Mon Sep 17 00:00:00 2001
From: HJ <11689349+yokoffing@users.noreply.github.com>
Date: Mon, 2 Oct 2023 13:17:32 -0400
Subject: [PATCH] Updated Optional Hardening (markdown)

---
 Optional-Hardening.md | 96 +++++++++++++++++++++++++------------------
 1 file changed, 57 insertions(+), 39 deletions(-)

diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index 23a4865..37408d6 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -1,6 +1,8 @@
 ## Instructions
 
-See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Common-Overrides).
+1) Open the `user.js` in a text editor such as Notepad.
+2) Add prefs from the options below to **MY OVERRIDES**.
+3) Save and close the file.
 
 ***
 
@@ -8,9 +10,25 @@ See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Common-Overri
 
 ***
 
+### Firefox Sync & View
+
+Firefox [Sync](https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer) and Firefox [View](https://support.mozilla.org/en-US/kb/how-set-tab-pickup-firefox-view) may be disabled to minimize connections and remove UI that you don't use.
+
+```javascript
+// PREF: disable Firefox Sync
+user_pref("identity.fxaccounts.enabled", false);
+
+// PREF: disable Firefox View
+user_pref("browser.tabs.firefox-view", false);
+user_pref("browser.tabs.firefox-view-next", false); // [FF119+]
+user_pref("browser.firefox-view.feature-tour", "{\"screen\":\"\",\"complete\":true}");
+```
+
+***
+
 ### Block embedded social posts on webpages
 This matches the default behavior of [Strict](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection) Enhanced Tracking Protection.
-```
+```javascript
 // PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
 user_pref("urlclassifier.trackingSkipURLs", "");
 user_pref("urlclassifier.features.socialtracking.skipURLs", "");
@@ -27,7 +45,7 @@ To add to your overrides, choose between two options below.
 
 #### Option 1: Private windows only
 Firefox will get explicit permission from you before connecting to a site insecurely in [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) (Firefox [incognito mode](https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing)).
-```
+```javascript
 // PREF: enable HTTPS-Only Mode
 // Warn me before loading sites that don't support HTTPS
 // when using Private Browsing windows.
@@ -37,7 +55,7 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
 
 #### Option 2: All windows
 Firefox will get explicit permission from you before connecting to a site insecurely in Normal and Private Browsing.
-```
+```javascript
 // PREF: enable HTTPS-Only Mode
 // Warn me before loading sites that don't support HTTPS
 // in both Normal and Private Browsing windows.
@@ -47,34 +65,11 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
 
 ***
 
-### Secure DNS
-Setup and enforce DNS-over-HTTPS (DoH).
-
-#### 1) Provider
-* Use the provider below for better [threat protection](https://quad9.net/service/threat-blocking/).
-* :star: Create a profile with [NextDNS](https://nextdns.io/?from=xujj63g5) and follow our [configuration guide](https://github.com/yokoffing/NextDNS-Config) for greater protection from ads, trackers, and security threats.
-```
-// PREF: set DoH provider
-user_pref("network.trr.uri", "https://dns.quad9.net/dns-query");
-```
-
-#### 2) Mode
-* `3` has site-exceptions with a nice UI on the error page:
-    * Go to `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions*
-* :warning: Set to `2` if your workplace or university causes issues with alternative DNS.
-```
-// PREF: enforce DNS-over-HTTPS (DoH)
-user_pref("network.trr.mode", 3);
-user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
-```
-
-***
-
 ### Sanitize on close
-#### Option 1: Clear all browsing data on shutdown, except browser history
+#### Option 1: Clear browsing data on shutdown, except browser history
 * `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
-```
-// PREF: clear all browsing data on shutdown (except browser history)
+```javascript
+// PREF: clear browsing data on shutdown (except browser history)
 user_pref("privacy.sanitize.sanitizeOnShutdown", true);
 user_pref("privacy.clearOnShutdown.cache", true);
 user_pref("privacy.clearOnShutdown.cookies", true);
@@ -83,8 +78,8 @@ user_pref("browser.sessionstore.privacy_level", 2);
 ```
 
 #### Option 2: Clear all browsing data on shutdown
-```
-// PREF: clear browsing data on shutdown
+```javascript
+// PREF: clear all browsing data on shutdown
 user_pref("privacy.sanitize.sanitizeOnShutdown", true);
 user_pref("privacy.clearOnShutdown.history", true);
 user_pref("privacy.clearOnShutdown.formdata", true);
@@ -100,8 +95,6 @@ user_pref("browser.sessionstore.privacy_level", 2);
 
 You can allow exceptions if you want to stay logged in to some sites:
 * Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
-* For cross-domain logins, add exceptions for both sites
-    * e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
 
 ***
 
@@ -110,7 +103,7 @@ On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-
 
 Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
 
-```
+```javascript
 // PREF: disable telemetry of what default browser you use [WINDOWS]
 // [NOTE] Breaks "Make Default..." button in Settings.
 user_pref("default-browser-agent.enabled", false);
@@ -123,7 +116,7 @@ user_pref("default-browser-agent.enabled", false);
 
 :warning: Sometimes antivirus software — or some other [source](https://github.com/yokoffing/Betterfox/issues/232#issuecomment-1732346856) — won't let you open websites ([example](https://www.reddit.com/r/firefox/comments/16mlv15/kaspersky_cant_scan_encrypted_connections_with/)).
 
-```
+```javascript
 // PREF: enforce certificate pinning
 // [ERROR] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE
 user_pref("security.cert_pinning.enforcement_level", 2);
@@ -135,7 +128,7 @@ user_pref("security.cert_pinning.enforcement_level", 2);
 
 :warning: Some sites, like `EA.com`, will not let you login due to their weak encryption.
 
-```
+```javascript
 // PREF: require safe SSL negotiation
 // [ERROR] SSL_ERROR_UNSAFE_NEGOTIATION
 user_pref("security.ssl.require_safe_negotiation", true);
@@ -152,14 +145,39 @@ For subresources, the referer will only be sent to subdomains (e.g., `a.example.
 
 Most navigational "tracking" is harmless (i.e., the same for everyone) and effectively blocking cross-site referers just breaks a lot of sites.
 
-```
+```javascript
 // PREF: do not to send a referrer when navigating to a different site
 user_pref("network.http.referer.XOriginPolicy", 1);
 ```
 
 ***
 
+### Secure DNS
+Setup and enforce DNS-over-HTTPS (DoH).
+
+#### 1) Provider
+* Use the provider below for better [threat protection](https://quad9.net/service/threat-blocking/).
+* :star: Create a profile with [NextDNS](https://nextdns.io/?from=xujj63g5) and follow our [configuration guide](https://github.com/yokoffing/NextDNS-Config) for greater protection from ads, trackers, and security threats.
+```javascript
+// PREF: set DoH provider
+user_pref("network.trr.uri", "https://dns.quad9.net/dns-query");
+```
+
+#### 2) Mode
+* `3` has site-exceptions with a nice UI on the error page:
+    * Go to `☰` *→ Settings → Privacy & Security → DNS over HTTPS → Manage Exceptions*
+* :warning: Set to `2` if your workplace or university causes issues with alternative DNS.
+```javascript
+// PREF: enforce DNS-over-HTTPS (DoH)
+user_pref("network.trr.mode", 3);
+user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
+```
+
+***
+
 ### Fingerprinting
 Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
 
-By default, Firefox blocks [known](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) third-party fingerprinting requests. Betterfox does not enable [additional protection](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) known as `privacy.resistFingerprinting`. You can read why [here](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3).
\ No newline at end of file
+By default, Firefox blocks [known](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) third-party fingerprinting requests (`privacy.trackingprotection.fingerprinting.enabled`); and as of FF119+, ETP Strict also enables [additional fingerprinting protection](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) (`privacy.fingerprintingProtection`).
+
+Betterfox does not enable [additional protection](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) known as `privacy.resistFingerprinting`. You can read why [here](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3).
\ No newline at end of file