From e40b0f96dcd46c3996cf8bb7f7d52d2cbc8c5e49 Mon Sep 17 00:00:00 2001
From: HJ <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 22 Aug 2023 22:36:17 -0400
Subject: [PATCH] Updated Optional Hardening (markdown)

---
 Optional-Hardening.md | 75 ++++++++++++++++++++++---------------------
 1 file changed, 38 insertions(+), 37 deletions(-)

diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index b02412c..c47090c 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -9,7 +9,7 @@ See [Common Overrides](https://github.com/yokoffing/Betterfox/wiki/Common-Overri
 ***
 
 ### Block embedded social posts on webpages
-This matches the default behavior of Strict [Enhanced Tracking Protection](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection).
+This matches the default behavior of [Strict](https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop#w_strict-enhanced-tracking-protection) Enhanced Tracking Protection.
 ```
 // PREF: do not allow embedded tweets, Instagram, Reddit, and Tiktok posts
 user_pref("urlclassifier.trackingSkipURLs", "");
@@ -44,6 +44,7 @@ user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
 ***
 
 ### SameSite Cookies
+[SameSite Cookies](https://github.com/yokoffing/Betterfox/blob/79b6694680e73c8cd4ebf781f87d978a06086284/Securefox.js#L141-L150) help prevent cross-site request forgery (CSRF) attacks. They are used to ensure that a website can only be accessed by the same origin that set the cookie, and not by any other website. This helps protect your browser from unauthorized access and data theft.
 ```
 // PREF: enable SameSite Cookies
 user_pref("network.cookie.sameSite.laxByDefault", true);
@@ -53,41 +54,6 @@ user_pref("network.cookie.sameSite.schemeful", true);
 
 ***
 
-### `default-browser-agent` (Windows only)
-On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser.
-
-Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
-
-```
-// PREF: disable telemetry of what default browser you use [WINDOWS]
-// [NOTE] Breaks "Make Default..." button in Settings.
-user_pref("default-browser-agent.enabled", false);
-```
-
-***
-
-### Sanitize on close
-**Clear browsing data** on shutdown:
-* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
-
-You can **allow exceptions** if you want to stay logged in to some sites:
-* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
-* For cross-domain logins, add exceptions for both sites
-    * e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
-```
-// PREF: clear browsing data on shutdown, while respecting site exceptions
-user_pref("privacy.sanitize.sanitizeOnShutdown", true);
-user_pref("privacy.clearOnShutdown.history", true);
-user_pref("privacy.clearOnShutdown.downloads", true);
-user_pref("privacy.clearOnShutdown.formdata", true);
-user_pref("privacy.clearOnShutdown.sessions", true);
-user_pref("privacy.clearOnShutdown.offlineApps", true);
-user_pref("privacy.clearOnShutdown.siteSettings", false);
-user_pref("browser.sessionstore.privacy_level", 2);
-```
-
-***
-
 ### Secure DNS (DoH setup)
 1) `network.trr.uri`: Use the one provided, or customize how DoH protects you.
    * [Create a profile](https://nextdns.io/?from=xujj63g5) with NextDNS and follow our [configuration guide](https://github.com/yokoffing/NextDNS-Config).
@@ -104,6 +70,41 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
 
 ***
 
+### Sanitize on close
+Clear browsing data on shutdown:
+* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Delete cookies and site data when Firefox is closed*
+
+You can allow exceptions if you want to stay logged in to some sites:
+* Go to `☰` *→ Settings → Privacy & Security → Cookies and Site Data → Manage Exceptions*
+* For cross-domain logins, add exceptions for both sites
+    * e.g. `https://www.youtube.com` (site) + `https://accounts.google.com` (single sign on)
+```
+// PREF: clear browsing data on shutdown, while respecting site exceptions
+user_pref("privacy.sanitize.sanitizeOnShutdown", true);
+user_pref("privacy.clearOnShutdown.history", true);
+user_pref("privacy.clearOnShutdown.downloads", true);
+user_pref("privacy.clearOnShutdown.formdata", true);
+user_pref("privacy.clearOnShutdown.sessions", true);
+user_pref("privacy.clearOnShutdown.offlineApps", true);
+user_pref("privacy.clearOnShutdown.siteSettings", false);
+user_pref("browser.sessionstore.privacy_level", 2);
+```
+
+***
+
+### `default-browser-agent` (Windows only)
+On Windows, Mozilla [collects information](https://techdows.com/2020/04/what-is-firefox-default-browser-agent-and-how-to-disable-it.html) on what you've set as your default browser. However, disabling `default-browser-agent.enabled` also breaks the `Make Default...` button to set Firefox as the default browser.
+
+Add it to your overrides if you do not use this part of the UI (or already have Firefox set as the default browser).
+
+```
+// PREF: disable telemetry of what default browser you use [WINDOWS]
+// [NOTE] Breaks "Make Default..." button in Settings.
+user_pref("default-browser-agent.enabled", false);
+```
+
+***
+
 ### Cross-origin referrer
 Do not send a [referer](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer) when navigating to a different site (e.g., `google.com` → `facebook.com`).
 
@@ -120,4 +121,4 @@ user_pref("network.http.referer.XOriginPolicy", 1);
 ### Fingerprinting
 Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threatmodel/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>
 
-By default, Firefox blocks third-party [requests known for fingerprinting](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/). However, Betterfox does not use [additional protections](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) enabled by `privacy.resistFingerprinting`. [This is why.](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3)
\ No newline at end of file
+By default, Firefox blocks [known](https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/) third-party fingerprinting requests. Betterfox does not enable [additional protection](https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting) known as `privacy.resistFingerprinting`. You can read why [here](https://old.reddit.com/r/firefox/comments/wuqpgi/are_there_any_aboutconfig_tweaks_to_get_smooth/ile3whx/?context=3).
\ No newline at end of file