From fba459bdd5df2a8d1bae4320530b44ca8ccbe5b6 Mon Sep 17 00:00:00 2001
From: yokoffing <11689349+yokoffing@users.noreply.github.com>
Date: Tue, 21 Apr 2026 12:10:28 -0400
Subject: [PATCH] Updated Optional Hardening (markdown)
---
Optional-Hardening.md | 97 ++++++++++++++++++++-----------------------
1 file changed, 44 insertions(+), 53 deletions(-)
diff --git a/Optional-Hardening.md b/Optional-Hardening.md
index a2a5201..ac89439 100644
--- a/Optional-Hardening.md
+++ b/Optional-Hardening.md
@@ -222,6 +222,50 @@ For Option 2, you can create exceptions to stay logged in to some sites between
***
+### JavaScript Optimization
+#### How compiler optimization works
+Browsers use a tiered system to process JavaScript.
+
+
+
+read more
+
+1. **Interpreter**: reads the code line-by-line. This method works safely but runs slowly.
+2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple code. It boosts speed without complex logic that is easily exploitable.
+3. **JIT Optimizing Compiler**: Aggressively improves code performance, but creates a large area for attackers to exploit. [Nearly](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [half](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of all patched bugs in the V8 engine stem from this [optimization tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
+
+
+
+#### Option 1: Disable compiler optimization
+
+Choosing this option is like disabling [JavaScript optimization](https://windowsreport.com/google-chrome-v8-security-setting/) in Chrome. Chrome turns off the optimizing compilers (Maglev and Turbofan) but keeps the interpreter (Ignition) and baseline compiler (Sparkplug). By doing this, you trade a small amount of speed to eliminate nearly [50%](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#is-jit-worth-it) of V8 security bugs, and you will rarely notice a drop in real-world performance. Browser security improves without breaking most websites.
+
+One downside to this approach is that browser benchmarks like Speedometer will show a performance hit with the optimizing compiler disabled. But remember: "Peak optimized code performance is not always correlated to [real-world performance](https://v8.dev/blog/real-world-performance), and in many situations embedders can maintain reasonable performance even in JIT-less mode" ([v8.dev](https://v8.dev/blog/jitless#:~:text=This,mode)).
+
+The optimizing compiler is like driving a 500-horsepower (HP) sports car to work: the additional HP rarely shortens your daily commute. You're trading peak *theoretical* speed for a much smaller attack surface.
+
+```javascript
+// PREF: disable JIT optimization
+// This removes most of the attack surface
+// while keeping JIT functionality.
+user_pref("javascript.options.ion", false);
+user_pref("javascript.options.wasm_optimizingjit", false);
+```
+
+#### Option 2: Disable JIT
+The prefs below are the equivalent to running Chrome with the `--jitless` flag. Expect more site issues when choosing this option.
+
+```javascript
+// PREF: disable JIT compliation
+// WARNING: Some sites may malfunction.
+user_pref("javascript.options.ion", false);
+user_pref("javascript.options.baselinejit", false);
+user_pref("javascript.options.wasm_optimizingjit", false);
+user_pref("javascript.options.wasm_baselinejit", true);
+```
+
+***
+
### Disable DRM
Privacy-conscious people often dislike Digital Rights Management (DRM) because it restricts what users can do with their devices and limits fair use rights.
@@ -242,59 +286,6 @@ user_pref("browser.eme.ui.enabled", false);
***
-### JavaScript Optimization
-#### How compiler optimization works
-Browsers use a tiered system to process JavaScript. It is a trade-off between speed (performance) and safety (attack surface).
-
-
-
-read more
-
-1. **Interpreter**: reads the code line-by-line. It is the safest but slowest.
-2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple code. It provides a good speed boost without complex logic that is easily exploitable.
-3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions. This is where most speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
-
-
-
-#### Disable JIT optimization
-When you disable [V8 Optimization](https://windowsreport.com/google-chrome-v8-security-setting/) in Chrome, you are disabling Maglev (mid-tier optimizing compiler) and Turbofan (top-tier optimizer), but keeping Sparkplug (baseline compiler) and Ignition (interpreter).
-
-With modern CPUs and typical sites, you’ll rarely notice; some workloads may even be faster when avoiding JIT overhead for simple scripts. You won't notice any speed downsides and will have much better security without breaking most websites.
-
-Sites may break. A few JS/WASM-heavy web apps (e.g., complex editors, games, dashboards) may feel slower or misbehave.
-
-```javascript
-// PREF: disable IonMonkey (JIT optimization)
-// This is the equivalent of disabling Chrome's "Turbofan" optimizer.
-// It removes the complex attack surface while keeping basic JIT performance.
-user_pref("javascript.options.ion", false);
-```
-
-#### WASM mitigations
-Disabling the optimization layer provides hardening without turning off WebAssembly entirely. You effectively remove most of the "zero-day" prone logic while allowing modern web apps to run smoothly.
-
-```javascript
-// PREF: harden WASM
-user_pref("javascript.options.wasm_optimizingjit", false);
-```
-
-#### Disable WASM
-
-> [!WARNING]
-> Some apps and websites will malfunction if you disable WASM.
-
-In Edge's version of disabling V8 Optimization ("[Enhance your security on the web](https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d)"), Edge is more likely to break websites because it disables WASM entirely and not just V8 optimization.
-
-If you disable WASM in Firefox, you might see similar breakage on sites that rely on it.
-
-```javascript
-// PREF: disable WebAssembly
-// WARNING: This will break web-based games or heavy applications (like Google Earth).
-user_pref("javascript.options.wasm", false);
-```
-
-***
-
### Fingerprinting
Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threat-model/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.[1](https://youtu.be/5NrbdO4yWek?t=4334) Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)