Updated Optional Hardening (markdown)

2026-06-12 07:30:47 +05:30 · 2026-04-21 12:10:28 -04:00
parent 801752378b
commit fba459bdd5
1 changed files with 44 additions and 53 deletions
@@ -222,6 +222,50 @@ For Option 2, you can create exceptions to stay logged in to some sites between
 ***
 ### JavaScript Optimization
 #### How compiler optimization works
 Browsers use a tiered system to process JavaScript.
 <details>
 <summary>read more</summary>
 1. **Interpreter**: reads the code line-by-line. This method works safely but runs slowly.
 2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple code. It boosts speed without complex logic that is easily exploitable.
 3. **JIT Optimizing Compiler**: Aggressively improves code performance, but creates a large area for attackers to exploit. [Nearly](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [half](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of all patched bugs in the V8 engine stem from this [optimization tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
 </details>
 #### Option 1: Disable compiler optimization
 Choosing this option is like disabling [JavaScript optimization](https://windowsreport.com/google-chrome-v8-security-setting/) in Chrome. Chrome turns off the optimizing compilers (Maglev and Turbofan) but keeps the interpreter (Ignition) and baseline compiler (Sparkplug). By doing this, you trade a small amount of speed to eliminate nearly [50%](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#is-jit-worth-it) of V8 security bugs, and you will rarely notice a drop in real-world performance. Browser security improves without breaking most websites.
 One downside to this approach is that browser benchmarks like Speedometer will show a performance hit with the optimizing compiler disabled. But remember: "Peak optimized code performance is not always correlated to [real-world performance](https://v8.dev/blog/real-world-performance), and in many situations embedders can maintain reasonable performance even in JIT-less mode" ([v8.dev](https://v8.dev/blog/jitless#:~:text=This,mode)).
 The optimizing compiler is like driving a 500-horsepower (HP) sports car to work: the additional HP rarely shortens your daily commute. You're trading peak *theoretical* speed for a much smaller attack surface.
 ```javascript
 // PREF: disable JIT optimization
 // This removes most of the attack surface
 // while keeping JIT functionality.
 user_pref("javascript.options.ion", false);
 user_pref("javascript.options.wasm_optimizingjit", false);
 ```
 #### Option 2: Disable JIT
 The prefs below are the equivalent to running Chrome with the `--jitless` flag. Expect more site issues when choosing this option.
 ```javascript
 // PREF: disable JIT compliation
 // WARNING: Some sites may malfunction.
 user_pref("javascript.options.ion", false);
 user_pref("javascript.options.baselinejit", false);
 user_pref("javascript.options.wasm_optimizingjit", false);
 user_pref("javascript.options.wasm_baselinejit", true);
 ```
 ***
 ### Disable DRM
 Privacy-conscious people often dislike Digital Rights Management (DRM) because it restricts what users can do with their devices and limits fair use rights.
@@ -242,59 +286,6 @@ user_pref("browser.eme.ui.enabled", false);
 ***
 ### JavaScript Optimization
 #### How compiler optimization works
 Browsers use a tiered system to process JavaScript. It is a trade-off between speed (performance) and safety (attack surface).
 <details>
 <summary>read more</summary>
 1. **Interpreter**: reads the code line-by-line. It is the safest but slowest.
 2. **Baseline JIT (Just-In-Time)**: Compiles code that runs frequently into simple code. It provides a good speed boost without complex logic that is easily exploitable.
 3. **Optimizing JIT** (Ion/TurboFan): Takes frequently run code and aggressively optimizes it based on assumptions. This is where most speed gains come from, but the complex logic required to guess and optimize creates a massive "attack surface" for exploits. Roughly half [1](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#:~:text=roughly%2045%25%20of%20CVEs%20issued%20for%20V8%20were%20related%20to%20the%20JIT%20engine) [2](https://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html#:~:text=Of%20all%20the%20patched%20security%20bugs%20in%20V8%20with%20known%20exploitation%2C%20disabling%20the%20optimizers%20would%20have%20mitigated%20~50%25) of V8 engine vulnerabilities are found in this [optimizing tier](https://www.zellic.io/blog/pwning-v8ctf/#v8-and-just-in-time-compilation).
 </details>
 #### Disable JIT optimization
 When you disable [V8 Optimization](https://windowsreport.com/google-chrome-v8-security-setting/) in Chrome, you are disabling Maglev (mid-tier optimizing compiler) and Turbofan (top-tier optimizer), but keeping Sparkplug (baseline compiler) and Ignition (interpreter).
 With modern CPUs and typical sites, you’ll rarely notice; some workloads may even be faster when avoiding JIT overhead for simple scripts. You won't notice any speed downsides and will have much better security without breaking most websites.
 Sites may break. A few JS/WASM-heavy web apps (e.g., complex editors, games, dashboards) may feel slower or misbehave. 
 ```javascript
 // PREF: disable IonMonkey (JIT optimization)
 // This is the equivalent of disabling Chrome's "Turbofan" optimizer.
 // It removes the complex attack surface while keeping basic JIT performance.
 user_pref("javascript.options.ion", false);
 ```
 #### WASM mitigations
 Disabling the optimization layer provides hardening without turning off WebAssembly entirely. You effectively remove most of the "zero-day" prone logic while allowing modern web apps to run smoothly.
 ```javascript
 // PREF: harden WASM
 user_pref("javascript.options.wasm_optimizingjit", false);
 ```
 #### Disable WASM
 > [!WARNING]
 > Some apps and websites will malfunction if you disable WASM.
 In Edge's version of disabling V8 Optimization ("[Enhance your security on the web](https://support.microsoft.com/en-us/microsoft-edge/enhance-your-security-on-the-web-with-microsoft-edge-b8199f13-b21b-4a08-a806-daed31a1929d)"), Edge is more likely to break websites because it disables WASM entirely and not just V8 optimization.
 If you disable WASM in Firefox, you might see similar breakage on sites that rely on it.
 ```javascript
 // PREF: disable WebAssembly
 // WARNING: This will break web-based games or heavy applications (like Google Earth).
 user_pref("javascript.options.wasm", false);
 ```
 ***
 ### Fingerprinting
 Fingerprinting is a high [threat model](https://thenewoil.org/en/guides/prologue/threat-model/) issue that is only [addressed](https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D#-fingerprinting) reasonably by Tor.<sup>[1](https://youtu.be/5NrbdO4yWek?t=4334)</sup> Please use the [Tor Browser](https://www.torproject.org) if your context calls for **anonymity** and not just reasonable **privacy**.<sup>^[*what's the difference?*](https://thenewoil.org/en/guides/prologue/secprivanon/)</sup>