tidy

make 2635 active
it added as inactive in 140 due to bugs not fixed in time - seems stable now
2026-06-29 15:52:06 +05:30 · 2025-10-09 07:10:19 +00:00 · 2025-10-01 08:38:49 +00:00 · 2025-09-24 13:23:18 +00:00 · 2025-08-25 11:25:44 +00:00 · 2025-08-24 05:03:28 +00:00
3 changed files with 72 additions and 88 deletions
@@ -1,5 +1,3 @@
 This repo and the interative webpage linked below are the **_only official sources_** - do not trust any other sites claiming to be Arkenfox
 ### 🟪  user.js
 A `user.js` is a configuration file that can control Firefox settings - for a more technical breakdown and explanation, you can read more in the [wiki](https://github.com/arkenfox/user.js/wiki/2.1-User.js)
@@ -6,7 +6,7 @@
  There is an archived version at https://github.com/arkenfox/user.js/issues/123
  if you want the full list since jesus
-  Last updated: 19-December-2025
+  Last updated: 20-August-2025
  Instructions:
  - [optional] close Firefox and backup your profile
@@ -35,9 +35,6 @@
  const aPREFS = [
    /* DEPRECATED */
    /* 141-153 */
    'network.predictor.enabled', // 148
    'network.predictor.enable-prefetch', // 148
    /* 129-140 */
    'browser.shopping.experience2023.enabled', // 140
    'browser.urlbar.pocket.featureGate', // 140
@@ -80,9 +77,6 @@
    /* REMOVED */
    /* 141-153 */
    'browser.display.use_system_colors',
    'browser.urlbar.fakespot.featureGate',
    'keyword.enabled',
    'security.OCSP.enabled',
    'security.OCSP.require',
    /* 129-140 */
@@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 30 June 2026
+*    date: 15 October 2025
-* version: 151
+* version: 144
 *    urls: https://github.com/arkenfox/user.js [repo]
 *        : https://arkenfox.github.io/gui/ [interactive]
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -23,7 +23,6 @@
       [SETUP-SECURITY] it's one item, read it
            [SETUP-WEB] can cause some websites to break
         [SETUP-CHROME] changes how Firefox itself behaves (i.e. not directly website related)
         [SETUP-HARDEN] prefs you may like to add to overrides
  6. Override Recipes: https://github.com/arkenfox/user.js/issues/1080
 * RELEASES: https://github.com/arkenfox/user.js/releases
@@ -47,7 +46,7 @@
  0600: BLOCK IMPLICIT OUTBOUND
  0700: DNS / DoH / PROXY / SOCKS
  0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
-  0900: PASSWORDS / PASSKEYS
+  0900: PASSWORDS
  1000: DISK AVOIDANCE
  1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
  1600: REFERERS
@@ -84,7 +83,7 @@ user_pref("browser.aboutConfig.showWarning", false);
 user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
 /* 0102: set startup page [SETUP-CHROME]
 * 0=blank, 1=home, 2=last visited page, 3=resume previous session
- * [NOTE] Session Restore is cleared if history is also cleared (2811+), and not used in Private Browsing mode
+ * [NOTE] Session Restore is cleared with history (2811+), and not used in Private Browsing mode
 * [SETTING] General>Startup>Restore previous session ***/
 user_pref("browser.startup.page", 0);
 /* 0103: set HOME+NEWWINDOW page
@@ -161,16 +160,12 @@ user_pref("network.connectivity-service.enabled", false);
   SB has taken many steps to preserve privacy. If required, a full url is never sent
   to Google, only a part-hash of the prefix, hidden with noise of other real part-hashes.
   Firefox takes measures such as stripping out identifying parameters and since SBv4 (FF57+)
-   doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity).
+   doesn't even use cookies. (#Turn on browser.safebrowsing.debug to monitor this activity)
   FF147+ uses SBv5 which incorporates Oblivous HTTP [5] and SBv5's local list mode [6]
   [1] https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/
   [2] https://wiki.mozilla.org/Security/Safe_Browsing
   [3] https://support.mozilla.org/kb/how-does-phishing-and-malware-protection-work
   [4] https://educatedguesswork.org/posts/safe-browsing-privacy/
   [5] https://developers.google.com/safe-browsing/reference
   [6] https://developers.google.com/safe-browsing/reference/Local.List.Mode
 ***/
 user_pref("_user.js.parrot", "0400 syntax error: the parrot's passed on!");
 /* 0401: disable SB (Safe Browsing)
@@ -208,6 +203,9 @@ user_pref("network.prefetch-next", false);
 * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/
 user_pref("network.dns.disablePrefetch", true);
 user_pref("network.dns.disablePrefetchFromHTTPS", true);
 /* 0603: disable predictor / prefetching ***/
 user_pref("network.predictor.enabled", false); // [DEFAULT: false FF144+]
 user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
 /* 0604: disable link-mouseover opening connection to linked server
 * [1] https://news.slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests ***/
 user_pref("network.http.speculative-parallel-limit", 0);
@@ -286,17 +284,15 @@ user_pref("browser.urlbar.trending.featureGate", false);
 /* 0806: disable urlbar suggestions ***/
 user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
 user_pref("browser.urlbar.amp.featureGate", false); // [FF141+] adMarketplace
-user_pref("browser.urlbar.importantDates.featureGate", false); // [FF143+]
+user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false]
 user_pref("browser.urlbar.market.featureGate", false); // [FF143+] stock market
 user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+]
 user_pref("browser.urlbar.weather.featureGate", false); // [FF108+]
 user_pref("browser.urlbar.wikipedia.featureGate", false); // [FF141+]
 user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+]
 user_pref("browser.urlbar.yelpRealtime.featureGate", false); // [FF144+]
 /* 0807: disable urlbar clipboard suggestions [FF118+] ***/
   // user_pref("browser.urlbar.clipboard.featureGate", false);
 /* 0808: disable recent searches [FF120+]
- * [NOTE] Recent searches are cleared if history is cleared (2811+)
+ * [NOTE] Recent searches are cleared with history (2811+)
 * [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
   // user_pref("browser.urlbar.recentsearches.featureGate", false);
 /* 0810: disable search and form history
@@ -313,7 +309,7 @@ user_pref("browser.formfill.enable", false);
 /* 0820: disable coloring of visited links
 * [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
 * redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
- * attacks. History can also be cleared on exit (2811+). However, social engineering [2#limits][4][5]
+ * attacks. Don't forget clearing history on exit (2811+). However, social engineering [2#limits][4][5]
 * and advanced targeted timing attacks could still produce usable results
 * [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
 * [2] https://dbaron.org/mozilla/visited-privacy
@@ -326,7 +322,7 @@ user_pref("browser.formfill.enable", false);
 user_pref("browser.search.separatePrivateDefault", true); // [FF70+]
 user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+]
-/*** [SECTION 0900]: PASSWORDS / PASSKEYS
+/*** [SECTION 0900]: PASSWORDS
   [1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas
 ***/
 user_pref("_user.js.parrot", "0900 syntax error: the parrot's expired!");
@@ -352,9 +348,6 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
 /* 0907: enforce no automatic authentication on Microsoft sites [FF131+] [MAC]
 * On macOS, SSO only works on corporate devices ***/
   // user_pref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT: false]
 /* 0910: enforce no direct attestation in passkeys [FF144+]
   // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1981587 ***/
 user_pref("security.webauthn.always_allow_direct_attestation", false); // [DEFAULT: false]
 /*** [SECTION 1000]: DISK AVOIDANCE ***/
 user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
@@ -394,7 +387,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
 * but the problem is that the browser can't know that. Setting this pref to true is the only way for the
 * browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
 * [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
- * [STATS] SSL Labs (June 2025) reports almost 99.85% of top sites have secure renegotiation [4]
+ * [STATS] SSL Labs (May 2024) reports over 99.7% of top sites have secure renegotiation [4]
 * [1] https://wiki.mozilla.org/Security:Renegotiation
 * [2] https://datatracker.ietf.org/doc/html/rfc5746
 * [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@@ -421,7 +414,7 @@ user_pref("security.cert_pinning.enforcement_level", 2);
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
 * [2] https://blog.mozilla.org/security/tag/crlite/
 * [3] https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/ ***/
-user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true]
+user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+]
 user_pref("security.pki.crlite_mode", 2); // [DEFAULT: 2 FF142+]
 /** MIXED CONTENT ***/
@@ -537,8 +530,7 @@ user_pref("network.IDN_show_punycode", true);
 /* 2620: enforce PDFJS, disable PDFJS scripting
 * This setting controls if the option "Display in Firefox" is available in the setting below
 *   and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With")
- * [WHY] pdfjs is lightweight, open source, and secure: In the last 10 years it has only had
+ * [WHY] pdfjs is lightweight, open source, and secure: the last exploit was June 2015 [1]
 *   two known exploits, both in 2024: one 'Severe' and one 'Important' [1]
 *   It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
 *   It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
 * [NOTE] JS can still force a pdf to open in-browser by bundling its own code
@@ -599,26 +591,15 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
 * [SETTING] to add site exceptions: Urlbar>ETP Shield
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
 user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
-/* 2702: disable ETP web compat features (about:compat) [FF93+]
+/* 2702: disable ETP web compat features [FF93+]
 * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
 * Opener and redirect heuristics are granted for 30 days, see [3]
 * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
 * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
 * [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
   // user_pref("privacy.antitracking.enableWebcompat", false);
 /* 2705: set ETP Strict/Custom exception lists (FF141+)
 [SETTING] Options>Privacy & Security>Enhanced Tracking Protection>Strict/Custom>Fix major [baseline] | minor [convenience]
 [1] https://support.mozilla.org/en-US/kb/manage-enhanced-tracking-protection-exceptions
 [2] https://etp-exceptions.mozilla.org/ ***/
 user_pref("privacy.trackingprotection.allow_list.baseline.enabled", true); // [DEFAULT: true]
 user_pref("privacy.trackingprotection.allow_list.convenience.enabled", true); // [DEFAULT: true]
-/*** [SECTION 2800]: SHUTDOWN & SANITIZING
+/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
   We enable sanitizeOnShutdown to help prevent 1st party website tracking across sessions.
   We consider history/downloads, which are not accessible to websites, as orthogonal and exempt these
   [SETUP-HARDEN] to clear all history/downloads on close, add the appropriate overrides from 2800's
 ***/
 user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
 /* 2810: enable Firefox to clear items on shutdown
 * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811+), or manually via site data (2820+) and
@@ -629,11 +610,11 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true);
 /** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/
 /* 2811: set/enforce clearOnShutdown items (if 2810 is true) [SETUP-CHROME] [FF128+] ***/
 user_pref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [DEFAULT: true]
   // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [DEFAULT: false]
 /* 2812: set/enforce clearOnShutdown items [FF136+] ***/
-user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", false); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.downloads", false); // [HIDDEN]
+user_pref("privacy.clearOnShutdown_v2.downloads", true); // [HIDDEN]
 user_pref("privacy.clearOnShutdown_v2.formdata", true);
 /* 2813: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
 * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811+)
@@ -655,10 +636,10 @@ user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
 * [SETTING] Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data ***/
 user_pref("privacy.clearSiteData.cache", true); // [DEFAULT: true]
 user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
-user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
+user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
   // user_pref("privacy.clearSiteData.siteSettings", false);
 /* 2821: set manual "Clear Data" items [FF136+] ***/
-user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", false);
+user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true);
 user_pref("privacy.clearSiteData.formdata", true);
 /** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS ***/
@@ -667,10 +648,10 @@ user_pref("privacy.clearSiteData.formdata", true);
 * [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/
 user_pref("privacy.clearHistory.cache", true); // [DEFAULT: true]
 user_pref("privacy.clearHistory.cookiesAndStorage", false);
-user_pref("privacy.clearHistory.historyFormDataAndDownloads", false); // [DEFAULT: true]
+user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); // [DEFAULT: true]
   // user_pref("privacy.clearHistory.siteSettings", false); // [DEFAULT: false]
 /* 2831: set manual "Clear History" items [FF136+] ***/
-user_pref("privacy.clearHistory.browsingHistoryAndDownloads", false); // [DEFAULT: true]
+user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [DEFAULT: true]
 user_pref("privacy.clearHistory.formdata", true);
 /** SANITIZE MANUAL: TIMERANGE ***/
@@ -689,7 +670,6 @@ user_pref("privacy.sanitize.timeSpan", 0);
   on a per site basis for compatibility (4004).
   https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc
   https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting#w_how-does-each-protection-work
   [NOTE] RFPTargets + granular overrides are somewhat experimental and may produce unexpected results
   - e.g. FrameRate can only be controlled per process, not per origin
@@ -758,6 +738,10 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
      Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
   1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62)
   1479239 - return "no-preference" with prefers-reduced-motion (FF63)
   1363508 & 1826051 & 1957658 - spoof/suppress Pointer Events, spoof maxTouchPoints (FF64, FF132, FF143, ESR140.2)
       FF64: maxTouchPoints: 0 = desktop
      FF132: maxTouchPoints: 0 = mac | 10 = windows, linux, mobile
      FF143/140.2: maxTouchPoints: 0 = mac, linux | 10 = windows | 5 = mobile
   1492766 - spoof pointerEvent.pointerid (FF65)
   1485266 - disable exposure of system colors to CSS or canvas (FF67)
   1494034 - return "light" with prefers-color-scheme (FF67)
@@ -775,11 +759,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
   1787790 - normalize system fonts (FF128)
   1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128)
   1656377 - spoof pointerEvents azimuthAngle and altitudeAngle (FF131)
   1826051 & 1957658 & 2021715 - spoof/suppress Pointer Events, spoof maxTouchPoints (FF132, FF143/ESR140.2, FF150)
      previously FF64+ (1363508) it always returned maxTouchPoints as 0
      FF132: 0 = mac | 10 = windows, linux, mobile
      FF143: 0 = mac, linux | 10 = windows | 5 = mobile | no longer spoof touch PointerEvents | backported to ESR140.2
      FF150: 5 = linux
   1834307 - always use smooth scrolling (FF132)
   1918202 - spoof screen orientation based on spoofed screen size and platform (FF132)
      previously FF50+ it always returned landscape-primary and an angle of 0
@@ -794,9 +773,8 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
   1972600 - spoof network connection for HTMLMediaElement preload (FF142, ESR140.1)
   1975851 - return true for navigator.onLine (FF142, ESR140.1)
   1973265 - disable WebCodecs API (FF142)
-   1984333 - spoof navigator.hardwareConcurrency as 4 except mac return 8 (FF143)
+   1984333 - spoof navigator.hardwareConcurrency as 4 except mac return 8 (FF144+)
       previously FF55+ it returned 2
   1999126 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF147)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable RFP
@@ -838,10 +816,9 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
 user_pref("privacy.spoof_english", 1);
 /* 4507: skip browser.startup.blankWindow if RFP is used [FF136+] ***/
   // user_pref("privacy.resistFingerprinting.skipEarlyBlankFirstPaint", true); // [DEFAULT: true]
-/* 4510: enforce Contrast Control off [FF138+]
+/* 4510: disable using system colors
- * 0=automatic, 1=off, 2=custom
+ * [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
- * [SETTING] General>Language and Appearance>Contrast Control ***/
+user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
   // user_pref("browser.display.document_color_use", 1); // [DEFAULT: 1 NON-WINDOWS]
 /* 4511: disable using system accent colors ***/
 user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS]
 /* 4512: enforce links targeting new windows to open in a new tab instead
@@ -941,6 +918,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
   // user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
 /* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
   // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
 /* 5021: disable location bar using search
 * Don't leak URL typos to a search engine, give an error message instead
 * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
 * [NOTE] This does not affect explicit user action such as using search buttons in the
 * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/
   // user_pref("keyword.enabled", false);
 /*** [SECTION 5500]: OPTIONAL HARDENING
   Not recommended. Overriding these can cause breakage and performance issues,
@@ -1035,9 +1018,21 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
 /* 6012: enforce Quarantined Domains [FF115+]
 * [WHY] https://support.mozilla.org/kb/quarantined-domains ***/
 user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
-/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF140+ ***/
+/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF128+ ***/
-   // user_pref("browser.display.use_system_colors", "");
+   // user_pref("privacy.clearOnShutdown.cache", "");
-   // user_pref("browser.urlbar.fakespot.featureGate", "");
+   // user_pref("privacy.clearOnShutdown.cookies", "");
   // user_pref("privacy.clearOnShutdown.downloads", "");
   // user_pref("privacy.clearOnShutdown.formdata", "");
   // user_pref("privacy.clearOnShutdown.history", "");
   // user_pref("privacy.clearOnShutdown.offlineApps", "");
   // user_pref("privacy.clearOnShutdown.sessions", "");
   // user_pref("privacy.cpd.cache", "");
   // user_pref("privacy.cpd.cookies", "");
   // user_pref("privacy.cpd.formdata", "");
   // user_pref("privacy.cpd.history", "");
   // user_pref("privacy.cpd.offlineApps", "");
   // user_pref("privacy.cpd.sessions", "");
 /* 6051: prefsCleaner: reset previously active items removed from arkenfox FF140+ ***/
   // user_pref("security.OCSP.enabled", "");
   // user_pref("security.OCSP.require", "");
@@ -1064,7 +1059,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 /* 7003: disable non-modern cipher suites [1]
 * [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks
 * [1] https://browserleaks.com/ssl ***/
-   // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF150]
+   // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
   // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
   // user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
   // user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
@@ -1110,9 +1105,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
   // user_pref("extensions.systemAddon.update.enabled", false); // [FF62+]
   // user_pref("extensions.systemAddon.update.url", ""); // [FF44+]
 /* 7015: enable the DNT (Do Not Track) HTTP header
- * [WHY] Fingerprintable. In FF141+ DNT is never enabled. DNT is slated for deprecation [1]
+ * [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/
   [NOTE] In FF140, DNT is enforced with Tracking Protection which is used in ETP Strict (2701)
   [1] https://bugzilla.mozilla.org/1967420 ***/
   // user_pref("privacy.donottrackheader.enabled", true);
 /* 7016: customize ETP settings
 * [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled
@@ -1152,16 +1145,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 * [WHY] Passive and active fingerprinting. Mostly redundant with Tracking Protection
 * in ETP Strict (2701) and sanitizing on close (2800s) ***/
   // user_pref("privacy.globalprivacycontrol.enabled", true);
 /* 7022: bFPP (baselineFingerprintingProtection) [FF139+]
 * [WHY] Arkenfox only supports ETP Strict (2701) which enables FPP browser-wide (normal and private
 * browsing window contexts). If FPP is enabled in the same context as bFPP, FPP takes precedence.
   // user_pref("privacy.baselineFingerprintingProtection", true);
   // user_pref("privacy.baselineFingerprintingProtection.granularOverrides", "");
   // user_pref("privacy.baselineFingerprintingProtection.overrides", "");
 /*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING
-   [WHY] They are insufficient for fingerprinting protection and do more harm than good
+   [WHY] They are insufficient to help anti-fingerprinting and do more harm than good
-   [WARNING] DO NOT USE: they can interfere with built-in solutions such as RFP and FPP
+   [WARNING] DO NOT USE with RFP. RFP already covers these and they can interfere
 ***/
 user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan");
 /* 8001: prefsCleaner: reset items useless for anti-fingerprinting ***/
@@ -1191,8 +1178,6 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan
   Arkenfox does not consider Firefox telemetry to be a privacy or security concern - comments below.
   But since most arkenfox users prefer it disabled, we'll do that rather than cause overrides.
   READ: https://ritter.vg/blog-telemetry.html
   Opt-out
   - Telemetry is essential: a browser engine is a _very_ large complex beast costing billions to maintain
   - Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading
@@ -1219,7 +1204,7 @@ user_pref("datareporting.policy.dataSubmissionEnabled", false);
 /* 8501: disable Health Reports
 * [SETTING] Privacy & Security>Firefox Data Collection and Use>Send technical... data ***/
 user_pref("datareporting.healthreport.uploadEnabled", false);
-/* 8502: disable telemetry
+/* 0802: disable telemetry
 * The "unified" pref affects the behavior of the "enabled" pref
 * - If "unified" is false then "enabled" controls the telemetry module
 * - If "unified" is true then "enabled" only controls whether to record extended data
@@ -1254,13 +1239,20 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false);
 /*** [SECTION 9999]: DEPRECATED / RENAMED ***/
 user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
-/* ESR140.x still uses all the following prefs
+/* ESR128.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable active ones
-// FF148
+// FF132
-// 0603: disable predictor / prefetching
+// 2617: remove webchannel whitelist
-  // [-] https://bugzilla.mozilla.org/2006028
+   // [-] https://bugzilla.mozilla.org/1275612
-user_pref("network.predictor.enabled", false); // [DEFAULT: false FF144+]
+   // user_pref("webchannel.allowObject.urlWhitelist", "");
-user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
+// FF140
 // 0323: disable shopping experience [FF116+]
   // [-] https://bugzilla.mozilla.org/1964845
   // [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0
 user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
 // 0806: disable urlbar suggestions
   // [-] https://bugzilla.mozilla.org/1959497
 user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
 // ***/
 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	7007e28e4e	tidy	2025-10-09 07:10:19 +00:00
Thorin-Oakenpants	a05d90d612	make 2635 active it added as inactive in 140 due to bugs not fixed in time - seems stable now	2025-10-01 08:38:49 +00:00
Thorin-Oakenpants	0ef5f72c5f	tidy	2025-09-24 13:23:18 +00:00
Thorin-Oakenpants	c5087d6522	tidy	2025-08-25 11:25:44 +00:00
Thorin-Oakenpants	ff92cee8f0	update FPP info	2025-08-24 05:03:28 +00:00
Thorin-Oakenpants	934a339e41	add removed OCSP prefs to cleanup script	2025-08-20 16:10:56 +00:00
Thorin-Oakenpants	ae6242bded	remove OCSP, #1576	2025-08-20 16:01:10 +00:00
Thorin-Oakenpants	9ad1ce561f	v142	2025-08-19 10:49:32 +00:00