diff options
Diffstat (limited to '')
-rw-r--r-- | debian/local/pref/user.js | 220 |
1 files changed, 0 insertions, 220 deletions
diff --git a/debian/local/pref/user.js b/debian/local/pref/user.js index eeded720b6..f59476804b 100644 --- a/debian/local/pref/user.js +++ b/debian/local/pref/user.js @@ -67,9 +67,6 @@ 2700: PERSISTENT STORAGE 2800: SHUTDOWN 4000: FPI (FIRST PARTY ISOLATION) - 4500: RFP (RESIST FINGERPRINTING) - 4600: RFP ALTERNATIVES - 4700: RFP ALTERNATIVES (USER AGENT SPOOFING) 5000: PERSONAL 9999: DEPRECATED / REMOVED / LEGACY / RENAMED @@ -1268,223 +1265,6 @@ user_pref("privacy.firstparty.isolate", true); * and some site exceptions may not work e.g. HTTPS-only mode (see 1244) ***/ // user_pref("privacy.firstparty.isolate.use_site", true); -/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) - RFP covers a wide range of ongoing fingerprinting solutions. - It is an all-or-nothing buy in: you cannot pick and choose what parts you want - - [WARNING] Do NOT use extensions to alter RFP protected metrics - [WARNING] Do NOT use prefs in section 4600 with RFP as they can interfere - - FF41+ - 418986 - limit window.screen & CSS media queries leaking identifiable info - [TEST] https://arkenfox.github.io/TZP/tzp.html#screen - FF50+ - 1281949 - spoof screen orientation - 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) - FF55+ - 1330890 - spoof timezone as UTC 0 - 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) - 1217238 - reduce precision of time exposed by javascript - FF56+ - 1369303 - spoof/disable performance API (see 4602, 4603) - 1333651 - spoof User Agent & Navigator API (see section 4700) - JS: FF78+ the version is spoofed as 78, and the OS as Windows 10, OS 10.15, Android 9, or Linux - HTTP Headers: spoofed as Windows or Android - 1369319 - disable device sensor API (see 4604) - 1369357 - disable site specific zoom (see 4605) - 1337161 - hide gamepads from content (see 4606) - 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) - 1333641 - reduce fingerprinting in WebSpeech API (see 4608) - FF57+ - 1369309 - spoof media statistics (see 4610) - 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) - 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) - 1382545 - reduce fingerprinting in Animation API - 1354633 - limit MediaError.message to a whitelist - 1382533 - enable fingerprinting resistance for Presentation API - This blocks exposure of local IP Addresses via mDNS (Multicast DNS) - FF58+ - 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction - FF59+ - 1372073 - spoof/block fingerprinting in MediaDevices API - Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if - media.navigator.enabled is true (see 2505 which we chose to keep disabled) - Block: suppresses the ondevicechange event (see 4612) - 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) - 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events - Spoofing mimics the content language of the document. Currently it only supports en-US. - Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. - FF60-67 - 1337157 - disable WebGL debug renderer info (see 4613) (FF60+) - 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) - 1479239 - return "no-preference" with prefers-reduced-motion (see 4614) (FF63+) - 1363508 - spoof/suppress Pointer Events (see 4615) (FF64+) - FF65: pointerEvent.pointerid (1492766) - 1485266 - disable exposure of system colors to CSS or canvas (see 4616) (FF67+) - 1407366 - enable inner window letterboxing (see 4504) (FF67+) - 1494034 - return "light" with prefers-color-scheme (see 4617) (FF67+) - FF68-77 - 1564422 - spoof audioContext outputLatency (FF70+) - 1595823 - spoof audioContext sampleRate (FF72+) - 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) - FF78+ - 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) - 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+) - 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) -***/ -user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs"); -/* 4501: enable privacy.resistFingerprinting [FF41+] - * This pref is the master switch for all other privacy.resist* prefs unless stated - * [SETUP-WEB] RFP can cause the odd website to break in strange ways, and has a few side affects, - * but is largely robust nowadays. Give it a try. Your choice. Also see 4504 (letterboxing). - * [1] https://bugzilla.mozilla.org/418986 ***/ -user_pref("privacy.resistFingerprinting", true); -/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] - * Width will round down to multiples of 200s and height to 100s, to fit your screen. - * The override values are a starting point to round from if you want some control - * [1] https://bugzilla.mozilla.org/1330882 ***/ - // user_pref("privacy.window.maxInnerWidth", 1000); - // user_pref("privacy.window.maxInnerHeight", 1000); -/* 4503: disable mozAddonManager Web API [FF57+] - * [NOTE] To allow extensions to work on AMO, you also need 2662 - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ -user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF] -/* 4504: enable RFP letterboxing [FF67+] - * Dynamically resizes the inner window by applying margins in stepped ranges [2] - * If you use the dimension pref, then it will only apply those resolutions. The format is - * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") - * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but - * dislike margins being applied, then flip this pref, keeping in mind that it is effectively fingerprintable - * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it - * [1] https://bugzilla.mozilla.org/1407366 - * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ -user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF] - // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] -/* 4510: disable showing about:blank as soon as possible during startup [FF60+] - * When default true this no longer masks the RFP chrome resizing activity - * [1] https://bugzilla.mozilla.org/1448423 ***/ -user_pref("browser.startup.blankWindow", false); -/* 4520: disable chrome animations [FF77+] [RESTART] - * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ -user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF] - -/*** [SECTION 4600]: RFP ALTERNATIVES - [WARNING] Do NOT use prefs in this section with RFP as they can interfere -***/ -user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan"); -/* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these -// FF55+ -// 4601: [2514] spoof (or limit?) number of CPU cores [FF48+] - // [NOTE] *may* affect core chrome/Firefox performance, will affect content. - // [1] https://bugzilla.mozilla.org/1008453 - // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675 - // [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127 - // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency - // user_pref("dom.maxHardwareConcurrency", 2); -// * * * / -// FF56+ -// 4602: [2411] disable resource/navigation timing -user_pref("dom.enable_resource_timing", false); -// 4603: [2412] disable timing attacks - // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI -user_pref("dom.enable_performance", false); -// 4604: [2512] disable device sensor API - // Optional protection depending on your device - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758 - // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/ - // [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751 - // user_pref("device.sensors.enabled", false); -// 4605: [2515] disable site specific zoom - // Zoom levels affect screen res and are highly fingerprintable. This does not stop you using - // zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs - // and new windows are reset to default and only the current tab retains the current zoom -user_pref("browser.zoom.siteSpecific", false); -// 4606: [2501] disable gamepad API - USB device ID enumeration - // Optional protection depending on your connected devices - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023 - // user_pref("dom.gamepad.enabled", false); -// 4607: [2503] disable giving away network info [FF31+] - // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none - // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API - // [2] https://wicg.github.io/netinfo/ - // [3] https://bugzilla.mozilla.org/960426 -user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android] -// 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API - // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API - // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis - // [3] https://wiki.mozilla.org/HTML5_Speech_API -user_pref("media.webspeech.synth.enabled", false); -// * * * / -// FF57+ -// 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+] - // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757 - // [2] https://bugzilla.mozilla.org/654550 -user_pref("media.video_stats.enabled", false); -// 4611: [2509] disable touch events - // fingerprinting attack vector - leaks screen res & actual screen coordinates - // 0=disabled, 1=enabled, 2=autodetect - // Optional protection depending on your device - // [1] https://developer.mozilla.org/docs/Web/API/Touch_events - // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286 - // user_pref("dom.w3c_touch_events.enabled", 0); -// * * * / -// FF59+ -// 4612: [2511] disable MediaDevices change detection [FF51+] - // [1] https://developer.mozilla.org/docs/Web/Events/devicechange - // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange -user_pref("media.ondevicechange.enabled", false); -// * * * / -// FF60+ -// 4613: [2011] disable WebGL debug info being available to websites - // [1] https://bugzilla.mozilla.org/1171228 - // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info -user_pref("webgl.enable-debug-renderer-info", false); -// * * * / -// FF63+ -// 4614: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART] - // 0=no-preference, 1=reduce -user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF] -// FF64+ -// 4615: [2516] disable PointerEvents - // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent -user_pref("dom.w3c_pointer_events.enabled", false); -// * * * / -// FF67+ -// 4616: [2618] disable exposure of system colors to CSS or canvas [FF44+] - // [NOTE] See second listed bug: may cause black on black for elements with undefined colors - // [SETUP-CHROME] Might affect CSS in themes and extensions - // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876 -user_pref("ui.use_standins_for_native_colors", true); -// 4617: enforce prefers-color-scheme as light [FF67+] - // 0=light, 1=dark : This overrides your OS value -user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF] -// FF80+ -// 4618: limit font visibility (non-ANDROID) [FF79+] - // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1] - // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts - // [NOTE] Bundled fonts are auto-allowed - // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc -user_pref("layout.css.font-visibility.level", 1); -// * * * / -// ***/ - -/*** [SECTION 4700]: RFP ALTERNATIVES (USER AGENT SPOOFING) - These prefs are insufficient and leak. Use RFP and **nothing else** - - Many of the user agent components can be derived by other means. When those - values differ, you provide more bits and raise entropy. Examples include - workers, iframes, headers, tcp/ip attributes, feature detection, and many more - - Web extensions also lack APIs to fully protect spoofing -***/ -user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow"); -/* 4701: navigator DOM object overrides - * [WARNING] DO NOT USE ***/ - // user_pref("general.appname.override", ""); // [HIDDEN PREF] - // user_pref("general.appversion.override", ""); // [HIDDEN PREF] - // user_pref("general.buildID.override", ""); // [HIDDEN PREF] - // user_pref("general.oscpu.override", ""); // [HIDDEN PREF] - // user_pref("general.platform.override", ""); // [HIDDEN PREF] - // user_pref("general.useragent.override", ""); // [HIDDEN PREF] - /*** [SECTION 5000]: PERSONAL Non-project related but useful. If any of these interest you, add them to your overrides ***/ user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!"); |