summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--debian/local/pref/user.js220
1 files changed, 0 insertions, 220 deletions
diff --git a/debian/local/pref/user.js b/debian/local/pref/user.js
index eeded720b6..f59476804b 100644
--- a/debian/local/pref/user.js
+++ b/debian/local/pref/user.js
@@ -67,9 +67,6 @@
2700: PERSISTENT STORAGE
2800: SHUTDOWN
4000: FPI (FIRST PARTY ISOLATION)
- 4500: RFP (RESIST FINGERPRINTING)
- 4600: RFP ALTERNATIVES
- 4700: RFP ALTERNATIVES (USER AGENT SPOOFING)
5000: PERSONAL
9999: DEPRECATED / REMOVED / LEGACY / RENAMED
@@ -1268,223 +1265,6 @@ user_pref("privacy.firstparty.isolate", true);
* and some site exceptions may not work e.g. HTTPS-only mode (see 1244) ***/
// user_pref("privacy.firstparty.isolate.use_site", true);
-/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
- RFP covers a wide range of ongoing fingerprinting solutions.
- It is an all-or-nothing buy in: you cannot pick and choose what parts you want
-
- [WARNING] Do NOT use extensions to alter RFP protected metrics
- [WARNING] Do NOT use prefs in section 4600 with RFP as they can interfere
-
- FF41+
- 418986 - limit window.screen & CSS media queries leaking identifiable info
- [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
- FF50+
- 1281949 - spoof screen orientation
- 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+)
- FF55+
- 1330890 - spoof timezone as UTC 0
- 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601)
- 1217238 - reduce precision of time exposed by javascript
- FF56+
- 1369303 - spoof/disable performance API (see 4602, 4603)
- 1333651 - spoof User Agent & Navigator API (see section 4700)
- JS: FF78+ the version is spoofed as 78, and the OS as Windows 10, OS 10.15, Android 9, or Linux
- HTTP Headers: spoofed as Windows or Android
- 1369319 - disable device sensor API (see 4604)
- 1369357 - disable site specific zoom (see 4605)
- 1337161 - hide gamepads from content (see 4606)
- 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607)
- 1333641 - reduce fingerprinting in WebSpeech API (see 4608)
- FF57+
- 1369309 - spoof media statistics (see 4610)
- 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611)
- 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12)
- 1382545 - reduce fingerprinting in Animation API
- 1354633 - limit MediaError.message to a whitelist
- 1382533 - enable fingerprinting resistance for Presentation API
- This blocks exposure of local IP Addresses via mDNS (Multicast DNS)
- FF58+
- 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction
- FF59+
- 1372073 - spoof/block fingerprinting in MediaDevices API
- Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if
- media.navigator.enabled is true (see 2505 which we chose to keep disabled)
- Block: suppresses the ondevicechange event (see 4612)
- 1039069 - warn when language prefs are set to non en-US (see 0210, 0211)
- 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events
- Spoofing mimics the content language of the document. Currently it only supports en-US.
- Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
- FF60-67
- 1337157 - disable WebGL debug renderer info (see 4613) (FF60+)
- 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+)
- 1479239 - return "no-preference" with prefers-reduced-motion (see 4614) (FF63+)
- 1363508 - spoof/suppress Pointer Events (see 4615) (FF64+)
- FF65: pointerEvent.pointerid (1492766)
- 1485266 - disable exposure of system colors to CSS or canvas (see 4616) (FF67+)
- 1407366 - enable inner window letterboxing (see 4504) (FF67+)
- 1494034 - return "light" with prefers-color-scheme (see 4617) (FF67+)
- FF68-77
- 1564422 - spoof audioContext outputLatency (FF70+)
- 1595823 - spoof audioContext sampleRate (FF72+)
- 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+)
- FF78+
- 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+)
- 1653987 - limit font visibility to bundled and "Base Fonts" (see 4618) (non-ANDROID) (FF80+)
- 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+)
-***/
-user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
-/* 4501: enable privacy.resistFingerprinting [FF41+]
- * This pref is the master switch for all other privacy.resist* prefs unless stated
- * [SETUP-WEB] RFP can cause the odd website to break in strange ways, and has a few side affects,
- * but is largely robust nowadays. Give it a try. Your choice. Also see 4504 (letterboxing).
- * [1] https://bugzilla.mozilla.org/418986 ***/
-user_pref("privacy.resistFingerprinting", true);
-/* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME]
- * Width will round down to multiples of 200s and height to 100s, to fit your screen.
- * The override values are a starting point to round from if you want some control
- * [1] https://bugzilla.mozilla.org/1330882 ***/
- // user_pref("privacy.window.maxInnerWidth", 1000);
- // user_pref("privacy.window.maxInnerHeight", 1000);
-/* 4503: disable mozAddonManager Web API [FF57+]
- * [NOTE] To allow extensions to work on AMO, you also need 2662
- * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
-user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF]
-/* 4504: enable RFP letterboxing [FF67+]
- * Dynamically resizes the inner window by applying margins in stepped ranges [2]
- * If you use the dimension pref, then it will only apply those resolutions. The format is
- * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900")
- * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but
- * dislike margins being applied, then flip this pref, keeping in mind that it is effectively fingerprintable
- * [WARNING] The dimension pref is only meant for testing, and we recommend you DO NOT USE it
- * [1] https://bugzilla.mozilla.org/1407366
- * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
-user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
- // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
-/* 4510: disable showing about:blank as soon as possible during startup [FF60+]
- * When default true this no longer masks the RFP chrome resizing activity
- * [1] https://bugzilla.mozilla.org/1448423 ***/
-user_pref("browser.startup.blankWindow", false);
-/* 4520: disable chrome animations [FF77+] [RESTART]
- * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/
-user_pref("ui.prefersReducedMotion", 1); // [HIDDEN PREF]
-
-/*** [SECTION 4600]: RFP ALTERNATIVES
- [WARNING] Do NOT use prefs in this section with RFP as they can interfere
-***/
-user_pref("_user.js.parrot", "4600 syntax error: the parrot's crossed the Jordan");
-/* [SETUP-non-RFP] Non-RFP users replace the * with a slash on this line to enable these
-// FF55+
-// 4601: [2514] spoof (or limit?) number of CPU cores [FF48+]
- // [NOTE] *may* affect core chrome/Firefox performance, will affect content.
- // [1] https://bugzilla.mozilla.org/1008453
- // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21675
- // [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22127
- // [4] https://html.spec.whatwg.org/multipage/workers.html#navigator.hardwareconcurrency
- // user_pref("dom.maxHardwareConcurrency", 2);
-// * * * /
-// FF56+
-// 4602: [2411] disable resource/navigation timing
-user_pref("dom.enable_resource_timing", false);
-// 4603: [2412] disable timing attacks
- // [1] https://wiki.mozilla.org/Security/Reviews/Firefox/NavigationTimingAPI
-user_pref("dom.enable_performance", false);
-// 4604: [2512] disable device sensor API
- // Optional protection depending on your device
- // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15758
- // [2] https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
- // [3] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1357733,1292751
- // user_pref("device.sensors.enabled", false);
-// 4605: [2515] disable site specific zoom
- // Zoom levels affect screen res and are highly fingerprintable. This does not stop you using
- // zoom, it will just not use/remember any site specific settings. Zoom levels on new tabs
- // and new windows are reset to default and only the current tab retains the current zoom
-user_pref("browser.zoom.siteSpecific", false);
-// 4606: [2501] disable gamepad API - USB device ID enumeration
- // Optional protection depending on your connected devices
- // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13023
- // user_pref("dom.gamepad.enabled", false);
-// 4607: [2503] disable giving away network info [FF31+]
- // e.g. bluetooth, cellular, ethernet, wifi, wimax, other, mixed, unknown, none
- // [1] https://developer.mozilla.org/docs/Web/API/Network_Information_API
- // [2] https://wicg.github.io/netinfo/
- // [3] https://bugzilla.mozilla.org/960426
-user_pref("dom.netinfo.enabled", false); // [DEFAULT: true on Android]
-// 4608: [2021] disable the SpeechSynthesis (Text-to-Speech) part of the Web Speech API
- // [1] https://developer.mozilla.org/docs/Web/API/Web_Speech_API
- // [2] https://developer.mozilla.org/docs/Web/API/SpeechSynthesis
- // [3] https://wiki.mozilla.org/HTML5_Speech_API
-user_pref("media.webspeech.synth.enabled", false);
-// * * * /
-// FF57+
-// 4610: [2506] disable video statistics - JS performance fingerprinting [FF25+]
- // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/15757
- // [2] https://bugzilla.mozilla.org/654550
-user_pref("media.video_stats.enabled", false);
-// 4611: [2509] disable touch events
- // fingerprinting attack vector - leaks screen res & actual screen coordinates
- // 0=disabled, 1=enabled, 2=autodetect
- // Optional protection depending on your device
- // [1] https://developer.mozilla.org/docs/Web/API/Touch_events
- // [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10286
- // user_pref("dom.w3c_touch_events.enabled", 0);
-// * * * /
-// FF59+
-// 4612: [2511] disable MediaDevices change detection [FF51+]
- // [1] https://developer.mozilla.org/docs/Web/Events/devicechange
- // [2] https://developer.mozilla.org/docs/Web/API/MediaDevices/ondevicechange
-user_pref("media.ondevicechange.enabled", false);
-// * * * /
-// FF60+
-// 4613: [2011] disable WebGL debug info being available to websites
- // [1] https://bugzilla.mozilla.org/1171228
- // [2] https://developer.mozilla.org/docs/Web/API/WEBGL_debug_renderer_info
-user_pref("webgl.enable-debug-renderer-info", false);
-// * * * /
-// FF63+
-// 4614: enforce prefers-reduced-motion as no-preference [FF63+] [RESTART]
- // 0=no-preference, 1=reduce
-user_pref("ui.prefersReducedMotion", 0); // [HIDDEN PREF]
-// FF64+
-// 4615: [2516] disable PointerEvents
- // [1] https://developer.mozilla.org/en-US/docs/Web/API/PointerEvent
-user_pref("dom.w3c_pointer_events.enabled", false);
-// * * * /
-// FF67+
-// 4616: [2618] disable exposure of system colors to CSS or canvas [FF44+]
- // [NOTE] See second listed bug: may cause black on black for elements with undefined colors
- // [SETUP-CHROME] Might affect CSS in themes and extensions
- // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=232227,1330876
-user_pref("ui.use_standins_for_native_colors", true);
-// 4617: enforce prefers-color-scheme as light [FF67+]
- // 0=light, 1=dark : This overrides your OS value
-user_pref("ui.systemUsesDarkTheme", 0); // [HIDDEN PREF]
-// FF80+
-// 4618: limit font visibility (non-ANDROID) [FF79+]
- // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1]
- // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
- // [NOTE] Bundled fonts are auto-allowed
- // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
-user_pref("layout.css.font-visibility.level", 1);
-// * * * /
-// ***/
-
-/*** [SECTION 4700]: RFP ALTERNATIVES (USER AGENT SPOOFING)
- These prefs are insufficient and leak. Use RFP and **nothing else**
- - Many of the user agent components can be derived by other means. When those
- values differ, you provide more bits and raise entropy. Examples include
- workers, iframes, headers, tcp/ip attributes, feature detection, and many more
- - Web extensions also lack APIs to fully protect spoofing
-***/
-user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow");
-/* 4701: navigator DOM object overrides
- * [WARNING] DO NOT USE ***/
- // user_pref("general.appname.override", ""); // [HIDDEN PREF]
- // user_pref("general.appversion.override", ""); // [HIDDEN PREF]
- // user_pref("general.buildID.override", ""); // [HIDDEN PREF]
- // user_pref("general.oscpu.override", ""); // [HIDDEN PREF]
- // user_pref("general.platform.override", ""); // [HIDDEN PREF]
- // user_pref("general.useragent.override", ""); // [HIDDEN PREF]
-
/*** [SECTION 5000]: PERSONAL
Non-project related but useful. If any of these interest you, add them to your overrides ***/
user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");