search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
10.11k stars 515 forks source link

Missing on the script please add #1071

Closed samuraikid0 closed 3 years ago

samuraikid0 commented 3 years ago

Hi there ! Before all thanks for your work ! Here are some additions i notice your script didn't add on my firefox 

browser.cache.offline.enable

Whether web applications and sites can use an offline cache on the local system.

    True: Web applications may use an offline cache (default)
    False: Offline cache functionality is disabled.

browser.cache.memory.enable

Whether a memory cache is used by the browser.

    True: Firefox will make use of a memory cache.
    False: The browser's memory cache is disabled and thus not used.

beacon.enabled

Sends data to servers when leaving pages.

    True: Feature is enabled and web apps can make use of it (default).
    False: Disables the feature.

browser.fixup.alternate.enabled

Defines whether Firefox's "fixup" feature is used.

    True: Will use fixup to automatically add prefix and suffix to single words you enter in the browser's address bar. (default)
    False: Won't use it which means that Firefox will always redirect to search, even for single word entries.

browser.safebrowsing.enabled

Determines whether Firefox should check urls that are opened in it against a web forgery database (uses Google by default)

    True: Firefox will check urls and block them if they are forgeries.
    False: Firefox will not run those checks.

browser.safebrowsing.malware.enabled

Whether Firefox will use malware information to determine if downloads are malicious.

    True: Will use a malware database to scan downloads. (default)
    False: Won't download malware information or scan downloads.

browser.selfsupport.url

Determines whether the Heartbeat feedback feature is enabled in Firefox.

    True: Feature is enabled and short feedback surveys may be displayed (default).
    False: Feature is disabled.

browser.send_pings

Informs servers about links that get clicked on by the user.

    True: Feature is enabled.
    False: Pings are not enabled.

dom.battery.enabled

Gives web applications access to the battery status of mobile devices. May be used in fingerprinting techniques.

    True: Allows web applications to retrieve the battery status (default).
    False: Disables the functionality.

dom.event.clipboardevents.enabled

Determines whether websites are allowed to access clipboard contents (check out: Block websites from reading or modifying Clipboard contents in Firefox for additional information).

    True: Websites may read or modify clipboard events. (default)
    False: Blocks access.

dom.event.contextmenu.enabled

Determines whether websites are allowed to block access to the right-click context menu.

    True: Websites may manipulate the context menu. (default)
    False: Web pages won't be allowed to manipulate or block the context menu.

dom.storage.enabled

This parameter defines whether "client-side session and persistent storage" capabilities are enabled in Firefox (meaning if the feature can be used by websites and applications to store data on the client computer).

    True: Client side storage is enabled.
    False: The feature is disabled.

extensions.getAddons.cache.enabled

This sends a daily ping to Mozilla about installed add-ons and recent start-up times.

    True: Sends the ping to Mozilla (default).
    False: Blocks it. This turns off add-on recommendations and won't update add-on metadata (the description) anymore).

geo.enabled

Determines if location aware browsing is enabled.

    True: Location Aware browsing is enabled. (default)
    False: The feature is disabled which means that you won't get prompts on websites using it.

media.video_stats.enabled

Provides web applications with information about video playback statistics such as the framerate.

    True: Web applications can access statistics (default).
    False: Statistics cannot be accessed.

network.cookie.lifetimePolicy set to 2

This defines when cookies expire in Firefox.

    0: The originated server sets the cookie lifetime. (default)
    1: Firefox prompts the user (unless network.cookie.alwaysAcceptSessionCookies is set to true).
    2: Cookie expires at the end of the session.

network.dnsCacheEntries set to 0

Defines how many entries Firefox will keep in the browser's DNS cache.

    400: the default number of cached DNS entries.

network.http.referer.XOriginPolicy set to 0

Defines when to set the referrer (the page a visit originated from).

    0: Never send it.
    1: only send if the base domain matches.
    2: only send if hosts match.

network.http.sendRefererHeader

Controls when to send the referer header and document.referrer is set.

    0: Never send the Referer header or set document.referrer.
    1: Send it after clicking on links.
    2. Send if after clicking on links or loading an image (default).

network.http.sendSecureXSiteReferrer

Defines whether a Referer header is sent when you are navigating from one secure site to another.

    True: The Referer header is added to connections (default).
    False: The Referer header is not added.

network.http.use-cache

Defines whether Firefox caches http requests.

    True: Enables caching in Firefox. (default)
    False: Disables the caching of http requests.

network.seer.enabled 

A component of Firefox's Necko Predictive Network Actions feature that improves page load time by performing overhead for connections before the connections are actually needed.

    True: The feature is enabled.
    False: Seer is disabled. 

plugin.scan.plid.all

Scans the Windows Registry key for plugin references. If found, adds them to Firefox.

    True: Will scan the Registry.
    False: Will not scan.

plugin.state.java

The default state of the Java plugin.

    0: turns off the Java plugin in Firefox.
    1: sets the Java plugin to ask to activate.
    2: enables the Java plugin.
samuraikid0 commented 3 years ago

Can i ask you why invalid ? those are privacy issues i mentioned

rusty-snake commented 3 years ago

IDK why it was marked as invalid, but ...

These prefs are in the user.js:

This pref is part of the user.js but with other value (0 is the default value, it has no benefit adding it as default):

These prefs are missing on about:config, are you sure they still exist?

Where's the privacy issue?

Heartbeat is disable by 0503:

Is missing on about:config, but I'm on linux. However firefox' sets plugin.default.state=1 (1=ask) by default.

samuraikid0 commented 3 years ago

all the above configurations i wrote i needed to manually edit them after apply the .js file via updater.bat on win7 64x

yes they exist at least on windows 7 last ff version

network.dnsCacheEntries: Default 400 it can be safely be turn to 0

rusty-snake commented 3 years ago

all the above configurations i wrote i needed to manually edit them after apply the .js file via updater.bat on win7 64x

Did you read this?

If a pref is commented, it has a reason. geo.enabled for example is easy to fingerprint and firefox will always ask you, therefore it does not leak your location.

yes they exist at least on windows 7 last ff version

Nope, they don't. I searched searchfox and browser.safebrowsing.enabled was the only one with a single match. In a changelog where it says that it was removed.

network.dnsCacheEntries: Default 400 it can be safely be turn to 0

That's no argument. Just because something can be changes "safely", it's no reason to change it.

And I don't think it can be changesd "safely" as disabling the dns-cache will slow down browsing and make more DNS-request I guess.

samuraikid0 commented 3 years ago

why would i lie on something i use and want to improve ? print

do i need print screen all or you believe me now ? Also i don't see any loss of performance/speed opening websites with dns cache set to 0

rusty-snake commented 3 years ago

No, i don't think they lie with intent, if at all, it is out of lack of knowledge, mistakes or mixing two different thinks.

But the following prefs are not in about:config or searchfox. browser.cache.memory.enable is indeed in the user.js and on about:config.

Also i don't see any loos of performance/speed opening websites

This will be a very small performance loose, so you would need to measure. If you have a fast internet connection or windows/your router has it's own cache it will be even faster (except you use DoH).

samuraikid0 commented 3 years ago

Sem Título 1 2 3 4

the other ones i wrote exist too

Thorin-Oakenpants commented 3 years ago

So let's just take one of your suggestions: plugin.state.java

Just because something is user modified and persists in prefs.js, does not mean it exists prefs

The bin icon is telling you something: either it's a "hidden" pref, or it doesn't exist. Compare those to the "reset" icon for browser.cache.memory.enable in your image

samuraikid0 commented 3 years ago

i don't know if you are trolling or what ? Again, all i wrote are settings i manually had to edit to make them disable after running the script on win7 64x. Do you think i liked copy paste them one by one to here ?

I know script was well apply because it resized my browser window, search don't work on main bar etc etc now what i wrote above the script simple didn't do anything on those settings now you can accept it or reject just don't try make someone look dumb i'm reporting those if they are on script something on the script isn't apply them