The Ghacks user.js Firefox privacy and security list has been updated

[Batu69]

We released a privacy and security settings list for the Firefox web browser back in August 2015. That list, created by Ghacks reader Pants, has been updated regularly since then.

 

The newest version of it, featuring hundreds of advanced preferences for Firefox, has been released today. The latest version of the preferences list contains 298 different preferences for Firefox, and it is growing with every release.

 

With the release come fundamental changes to the layout of the list, how it is made available, and its format among other things.

 

You can click on the link at the top to visit the updated article that lists download options and each entry in article format directly on the site, or, and that is a first, use the newly created HTML versions instead which offer better formatting altogether.

 

 

Pants has created a light and dark version, and both are included in the archive that you can download so that you can access both HTML documents locally on your system.

 

You are probably wondering what has changed in version 0.08 of the ghacks user.js file:

 

BIG change in format

 

•  section headers use /*** and subsequent section lines are indented 5 spaces
• numbered preference items use // and subsequent commented lines are indented 3 spaces, including commented out user_pref
• tried to use 95 characters as a column width (basically there's about 8 lines over 95 characters, nothing over 105)
• the two changes above make it far easier to spot each numbered item and commented out or active preference in an IDE (even with color coding), and the shorter lines will benefit the posted version on Ghacks and improve readability (no need to turn on word wrap in your IDE or swivel your head too far)

 

Quite a bit of rewording on prefs to read better. I also added in or replaced existing links on quite a few prefs as well.

 

An HTML version is provided. It's color coded, for example all "warning:" 's are red (the word not the actual warning itself), the section headers stand out, and so on. You'll see. Also links are all hyper-linked to open in a new tab.

 

Revamped the intro section at the top to make more sense and to highlight important information better such as the need to make a backup before you apply changes or go through them to make sure you don't run into any inconveniences or issues.

 

Actual Change log

 

* various extra links, info, rewording
+ added 0101 browser.usedOnWindows10.introURL
! fixed 033b typo datareporting.healthreport.about.reportUrlInified (wrong) datareporting.healthreport.about.reportUrlUnified (correct)
> split 0373a (reader view) out of 0373 (pocket)
+ added 0373 browser.pocket.oAuthConsumerKey
+ added 0411 browser.safebrowsing.reportPhishMistakeURL (a heap of other prefs in 0411 went to deprecated)
+ added 0411b added six new safebrowsing prefs from FF43
+ added 0421a disabling SSL error reporting
+ added 0603a something to do with necko (captivedetect.canonicalURL). I killed it weeks ago and no effects
* changed 0807 all 3 history manipulation preferences values changed - these are MY settings, you may not like em
+ added 1006 browser.sessionhistory.max_total_viewers
* changed 1206 security.OCSP.require from false to true (now the default value in FF43) - BUT this is one that causes breakage
* changed 1208 cert pinning - I uncommented it, so it is now active on a strick setting of 2
+ added 1209 settings to enforce the TLS minimum version
+ added 1210 disable 1024-DH Encryption
* changed 1401 downloadable fonts are now blocked (these are my settings)
+ added 1404 default fonts - these have been uncommented and are LIVE. This is my user.js after all and since I block downloadable fonts, I'm tweaking. Two of the three fonts are different so far from
LATIN defaults. The web doesn't really uglify that much without DL'ed fonts. You get used to it.
* changed 1805 disabled plugin scanning is uncommented out, so unless you change it, you'll have no plugins
* changed 1807 disable auto-play of html5 media - was live, is now commented out
+ added 2001 media.peerconnection.turn.disable
+ added 2001a preference that if you have WebRTC enabled, this fixes the IP Leak
+ added 2004 browser.link.open_newwindow.restriction, commented out (its really there for TOR about leaking screen res, which we cant stop in FF anyway)
+ added 2413 2 x dom.vr.oculus prefs
* changed 2418 full-screen API is now uncommented and set to block full-screen
+ added 2419 dom.w3c_touch_events.enabled
+ added 2420 disable support for asm.js
+ added 2430 disable web/push notifications (this is a global default, you can allow changes via site permissions)
+ added 2431 disable push notifications (was previously 2420 with one pref, now has five prefs) just on a side note: I'm not sure if push has security or privacy issues (well, privacy yes due to the fact apps can notify even when the app is not loaded or focused), but for now it seems like bloat. It's also more in line with the keeping FF quiet mantra.
* changed 2619 network redirect limit is uncommented and now live at a value 10
+ added 2620 middlemouse.contentLoadURL
+ added 2621 disable IPv6 (commented out - its been added to warning people not to disable IPv6)
+ added 2622 security.dialog_enable_delay (added to enforce to people they should have a delay)
+ added 3006 disabling enforced addon signing
+ added 3007 open new windows in a new tab
+ added 3008 disable "Do you really want to leave this site?" popups
+ added 3009 turn on APZ (Async Pan/Zoom)

+ deprecated section: read it: tons of stuff got moved into here
3001a: full-screen-api.approval-required
0411: 8 x safebrowsing prefs
1803: pfs.datasource.url
3001a: full-screen-api.approval-required
2615: a http2 pref
0309+0310 two plugin prefs: are supposed to be deprecated in FF43, but they wont delete.
They may be legacy code, but for now they can stay uncommented

 

You can download the archive containing all files including both HTML templates, the user.js file and the changelog with a click on the following download link: user.js-ghacks-0.08.zip

 

Thanks

My thanks go out to Pants who put an incredible amount of work into creating the list and maintaining it. Without him, the list would not exist.

 

Credit to