From e2e8c4ea8f9c8034a2ff72fe3c2d4a4a89404c10 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 13 Mar 2023 07:13:07 +0000
Subject: [PATCH 01/59] add arkenfox/gui
---
README.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/README.md b/README.md
index 2f33ad9..1a27d8a 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ A `user.js` is a configuration file that can control Firefox settings - for a mo
The `arkenfox user.js` is a **template** which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).
-Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings.
+Everyone, experts included, should at least read the [wiki](https://github.com/arkenfox/user.js/wiki), as it contains important information regarding a few `user.js` settings. There is also an [interactive current release](https://arkenfox.github.io/gui/), thanks to [icpantsparti2](https://github.com/icpantsparti2).
Note that we do *not* recommend connecting over Tor on Firefox. Use the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) if your [threat model](https://2019.www.torproject.org/about/torusers.html) calls for it, or for accessing hidden services.
From bdaa2867b923669361a8527065e919c839668599 Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Sun, 19 Mar 2023 11:16:40 +0000
Subject: [PATCH 02/59] v2.7 - use Powershell for locale-independent TS
fixes #1624
---
prefsCleaner.bat | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/prefsCleaner.bat b/prefsCleaner.bat
index d266b3f..2e3403f 100644
--- a/prefsCleaner.bat
+++ b/prefsCleaner.bat
@@ -3,7 +3,7 @@ TITLE prefs.js cleaner
REM ### prefs.js cleaner for Windows
REM ## author: @claustromaniac
-REM ## version: 2.6
+REM ## version: 2.7
CD /D "%~dp0"
@@ -15,7 +15,7 @@ ECHO:
ECHO ########################################
ECHO #### prefs.js cleaner for Windows ####
ECHO #### by claustromaniac ####
-ECHO #### v2.6 ####
+ECHO #### v2.7 ####
ECHO ########################################
ECHO:
CALL :message "This script should be run from your Firefox profile directory."
@@ -37,8 +37,7 @@ CALL :strlenCheck
CALL :FFcheck
CALL :message "Backing up prefs.js..."
-FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET ldt=%%j
-SET ldt=%ldt:~0,8%_%ldt:~8,6%
+FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js"
CALL :message "Cleaning prefs.js..."
From c84c419544cbbe4442190cc6325b926b519d8db5 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 30 Mar 2023 04:50:25 +0000
Subject: [PATCH 03/59] v111 (#1650)
---
user.js | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/user.js b/user.js
index bf931b2..3e3b84c 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 12 March 2023
-* version: 110
+* date: 30 March 2023
+* version: 111
* url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -262,7 +262,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost
* IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming
* your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4
* [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause
- * [STATS] Firefox telemetry (Sept 2022) shows ~8% of successful connections are IPv6
+ * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6
* [NOTE] This is an application level fallback. Disabling IPv6 is best done at an
* OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
* then this won't make much difference. If you are masking your IP, then it can only help.
@@ -426,7 +426,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
- * [STATS] SSL Labs (Sept 2022) reports over 99.3% of top sites have secure renegotiation [4]
+ * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@@ -875,7 +875,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
* caches, searches, cookies, localStorage, IndexedDB etc (which you can achieve in normal mode).
* In fact, PB mode limits or removes the ability to control some of these, and you need to quit
* Firefox to clear them. PB is best used as a one off window (Menu>New Private Window) to provide
- * a temporary self-contained new session. Close all Private Windows to clear the PB mode session.
+ * a temporary self-contained new session. Close all private windows to clear the PB session.
* [SETTING] Privacy & Security>History>Custom Settings>Always use private browsing mode
* [1] https://wiki.mozilla.org/Private_Browsing
* [2] https://support.mozilla.org/kb/common-myths-about-private-browsing ***/
@@ -951,6 +951,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
// user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
/* 5019: disable page thumbnail collection ***/
// user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
+/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
+ // user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
/*** [SECTION 5500]: OPTIONAL HARDENING
Not recommended. Overriding these can cause breakage and performance issues,
From f2e4a79ca0220aa2ad87e76ff59f5cbc37c5f373 Mon Sep 17 00:00:00 2001
From: Celestial Nebula <41875671+CelestialNebula@users.noreply.github.com>
Date: Sat, 22 Apr 2023 11:52:26 +0000
Subject: [PATCH 04/59] updater.sh/prefsCleaner.sh: Check for root and abort
(#1651)
* updater.sh/prefsCleaner.sh: Check for root and abort
Check if running as root and if any files have the owner/group as root|wheel.
Abort on both.
Should (hopefully) prevent stuff like: https://github.com/arkenfox/user.js/issues/1587
Discussion: https://github.com/arkenfox/user.js/pull/1595
---------
Co-authored-by: Mohammed Anas <triallax@tutanota.com>
Co-authored-by: earthlng <earthlng@users.noreply.github.com>
---
prefsCleaner.sh | 15 +++++++++++++--
updater.sh | 13 ++++++++++++-
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/prefsCleaner.sh b/prefsCleaner.sh
index 052905e..9aa89f0 100755
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
@@ -2,12 +2,23 @@
## prefs.js cleaner for Linux/Mac
## author: @claustromaniac
-## version: 1.6
+## version: 1.7
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() )
+# Check if running as root and if any files have the owner/group as root/wheel.
+if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
+ printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n'
+ exit 1
+elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+ printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+ find . -user 0 -o -group 0
+ exit 1
+fi
+
readonly CURRDIR=$(pwd)
## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
@@ -138,7 +149,7 @@ echo -e "\n\n"
echo " ╔══════════════════════════╗"
echo " ║ prefs.js cleaner ║"
echo " ║ by claustromaniac ║"
-echo " ║ v1.6 ║"
+echo " ║ v1.7 ║"
echo " ╚══════════════════════════╝"
echo -e "\nThis script should be run from your Firefox profile directory.\n"
echo "It will remove any entries from prefs.js that also exist in user.js."
diff --git a/updater.sh b/updater.sh
index bf275c5..0f544d0 100755
--- a/updater.sh
+++ b/updater.sh
@@ -2,12 +2,23 @@
## arkenfox user.js updater for macOS and Linux
-## version: 3.5
+## version: 3.6
## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() )
+# Check if running as root and if any files have the owner/group as root/wheel.
+if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
+ printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n'
+ exit 1
+elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+ printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+ find . -user 0 -o -group 0
+ exit 1
+fi
+
readonly CURRDIR=$(pwd)
SCRIPT_FILE=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
From 7a1d0a92af95d152349830d027648fa299b9bcba Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Sun, 23 Apr 2023 09:13:13 +0000
Subject: [PATCH 05/59] v3.7 - fix syntax error
---
updater.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/updater.sh b/updater.sh
index 0f544d0..9f4b46b 100755
--- a/updater.sh
+++ b/updater.sh
@@ -2,7 +2,7 @@
## arkenfox user.js updater for macOS and Linux
-## version: 3.6
+## version: 3.7
## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
@@ -10,7 +10,7 @@
# Check if running as root and if any files have the owner/group as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
- printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n'
+ printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n'
exit 1
elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
From d50c772d7d28b0a49e19e5ded6dcb0c4e52717be Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Sun, 23 Apr 2023 09:14:03 +0000
Subject: [PATCH 06/59] v1.8 - fix syntax error
---
prefsCleaner.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/prefsCleaner.sh b/prefsCleaner.sh
index 9aa89f0..c62f070 100755
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
@@ -2,7 +2,7 @@
## prefs.js cleaner for Linux/Mac
## author: @claustromaniac
-## version: 1.7
+## version: 1.8
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
@@ -10,7 +10,7 @@
# Check if running as root and if any files have the owner/group as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
- printf 'You shouldn't run this with elevated privileges (such as with doas/sudo).\n'
+ printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n'
exit 1
elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
@@ -149,7 +149,7 @@ echo -e "\n\n"
echo " ╔══════════════════════════╗"
echo " ║ prefs.js cleaner ║"
echo " ║ by claustromaniac ║"
-echo " ║ v1.7 ║"
+echo " ║ v1.8 ║"
echo " ╚══════════════════════════╝"
echo -e "\nThis script should be run from your Firefox profile directory.\n"
echo "It will remove any entries from prefs.js that also exist in user.js."
From 2f4b93a18fe610435f7142c3a23baa7e247d9613 Mon Sep 17 00:00:00 2001
From: bol0gna <75225753+bol0gna@users.noreply.github.com>
Date: Mon, 24 Apr 2023 12:56:29 -0400
Subject: [PATCH 07/59] fix escape character, should close #1667 (#1668)
---
updater.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/updater.sh b/updater.sh
index 9f4b46b..6a3d1f2 100755
--- a/updater.sh
+++ b/updater.sh
@@ -2,7 +2,7 @@
## arkenfox user.js updater for macOS and Linux
-## version: 3.7
+## version: 3.8
## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
@@ -10,7 +10,7 @@
# Check if running as root and if any files have the owner/group as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
- printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n'
+ printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n"
exit 1
elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
From b117916207862d4785f6da32d48cbe4420372434 Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Mon, 24 Apr 2023 16:58:19 +0000
Subject: [PATCH 08/59] Update prefsCleaner.sh
---
prefsCleaner.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/prefsCleaner.sh b/prefsCleaner.sh
index c62f070..f36732c 100755
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
@@ -2,7 +2,7 @@
## prefs.js cleaner for Linux/Mac
## author: @claustromaniac
-## version: 1.8
+## version: 1.9
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
@@ -10,7 +10,7 @@
# Check if running as root and if any files have the owner/group as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
- printf 'You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n'
+ printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
exit 1
elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
@@ -149,7 +149,7 @@ echo -e "\n\n"
echo " ╔══════════════════════════╗"
echo " ║ prefs.js cleaner ║"
echo " ║ by claustromaniac ║"
-echo " ║ v1.8 ║"
+echo " ║ v1.9 ║"
echo " ╚══════════════════════════╝"
echo -e "\nThis script should be run from your Firefox profile directory.\n"
echo "It will remove any entries from prefs.js that also exist in user.js."
From bc5add9450ddc16c48d315913c43dba34baf4a24 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 4 May 2023 23:31:33 +0000
Subject: [PATCH 09/59] v112 (#1654)
---
user.js | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/user.js b/user.js
index 3e3b84c..7b0962d 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 30 March 2023
-* version: 111
+* date: 4 May 2023
+* version: 112
* url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -491,7 +491,7 @@ user_pref("security.pki.crlite_mode", 2);
* [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
* [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
* [TEST] http://example.com [upgrade]
- * [TEST] http://httpforever.com/ [no upgrade] ***/
+ * [TEST] http://httpforever.com/ | http://http.rip [no upgrade] ***/
user_pref("dom.security.https_only_mode", true); // [FF76+]
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
/* 1245: enable HTTPS-Only mode for local resources [FF77+] ***/
@@ -1007,8 +1007,8 @@ user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
* [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
/* 6008: enforce no First Party Isolation [FF51+]
- * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701),
- * and enabling FPI disables those. FPI is no longer maintained ***/
+ * [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI
+ * disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/
user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false]
/* 6009: enforce SmartBlock shims [FF81+]
* In FF96+ these are listed in about:compat
From 04e6e77439bfa6e3f6b7b9c5e0afac7f74f0586a Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Fri, 5 May 2023 10:56:08 +0000
Subject: [PATCH 10/59] v3.9 - fix #1670
---
updater.sh | 24 +++++++++++++++---------
1 file changed, 15 insertions(+), 9 deletions(-)
diff --git a/updater.sh b/updater.sh
index 6a3d1f2..88e6e33 100755
--- a/updater.sh
+++ b/updater.sh
@@ -2,20 +2,15 @@
## arkenfox user.js updater for macOS and Linux
-## version: 3.8
+## version: 3.9
## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_updater() )
-# Check if running as root and if any files have the owner/group as root/wheel.
+# Check if running as root
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
- printf "You shouldn\'t run this with elevated privileges (such as with doas/sudo).\n"
- exit 1
-elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
- printf 'It looks like this script was previously run with elevated privileges,
-you will need to change ownership of the following files to your user:\n'
- find . -user 0 -o -group 0
+ printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
exit 1
fi
@@ -396,6 +391,17 @@ show_banner
update_updater "$@"
getProfilePath # updates PROFILE_PATH or exits on error
-cd "$PROFILE_PATH" && update_userjs
+cd "$PROFILE_PATH" || exit 1
+
+# Check if any files have the owner/group as root/wheel.
+if [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+ printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+ find . -user 0 -o -group 0
+ cd "$CURRDIR"
+ exit 1
+fi
+
+update_userjs
cd "$CURRDIR"
From c34531b67e0b9d162331fa92dc0eae2548d13fc7 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 21 Jun 2023 03:29:51 +0000
Subject: [PATCH 11/59] 114 deprecated
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 6e06248..9245fc4 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 27-January-2023
+ Last updated: 21-June-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -34,6 +34,8 @@
/* DEPRECATED */
/* 103+ */
'network.cookie.lifetimePolicy', // 103 [technically removed in 104]
+ 'privacy.clearsitedata.cache.enabled', // 114
+ 'privacy.resistFingerprinting.testGranularityMask', // 114
'security.pki.sha1_enforcement_level', // 103
/* 92-102 */
'browser.urlbar.suggest.quicksuggest', // 95
From 84d515abfc631f1c824211bc609960a430ba334a Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 10 Jul 2023 12:44:53 +0000
Subject: [PATCH 12/59] extensions.formautofill.heuristics.enabled
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 9245fc4..7c3f150 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 21-June-2023
+ Last updated: 11-July-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -33,6 +33,7 @@
const aPREFS = [
/* DEPRECATED */
/* 103+ */
+ 'extensions.formautofill.heuristics.enabled', // 114
'network.cookie.lifetimePolicy', // 103 [technically removed in 104]
'privacy.clearsitedata.cache.enabled', // 114
'privacy.resistFingerprinting.testGranularityMask', // 114
From 47f152ac90d5962e0cd29ebcf8b607caa650d41d Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 10 Jul 2023 13:35:52 +0000
Subject: [PATCH 13/59] browser.cache.offline.enable
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 7c3f150..94aaa73 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -32,7 +32,8 @@
const aPREFS = [
/* DEPRECATED */
- /* 103+ */
+ /* 103-115 */
+ 'browser.cache.offline.enable', // 115
'extensions.formautofill.heuristics.enabled', // 114
'network.cookie.lifetimePolicy', // 103 [technically removed in 104]
'privacy.clearsitedata.cache.enabled', // 114
From 6151d664acced94364e7e3a075e6ac3ca555ef48 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 19 Jul 2023 20:38:31 +0000
Subject: [PATCH 14/59] middlemouse.contentLoadURL
---
scratchpad-scripts/arkenfox-cleanup.js | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 94aaa73..5c0191a 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 11-July-2023
+ Last updated: 20-July-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -241,7 +241,7 @@
'toolkit.telemetry.unifiedIsOptIn',
/* REMOVED */
- /* 103+ */
+ /* 103-115 */
'beacon.enabled',
'browser.startup.blankWindow',
'browser.newtab.preload',
@@ -261,6 +261,7 @@
'extensions.formautofill.available',
'extensions.formautofill.creditCards.available',
'extensions.formautofill.creditCards.supported',
+ 'middlemouse.contentLoadURL',
'network.http.altsvc.oe',
/* 92-102 */
'browser.urlbar.trimURLs',
From 4d78abf2bfafbbcb03f8f6d6aaaf7e69b7cfee4e Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 26 Jul 2023 04:37:00 +0000
Subject: [PATCH 15/59] v115 (#1680)
---
user.js | 67 ++++++++++++++++++++++++++++++++++++---------------------
1 file changed, 42 insertions(+), 25 deletions(-)
diff --git a/user.js b/user.js
index 7b0962d..5ed7c08 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 4 May 2023
-* version: 112
+* date: 26 July 2023
+* version: 115
* url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -116,7 +116,6 @@ user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
user_pref("intl.accept_languages", "en-US, en");
/* 0211: use en-US locale regardless of the system or region locale
* [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
- * [TEST] https://arkenfox.github.io/TZP/tests/formatting.html
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
@@ -296,10 +295,11 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
* [WARNING] If false, this will break the fallback for some security features
* [SETUP-CHROME] If you use a proxy and you understand the security impact
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
- // user_pref("network.proxy.allow_bypass", false); // [HIDDEN PREF FF95-96]
+ // user_pref("network.proxy.allow_bypass", false);
/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
- * 0=off by default, 2=TRR (Trusted Recursive Resolver) first, 3=TRR only, 5=explicitly off
+ * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off
* see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
+ * [SETTING] Privacy & Security>DNS over HTTPS
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
* [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
* [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
@@ -602,9 +602,6 @@ user_pref("browser.uitour.enabled", false);
/* 2608: reset remote debugging to disabled
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/16222 ***/
user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
-/* 2611: disable middle mouse click opening links from clipboard
- * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/10089 ***/
-user_pref("middlemouse.contentLoadURL", false);
/* 2615: disable websites overriding Firefox's keyboard shortcuts [FF58+]
* 0 (default) or 1=allow, 2=block
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Override Keyboard Shortcuts ***/
@@ -642,6 +639,8 @@ user_pref("network.protocol-handler.external.ms-windows-store", false);
* for these will show/use their correct 3rd party origin
* [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/
user_pref("permissions.delegation.enabled", false);
+/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
+user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
/** DOWNLOADS ***/
/* 2651: enable user interaction for security by always asking where to download
@@ -727,10 +726,6 @@ user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true]
* [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
-/* 2816: set cache to clear on exit [FF96+]
- * [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
- * [1] https://bugzilla.mozilla.org/1671182 ***/
- // user_pref("privacy.clearsitedata.cache.enabled", true);
/** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/
/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME]
@@ -758,11 +753,11 @@ user_pref("privacy.sanitize.timeSpan", 0);
/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
RFP covers a wide range of ongoing fingerprinting solutions.
It is an all-or-nothing buy in: you cannot pick and choose what parts you want
+ [TEST] https://arkenfox.github.io/TZP/tzp.html
[WARNING] DO NOT USE extensions to alter RFP protected metrics
418986 - limit window.screen & CSS media queries (FF41)
- [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
1281949 - spoof screen orientation (FF50)
1330890 - spoof timezone as UTC0 (FF55)
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
@@ -801,19 +796,23 @@ user_pref("privacy.sanitize.timeSpan", 0);
1595823 - return audioContext sampleRate as 44100 (FF72)
1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74)
1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78)
+ 1506364 - return "no-preference" with prefers-contrast (FF80)
1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80)
1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
1422237 - return "srgb" with color-gamut (FF110)
+ 1794628 - return "none" with inverted-colors (FF114)
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
-/* 4501: enable privacy.resistFingerprinting [FF41+]
+/* 4501: enable privacy.resistFingerprinting
* [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
* RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
+ * [NOTE] pbmode applies if true and the original pref is false
* [1] https://bugzilla.mozilla.org/418986 ***/
-user_pref("privacy.resistFingerprinting", true);
+user_pref("privacy.resistFingerprinting", true); // [FF41+]
+ // user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
/* 4502: set new window size rounding max values [FF55+]
* [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen
* [1] https://bugzilla.mozilla.org/1330882 ***/
@@ -822,7 +821,7 @@ user_pref("privacy.window.maxInnerHeight", 900);
/* 4503: disable mozAddonManager Web API [FF57+]
* [NOTE] To allow extensions to work on AMO, you also need 2662
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
-user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF]
+user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108]
/* 4504: enable RFP letterboxing [FF67+]
* Dynamically resizes the inner window by applying margins in stepped ranges [2]
* If you use the dimension pref, then it will only apply those resolutions.
@@ -838,7 +837,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
* [WARNING] DO NOT USE unless testing, see [1] comment 12
* [1] https://bugzilla.mozilla.org/1635603 ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
- // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
/* 4506: set RFP's font visibility level (1402) [FF94+] ***/
// user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
/* 4510: disable using system colors
@@ -941,12 +939,10 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
/* 5017: disable Form Autofill
* If .supportedCountries includes your region (browser.search.region) and .supported
* is "detect" (default), then the UI will show. Stored data is not secure, uses JSON
- * [NOTE] Heuristics controls Form Autofill on forms without @autocomplete attributes
* [SETTING] Privacy & Security>Forms and Autofill>Autofill addresses
* [1] https://wiki.mozilla.org/Firefox/Features/Form_Autofill ***/
// user_pref("extensions.formautofill.addresses.enabled", false); // [FF55+]
// user_pref("extensions.formautofill.creditCards.enabled", false); // [FF56+]
- // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
/* 5018: limit events that can cause a pop-up ***/
// user_pref("dom.popup_allowed_events", "click dblclick mousedown pointerdown");
/* 5019: disable page thumbnail collection ***/
@@ -1021,6 +1017,9 @@ user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
* Web Compatibility Reporter adds a "Report Site Issue" button to send data to Mozilla
* [WHY] To prevent wasting Mozilla's time with a custom setup ***/
user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
+/* 6012: enforce Quarantined Domains [FF115+]
+ * [WHY] https://support.mozilla.org/kb/quarantined-domains */
+user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/
// user_pref("beacon.enabled", "");
// user_pref("browser.startup.blankWindow", "");
@@ -1037,16 +1036,16 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
// user_pref("extensions.formautofill.addresses.supported", "");
// user_pref("extensions.formautofill.creditCards.available", "");
// user_pref("extensions.formautofill.creditCards.supported", "");
+ // user_pref("middlemouse.contentLoadURL", "");
/*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
/* 7001: disable APIs
- * Location-Aware Browsing, Full Screen, offline cache (appCache)
- * [WHY] The API state is easily fingerprintable. Geo is behind a prompt (7002).
- * appCache storage capability was removed in FF90. Full screen requires user interaction ***/
+ * Location-Aware Browsing, Full Screen
+ * [WHY] The API state is easily fingerprintable.
+ * Geo is behind a prompt (7002). Full screen requires user interaction ***/
// user_pref("geo.enabled", false);
// user_pref("full-screen-api.enabled", false);
- // user_pref("browser.cache.offline.enable", false);
/* 7002: set default permissions
* Location, Camera, Microphone, Notifications [FF58+] Virtual Reality [FF73+]
* 0=always ask (default), 1=allow, 2=block
@@ -1194,9 +1193,9 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false);
***/
user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
/* ESR102.x still uses all the following prefs
-// [NOTE] replace the * with a slash in the line above to re-enable them
+// [NOTE] replace the * with a slash in the line above to re-enable active ones
// FF103
- // 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
+// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
// 0=keep until they expire (default), 2=keep until you close Firefox
// [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
// [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761
@@ -1204,6 +1203,24 @@ user_pref("network.cookie.lifetimePolicy", 2);
// 6012: disable SHA-1 certificates
// [-] https://bugzilla.mozilla.org/1766687
// user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1]
+// FF114
+// 2816: set cache to clear on exit [FF96+]
+ // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
+ // [1] https://bugzilla.mozilla.org/1671182
+ // [-] https://bugzilla.mozilla.org/1821651
+ // user_pref("privacy.clearsitedata.cache.enabled", true);
+// 4505: experimental RFP [FF91+]
+ // [-] https://bugzilla.mozilla.org/1824235
+ // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
+// 5017: disable Form Autofill heuristics
+ // Heuristics controls Form Autofill on forms without @autocomplete attributes
+ // [-] https://bugzilla.mozilla.org/1829670
+ // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
+// FF115
+ // 7001: disable offline cache (appCache)
+ // [NOTE] appCache storage capability was removed in FF90
+ // [-] https://bugzilla.mozilla.org/1677718
+ // user_pref("browser.cache.offline.enable", false);
// ***/
/* END: internal custom pref to test for syntax errors ***/
From 915f39959c7e077f00477e6ce34a0f9f9e3e7c6b Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 14 Aug 2023 03:27:30 +0000
Subject: [PATCH 16/59] external.ms-windows-store, fixes #1142
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 5c0191a..706fbfc 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 20-July-2023
+ Last updated: 14-August-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -241,6 +241,8 @@
'toolkit.telemetry.unifiedIsOptIn',
/* REMOVED */
+ /* 116+ */
+ 'network.protocol-handler.external.ms-windows-store',
/* 103-115 */
'beacon.enabled',
'browser.startup.blankWindow',
From f1831e947bae0940bf8525447345c96ca27924ea Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sat, 26 Aug 2023 06:45:37 +0000
Subject: [PATCH 17/59] media.gmp-widevinecdm.enabled
this adds nothing, users can use `media.eme.enabled` if this is their threat model
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 706fbfc..87556da 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 14-August-2023
+ Last updated: 26-August-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -242,6 +242,7 @@
/* REMOVED */
/* 116+ */
+ 'media.gmp-widevinecdm.enabled',
'network.protocol-handler.external.ms-windows-store',
/* 103-115 */
'beacon.enabled',
From 576da2e2363d326ebefb962fd1b149b68bc88284 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sat, 26 Aug 2023 07:08:23 +0000
Subject: [PATCH 18/59] Delete smartReferer.png
---
wikipiki/smartReferer.png | Bin 37523 -> 0 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
delete mode 100644 wikipiki/smartReferer.png
diff --git a/wikipiki/smartReferer.png b/wikipiki/smartReferer.png
deleted file mode 100644
index c64b93a9c6b9368a9fe7c92087f577fbd1c1914e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 37523
zcma%ibzGF+^Y0=G5`q#UElMLGjii8pv@}R}v(n9iba!`4cXyY7wA3!JbS<znEPK(<
z_jBWS?|t3-$FtAtIeTJe&Y3ea?>Q&ri@fABOcG200Psxe^Cu+$;86wufMW0z?V*I-
z=0*3z3**~oO$Pt~3;)l90!U4N1pr_wScr*z`C<-q1Ui@lzrB_c6MOy59%yP|Z2|ze
zE@mj3sVMKh6ubnViOK}~#LEDc2%o-I5)Jbqh@oYq!gwwnOqH`hsM!5NT>LTVP<AkC
zWTa0xq2fF2P|V-x8&tWGetE&6Be!cFc~*06ms?}^_47j8W$=vJ3G}X~*omJx6uEq`
zi$y73tojZ14XkajeDuYn{swsdwAPr)0r3_EaOEu^!1SgIy#s*aI*s)d&?T4F^`0yU
ziMuD7qK)F?kJ9BB!z=UDhXC-=JyNs~@KFNACnK3w8Ib)Lpg(G42nBp$2I$j)wx$6-
z8CNMDC;+W^DngX(7{F_Mli*JPbACYCgj%RLK;u1tz*MI11K>9^;JuW(>1RMyBcN;i
zIaUqeDK_A}VsHQh;IRilf9UO7SAc&CfI#9@UEqYN;`uh?gQQYw1e&Qoi2G_iWwt|C
zS7)K1AD1FxBH%W7WRUuirN=FWnBA8XcNP8<0LYFZeBc(2a2>~~7$4`3Y{1cD-s?m|
zzA-d}-fvEne)|XjtT}p5-oIn5CGp`$^Rc<lr8#<Ru8WoJbQxw^gZr@_kiEO84*&K?
zHsU$a%?k^g8yml+`$V-2M%2CT&3g2@)DhO#-U4@*=c^s-)V}OGzLJlxR(pP)$rg}J
z#A5gxE^kFi-Zf$&@5ra$^hp^uYcLW(74hsMKc$Al*$du;h{iJX(@Y_a*CFq2QH3B}
zfGSHN6pt9@A38>;7cz9uH5|LvF9CqlR$%uG{ZmvQbHB9-7bHv=A(>4B@G+H&wF3Zj
zKT)%&jMNGbJ_P_iW&1K#iIARkzk1h&M%Mjgxf|<FpW9!Qy01s{xhSTw51G9_L)mvx
z`oOU&az=gDnUCb0U5e&`ao=!QdQ_Wm1i#_l7(C7Frf>7bcq}sX6yJbqF&M=#RO4;r
zQ=*iBE2{3#kMY8&Uk?WpD87-2;rh&`6sq!C^)vaYp#7r{LD~{6G5kXS_V0IrZIW#9
zzBP)1GuZWF%|CcZ{3UX+ei=KmrAEEXPWxqFM<N)`owNO`)Esv)N=R(*eb>$_bdEmj
z_bdawqSd_bFyf3xtKXDimky9rsg<F&hMXHsRJ%OJ^A+#H;C}2P`r3d(<g<pXhWzi(
zKVFkjbG}%_;K4xkSL~sC6Zb==j<)5+b>AyPcD5jm&+p#O;YH!IKKBR~>*Jxu3lU?d
zYmR;-Rh_Rgg*PQJWvldd_g!%s=Vy|)al?zoRyF7!;@`by8VcCR*y!Eh*dX1YI@Q9=
zF#Kqjf2F)muQXyQO}zPhlXDZzB$-`AH7`|Z<wuUn3$CcIqUAXaN|lO1Kkzx7Qa_CO
zy_AwED9=rpCNU>6zqF{_acp_9l0YG!^h<qebXRgGX$SSp1^Zbbq2FMz89i~@EA&@p
z#4fKYlVuBur^AQ`Ro?Tk?I&-i;HCgoH5eNhJqcq*FcYK`XcI^oSyhTl3QNExSgLT<
zQI)7-U1hHd2~`edXfei2VyS9L#+Q9%Qf0GZ{vSalW<P)`!uj5sh!8Z*UfEs+v3$ks
zYCUM%z-ufc;#${tR94SQ1D$-i`e>`i7CfC9Tayvwtzm*C#W^3uIHWn$Yn9;fro!mZ
zWV@?$M|q5G`l2MbcPN+u#<0#nTF5Ee%x0o(Rg##Ls8Ra4RIyZYzn#0{uqdOjUA$HE
z))z-)P?}DgPSPxD{7J^P@`Cb85oXa#IYGYj3YHS90@9q;PcEIdMMue*9lAc5vcMv+
zTl@A6nHMWU1z~ejbS{alfmVx6jkbh6{z{;q%MK_&&N{esq9~@*`%$dGAi*GM%|E7j
zQXp?uB0>T;++si*N)5Fcuo=jsMWdynm66+%J4#iOYc6Cc<d@}_9US{PmOD0=!j&e-
zHqXADww*Sg25Hp)>iYFv!;gk06RDbwuZ5aN4Q;joUq5ITXsCYGsg)?tD5sfgEpIJ)
zQPeCSCtsR5XVzPF(lFdm+(=xt`5SGiqQR!Y%fQT#$gHuyqW37SJ<hAeD*_>i{w!z#
zr<D9Fxwk`|JprE@A2@Y9{YcoW|15Er)l6gJ`NVGyXaoKzL!U*4a@w?{8If7DgC9IN
zEJWt}C`*zMOB(6G%24};wBxy*&YJtwc}7}oTF>E+rOG4jBa5S;<*c8aSqzz)91g#F
zhs0JDHz$R$vJ&1~LCU-p#1wqZ>bKvr8nMQxm(N!<7PypL8o-EzE`;o}ph8dq9xyvt
zQ|~8FSL0CQs6sC=Q!fA_26~G$M!F*>0YyGEC}yZ3z9PO_k8ZErJ*he)h543DE@~DI
zMZ&Y2MF>TrzL$UB>@KG=A3BIGr@Guu9*-HfzzO)`y)*X<-C)Zgtk)ZxE+8mCJy1CE
zTd)SnBwG@f%jB|{1LV`qr^HX-G&44Z50%W)T#P~`ES3U`JT06p!UHU(nm=bXGBl*D
zWyn6TFjjEeT6aM14&g!T8S7Y3529q&A)Rk-IpaNN0Yxv1S@7QRC4Q6*mgkK>7J1J2
z<7GI_DZUF$B&J&rd5_r})=BQk;NN1}j1=;xpBd%cV-I55xZJ4wISSrwHv7{RN4Lp7
zlU+&U%Y2#Y{Mv?HkguK1FE%FHPPBwdF0R3B&uq)od9=(Vpys~cHms4AA_0Basy4dp
zi6%2<gJ|K7%2)b%M)Vpp6Lr(hv5=7uiKUrLV~0O$N0y>_(qUQ1L%bfmwb+J&KpAyr
za*eI_GRqG&0(Ndom{7teOo3`>Wdcp14U9Ik3Z;kYNfqAhwC-|NzPjBb-@EHktoE@~
zF*gIe_Lt`mbrdvMH6ir|H-Q<XLWCiq6$DE}Nra%^^vkZBq(Q)u&Xnc&y5iElX5$Id
zDbw98Fmt9BPGU*YRuYcwvxUXFXArfz!}AOACDx=d`lVLC2C?S6PJyO2lcM4AF@9l{
ze3dhm8x`)Osg-(z`77JWBT|pH3(kYtC9SqggwSxuk}8U-+^p%W$*t6F?WJ%<NXhP1
z;;oHNxx9_t;UMZ1Dgym2PQ!fj%q;nopo&t|9Mire&LCySeFn^h`5E^!)rj<g^|#+X
zxozxTVn8k_p7AX@hkKN*p-)pflbeyVT8gHgrb?tKr`~EAYPBf*6q=md1H0czE>Ys9
za|&p>NyAl!Ef#mbPsf>^PK0M9WO#YATrcY{<u-V18;wIOae=Uw=Z<Sr;>fUV{x<$`
z?b9a5)0(ACeDx;v)Ji@*n?1)pf%~{=g~8VJ*3^n-ZL8)Z_x5@Z)5~4bOrG(Tvv#+W
zm&m!<%nyPq?QnPCW&h<l<mHODJso0vv~|IS?x?&?p-u1X<Dtlc*h<i>u-5(ZZ`d-(
zvdbkKKDjJ;i5B2DaUXLYg)8<XDkW+(@LAw~Ca=(k59`AAh~2v)u?gb|+DxMR-22fA
zqL-}RSF`)`<CDpgIZ3BUah*1v1&F<_ed5Zcft~@1j$v00Hr+F|+rw^`WfyW-9t2lm
z!}B$W9%+7EeXjhg=r)cxE)Mw^H5q<q#KFAu;BUS*`m7`e0Jzft06u;Iz%}yWy$b+1
zy$1mH^Z@|AWB`B&7^~MW0RRMbNPQAfaa}xEaq}cNM_irEn>qKUd}4Zp(nCW}k47c(
zK|o}OsQR~FJ(*f|f*8}>R~wts*HS7tKyyOe?DFq#f&^9GJ=OJjjY<9d^G9)iYHbXa
zn$~7#v#ra)1KW#nG`tO0VM<)jrnHoalY39+i}tLP1yvoEJ%cy?&qbe7eL|h0e*Ex$
z_=uJN^ZS%as_4(J|MOT!%)bRvd;xz8s5Abl_j!upZ$0W=g8yT~=zQhB{RQ*Jj_>VB
zfAsd&`TLz-w)3IDw2|vkeBbAP3i2Nc3Kyu?{^{qLOq}XJB-mm8OUu7w{7cKf#Qi(Q
zzqI)OOWeN=rHcGN{vG7s8vpjRekRAK+6C-jdUpNH^*{XWS4#jB3Z=wbM}K@iL@7i`
z<^tjWWzCH6wzycrx3KGd*ZcQe5m0q(sClPi_CnJtoF+Z1_K}HenWu^cz3h8AVyZuV
z1=srQ*(*l5|2$ARMlwE0)}K*P1XmLw_u<GN2a81K2$A=4KPl@APBO>t%tt#dI$UHv
z5|hxn;{WP$rzR%+GbV4`3|zX1_^uP2Al(a2K8;lW;(V>o$g+ou5n*w9F7dStgc{I2
zSqjU}mC?g-`kXfmW=?N}i=`fpikC7bF$pRZ6I6KX^C^VO6v=V$)07t39|G^+8oYSu
zyiclhK0zMeq}+DV+BFpsT%wloLv}Z^)PXNEz5>9>xZHi+42!Gt(D}9NU^d_3nI)87
zf+HwWn?t@J2}d+@GX2auiE00>Gx#Ntbo#i$bFPRRwQ2wI(&4s?rB2#9{MoP4bWeDe
z@aeSVe8!g8mGXVdJw{+1w&%E5|0GNUxj6mP)dUqC%DiV*tI4x35sL-ZKNYOKI>>JO
z_-9Ee3d_3}OskNLaDLNf_krEsVQ*G+O}9O9pEmw%iPG?xSM5{ncLga%4H<ZQnquIQ
zoSPR9Au+XgZAhP>-s)bwFLY|3Ug6LeTC(&_`<mk$S-;x7pz}PNtOx!$<P;d&vA9}!
zyK%M_#X4^4iF@UK?dT2f>HO_h#o>3<o~75&x{6MgYUOqe!*$TAG`cIge3e<^bnAIP
zXG5TXLbP&amg&8P6DYu&MrqObeyc$2WD}g!kVjLs9|ro|^G7Lyr<ry?F}&}7pn3L?
zH3&*$ek4so&Xj+mzHecFY?b;FM!j~mR`n^t$A8iV{^fy-hb6#qw2`P%*P1@UtyA1m
zg`b(9s8YZ4c)R`+q<&8QdRTI`CF=xAA!jh5M3HjJ>inoGDN6T_oDz{O=75sHYO4@t
z8p#K{J`AeWI9ounISd6j9!wGi!wB3u8;Bldd*BQ+iT%-pBF(8?!RhkmQIT3Z?;}j_
zx@!pi^vB(!Ava5ZGf|kD0zDH|&Vf-Zme9Zq-g_Go<meSK1eYvIO@~7JdiY9@Mis!U
zBn3oud!c^iJ+agZ5|4_VaO1xewQW0kGY-U7g@8suS#GJ7m7w5OH0Mo$R*~7Yv7fhy
z$GTTjiyViUW+_~jfZ}pI3u{z`Ybxh=9)aklW$UkxYl(zRx1zBY&e!;V-(u(OyFqH*
z7r5OcnqKUOUz>zOG6t`F5`Mb=ZqpMsakU&+&DFa98IBIzJmr?F-dFVmtzsn_3l6~d
zZ_zSxVQf@UI{4C>h;85H%Sw$~a?H@NR)}t2)NNhvNd@Q^V$Q65^ktzy-_<_L`rQCY
z=Bb$HIpq3oEr!OEv>XQhyVcn_7YDHp)Zq!6?9A0CXIgS95V|Vl?90V5z-CCz=I`Sh
zVIg2%HuHdKy+8}4*%}U$B%F;~T^_|bqvxv3{8}by6r3)EBg!Tjv6mT{mAGzjS701I
z;tu8Rq&=bSVrOD!l6ItlxpJN4klA|@j!drFVdCv%LbBe{4A4}pc6W;<A1|_m&#Buf
zY`x8QbJ_jP9Rf^}gA(x+P9h5FH1^HKEA@n==g7OoT{?3pZ?ifRj#kj@Au|v=o5tcY
z7L@%uH<Fe8=x@4?GTfa9Ae8v++VzM_6mt$kZcvsJzs*J4$O=zB+i^t!L1R;5YnE5M
z-ZAA-D{VxOdeWmR2a(j-NYHG9p1$=B8?PN<98k6vPabB1g{y0Gx;BH9ytHk6@0BOf
zxI|$vUN@R|se|`-+m0Piexj=Wy@;e;3NQOhp>L@XFjQh}b#<clgTNgXPNZi#qBFhs
zq>gG%UfOr+Jqgd|@u~-X3sh4&5D}S&3d`LnM5ia=ip%o?9U=B;0xW>og^CVx=Iy+F
zGEndC-mr#~PTIpA{w+4JE*zs$@V!sfa;+s3P)@g}k!-zoP<WdZu%s*G<}8#&F3@Mj
zA!KYu_?u7rCl^=;>~Y3&<YC9fkNXJ1vR0sQ@o0OpV7p#KoS*yNZ#e8S^OJBH;iOJ0
z+!eXIMtyjN4r+T)c`uA_AL6_}M9*c~yi4QDn!xGlK3AxAg|hK>vi2T@sF~_qEcNoI
zD9mbOxesP6FXl1yQ+5o+yIef-(7d~1?2v%2?*q46+z(s-*iU&EIxqK?OV#wRs?7<G
z+;Wd(m$!?)Z6J^O&1cf#^US$+!@A)Ta(3F>(Nn&0pXr%$7CN-M^2=_|n_A9j*pP2y
zG3RnsTaT&hS3$eNo45Oe(>u4l)Q7r377FG*`S|**Fae=J7x1g0N?KX{b!6-Jj?T<6
zER4A3!{RZnv;=ax1Ixi!*w7eUkoPBY#3ym=^QqAERx1D17%MP$zMp84z4*l#J}K(2
zCbwfb>01|8fngzyA_$Q#M+}|m^5ATep7`a<<MBp-U(?;2XV&f4V{~qJw8j&KQj;TP
zz1|{rK3Uoe8E{{C(1hvyaWpw8Pmy^0#b4WR<~6n3S~jJ7FZ_dXFvEByeEngwwiEGS
zxmp$Xt~)13ZiPUsd%Q##zt)dRzwynl<c_Yh5=?FF@$iem2)g{$<R~0ql$m!hwJ){U
zj+3XzaonVM6dD*Z&`1f7Vt9B!!Xu&c5>rrQ1aw=$#`HQQG3i2U>&^*JaAB|rIKH*Z
z+G&7P1+616lDK~RP-qKh6@w0kr|8g5M>VGx+@S<>(LQ5nWQgQqRBx@I`}7^}X#K{Q
zlP>Mt{z#s;rx8-Zar0S!W>Lyar&hidPG2$=!rx3tAF+qED3%ab*ngePpq;@^-|j8Y
zR9XgGs^c1{TPS;jjjCMhXWDDM>_33+Jblq#Bz1NF{9?+hX`*&yCXEx_g|I=I?jyp}
z?ry?+qW6L)x%u5|wwqIaoCL8Xi3kgCb`yvrmtdO6@SfW;qRt8ZdNnH@vg+slZ2>!R
zna>B3kMu{UxFxbG^y;1$@6467<hj8K+_YL}-u-mx2RgiqETbZt`fzAgw??x;n*7H=
zIV=t9P4BitwM#4VCoj?2V!y7+w*U&%znj+D-mwuT(@KcqpV5ZwM8vVx`;;VzI;dx>
zww6twrH*AOGU}k4^j6WWO0_&MVXA8Fz?F7YkoO2QVKpg+q2-26H9H(t?j#w1yMp6h
ztr~|q$16XfF47&DwJ9U@JnF2rN#}>HX%K(pZ$YpZL=sZ22RtdIpW<r42Kk^*&z%f}
z9;*CGG?><1tFTh?A#h*5F$24wfM0DsOh%Usatqpv7BLOmnB5g#d*c&^W)H)vJiSub
z2%vjlE8S{u+w6V9qv`CE7(o>sd#+h#zDZBm%MrBY$o*XGRI;1UEsw@u*Rv<t1n$tS
z<WzF4dMw!hi$<eG(j3*6?;WPYUf!5TYDAO9dMxJL%fsbW381L*J6DAGDja!wza?`u
zTt4mU@zY47bIT!mEUYjZapghRD0(>+c30rS-PwGD^U{+&G}Mn@^JbWZg<?)HGQ;Kg
z6at}w<``%rhAf>CcBBp-;cKiXbM0G|@0MK!arLI-szEJb{YKssz@HYz5gnnoL}gnd
z*d^(bzv1IpY+=J5M|~H5$m3Q$E`ys|eBukF>FNE1+4rLFdFY+`lT4>Qf4tOjuJcol
z<PKI37w5ylwIz0`<x`yU`L<6d6BGqCR>I>;P03pjTa@g!-p%;)mK0Nnr^r5+1In+o
zjKQ_;xRdlOQ6;dYRX=CWLm+sMF`H45J+>ZHts1Y$Y0Eu^IXAV1Fl!H~V0cUa$3wG2
z`;n9&4*}-z2u4S#wPc;j@9xOOnj^Zy$R=0FVEo^q>MN!hmh%VHWXod@&ZMRX<1?*m
zyRY6gK2!VN!_^{jA8Y-_&{PT28*Qn^E`ZSA3BrD~V;1&1R!o!UUO8=lbj+WZCstk-
zKR&R$Equ#^2fD-mNV3t27qkSjxIKzfscR2^&^lkG-{dr$%*(!8#SM6B%IF23>G?&|
zE;9>HM?s1UTX?cskK}N?<fhj>Wz)#F#nnYL8OAW--|=+*`uuhk)ER0QPid)PcdsO)
zy2&~X>7`odjY{pO>RjpM!dwEaD`)T6V=Qh!z3szmKy&-6v}`$@jN8?tXo<K=o~b6s
ztn{x$e`)QVSz^UA&?wE2!vTpI-qX1*>Wm=Sy)g?zENYDypD9~pTilaIeNU#<r^zau
zYSYWff1k>^tpUmMTU)!cL7pEK8E^a%E!FsN{<I_m%a!4W#kF=a7+g7>NGD`U@XDJ6
zzc;vD+9H+y*cOXs9vsptMl$A7mU9hGUnNxfhaDW+46y3ZV@V9=c?2paDUBa2Cs&Rq
zzSzjJp($2P7FE_ScHcXsc3zJ9U?OkxMqC3j%1|`>H?AA!Y{2rKVJ!6y;}lWm<oo*6
zor`d#qM%KTBm&n<TvRjU{9JkxPf`x<9pY&eiJk5b9mz6aLPW+BPQ-k>t8z(D{!h#$
z#n*lF<c-{9T@wH`E;I~%b?<kYKMZ&3N+YH|wfIrRsLI^ME81CM%fU5dYt(6`*k|5j
zLI$SHoRdk!9E9edC@?yo<K2nM$W7>57eYdviasYh;rH07FNrjk%u}5dqAgagj}8{I
zdU+6YEy`Z=d`kEHX%Z01_||`Tq23MemljBSNfdpI5MfmE_%ez3S`w!<wXv#hK1-<o
zeewr`<Sp`h9#8n7^>R9#n<eL5veK~BaR~Eo%-g5=(dzfQ9FxHefmG|<<V9B0<d65b
z^Mt*;->hB|+O#S!v@oH2U(gR$Hlu1Sy!hIQ#3u5-2s|e}kgn|rE%rS}j6sq+UtdAm
zy%ZW|N}FA}fx8|(AYpaKjk#U5pIJ@yd2MeLcmp|_>Jhl}-!B@+_3zJO(rakzD2MUS
zzd}+3a5pthd&kmTA;#XLcTY~*C2sE}A_LYBOoVCbU(uSAM96gH9d;HeyN_w4t1tKY
zYTbvk%l(9ZoqPx6BC62aX*U@1Xy0bIv&<J`s!6$-@M3>!$^T8aIUt19Q!Q$EWCfeQ
z$tOfvDDEn=x?(Fa4VMkrql7szqy1?s$NY2JeNUg9o$ZY%_hBJqtXxm1M;MF7as41S
zqb3y_l{28cM`VB2q50da-WM>dFYu&Wd$G)QK$^GRrD~Mn++i>WRUFTsL*rHpSU47n
ztdiQwd48@>sb}kZ#$-~jobGi{RL9+W>ySi0KB^@LjfDZsAN1aH9%Ps<uXhKI(JF#G
zW39}Vn|thz8a>*E0V;O$JG|A}g3OLyHuT?W=48oNZh@b4c)djkPB}-z_gr<C2@d7F
z(NcJdTq&;?p*H*c&G`_ncmkjFC$gTtKK4)>4|C1tw)QsxOSbYT?rflLfBHi#$V3UN
z5`@ow|4cTp0AS3HG=;z?*S{py<N-mi4G-2SqdGdTNqcc0SB5rrI-#WyHybNxN*j<b
ziTR)I{GrD_xDgj;bI+&q$-G$Ch=Za(chE(7$2y77mbz)zT+-z%yD-#TtZZI$r-Mmt
z?!HAZVtcJH*yf@hmA9_OG#wfm<+9h8tiZK73u>>A^jaQF<&D&G;#Hdy0<Q0X+R2pv
zut{u<BcL`IY_*oue7xULhuju2u2%j$<;MQV`)Ep<ySSMjfv&wG+q~f3ivh}$HPBE)
zgVTm@i^D{`rhpZuahC)R5a*zw%=aC%7+2??JI*NU+}SKp?!9&&STI8*u2=avOWI}#
z`Eoz3l&c9ZFzO7pt>AMi5gXyyR-jN{8%C5X?v^^b_Gm&+mDX{?Am8tCy>G#nwF7X&
zoXclaM-AwSCf7hafueb_%dp8t2I%$a9P#oP6PRasas5kB&08CYH?_j22%U83i3v;G
z(G7zaa+kC>QadF^bevy?q0Hgd_vz+}y9}#6n0NvtwbsC-?CW*EarB&_?g^%Ehx)~v
z?a@vExm8NhIr;p@;yS4heOo<?TV`Z7!L0~zXYJ|F^q@(+PM_)9Ltuu;mg6J5?B9b_
zS#oS!$_A)&T1(Xo_eOFygXJwh#}>Eb(h-%7MwUZ&;e_)&hB$@BS9<%R>CAPMWm{d3
z;hek)-sa-m_;lfy_gJ!+xF_CfV^BGy=5P-8;T=&f@W!kQ#bo-Wy;52J>!}Xw8(bLW
zo_N+T*&>(%@qo1MNu|8!z*c(vt0HwJ^KD?4S+|YX!hGh0t64u4PPuD8=sn9Fdn1m`
zVA|(donPKgyIN#RbM*(uLZ8BP(hr}K_g;8OnbE+k`MNJYF|yJmjit32P4V}-Lv0~R
zXMRksm)XFj(%tE$RvjC79m@LGIP<!^u^ch7AIt;wiNtvbaB>@Im3!l^Fw+M|iHY8>
zS6>lnMA1Wp_i#dR5s`XB6pWW(-qUi(-O9~t);&G^vPre5S#z{4q!D@UDjVPm{o2<p
zhEh!+s>T-pn?~Skf|Xgps#9Yq=!xsuE~#Dwl>TSVFL0t6#D=xsb6!<Bz83WgkV#2>
zqF{`OFqm<++}&98KJLOOfUVv3FExH`EVo*qTAHVERvcX!Owz)Maoe1&+U2;pccix-
zu5imMwz?G?u>zT}YMg{#j{OMs3!?p1#7bs9kA-7xsBFj5yW|ued(i*&s&t}h;5pL(
z-B;5k0;RpF`DrhTIT>Vb2v-(K4fyMT&{lO}MNz>z+2G=hIs{P(^TvEY2%qY{xMqgK
zYUH!#wQCb!+!sT#VjS~zNO`X|g<f-Q2-=&(TUF$eEz`X_pS$Ea+I);R@pVZzYHzCX
z$C7hd)*&=PC!CweJ7qNIoz;^X1(-J2%K#G6h)#dEjcNbVb+nbZ!SoPI`t_0Rd`yFl
z!9M5$C1^FV<E((l+KuKuVaGkp${hMO9W9&yiXSdFCc{9}6xqO#KhrYjMl#X6c;mv}
ztT%H#Q*|yudFw7TH)BF(mBw?vfOHou4AgFT)2AsK_dMNNR244Oj40>1W!1Q($>{ZV
zcNz;?)q<HO!&I!Z<+O&Rh(}gVJbAPr5H!yq^B3s2Tq;ZZQaU$kNj3_`x2{I&TFn76
zZahUqUfyvcuykgWB!!u3LGP^U1wC+Rw$(Id=g)xfR$?%15-XN(kDPS@Q7?!7e$p)o
zt-RBs&<3Y|-K(r`)@`>_VQcqZ<@*E^zujInbUI0UP60(D3DMQlSJk&ZWhp%S3M`vf
z_ae92<BP1`l4~Dqr?}Oe=O7kMr!p>>PNG0t`Mhxp9_IzWvmHLm+WSyvNb>=OPVIG)
zo1W?Why6Hp@I~k7F^6tC;F2ZSnM2tJHOM^foM#KN>6Kpl`UnOp)mq9U>w~2}haQ~|
z0e$Q)%jK6cyDsboD=zHINx79=h4*XY%t0T`JAax?>9h~IowHJ59MLwg$Dc8$wZR8&
z_!10=!PN0L6n-tX!20bYCjQfj9xpaS&-H5G30JmKas}h-3&FnI%8HF&%uX_W@@a0b
zr~;AcH9p)}v@>K(IOWv0)Eyk0dw&!tFA{-4X0>NUW;CAWeuON%**Cjo@|Zo84Sa6)
zbapeB;xr&x^zN6Tclnq_1>$q&ko4M0Q`|c$xYVcZTWOkWdsn-QnCXX|2M5UBc(xu5
z;(}u<H^r-~<-gwzx^fe-yBI5SK)`!|>{5`^Q0nycGHRv_(YtKmdytV5uuYGTS-6|t
zSO|mazvJ2d!@Ev@oxuN!jX(Xb!2Q42_`gm61=Ue5C<Iv&=>LF(qQUOf4rU^K+nYoo
zB)>Cf`Kg~i`!O0lO7rx=LG2^{C|`;7w-y@R166+-<aQ5B|C2BH|A6HGI`{uuUg6({
z>DN+btQ49VgB2@ONHt^#_?b>oXXLLzGe2E2<Souc8P3(^r7*Oj(tf|7jDs$5&B5_W
z)R|EKdDiir0O@w)L+?_23N!cO%V6e+qm`*0u+6(lj==s0RL9BKv-L8wW}SfUQBidT
zsL=KNjkM;cAgZKklc7yVV)j5R;@<mNRz=;Q++~;ciOgA;LtCjo*SAP{ttDSO;IQZ4
zK&vgE<1-6KVEE=a;@e7ophm{9$v`w`3$9yidaZ4fyPfCAE5@*wlWXIe)Q``u+xTmx
zw!Y#Baj)kax_~p1rfGg0I8016hy7MSw|zCYPtZ;wZ`zSL2LFSQP-mPUOWZ;fF2sWN
zn})NTB3Ea9l+!6?tHH;T<D*6=O*kLX2ijE~NbEM+R+V!*4xt}b%*)f~4oG34`?wYR
zU($<z8AC^&O0BV{0w3Sto>n+VW*eX5TnJojXDgrdyJ*@mf~?VRB{l4ry@p++1*dkM
zfFJHbzD#*B`}D+0(~MSJT&Iw6vY72c<h7eaJ1A@PGtvQs$!CMy8(RH9YSkf;mKBo~
z#R>6SBK1ss?S4CcH6Qd><Zp+s-6?<h$`jp!pBCAzEDn|_A4gT>^)>~x@!=)POG7W_
zFHvvZyy}4BMMOHCaN8y32n(y6-lpA?3>@+gN&Qg1stZNf?)_xg)sZZ5`8av;W0J$M
zh^uY?T*ODoW#6LFTRrsY^66t6ZqdzPVlo)!SfP%5kcpZ$Ya89--qurTH8UkO6$i%7
zu>qX;4gz~=u-@P+mUrK4gxwY3xNaecw|voe@t5pA9xo?%u%E(*hK+W*__h=#B0lgS
zD)xt5@}?ga3%d+rLI)iro9EFusDY(@=}Lj$NlN-&4`yhrvt_mnpIZVivJf3NPI%0%
zoiwX?jBor$09K$R$|0wN?epf*vOyW)2JnxdPyDLsqv5-wcTtHIx<t`k14YyQ;Do|-
zx|Hg(cNA+8pzStb8PewB=1uA^l<jQYlS6*v=Ozc+J-b{O7Jck@P8(C!My~5xD+{fM
zJhi;Qa|@CpoH?g~R_E=L-%k6<TQaYqDQQ;7?(km@OZVG})uzm=3WjU@u(DT9hdP(n
zn)_|%^_NjxMN4mWSyq8rmt|s~J;qc15FA`9ynEnfC#f$C@jAQ(!FJ&*ZU>8k5&M>M
zD%*4Ek38=dub6cCQkL`}3PE;Q3f&oJ=hiTx)W@`TFAm?XrKL*Bg?3c99gk)5m2<Z6
zyI_NASWL<~f^bGJls_0M3W5zFAHUl=muglE<TSgn=Z;PAZkNx3pMQW1bbfWC?G$?0
zWj;?4R}k^6{Gu`r81lGj)9UJ!8ht}ormR-Ae_~}Nk0R7kAz!~O+u3Z|iDTqyFI~xD
zRM(*?W%xqnf|7*FjkNpnEnn9_l=;hJYZJ?^Q{X&{%6v|XfBS7uR+$xXB~Gn;xo|y>
z(%`p^3SG0+QR@3<P09yCT(`=d7NmEuw%+h%U{&HiY+tdCfwYp9N4i5zI1fVgf{v%$
z<IYX_+Qp&DYewEFGtZlUEzJkK4Vp11;HX-zysSoslT>Jrr*#C=790JhbWCz*jYJB@
zvCmDKe*MfogOo>}Cv8Fpz6|qupIO>^&X(T?8}ohPD=-bHkvGA<b{MPA0;?`^jD?Ji
z#XYz29^eNid0W?C7N-)9tXio|Z2g^}=@dl#%#;Ckm`hZ#6p<dK%w;xDm&r2M%^M+C
zE0R`c1-MXSq{Yf3@YSH4(Xy6X_)=%^QqW@ow7Ci$^u9D#=Q9|3*W#e)qJ8SE>C3~w
zgB)WgS`Rg|Ie|{LG!_>L4X>r9sJ$fTs=>4$dae_K_X)rJ)sgb2!LrhNiy{`2Z}^s*
z*^ReN>c}3IjT<BP*zWBtI5sk~XJ<63S-dRJ3w&)nxh}CiLi#e(&RIw9$lTQ9-Ikcz
z+E-R*SEe87I-tz|$UOWj-y-HeHnGru&3dC9?rFrWQ^*|m?T_79N2lp*XZeeJ{A-TP
zgg*SIge1M}|1<aeuL-j|JrH!)W>oyg!kim!kADxI7`^<bmtZuyqWQmA$0xs9$y+~L
zl|VtW>D0dZjK9@+9mGejN#5;-H`WB2$Ny8*I`ki-I=Om4r{$BbOLP)VX!nQiW!nF4
z`4(s%udDp0_~+zvGkTMPe=^^ky#F`TYe~a{hhc}aH?@g(bJ3od$gDM3@1?nLS*Ft(
zDCp4<yNdCEeo@s-G4y@dY1u~`%=q?*nl4KL(lIZ+`XH?IDm1NKGQmzC>zW;IJE<!;
zIg$NsG_iF=6GB~92SH0tq&<+|_;bfZuQl@LkqbQ0B2(jbi}3wgEB`BYFRS(hV(@?u
z-CV$+XfUO;{pmH}?#KlSUG%;<=$vJc`jdYa<r<PMQVMkuLSR>r_m~$v5y+Cil>Zpy
zi#_@jbYH6g={KGJ{3Uw<4?tLb-~xm7s;Ue2;lUuYJL<pNZ(dC8|LS;5O0V@uTAYPr
zucLl$Hm$f6Yp7u?TdxxZ3__&n&O|sC7!QQh#wz6{cX|*iPZ<f%KR^HEm2t%KW7=-*
z)82>Onkh<CC-Qv^M%d#ET&tdVRf0CY*pW;b-rt+Kt1VxVF)(+qk2Fbd4&_A7yAx{R
z@Chb;ColQGW)v_me@mbHR%hA@k2%2`f4+e=_XmB#_)1;XcIU11Ag5Pz;Txq$(^OhQ
zLPB0LoUTRQ?m}N_AKo~=f;JN^WXKoO89}RZnbD>YQa*xe*Za<IykzkS<V9sayQef2
zYG&gx=*H*r@vY6xojrbTljLRwOKDy>S*LUP2sPdZXv^^ryGvxMJR&I{lV-49%3Pll
zdYfE7_R>Z0{?r=dcjNp)WqgUlY1tIzTCwl`^(-n=(<-Q0g+^}!SydUI+aiayjf7zx
zB*-+mLi6r^ys;OwW0hDI&OApoW24a#^1*sYKnSwQ;d_mOuFL2X_Jd~04sVt{1&gyf
zhjT@nwgzJE{gTSHB$dLrtL#fDqDOVQ<8e>RXG5d?wuaQ5YxdT3=jgVtuQ%jc(H5gj
zPbxf}CnyQeFu;q#ZQ)-!*yUiwPDtqxkRD+z3q(Y9>4I52f2u>7kRl3Qhv%15MoGzD
zwm)~1%@Yw5anHQZpyb(BJ(D`6D>dcqD2o2Ol_v)m!j!s4ZIg@@uKt(mx@5VwAqk<-
z=D;6xO7=#1!9XlVdRErK_u+9RlG8I%G!v7H)~U2D6;S&RlTLz1?suCE_&Pjyw`ng}
zuu7PvU=HwS#|x6y#U-LHgwti42`ZKy`Ed6Ut<9;sD)gv9{Mt-c2vJE1_sMdP=)elU
zv@Yj^ZP5fd3I@&Yhwc2j#)FOI=4usP5O`k_jtYYT<gHVr``0l%x>&cJCbhQf{Fyo&
zhZuMi`!b#0>Ks-^=mUZu0vtsZBACGK!hR?UHvYLLvU~hKXSWb>2JwLz)prz4nNnWm
z%FAA6gdDafrQxBcw3|%$1dNCmYGy8`!_<(Dth|N8HV;r%u+tL?m1jl_AU&l%uIUE!
z3<*quFJ`hj{p)rCKlk?e5#Bsu{3g{N_d7p;1Q^cGp7FaHrDSJM_jQvcbNZB4xCa+>
z2%*O>xlAcx+C*4JNV<Y}au=*m_nw~*-DDG77|<gO)NX|jW;|Un@v6o~BwHj9OGhh}
z?4dDjU!$c!O3l!RLqkH#qy+?d+d-f%EW|gWtER0@zVGT-HLpH08ok^K@cKn2SXszw
zK>2c-()7Gdk;}vh5!YGXVdSTj=UTtoDJw<U-}d=@29I)@Y;6V7BFn%#pg3|yc{xSw
zELf)1{6uG-jg0h4QJi%|%j0(XhVkCzT@Y<cq=l~J?&`Lcd?g*YJBN~Wt@ZDNjKR#V
z*~W{!xlrZ#_U_oxbDf;*zzsFfK&jn|HGrIzN@v)s?9T)OOEb{4Iu_8?agF1Z=(%D=
z)QPHXH`SJ9gbc-Qt%wtC1%<CjejlGKag~ODoSdRd?kJ9}sbNo?0EOk^5ZQ%HeV32W
zD(YvlQ{D9u378fU7pHk2>oLd(9!c#*D{=~LwLf8c$Iy~U)wuMAHlu?*;Zd4g4!z;!
zHp|G!2tCM%kE7w0ikh1LEa6Qtgj22~`C9pArJjK6C?cEZ6(sFvyAh!bEg~~O9<qD+
zOdt#KGGHFZv~J3<V(Y3xL=|(!tn#F9TRvSLz3{_#k3naBXqm9<D06T9iJj>?w!brJ
z_TDQ@8|(F+jTfHHnP50`s)g5&-K8uKWQvbco<^1HYf`%NOYh&+98}gJUes7Gqw-wm
z05=!p9}^GVZ_wKkMK80ic69H5T}lZRCDXV()4$^2M^MV&KGcA8DAcSihR8~(g9#^7
zab3D8FWQFjf#~rrPQTFQ3J73ji17WuW!sF+S6**3!Z>Z4nsKEWD%!5mR3?Qu<xq;l
ziGk3Q4#X~x)m!obInz3rt6$*QJ*zjRn!?7_V+#Ab(mZZ{%b7|)Lr+L25<lms&uGR>
zzoVtz(0rN`tYlv|RvK41<M)#Sf`oF8tH~Ir<ie0b2E1QY3y1Vhs7TUpgv_T$g_lX4
zh4b^ykuL4YSocX`d1J4cUNWfXsMC)uIf^p`q}UUFou#r8F&yO~Xn+mT*azx7gm?Q+
z^$xp|)*F^+QA$4)dDyefQIRX_-G^Xt14YJ+Rt6P!BEG5^E}7*kdEvCKj!GU61qF{E
zC36plp67$mXx%#estjJe3iRc^k*FvX%p<aX@Dv12;Vv~cOTw=bFr~wcp0Jt`W)Ys7
zeFbytQW&f{x0WXW-nLbIJ}fRN>8rQn6Nd43-J-$KTDPN4JK1#PUbG6c;_@Pnatx={
z@2&KqA3RJR-F7U54(8?UcL)KE$JV7CbtLDVmTj55tDy#xo8HgoAow3>7(Q`c056q!
zR}B*H3z={viESH66TkuTb!Ibd5uW$gXxxZqVRDu|iB(A!t*i=1#;-l2VNBonMu*(?
zxP&gr+t^zIVUS%s?FvR&SpmXL6?Ju^S7?O2X0;a6Xxuh8_^4f-v6Z62zn<K6p7U|o
z@p)~2=oK>G)AN!v7_7)=ikS4{ul8Ou`>_vvqf@|f;NIVYYtJV4g#fO0Va?r=uJZ0a
zI>IsEs$~l(mhZ0O?tiZ{BS>wh0#-g`d^ez~s@kNTptxjvu5Pds2+H|LzVO|0g)(aI
zdyH%H<0ABFPCr(j&(i&3nEe)&(GHuV8@irP5~Rq>r{N)oC-e~|bBDZ@^hC2amI5VM
z2@KIHrx};Ouek!m$#)jDYUHWLn=iiyYVC5KxF%LPKUl)`b)mBy`~zh87zJvTeEUSF
z9RaZp@O8cU+g3qaWcRZ!>?Y@-Guk}q>GyK&bE<@`g+37i3rO6%QBZU}rgO6;u+_kN
zb3yC&WSJ1R##2|QwWhpMDfAL63cEMErG-RiUP?nCrNiU?=cyZhN^Es_QTx2iZsuzK
zIJ9`zs7<{mC6HC3L&)#Q8NIzanYO;KH+&ItbG1irS8)~ClN)`#P|9@3u;E9BAE$ZO
z2E)>JM=G7dmuk7;>_-due5{1Cv#Ru}4(>}y`pu;)JB1>u2}k@S`YV(KZJkRx0Twuy
z6g-aDy&nsNd(am`Q`FD5g%=40n(h?8oPb@-(a3_n3!A4FhEzMzWEH1ikG>Mwj@)-U
z2jlAhq;4_6-ux;AjTvh}zA98#U3K<&k1g0^CD=qU%~>tJo2AtIwvm%gV8DenV)-Kb
zZ6Ui=<bnz5RZL6N2!Wq{f|!it4p%y+oHBjGv=dy0+6}3uqZ6^Tk_eymQlUN+Q~0?l
z*~)#IH={KfcLV*>Tz8sSprXE5bYynUZB@Sz4-J1_Go`5)vV8;#H3zLwA9Yj+k_zb_
z>7;O$E5qio*XJ`9mFv9aJYAei7kQL0e^y>9e)3p!a{6|6Wd~z8fH5%fM=l*kGFdo2
zcv>K#j2DO_Q>n@N7xK6L)l;SWDypiA_t&<ep9|nL+*bpZTJvBk(#s=J56p!){DP_q
za;b>C2_5%YL5lNPJ-Z|JF|vyT1(Tm=!q=U-=4Tsh`L^1lS}h@idC+h1F}E`cDRue5
z@=4kuBP(K5h-L)10_=7z_}~n7OMM=vxG0KT&x`>l4fnd-C{)JbcYxg7o&*}8l|No=
zamn>kWV_y!Pbbpr^-;l>eLq&o@J_lwSsl2}b2^Y(1NDvonvA(Od2hM$d0tSZ38rbn
zHPLPFoan9&#JDA|jt@F>zNA#+L(+j(hkE+<WF*k>ByG*nj4eo2=MO<0_hO&>1FB{M
zX%-}g>28v_yZ@(I)lc~DN;B)C$dmls+@8)#rbDEn)0qtC1P^sm;TLc-bG&y*p$8GR
zyGwzXB30`%<%g44)VpPne24v#dV>1S)Y2uQYL~`AP}gjdci%Sl>RxG>Myox1n9@^e
z$)UPYp2O@V&|22yXAcpv!7H%xZ}sEtB;+R;@1A0w-daKo?Zc)Nlt+gD8@V!`%JUSc
z^TG{C@ie@f5Y!TPZ@rP%$Q53$a5^xcGSG3Y)Fmg^p2BB^{q7naNQ@?}2@EtkqS*C<
zlJzsC%nyXuR!)d)77G7-n-@%u>!ZjzcvSh^u5B&}!sFXG^XjDs(0KTuDfy&R)3kj{
zvR&5uUf$lJksUZAr0ZeHA6T6Zk^34-0w;O$gnxJfBGp~`R#XVUve~Uk+RW{N-s-%`
zG1>t3a9`<rpE%nhoNPY24S$)Z(eyToe476&Qw`?pq#`2Q)zqJd2Vk9#_xk+<!CqPe
zMWk;b;YO*nT51*I_397)3}Ns4g*JO;^2*)5mISTu<KP*J-c)zzG13r&cM*9YE~e-l
zw);WlC0`Aj34?R@?;QqxoN{%s<(%73hiM=Zyew(22EHo6g+4lYrvuShO(!D4uDK8S
zuzNo-EqtGojnS?_?|rW*+3;nhgj`DU;%aoN#fjPp*|_l<qv-iI$)8}E?tElEVk8*^
zoY|44K*09Hjfstdga(LgaRJ<E5qbz4bkIR#%;40~R)nS16QybPA?^0yna*>=^|aaK
zLa82AWsT-zG$CRSd<9R7_ZL8Z;>(o`Y&UEC!rf9Rmqg*C{hFq;3KLGNx$qaPp2JzF
zi7c29vWe(HAxVb*<R@Gv{z47sZvIFX5;1g$H&D*-_ZjQA))i{%$Mb|&Ok&auoHhjT
zQ;udnddw`gQixcau3Df$GA9rmekOb$=9XtU$ASe(?PFH3Jpn&`A|+*%0^jV#2I!O5
z9`Ow&t1odNYeL?!c?9);o+cPe<-*-{pb8tnF&cR3S16a)Z-n0<ge!SiS@tPC<EYJ{
z2B{vhuBv38%mdMWeh%YKlQ1-VlWL0YsfWJN^Bx-y56^tAEalRXk(X?c4I95z(6_H|
z3+#`+e8f01YNf`Xpu}l86Kpz`dW{7CP<)#%Pe&0&VTT+UVZ_6aqi1zlclM}S;7sLF
z=rgU&+2@mH&}JcOskj|QJ9ZWLZSAbhg5F{q9Um|2)~u=k-wOGCcu{qMLQVbK0xa+%
zX>^{J^nrt-w&j4OLy>7tkY-MlRcTSf{gb20_?It@ru`oVmb7kF3Z+F9o*qGu2dNaQ
zW^X<9LCavMlYUxWe|v836y?5o^%uqrN%aZQv<r?J9yR?``@^Q^MNDaP8$V_E%KcRF
z060OtAe|T`lCd<NUR#B(HQvYy(tA{c2U$EAVik2Q9-=1{kDYXiq~c6p1<I?c(iHA`
z)XIo5jDhrLIU@??(hM8vt}0)YmXy@7{8Il_XCX(N{fI){pmw2cQ}b3;U0q32GsGbI
z#XhDdYRv*?Y}^EvrsDDW3g4`0tp%s;vcE(GNzjbqW>nOQ?OO(hh1O0H6B9zYRL-2T
zGVE#2Uc(KU4ZmA!cSyS6i+j`lya!+06x6>^ER!U&vvj%G1X`>qJMegbr+PC5^=5C}
zFZGga@Q&Tp%~J!N4&U65S{okX-x<imEBiE=vL$}<amj@>$*o5CtR2==q;X>RBDsJa
zhh>O_ORLH7U<6J%YgJ@d%_GV|Wrec)>kHg)6Z3GR`W0J+Y-An`Zn^Y?Q|F=<O&5p9
z)mVj<-G-z2u7U@FQT}knVccDY&kKE_izmDbwH9{W)oGFX@}#-T&)M9qp1jNpNb8$*
ziaPq#OS=|$>|NiEat(g`NTE2OV>qy5LA>N`6&d8dgU<^{ontb0fkweZQGLVY&&$tH
zU_O<Pky>cbNaxxKE;e{@Fb9ojQV9t+Pjl3Q9p3NOWrYSx%IN2=$Pw>e|7w-kZ&9$Z
z!So`tf-H_i&>6rHBvLvf7@pcmzcUUX{?E<mra6nt%FeuZD$IZFH_65M;O@tM!?a_m
zk$L(Df|3{5{2BQC0egZ_{c}&@Ul{CP*y-Pt%74B5@b4WDJ2c*1*skYceWw(`KZk(c
zKw;_HFq6#KtnPnqW0*w-UJ=Xw4@B;Nx?s^4qAdNebRIO1SbBK0y&ES#wNLFSm8DVA
z^QU$f>~i=z^Tj`YbaBdId`4x%7W@9%|9QRF$3K7CQfK|i8vRdw{VxdM|BH?Pt>M2{
zRf_DUQiMzhTV06!5n6&Yh&qg}o$DtDU<6}cLhQmXeRmEgClt5@6EXT92#?GJ_~U!R
z_W|c8q*=KTROE#)FjaW7Sq@m`vCPNb3K`Q9UImIW6}VpB3*F7z7GXabf+-J@w@y}8
zS@j6nQnLG%+x2}A@imnJEF0J*+WmnHsdoiZ>iW`5_ISxmlEE8F#o~7zkVb*3JHndn
zi1qRiAVNQbM=mZj6ch3`<(bo~rN?P#jNLbmilgZ01@SI?KZ4UndGC%NG_S~P0_=F?
z$ws98jS4UrnNZ^bo41B!ianr&c+?N%(`^!HPg@wiqHVE#IIYY}mUVK_^X%K9zC>v%
zt$#*jmN4Uw{7E>bhM)<7viiI=2e3}`!K<`HdQ%mdPgCMtX`!^L3yZD}BVsBKjAwh>
z+oY<UNL=rC&V2aPULY)ecpEAU?(z4OHOdU@tM8%Q?%qOf(-poKd75oZ!sh9sgYU26
zZwO_tUke+iDHxNLDW7s3k_tWue>);p-HH5sXEKZ*mM$wH0Rr`4eCvKf6dN;{^`|6?
zqMiE7gQ(;$^Es%WaFsu<vz&J!n2f2|Ra1&(b0Q2IBxEmz0dCGoKX!V%)HW%<e2B5o
z+KS9=ei<x(`Uj&yZL*SjF>kV6yD!xb^}3y|gsl9D;}3lLpe1SiwRTD%U`po}v(3A(
zcB$A(SreI$#i`R>^QIH0b9P*{+|K&TamvB*)BUwx0_XGf3dG9l)vl}Vv~EVTE^2Jh
zmz^U&%x%gVn<6eUF(>r9lu2{UiQ{f?UL)>Z6r}?q3?Nc640T+mNp53xbZ-WBKMfe1
z-94(|XWpvtM%`I*0jPIO1{~Otcg+ob)g-i|OZP*^MeW+X%ghvPJzj#`heGZz)XxqU
zo)p170BE=rv>^|v(_jv!-7~sOt&YOyUs3~=@|s-A42Sa}wZC?=%MN%=Oh{dYZkaLL
zOLHD9?-OfJzuh!OJ6<wt?^7-zbndnjb#C4aUNX`$!WsFb=n4X9h6X_=$|#_tlA2mz
z?+Nh)^D-c#<r-N*;EIHTwCm0=3V|j0Wo6-;a7gZtUUBW*x?l{QvO{Qb=aE;9;knuz
z8MmvEYV#FgB7x3m^peesB@K{W?Y*v|Vo0epIyPfE4kII@Z_F}(11hN*qMJX^q={Q-
zJe($Q7RPX~m<5_WL+|Zr^8#oxVd|BF8U*E44Wol^NR(nr@j>I#Jv)TgtY@AU%6mnN
z_*F<wb8^ZV{mR}?;X4;0aTDgjrVt3<*nsCH7R}Ia&DZRCznN-h`Yp{cv!nh<Z3@&x
zIzduWX_kf`qC6%PItf>(BvlA_Zl*tlp|3p|Z~?adMC$ccUAgaQV)VpS06cw6!N~1J
zSVv;{C;;LWv2@rCJ^7-!ixT>~we%t4n{>*MZd_9kke$wNX-TaUu6QjBLg#ncI_d94
z?MmDEBpdAOr3bud=oM3~$8kJv%wbs?R0iqX8uyp{ACQCEwa!HD{D^Zx9!L-x#3?1v
zK>t->qYkNNZPS!q;gU^%zAiL1=gY3n?q@1Jo05<7<=5-ZtqTa97xr@IckUMl&or3Q
z<LIKIT2?lOp$MkT4zD+KSo&gOweygI^#^z{lcXtAZw1Nnb)dIwd@k87q5ctQwhz^j
zyuc@>NC3q;xFa(|%4`Kn&@|C{2^qfetxb+)p`;Fo&W9T_cI3Y;7AMt6K;<6e%if`Q
zYfc(9=mC!@G)M(Ij?AFqVd3Myf3^b3!@GCl+Q)~t>0FBx<=zT6S6?J(v=<7*rE<@B
z-Nu~E>IDfcl$*$89)RjEXD%OfwKdfnQL&Y2!p1-AW2X#u_I-$u6Nt}{it7Z2Lis~W
zO#h9#w~UIaZ~KN-6ch=OZUt%SZUyP?ZfS<@R0(NBKpLb`O1ev8=y2$v8wMC)=zR9*
zd0zEg_q*;7?|RpI{lIcy_RQ=(d;gE)SI4%S6ZlNRVI&XfWTROsju=X3MKx}F7pYr&
z3|fKG=~gH&e0!al>hNw@WI5tHW0jo1XiH(zm2-gy&Gn-UUua0a^<O(zB2yp`=Eum?
zx>_F$7+17P#|eOXjw|vcYI$wIcKXM@P7M+2cB&uVXhvyP1buVkNQT(S>X~X@A+bih
z#%C5+3u;b>YDEb_GILkk%)Un@Aq<s6Q0Rre@6+Q{oH)Uza+}HV_Jb90b0U?mlFqc#
zti1>MrKYHp8h}|#+}*aue>iE-R|#KI4<(k8L;IN;uzYzj=Nvn#tL<S>+I`8KhKCJX
zwm0;?yb<S$>EB1og67^9s0(zIesp81H6}u}Ij6IeC+|8EHF#eN^Aw^G%Fs*J`qX<z
zmAH~^Sg)q~kU!w&dy3lrbKdTAdq+fiU%J5Yc+Ubg*^h<oZ!u?D>VBCH>Ot_YQL~9E
z)m04ps_*Abc&~$NXjCclBTMVq9p^U}Q!lQZN;_(n+;l<3as!$ozqmcA-oRWs{p10j
z!+X*YUC>ah;qw9q4shriWCN10-OZf_yXnr4ml<J4I}<uh<?IRN4lQ_&obnF&LnJ72
zH|=^M?P2;2dDiGwN|*L)n+?%UU74O&guDFQws`2aPE|MCT75@go8J)ftOaKg{pRX0
zbJIYH$<GPQTrEtvB0QIYYk~pr%YB;{QPq!#^t8&e=o88-DNb6;i&V<kj%~bNXJ!-`
zOblB3U1EK8SfHDB+<lXOGCj1DIr!Ca_N}CCPEuwG`?aM@4<=vE*MCxtn4xlK1`Cba
z0Ug;X4#vv;XMPKG=V_*2X5F~APFo`e^Gym+(!(h?`j{w9zmfEQ=vtxA&~ORV+pvSB
zyw1aO7hpTdc01Y?eCJ=u^UGxRtpkU8rO`qQN>9~7TlEdT2E0iVnpA0pGKpC~=fhmF
zOekJz*7377<S6(dh-9->rwsm55H~*;NEh<fn{>QzXu5ELi{dKVsF(N=@s3)|5%Jkl
zPnr|%#|v{7E48?HR+fz4?(<yqh0<B*)WEhVKY2>AIH-^L-8o`jP@Za`PVD(r0Z7sl
zHf_{+css>9Yudgz4*KIUkqa-uyTbTIFafy$7n-;)uIuc#1&h4(_8l)mhA*B%xD<=`
z(&)VG9!2WJgG&w0@dkc*Qbj{x$N3pBUWI+nV(q~hPmppkDuJK8qTiglid>@t?tnQ$
zTbJwI&WH4!3{i9g-k;EF&u25WHQrd?!%Xa!lJ(%r%)3|wJ}^e2!$%&h%wme(-SDY$
z)jJ~RZw*SI7c~dFYLi}i?7lpyJRoC8z9{=07)MxNUzZS{T&%&TU>*c^la96DLrnQG
zJaqBe3{DJ`0vGDxg_*>bxGy98f|*)UDFBC<l;p{nrmn8;&Du+EI@ecHr;nxXttC(%
z%N@Z)&%~5-g`o2^GxHJfsP%!-n;v`!SaB67)V_L7x+Oj7ipiYAlpg+N|8N;SZHU7;
zv%<a&Q9U?Wzg;Wxwu3v6XicF3)kA-vU+#M#3v+o5Hb~7!auC|Hk?CLz$-IOtW$#U0
zV622-k$Ud-G6S6(pa=q2J((Z<ddUvIohyH{AMlybpaARo;o_|yS+s*5Gqp2mf~phv
zCEYWN(Y}c480!?G?nyiXx39JiUZBTL`L=BlU*(-M8-o1<tR)w%bs$_$4f;2v%Ei36
zK=<d&GYr^ZGi`Tn?;QZyXhx=@D>V4p>50iV6&FypHOtCPk*10vMH0rGT&4%f3YWqN
z=5O&qc!3CVzhlIyv8dkJ>t6Ij^OSYXjPn336%7rS91MOXXT1eNr+TX9<nEdI&XrM^
zdVrAMp<nDp#e#ls>&~MaZ2%`qHu3!88bl3E4J&n6PX?&a;$M!9McGyTom=;N!icr<
z1_Yu4OG)|CNj>)_{0AoNlJeh!b6j9XlzEN|yghm82h)wGwk&mvVmx+JKfk`71kbv6
zgfPFL%^03<Hk$Oy<GeNz>Cqf$`Yw7q3d9)KVsx3bTS%wwbf^WF!c?@*{9LA24i;Sn
z$^n)S{6&AT>3OZ$OHN-(DK-q0)Kiz}Z;b$iPvzAbowIj^yZvl<)aPMFW?WYUVDY5<
zaa40PtNiMm#+fL45_OF&6T+mVccrXLaJjwJQ7LZ(=8E<0w3*#Wop@<t^jQ91>~Eui
zn;W-o44N{%kjD7ygCEw_$L(**zPIh37!x(rvS3rh7((b2P}F^)Gk84e(xmwI9{94D
zqVJQ=hpygiBj7e+E`PYrniNv<V1Vf)u4z!w(OGL=XWKVQcI%sXXxKdF76`QUWYHXb
zebE5PsG_2>wJ;=W(+3C!hjjS)*2|9ZOYS~b4tD`EEwO*Cxnt&QMa9p{YEiJ0KsrEg
zF1cRZQ0V7d16M=oS6k{idu(&__ip#;T+3^C6)F{v!4SHIR5vd#ek`z4Krtf|Q<&?Z
zxp?OwuOUDSh$^<=!`j>v5)!-?;!VN5r&&2HE5_G7?*c0-;3Yg50bdwUL{_TlTvinr
z6rr_xgmQGi_cdD|5YaFP{G?_-xcch1{Syc!p+4K_nq+%6euM>+HuS}_IQBuOxV8;~
zCtrtLOYCm_>i5}Q-jquEY+vH(EhJ3L^(^7%Pk6SW_e$e=WSRp*t|)Kx(M{HACNZxu
z3MDfq%H%N0FKH$jDogB3H7TbUkJfqY1!C8kT8p*0)&AR3i8)8?I0xl<TjjyJ8Q05Z
zgX>8PEp_!*L$W-0$Cg(e&0<3$oe(t6LhP&<m3&c6pvdk9IFhy&G&TKPs1*ReEEY1#
zv<-8Cm%7q3zO6Osv(*FiAv2nc{8N|<#;s@vTQ&vXhuX=G8U&5a`xx=K$&rnF{Z*P;
z9k&$P7P%+E6F3*O+R(}B8_$c?BI<pu3{&z*QYw3H(8HTMI8&u<*cb<$KtIdo?SJ<-
z=XiS4uR74Q4J>K~QNAEm-@d*U%fXb>W+uh`PTb*xQK`&}VKLvM(E_1^P8WcaftKkY
z{K-T=ZZ&7oEu!Lr&VA=i@g94umYaD?p-0>Sj1iP?N3DBdO-tT^lV4n^E&~@+9ppIy
z;d<%9WWp_|W^Lh@SNW-P_y>tuL%z5rCHpR}#DlHw6w<JJ1yS6mU-sJ!<hJ6gJ7!J?
zNzd$-1Do&>Zf2$_{hp2!lBI+5?LZ+Is3<wjJi+wat!qu|B9+i`aT_I-zpXf#%rSYn
z<PrBJySr&U6a1ho`qiY1=Y=IF16d>eX2|mnZSQ-2eBW|-L&{&8lA7(}3R{f!Lyk9{
zG-b2gVA9(+4!yCH)lV#i{_vHu6H&5Z*?iS;nhYu2wz6VkD=7)2kj^DXQ=*3AkTI3T
zvZoT27K4{Nv&p2FxW)NS^IjV|OomDG2{*E{_PhY81^$bD>+A2g{*}v45d&~o_)(<1
z-4>N9hK75$j#=^9GOgd5F8QvUdT>`6B~(=_P9=E(T2fs--YjLLSjT0@T@bi-6B0CD
z(9)_H?j4my^4i3|s<a5Z=@;qiH&EAV9Oa72&3$`Y^FBtHA{`*KMvHYg<#A^d=fHvi
z@XikufL$gFZMPu4yRLP2H6*6Y^h(TfiVUL!?b-7zoUpLLW(47HT9N6;v>os!52~uk
zYM}~ZADV~!9{Lr-Bxj-CLIUnSV%ntQE2NwjdyFL9HbD^L=BDs)S%9d_-hssZljKV~
zJH8eR6{xgUK-!<iS^?CvHC@S@E@-rKtD9>EmPM|$H4ejJX2H0(b5QPr#)N<_T?p6h
zF}MZ$(fgQ^>qmmjpjx_-+tJfxAl^4e+p@+APOLh6st)s7Gt!vkVzx6E`GNU9tVES@
z-E7c@@M2TTgRKOj>d(H)UXvoZ@4glD<AOmj1|zjAac>{SFW!#{QZo+tuu}Lz^IEA2
zy9Mkv&7(<*vO>ya(c%tfWc}gr{xT`Qchl?q?X-pSxq*XZQ>V<IaUo;FcV!t;xU4^@
zh6Df9n!-VTexp-ZEnw0luQimWb;tWv9kmM29Te)Kz&s5jZaPs#W#tYN#SC8y3+ZFL
z(~JL1A1SO|Md4dZRIo}}Z+_XfXO!&1*SGI^^bk6A&)y&Rm>>1YWrO$g&g3}PK5Vqd
z&lPP&$G96pOctH%sWQ;9<|Loygpi^<@0=D#I-U8#a;2V9KMx9xxk>`4KY(^ZvSLma
zs>HZSoR&4W3-L?4+qJ$4?VbF%y`lTN`x6WK`*H5aI*A&FR?U926Guu6_(yfGSM*~1
zgpw<^1t$Pc(ghx9N9@v*@xoVNIMKx`Iy8<NX)VM2<f!=egs-c@T4!f0{uXFJPAxH9
zv^kEM(&ph0F#S<fr$zzwyRA21T+!G|cI^VD!5A1>r8?1kbPw*Q6_)=%)V?PZR6Hz_
zA+K{x4r_>ZyY8w4{Q8dpV7`Ue5;RgAZXorK{%z?lm`l|Y^!HY?1-8}_@ksD#9cf&@
zq)q5E{<%}0dsq4Ac0oSEkbQpRqqFCr2`Y9A**j|642z4#t~<F{nLot?_3jCJUVA*A
zGCi>v!xiVhI>MM|rmCAI7o5VcKwrMqo2S~#Y@Ifu^!ha6O{%025VLG`c|YDVrMc<2
zH1}BCtPW!_<K>W1-9v7k{e!@P1-ov8)AvNsVDO9JgW;GZ)x}?EnM;S<!)(`c*<YO=
zMont|N@nw+|0uTXxA|?WDPZJ6Ho$wXHx13_&X4P3H0>W<kqzJRw2G-CS-n1enfQ$S
zv>LFFM5&q(BP;Me12%gd{_7P7)W~C>F1K_#i=!GJXzlVVR9uUXG3gGMBih6II22`V
zJa0%4%1gU;q~-8~u96dhgmCWe*cA%qjDsV%YX&v<_Jjk{BERe^C!hwAQG4+6s^(q{
zov%jDa8P-b&MAiuB}I3WFW$7ryx0&f+)<ffr|PX^YE18dFX^}omrm`Re76r`N>-o)
zHSvd#3ky^skOMEpq9ntLhjj4~<D|>9bVeN+*8MSSqc0Nc(RiqHr!FD23qQk6F$I~e
zy>=w>S@?tGAkP-_zgn%GYl66ZDEc`U@>Nb=MK@h(&0p7~<tN|1cz%ic`{A^iI0NTU
z1HNCk)B+0^tyW9xyS3!OE4S9#TB^6^EYvRz%e7#5BOhKfP<~FXCmVOc(^;YYT<+%I
z$qSt^CAam}qezuom$RPr7#7cEO_p81$eQ&~LM66g;@^Ijd9|i8F}?GOgu1fiU|5CQ
ztYn){NldGms@mal;Pk`t`49!^S%97homeq6sIw>^Q*WTh?8ZKeINmjQcthJShP;+J
zU&S{4OOF{D^WNw(v64XnjO<a`@Te)pu+URF$x`H+27le<Ba^VlPF3uGl;xqz;H7t}
zqPhNcIfCp^@8m^uvm3oC*%~AU;V4kjia(N4^NmE7d`WxD{K~hpi!U9k?Zy5t<~)w8
zH32g7x>`F#S+RCNpq$j(*z{}L($;-3-GV8Akd&G(FCj`S653=rYI6@s)IyNUDq7;x
z((a+d1O*IA!{323>R=&9NzmZ#Tm?bLdd6nA1T_N#a#s?gZyoF_YkKGCH@7*y7qMj-
z`smVGpzq=QA+cuUKE57ytl6dxI5cEyJ<qZ6eI7Gp;e*sl#vQe4Ro+@!eopse5^h?d
z)NlO`5el=sIYtjJU|OAwkxv_vF2{=0GA6xvL)O3O9uxxr1eHrez1ih&kf&aeIbFhs
zFqVv)^ir1>o+45aULb@tV7LTMN~gsqG=x}r9^0)9vy>T|R`l|7fu%loP%wj4Q#`6M
zT|JN<Jjht{rPV8T%7NtWn)cSU`VH^H3pl|iQuWex*2$I8>&uH9ixqm9kyk7?TFHif
zX$micxQ7{$_n3Rg7s8~-q<rgU^5l?HOIlkBJ<(ekeK)8b<GOnm`&~?f(-!;`@2N?i
zWQ!e730w*vQbsqT7$L4C%{yKZo{J8hk#3+BThH0e29px<EddIpwqeVY<Tix3T#_Jj
z1huY`q@@96mBUVrWCoqya#BG10oRA8o)8Q&OQs1Py(1oae4m%p(Zkn>=@gts_~;6O
zQF{4u{&790>>SRz3bRW?&Ezn)pwvCBAMcM2oKAfr$fl8QTBi&4NM_##EPJw3+@B7b
zbF%)gAOG^MKBhP-`+7Ng&l&sd7avSPbP-2Zr?p_uRe-_poYqzjI#Sw9byf_29!-JC
zz`N)`lgGU2F7wpf9Q@mCaCy0z@6pBK%gw6k<%Z)hR}CVhh|}iXO35cCU^R-=tv=aH
znvakRJh6E_gAcl6<$;K)KeD<D#Y&mNx=tj_H;+wD9;A*ysBB9|PIYp&<R431-o3u7
zobuBi@-;VJn1yaAqH$DM)(FO-w9Rq5O{Ghk9c4anuw_i$PSFepcxKD=Q81tPEH$|D
zq`|b+-+zk#=}2E8dzl}_BOTz<Nh6Slyj{2)-p@Ypx#6??bbF3m64%26?R4tm_c$rq
zF4P{`Zm{I_u!Z`eGX)+D`#1>EYYzo>WigR<73)@fv5#wB+nXhJToGfZd}$ze+KatE
z`)YrV=u?p?%@CStyjJ4<t5^DN;6?+-wA#-`j%c+Kb+J7S=QMnV`CjidDDn5t$dx!Z
zqNV)=`eG-{k~ufTzQ$L(h<;VB)pR6}=3qK!zZ;(2-OUw+OJ-D-w!3<}?4IH0-ub9o
zsA)kq`6fXQvKlmF+2tK6I>D*cX(PURPSCVWGCQ<DsciL8F&|z%NeqgNz(CO(tCPx*
zsvgIO9V0r1V?F!Ag=0Fy;uZ`E#l{2`Ab_mK9!0`^K+80tMGHXK9BUF8nckZh-D}PO
zd3rsZm?-GfDEvCcZSDmF1C9a&Xb9sI8}9&p-iyBebWfliYfSI#d~-*L0-Gn5Jh30=
zgx7!<aP-nkDEnmrJsH)P0+{5h#>hg@NdmF9VsXRDG|La)7^wm;#G4&=QUFx}`0T-~
zbZ%@~8Xg`i1gV1pZDVDqp8&k+tq=uD<D7uUj;lb<%@^OQsk%7|J087~6;g%}mPA|#
zmyDufH`nV)7zIKa(aH8<VR_lwXwz3&HpdIGexuzuXAfx5+0k;j=N2iF%3kkRR-6-Z
ztiLPzVPD;PZjW&>Zxh+3L?MPE)IC-`B~yytyQL4gyl}LG&A?q0#IH^o02wVb<orz$
zUP``~7VEuM4jHdo9S6P^7>?htlsB1m=E$y}LvhQCNiEB>g@+e6UD~2%#NV2vcf%(>
zHcS{m-Luy84od3x*w{`+O?OD+r2Q)F@l;-4j?wT`kCQXlkAmy>*kd$3Hk%?XZzQ%I
zjEezXw%%b=dxA&AZTB*4g4jCJwn$J_$ZXtAU^sTu<#~(0+%JZ|L^-~}IK}$dKa<}6
zXG1))`%Tl8HD_}g!t?)CYI6F`CzbYd))@8#So)INwRQNY9*56<L$^4HkF+<j<MH!t
z{&MBt&D6Vs_LFa^WMAa3(F=|{yhWucsdp#$uSFmml7n^Ww&hQMi=Bns<@-09%4LGd
z2xII!HLW*y9@m_;cyI(hs%&mOiLDL2+;G6UeAM_AL~nAe2JtGJI=xcHD&rqmY)?d)
zU?o=wsO7V3rM4AW-CxWg^R^Ly<DdScYhn@^<*=FIxjARoN7pCWw|zA_LpD_~a&1xi
zFh--Q=FAkI(d`V6f@JpTEo(;-h*)IpIchCcp^(u|PheHm7cw0LSCOu0=Ty~Vg>4b1
z*-yI=ibpIELdpd8_tVYJ^#Sc)3RlQ%?SoFcc<q^Fyb8Z0NrlBcSw4FHyXXA+AW+r)
zb8@o61hjFJzjS@fJ@b)SIcq-^C&F9=#2LS2(wburf>_M;zcn|HtG}Wb-)jnXKhx~f
z<)~9=soj~YBJp)mo(4@c%Uf9R$n9u-S~nnuaM>ovS57O|MUwEp9QI9}BQu-ppB8Ft
zz{^t~<C&~6axDG{eM(X^vg$jv`1FgV1t(~Rqb7T#D$w^ZQL1-ffR+=H8SmMTIBpy)
zH-Fnwg$3Fd&)ra>LF66B=bL}Zs?vq2%N|^ptLj!;JNS+IX3keJjBkz?pa2$BS*4uS
z%~SfkE~1Sd7iwptrWK1}GoAP(aCppbfY7M}r_c0{{|MOvx`;pJTI`$1k>Y>01-)7d
zRO5mr@l7R{^h_?w2NGE4%s!vz=LPf`q7S#gEfp^GU%5eQ+z!(d{)z>GC`A)z0do9x
zzHVaXV{A?WOziAVTJb=aU|^e?vuk;cE^AyY27O9Vw3v%v1Ix0mY*4dwZ@DgB<~{${
zZeZ=)wARcA2j3@xeu-WR%d2ooPx?`bX|&SUK&XfE%nCY3e6~{A#A-kqw)Ix-clRne
z26OO<X}oL<`_L%h-2c&X_HmHQNuY?TQ^;K}_(=gFQhm32($I(=0}iy_p1<EKD_}=v
ze$B*MvHrC>y+1Gbg(?XNy4vYi7)9GF@vQie(^b2m3U1rA!A7ISg=GgLU-L8n!{PgE
zZh*BA5;|%@z3tDVw^K7lzyx`@9>@=w;yJ4oI@MP)Yz+|6<D}ic8hN^|*uNY)5jUzc
ziPkl=UpMO3(a@kVdEgmY2jfz}J-s1Amj#dVa0kZ6`%b)^MMe4e>2r!A_Mum^GMZ^3
zuC@IuX(RvIceC$;gjIKJB9Lb*Rhcp{X42~4YH2;1Jkam_ds*JaI-grFStYD`R-&Z`
zGr7Qb71e#Uch~6RZW8L<809|3%gxbG*V$F2B7F}DfU~R9MlM%7n6^!^AZ|Iqp`xY=
zb5~$W`iHHuY9B=+?nc+#<{q;WgONf0vCs6~<MBL216C^5h1`ugN{B!J+NJR2bnL=s
z!`n%cLl5Ob7`+=?H=k4nX^6@FQ<|UVgzeeY)&8yDUOiL^cndTlqj#d6bC0#x2kM{D
zoA1tI({o_hn%i&bHYoYO+d%yQ4~f;sPm(77t3VqMJ$v_bV#q)?*5t|M5W-ZGSx2t6
zcmCRaFVfMbiRU1}Bt@^6m8b)BL;3-$)5@jz+O(ENwYcWKoylC<YIAJ9F@LM**AXlb
z-7R4)VyBW?@fm9Mq;(2vFk1A;VMG7axk>r$!P?}p@rGVR6H^14X{5_)J<d!bT7<2p
zrLC!ll=1-ecx(>C&Qyuoc|HTH#B)XJ@BI?OirX6BNE4n)JP*puw@&jg<e-RoKWCpV
z>MoFegI^gGbpI(XZpq3=`$b1SW%SRVKQsJgk+OS1L$lIPs?TB@paA($^VoOiU~_8M
z9e6gof))3s;a;;Z;qcHIuSCewg5qQpE~8m1828hTHDC)PYn+obH>Uxr_l>g{l+3ja
zb9#8!JuWFp-B$0OnK`ob_4djDP9W%R_Zp)V1h2QZH;Hz$0WEbfx_|BAwnx=%OqrrY
zj%1Y8OcgQyJdCLXtN{2+_Kk{2KxsLHQ6nvX*Zcq|;N-#x_sXqdd;q*=d;&k4*k}Le
zZ?5cgago-Tf^#|@c>1r2sAm%lzeae0UAgK_hL1I<_O+&$VJz@u4NLjxBN7CSOR}$n
z1N?RYZ{MvuovviA$g9EX6ku^@V8EVLf>afP!tjdP<Z!6QiLcTg1)U1c+=A6CjhnOl
zu;+MY_@q)u%P*Fpv|R4x+o5CjfBY^gtiARt-BCbC^X=CDxD9_oO(W!Y5HeXG!VtvA
z1X%YpG`Q_+(O~wL+rHk_B7I2C0*P12q=noJZrl5T$2f{D9029=J3;xs8^ZdVF+h?Z
ze|v8J(-QQz=jK1t<9|Qz9~=H>db}XWK<ru22x)EG_%>>vp1!!7D&ZXx{*#fNP45)S
z^ZR<^Dvv$`_J+9Z2K})Pp>MoQIjY(8oy5gWYt>g}h;&bq+I!4*)pY1y#aq8y>Na!>
zqTIa}9F(1q`GNH4m_Sm-e3E}B;W8X48m*pY(3YG_+`io-j_({dC_x#tTu?v!C51IV
zo77ewL3>wv88{%zLA~7RVre-?-OR=KL$oDc7Oryhb&WKW`ud38laz?m{q8wt<S&I3
zbP=sX9@)J1IF<6;7x?aQmi-%_gi+b?`A<h5b()dEG;?|2I0Jj#sRIV~P$)|8AmXO?
z%HN73|IsOnP`KYuk10A|aP#9B)0F+otlq2a0FI3A636O>=iWb)Zypv^a$6XVXZl~G
zI{q!w55#;{XUzKn@(I_wj5MC$A!U^P{C%vj(EM+5iiF9*3DfG)EGPY=cMC5C`etLu
zh-isu2d;bC9SC%IpUeS&sJd^PNpCkN_(vzFGdD*XFxulBpd(zEq$DZAS2lq0d(;i+
zcEd_xN%_PyTQ6*gfivKDr`7#EuECfws;H5tooi_=hTH_&bXAT5>70?Yz7d2{Q^<b_
z_}M+CB7Y0P2b5m$O8ZKEg4cs&jAse#j}cSC0eCG5!{-RCa-Y+pNYfW(1XsMq_?5hB
zT7+jxkYQ5caIXhC&yjn>2kEJJ|0LUR^Wv%hWbLQRL{`&NZS7PqVh>h>ZuljS`A|Ol
zPNVG$CHvA&i^d0n<kHL;oe5g&D)y~mSvML3T=}K`ail!*+3?WxcQU~8p`eMHm=z!1
zz{m)E%SXtW2x&RM$@Wz~aJc2$8-}yvw%i{ee_^&qdBuX$3DzS$<#aY)05#}pzk05B
z`OD+iQvu5j#I`hUViB-tDFp*soUB8IHqzzmR8K~PdRDqxbzBdG{_Ga3>1r1N$;Oed
z@cZ|0Rp281!@4zFNKFPVt>?uQL$+BXt=m^$%UGdvJ%~f2IrvEgvp-H0aelW{a}xHG
zO96lzKv6mzE<j9urYa?O77SUs7DNR;O`}%N*xY8rd)1cvs#(_P!9UeBqDo;mFd@ti
z3`XRXR%A=h`36CqX<R1oGnKU8)7_j{wmrg3Z&7FD(eMYwCcc^nvh9^j{hlsn#3$dW
zxkL|T#tz5+FI^_|q(p`mN0Z4#vplO%bcJ${2Ia+{iOxf)HQ#fttl$gfS`_Qp4hfE6
zCYs{ghIPX3i2#FM^0N5-kF~NtfWJxk+)^Mm*g*ZQc?eV3dgh1!)FD#eWdmXldt`~w
zb!9SMv;m$Yb?m(l$YsiDJr=MLE|X~)i3WcA4cV+xs;jo#8^0COgSoPFD%XM90dVPn
z{3$IjpWQSY2Hib?Z}`~NLS^KuN@=(i;tmg;g(#GiiPzTfoecn&6xZs{Hz-#a`N(Aq
zxVnL>?EN9Z<XJ1hw^%dm!RXS0^H?R*QpXEyT3G-D#VFtcLF|<Lb2uL_1`4pu2OxF{
zFQypjuDp!?z7~L^4QTDCv9^E4TfYg6`)h9X-z(qWx#Zt#0JgZfyzx-l^i6<TNNv%=
zp$01MhWrcapS8n!0jWQgX2vZIG`+HpPm;AEqIv2gE2vQp!Y2oB`@X}qC*6u+YE{3f
z+)c!mkkQZ@Kb2xMa`7y@4RWEX1T%b5=r=8}@EcSyHxIsLirJRJlFRoG#(nU-)jl`=
zXLQJ*J(|$*eu$=8hHCwdcS7GY>XLXj*5)>!1&wU$_83@gE0;E<QhxD8w3`9A;bwW7
zZhI>D<Y4UR{3xBZz;X^#RO<Jc1=$-cAs21_#tk#PV9IRlV^=^~I0XT@5>;aPB;hYy
zcVxA%$6V)`x-b8UfgIlsLgWK#iQbJZsd-vC${C}T-P+&P8<>yuHl_cVnbF=TaX+!q
z46RX2^Yv9gzh37xg7*?ejr~j40idqoDrBI{cZc$oiM8_yRsL2OiFaq?y3QXHW_6>A
z_<uT29jt?iJTYtBPs(Nc1EVe$IrUrCiSt|a@VKzD4rXKpa4oRcl%<=ng}KvDu|M3~
zbfa^j*ty$wGD&INPQbbST~)t4nyqE^wXUvQbg@^8MhT^<ovuPa7I{a3Q0JoN{is%A
zwh1`?q+3SPD0C0B5RL-uExCw$%dWVYu#1Fe(>>@D>jClL+DcGo3z)EW2Byw9K_nIJ
zQ{~wWX@z)2j}_{*1|zRb2=kV_0-XZ>k9{b*P{zJSln8G3FC@P5^CUtXs=QtBdd#oX
z)bTp+2jp`*NCbdFAobzVw{z~C#PC5grY#Io{hx;e^>)0NeagTU;SHoY-_aH751Uha
zEj#l)Q7-V)AxIWfC30ODCZ6|y%oNVOQ<b|`PMF-V`h-Ox@EvP<jAn+zxMbx<xex+G
zVvfDq(;u)l=g@DRa<25W!eJ5lFkP4@o@1q0Z`9KFXjjb4dF}GCcE<F8(W#FQlbGf@
z$IoSapK8Us%tY~r&y$n;RfMHtx$UWl^){q@D@&Ls%DZdV%In{@#CQ9h3cb1b{OxTi
zWuM>a+fP|FpL4JddyOc}(+9C~**Tyjw`3Ze6W^l|FI>l&R4;3WeOc)<;5+4aLjoQ!
z3r&E;mNg(D%oeNc0ktC-vJF2sT#8%3(NF?NVYQ;%Dtk1+sntPbK`F#7`u@;{6?=>&
zMHnviBoNu(KK;7foGW`ugrg~XG4fw<+$ALS|3&6lEBYRk*wAoLiG@F1BPpqlNxyE+
zUjP47>X_S|`~MHjF;K$3st=k0?FHBJcc_ILd+p<>M^>8+rzIm}9sUGkTxMXVl>I5F
z^0yAp)vWfadp&xcC;`+K#kQnI9V?QPn6|sp0F<=xUss25zTf!xh0Q~kK&mPua;QPX
zYGDc#C8Si-$$tA`#ri(Yem*hZkY+KcW)q~$c%m&ymU+2R$xZFPkOO9J5isjgfVo)4
zH&74c=&rkh$}%b4qwkj*qin6L?41(uSM(z}^&>MPy)#$xS-w5GpoQXwgsTq(xyLpz
z;Z390r#TN+DfaW6CQ|*|sN*aAZRfUJRhteKCce~U8Td%->nw<q36rSWw=KxZ>W%Dv
zegSwp)HK}z!I%7#bP|px!ZbmP@Bqo7EwP8W#g$s8m>e8-6>8YRqqmytxU9+uat%gN
z-?{VNCdtJR{Mh{(wmTBwWui-voIEX5!AF@F-5IJNv|?+T(voq%c*q95Q6ccN>PcN1
zAM2jvDZO7wztFe-tD*=iP$<tAc5p#p)P0|$7I36qnwuo$%BE8c+3*Z3{QBbDWJCHD
zQ%-l&iPsAxOm)&_Q;73}i*`hG!_QaJUf*oQ083&r6IO-!l4`@S=N*_5O>uf-JXOcD
z6NX}pZc%vi!B=B`Y=V!ac6gOGy}AtwCtn&}EZd?UclrKsWuBuGZF50s_b_`^8lJ#M
z8LDDv@N^%=X`CGH-tIIn>)%d3ORywK1zS&C^h{pAtLdlSw&Ec)m?lVdyhSgi8)H6{
z_V~T(#L)FSu{qs#H@?2&Rq%cKa1v6$v*zgA>|7If8v*q?nZ}_bLhSo9nO|tJD8%8~
zWa7ivZ;-NH5oYX$-hQ~PqhLV5t1NPX<d#W8%PMvj4h%b$6$&qkaZRmaKsXSUT4rE6
z0hA|2xB5b`jD!j=BTcwi=(Cjk(OelbK!;ye&@3*K|Ni~EB!mlqwbwF{{cD}O?w6UY
zzX9$C3Rr`Tsw!1V{*rqmfO+o%G_y>6qTqq2E8r^#3k$mg_%-c#1X&WPcN`jiqvP<e
z7h*IoUc7m!G#T~Iomd6B!^HU`P1_AzX<&Q~7#M!1g?IqB4qyX9uZxwY=I3XiH_U$o
z(An8Kl@>UcuJc~Ko<gYZjc$8WTdtBi%n=l%wa~ypiy}8)>aLMBXVVngKTz0v&Wyr3
zgGh2;PhV*FaXPjv5?0Sr+5+waQ&ZJ3r!cMsdB{UXR!3j`QfDrO@o(_=x0FihDftrQ
zW(t*n+ah*5nrv9wh5JV-P|fZ~gA6YHO3VK^57M4zS|x}<xZv9oi(0e{a8Vd0*h4rQ
zel8tDy^Gt>438R5T)o)FxFvnP&`RVj{MPD_OxG~iT>>U<04oJGjvSVpP3U_N5nWob
zpG3*zis<l$7Xpr=r>QgB(Rj6+EBdENQbmHUhTWXERL8t*6Dj#!v%Ib^ZAmj5POjg;
zBDuPeTysYGwm|xZ^ilm2qgI-&_`f=_v~`(+S!tkg1>g%w+TRHFZy@>?&kQti=+6}a
zr7(%l5?$1K^2g;^vjT3f@-`aG473(hQ$E}|J&??q%FqGLibwbMZHO`wk0&LH3CW-o
z3sn<uAv1iaGTa;dSDS@dqcper<L$N<UkT;J<?9P=J$^v0hZd@%5?kjL`)oa!zbt*K
z@YvtZZ!OAeCeo-QJ{9-L@7MZ`5&$py)^*8OLl2IPc8WW80oQj4><;|kZvm~^Ct#P_
z0q1mhf$Rj={WbJ2nZ6u;o<(NplGGl^idJkSkaA=1H03Wf;oGy+F3f*~Y{vEm3+Y0f
z&$fu0w0yJ8$ErYA2(vo8I<CdZciGkaLLzseyHhy(a?H(5AblCw$8JaBHesE#R!1Bg
zyTui><ksoPr&2`@KzjrO32|QwV|7lk2%$3IT&~BloA8LoXqO)*EJXl;!?qp6`q@@v
zxiR)=ZdTQgN=sSo%m=qWqo$#hG4UU5!fI=yd)9i&dLBA8d;$j8g`y(GXF(+63)?j~
zA|rI1@%*X1(_hgu;G3)j#W44rf*0yRe+%n6({EWs`#uReWRbUwSA4;+kApM&@Rp!1
zkg2<;y0OLqa@x~N{9G?BFxQ|i1H`TdmnBCM3sA=`c){AIfM>FlrCKpS%G#x{Z8v`%
zdethkt2YSQ@p`?+I?!*Xvo3laW3*t8m?R{T%HslBror+&`Ro1yvN2N!LXtoxP(84>
zwhO0VS?lrq=3^R!pEo35Jx41Oi$1T8Q8?;z&O%N+fmtN=@Z&rVBA&XSwd85})SAeW
z!W4F()p{x0)NzS#82uL+u=~HEps&KB5@z52x8CLdfrHk<3GCORQ<ucVEvN)Qs)q#s
z`1p8rO@01e${`@S&Fa+z*N!3y;-<C6Ceb);oc*bl5>{2RlCzyD&B%TYtX%Lc3l}PA
z=6yf@Y;7Cl46PRawF->?mR=&$u%!2vkMh?q8I4`5MAg3N-7fkB3bV+Z!3b(Hrsl}Z
zm^z{Y$ou0W{x_jg#!b}YPJG2=&pWrokpurog7!*(t{fPrH1K|_c#2IbrE}XCQOs`z
z+Hel0wfH9k-JzR~$oLwiTw_tv;&uA?O7Chn0-)8DZj$fhN1G5?k+9E@ouxwW$CpW2
zn;D-2I`p{>phLGy5AcyRkamoePn&`Txlq4m!R{Y3|5(_&=EsYV&H>q=GBBJM>(pVQ
zVm+tfPN!H!cxPdal_=)f{TC&iokBC!uBPW&Yx_>oEk_iHcOt%0!Z2Jcjpq-GtNY1a
zg7nVJ+?5%NFp^!y<$EJz{kXy4^BchNk2G+)H;UVbPyeMeS5xHwqgQyQd5FLNFt4~G
zh5~b%RTj3L6KPxy)sJ({usYAm29Iv15^n(AK&V?_YbjxDqQftj*%<5e*1+qG>zy74
znX+43%yU8dF}HXDqTi=l2b-fnI$oJ?Ty-AEig4+3gy)3=5iORKBR?=k`hi#|E^@?T
zD5_&TbqScmawzx}gYAa@t5_4`lz*$tl~VSvM2u5V^$1w<E+f&BI3Ious&+|KeM{6S
zVxT+loyK;HXS#7=C>=*JYLd2vL*9ky{DE2BppRMq06v;&RegvFS>Z<>-L)|SaDyG;
ze68S>-{Yp(9xhCDY_hC1x5RQphw1G~e;KTOsFuJ>>%G}Hv6rDXucem*IwMkZ<}R9v
zo#AqkSQV)GOraU=1}dBrXlCWbe{>M23fyPPNwrLDt}vb+{rMG_!b%h3^MNM@Ag$g}
zEWoXWV!jd+y9boli39Q9vMdl6?gh#&py^K8@c?!DVC@l0Vs&f2^=s$@k(0lRaT0A6
zi7V@=VM~Oi<y9(G$G$@Wtou<y`GOikL-==b{148V@y9J-p7_Hj+h`T@G|Xkxtq{Qh
z<Ac?_5PP9ROM+D%9<nf7LoC!i%gU-Kc=Ld~eE_Cal|atm<2)b`8wap!K)v;<e>@^B
zD;qvTyTJEg;_jQ5bo~6W6&z9{Yxl%Lr~ZXz&THb0N}7kqz1SHv1d_qd1W6-jHHd^I
zDDBa?Rg7&53mRN@#^`KvQc)gq<lvEQ{$?9xOn-&AWN`GUi>)B;LkBGoD3UkYEvgpo
zWVJvQ<zUq+UK^!pnd^na;C@iWpi3Ux7dA%thuC!z`zN`qxc@(p%hjh<6*@2*Gw}o@
zfs7<J`9FDXHvj{pfX7s6zUBa1`xg=UuMG45MF9V6-9?t>|83~>KN;qKZ1{I!|C@MG
zeAEcsyel@%S47z7B;REtqJHti<GXzB#qrHPtrnLjWPtTH@fmVb8Us?(7>Hwd^}F9o
zYxh3d>{@K^Ftz{7ZpzgD6u9L@kb<o$+`JEf1fL!6ExP&-zq?C33*>h0_#XBO0A6-6
z)8+FU(2D~g`0A9sngUE8QR(gF?tPmh$>z2lh(Y2ioRXhqO%jM|Fg*4R`&VIX^)>J&
z(uyLYHeRw(rZ;={kVCYV&Nbv^5|e=Ws7R{7MR7Qz`L1oS%i-#QN^Po;myqJd>Fdik
ziURG5IKk-^Nus)sz2`$hED~{<fTND&`O_fvh^{*rM4wb(H7y|D%QtcY_~DoiFS8(>
zQqo$Ci(bD8EA;0>GA)f`ev^*f%h2vxB`#Xpi&8orbx$-UNx{sF8@3`3!XG{!cN;xg
z`{@75y-w!l+Z-|N815?Qi`P(=#NWnWU!50S4FiYpw<i*d-7V0(HTm_@RI<FxBpXT#
zrT90Mm)b&~qT()qh~=G&p$g6e71ByV|86&Ndntxs)o>$>`e@9@x3Z-q#5LDJ3|sSR
z=j5B}SA1HA=TGF`GHd+BH)lkXGd(D79J5_Pe%66p+`#YOdA*D+p0DhY2cv5Tk8w2o
z3Ok8Rsf`^LU1-Y}JuMI~u&+z>9SE^SWtU|zei10hvc5($UI>^#jmGBmEZAY1_FZev
zck(d`fpK{2t9|~!x8-x{Klp%9zb6D!kBDpYA_;oYB47=lFI%CXelv;5NZ9&wnZ4{_
zyU-4fKvzJS>WRC)ZEKasRR(6}<iHZH{Cdkgk7DP2J3MCsPKZ*4DT;l$J$-5$(epx3
zX!G{~+)6ADoNOpaqt-^@F4X0Yw7gJey~{0uTO;sO5;%PT(?p7U3N6L3MMl4WM09fU
z(P{e4(DYv;M#x0{(*Qd@z<vUQfLgBLx?`B9Z08|jH|#EtLrh)`)tW#P6Sa(q@_CyR
z@B!=U?=MA{iRm(f+jbu9YXeD!=Q6*@#iklYM;jXk@;}I5d@m~5oh<fhRTTaB4ThSK
zYO&w>i^_;G+~noTA8WVd>vlz8wvp=o_CqF_xho@{!lL>HNAid{dt@5#%bQt4V5V=f
zls~FksEfYeHAa5EH6Zh;8SZuNo@k>H<&9QZ;{w<TfJ$vEqvcRsX?Z*Qye!(fIgR*4
zt*`M^?Cdx|B&EKOz1ia#%?mDcXiG&!cxPws*9Kr&7|TTF$B}CTa)2RlF>KAAo8C@R
zkqc_}0dbK^KOaSXrnDBpVa$%gV=o2B{+!X<l(XA>YxIY#)W1$r@`FLhJG=bV>^ou6
zr8_GCJTS08Svmf#S^d58{Oba8_P*-!k=nZa65Xy%hALxV*z@6Z#$$t1?CC_#uCUI+
ztQDIC(b&j$nU=!j>#vRZvp_qXPCPE_0~USz?(}&dC^BWrl5v@N*(fY8U@Q|;-QlCt
z&P_-@TZ}6-+OKrcs$IqVc&p8)>#`Y5F_;`Pbq*_S20mE~ZwTmVN#l3;;TEIP0p|Wl
zqt^N}?1T52MA3zfgYkby5ykO`0R_8TH!1uF&Mx<so$_1voU@}ri`pS42s{4yDV8&p
zqT)D)Hm)^erl5y@YSv&(Q3r5s+4|^JfdPM$J+Jw@{A!w&TbAzn1J2KqLg4h>L+#Uq
zj!OoAArNBXAOS_a`~ErxL_0Z$-M4RL_7agb>k3ikcnUmAg9G44hpN|#diXcz+<h6n
zU@gl{0LObZ53SqESC`dXb7V6fM|z5nz7nTj-X=u`kr!WXo6-&uD|v6bT^;5ldh|~5
z6_Ez&faOG9%(eV6RZV;0J5>=QA#zmlS_BocI7-u>NU{bQ9igclKQ5P_k`%lH8wsuy
zsf}lmb5nJ-slfbGCccQ=day@_M<fe*k@3!P#k<o?)Zxr1Iq2D}_jtQg^4dg6GzQtv
z`oQacxIfrSjQ#Yg)(4nl%p_+y3-K6XaUeGmRQ!P<RqUlfP(2u{)m*$Al5ax>N(eGr
z0XBzsO%?2YHOPptrKId%<H}h{;Qi#h`D81AOdR`m<#gJ+Es_ZAxnX?7*PXFKjBCLu
zQe86%Z!a_>vo#DF`i7G4Frcr0s?B^5?V~6~`M3xJ|Cmp$mM;X$SHb85c!H$g3So0S
z8FoZWLRM+zQeAT*xGWTH`~7B;2I*f^xs|cB5wNBaOx8H2(d~s`>>{ubtz0NE`&V!)
zhLV{osc$G&zu^dVo)VfS8U5<_BQ9B4k#-BgPPzcEcsCxwPu)E`sr84~4|Z7S%^fc^
z3QLSe*tvs$eNf_m+xYoWpqzFFf8uWbYn>5UO#m~cj?())lQO(vg722JS=a`qf2k5W
zp;AjE`<cgZ5lI>GpA<8;q@B2x*HRH)b>g+5ia-ZdRsDbWL$h^nOH~O#&~IcWJ_~&>
zDk@g1#9elfQaB`{2#h>kFHe}d)X`<5UlZrxOw93)rm~%V!%;J28DTAH*B`#T*lY&Q
zrU``l%3G{M3o~+h8wPC>%XWBRhO{n&CM;y0tfyJ@<<L<sCX1B8^%xz4{z4t=zA!#)
z0ORJ`zJ_|SkoMvxcD#S5!7`WuJ{+jMUTeJs@hfoN%7~p{l6jq%HC2K`R7aN!yZBqH
zL)k;Q!3nCq0mUbiWvaT7?9oE3RD%q+Nz(}JFXuduaFz`w`4xi7AHH1qg2g$#COYKX
ztFdJrPter%zR>TN=}=zEr0Qz9pJfato9RFi&vW+2nMI>eBbPLxLI$=0%AMxdzb(#<
zk++Sp9bWao&=q?_5$opCH^KVi9>!2CSs(q^A*x4P<0)4$i091d>f_Pw40$_KhLI*j
zbq!Hef`V~7J9=BMZD*<if6kJ}=U35a<o#k&h)vYHPqzFI6Lj<^UZQ^mgA=KAe;J<1
zqzgPq^aZFQc6N+hu7e4G33P=316-hs&cTU<pVYt_HL4#wW{TA*y$cdP*Sb-fn`1Gy
z^gM4hSNa9D1x8igyEO_PPtMTnE1<ORT5?nd;{B?`PPNo$k(!<uGx;|3ZZFpTzW~N)
z6$-#170&9+@GQ9ITOV{-8l>{NNU7X3ix1fJvTrD>ZJ{)UNFW^xt5~<A^c`PtcX6qC
zXNp#J^?${!fJ3uRAOCKQFnc%GJU<bCboJmtAk;SCn(=QqierfT8-v0`3Oc}4xsg01
z642rmd7l#IT~%P*NYr?N6+%VAe=sDfq+nu2!*M`t!{+D&je<@A@zKxWQ-b32H`k@k
z-q`Pif8`@)>2E9F7P9spP^w`H1^>@@673fl@o(m*ocNFewvWEuvGY=N3Tpu3jJ75~
zw5M6ykzVO#_>|K97Qya)riE~o)RL=#*)Z&QU=AUB-E6LQJi$>p#Q|#)6Q08z{OLSZ
zBCY7QC{~*Suh%4=7TG1riGM>WzUk+xnbU@>lRfxX{}$?)KO&+`5tzk>_uKU4EnYbt
z+DNW<?{O3d))V3N_r4%Dg*ic~;!bK+y$>6oHEm!1?4MAUJx79VE~HV#E6=*Td-$QO
zh)v&QP8ItPUz83u<?rj|)+qq`UeSh<MG^#RyUcPa%wF31TyMXc+g9%*a8g{8jFcLL
zodvDCE^g~}5;4j{1cr`=Mz&tRcas;$5+SaR1{sS{!aVUorQJ3G`%Z@+2L*mFZ>?wv
zBF&rSu*|oXqLP}LJk!%L2PdU+TM1boM9g8{&%MrRg~8WJ6X$|c@af^`t1m|vtrMSG
z1F1S*w3oh?Veruh=Bat)G@crlz=C&rc&+D{9w6;ldT43|5SfEMULC!e5cgeMr4e~}
zc;MQ9SjI{l%c1Jpr12czcGov%`rI4mh(f|TaAqy?YCao{e5f)6H9uPT%SKj|mLsJ%
z^1ZtD@W@b~Bu_D~7z8P`BK;w8wfj)|nkqU_l{Unr69@5c#Qi6qw#b<;i@aUh<!!ei
z<N*Aa4@moP62Y%XrzQDg3RDW*aG>f+d31$nm<&VSSIq2*Z8XeVWnj`Ft2Ae<oyd&L
z%kWK#S~(&YHyLv9MWu7;Gr|1Iz=`f9o*&D2jJ6B6YN~59{SM!`cpUP?6)tsVyf|t|
zy8=0=XlgFC-q^xw?%Bh}(W<%6a08a!Q&%<Zak%?yM_QBMQSklz%K%oabjlCyz3ti+
zy4-m<RnNJ3WC1+&sIC;Ba+u+$B`lBg<{StH;l12wHyzZ)KWs5eUe`Q)-0cVr9CkcU
zu}rF`dK)~#*M=rH`OEJRMTqywACcEfWyUzc<6~>n7MwuB$S+d$Wa1%+2P2*NapEt(
zZj=Gy`^rCO>g5<XFuo@J!!wTc)AXsnC3}$t>xNW}Pk%2`0fLfv2;MW38guFiZKk{<
z#sACurOUeh!}tpKJv2PxkZKO{EarMfN1D-4oCs})^}j9bmtCQd-Y+;JWk`$Mej497
zk7TA^{dQ-~W4PWb|DI2?q|dc(kz4t8q!4R7dZyZYrmHMaN<CG}<OCessxVS8S@`H7
zkYD26yqGC0Q|fr(;d7T-vU+)iU&86=+s&AJ6MA|P4iruvx45#3eMK>foW3@W4zLv-
zy3d0|x9n!B9s&M1sKKt10Pa%~lUiGKjd~e*`P|=zg)FC)ZZ6PFBs$zp?hkj655(9#
z%O-#E0p4(VT-P~(%LlJHFCJ{V-fZFR!RsS7EN(vf+4IU;zo4T70Hu9x>Y+1X2##lZ
zo+M&@up9~kX3he>cHk`zYacv&{u~%)_69B+z0^z~F98w<6os2ZK*G2}b5no-Bt*1M
zO^3;xILV9!q<Gqh!8WV!w<}&nb`+R&1_Uut-+|R26hN?ly9&As1QxU6Wq>d=FzRp$
zNJ-D&5D6+&N<_XdO$B=X?x|rC(HL->eeDpoK)R+;cGnw*4;R3UC#r5Lu5M&tat?a>
zMjlrevmw!kb)l=0^F|?71-D=%sY|chKZb6*3HV&$0{&U|E-67T&8pcaX3?X}nt;&F
zvl+6}!7lAGBM4W{1To0)jW>Cqq^hdw7|(e(!$ewXA$`H{*~VryLS@}=554gP?I8^E
z0?1nebJdQcm%_T(_q_+(HmI8|R)h^DQj4;7v4s^Uf)#A3kcjz6NvK3=+oE%WO94T-
zp8(tp&eZRbO)hvMwe}Icd?jWFrB^7aUIK8M{bpL=)%Ne9PY(p-07J;`Ly+7ePYcJr
z1!ENGB9yMGsqKa_Z(Ezk#0g+k^5Sa^ISYkjw<9$bn|4F>6+P3dcP-~IvZ?HGOPH&>
zsH$4CV$}X{<jvJ%1NaL~;dqsv{h?zY+q|9(>tnzJR?CY^q7J&tOAksx(O|?yNy(5j
zf=YE~*;)<cLgLN2b&lbDdq!duG>eB{lK$RLV46=-faeXAHe*F2*AE5ymIzd5E_>#r
zibOz#fQQ9uzKNJePizeT#dAtu5?=c^akL88l%Dsrw3Rf7myZPOfv<SURe&AiI&Bl)
zOF>5iIO{{-;lFF}cP8A>T-K?i@-=nI18ju_!@i+a=uF^VwN%%>s5gM&D7xu9Vg?w}
z>;KsUHX#MPSTgp8Y=xHqCEXfR9FpSsr+pClY4~9D$fjTIOr~+a^*EU?mEXmJ)7-OB
zZ6-t;Bw%3XW)X>a!(nrtf9qL`E7nPi)b!tIf6n@mV^Rry-v)oXBQB}S05kM{f7()X
zw2<V;IP;`Lp}@9y2!sD+@&&$PaT%Qdd^hL`dkmrTX~UCj|7x?d_>V-hecrBrxlsVM
z2S^nDQ`9KLpdC25v622AUF0vWN`cE(`J0<XSbO)Q&$HHDIZVGXN-6by_drh`Kt#8!
zv2Thv3kQJ2qnj5gmJn~;?G7U7mb^#r>=}ah)M7b}$S*r+TuEW0+4KW6@m~^&1oNjO
z4S>reB$-LI?(#g9Z-4YTD&{s09`uJ_b|=R#9wdS|>H+R^4!^VOfA|o)TDSN5F_r{b
z$3DkICG{=|3$~TzCM#!fj1hEZLn`uYtUhzJ`|B}JMuyX;tjdqSbsjxDp|a@W^G_Xt
zKF-L%q*fYmv?tu*_ywFMCx3?%K6XikRtC=k4spI+>zUUg=lwawmDBIJBrO(@ImI3o
z^nXbmsvQxF5?ofi<nYL4+ic0?Y`P|xXXXn0{L$ne@FCeF@7r+D{<S8a?ag5Uv!Hz6
zB8$9YD|+>@9MYFxwfF#wo_V<ij{h1+8CX~DnOBGiMQ&8Y3OVtUJ=EFN&6tjqoJQe4
zJT&qGx@H9k)k&{bwAVR(1-vOZjc$JFYwN8`uP;N?<(^mQ5sg}}zG(dAUhgw;ka@(d
zM?xUX+ri<1Z1vrLK@hYs9;O-~dC2}KlIBUxATznMcBSVdV$P4T<y0S!+NC^UOZV(*
zzK5D^7SWX~X1-<a?bto}w10y0w8H+ORRQ{0#m@dgk)MBOv{KV`q%i7)r^Zx+nH11d
z-H8ck9pL_0@3`1J`!T!IUJ4Q)Ah^bC_9yKrXh-(PDyN784DWCw?LwIO!HlH%lfK8Q
zVT9-W(OMqlLIg2c6#A)rf;^7dx=@4P7gS=q6d!T;i!7V+T!A<zSd)&z>M{kM==+=O
zVaW!JemT+Ao5_p+d}_ijEAg#z6CK%^^IB43NpYVrL#Mc%rLBe?|6~v992<q{%_TSE
zG!%7!$UGtc>aFj?t=$E);Idn2L?Qjv-?7B5;CM#{kQ%-oI`z1QqFXg7tZGk1<eDD4
zpz<ED8Qv^U5D=@>i|_{H^gnd6Em84Xd^}M~Iv_k8ljS-m_p<Q2*yM4jSzUD@@0N9*
z@5N6|vS?Whaj-?vLmSI|<Y}5|{nW?5Gjw<&Tg2(4@(cTZjMn~kp@V1vMB(^5_fCUJ
z=&1vvv0(5rpo)<RV1+XWBgq-$;yflpIs9+&z!+5$<7Ow)254$A{Xb(2MaUS#k1k&}
zOA;vR?U#)VSTC$q?^UVfz%|BPR4HlQ>BgsFK5xs-qp$BK9}B-)1%^XrWwE&dqdTIl
zw{haEfexJMLcZg&^8c)a<*Vifnb_|PY*Jb~{>!bd<uWLh?LYo~bD7iv_Z8ltHu^RH
zkj1+}=ZX9?(^|SP<n6{QO2>Q`zGnN~&CjfB5fhW~*Czg0OGk2sYRswoY^(o0C_5&z
zAGGeo>*mKJ>htQfT;C=?nBUyUxk=1`-A3@a!-5Zm8yG+R-RN{gsT?>{_G+RMO0(A7
zFz{40cU!&c8`PGo+_&Id;K3ls`xU!(#rsZ5tJ;5McgJB>-3(AWczZB-TY}fzc8jVl
zteJanRS7@Wej%6M-~4+Ea52k-qCT++)e05Sm%rTY6Pod5M&Y$o7Q0XH!mD+FYh>mc
zE`IoSP5q%4hAAsvB){mtESmec+xNwf(hWyV?H3&fdghop+rvlmnJ*r9d{-o{BnH}e
zcm=VSkLAsslj}5QOCDpii`X^o-DLR(I~yPDzo=r+8Y<aSf3Mov<6x1T&NYLxCw@O&
z^`S)_(YCsG_3(+`d8T|Dz{^SM8Z4VTZoa$WDF)davF9nQ(fF$B`sU0$)%^)P+iidF
zOkWQwRFiUJW3qLWkNy7lGeh|JrK-E$e-3Y*uKar4^LZa7ZN5}(G1N)B`sV4M7lrx%
zKZ$)jaKGucWQB6ziywdgH8@#|-2Y>7v2NZE36c3<WHzk(yCr)0<EOv;6c0^Tee$kU
z(WUm1iS+Zi(|a<T)&Y-weFHpdsN}AKrsm8~Me2FmOS8-%Ew0xQi==@E0Rfj(ctoMh
z{2Vq=ez#o2@u~Jw504C&&1t@cJG0gsf2izVzU=P4ziakoI+nKBv4Kv90Bx4AUbE}2
z<88KMN<lF-wfXn<SeEVXJ#`9n;6-Prr{HVwY*zJ|2)9?ePd{A(Y)j4n9ts|63Ow|}
zNz=7->+B^<mTWLA*=>8TYEr-{&;fN_U0T3K-Lw33;7*DIy)FkIKL>3W?0WL##%E>V
z{)5}+D~>6I@%W;)(FAMvI2|{&wCvnu)cz-AwZ&u8BX?heawu?(-J&Vq<?lUlj=auU
zHJ`uM_?pSt`7$m4?1~B^5AIi$*)>1^_krA3QR!zto4)P4Vt)Vg#8ds(o*l?t{I|Y>
zX?<n*d!P5FOQO!~N<Ip#_V)d9{`sm)q}$^!cW(Nch$F`KS>67*e|yq-lx)}itWs|P
ztpVcx|LayKa69yE;gxHjKYCxo?P&#Sq;M!c`m^E6jzVSN0TQqLkIeN;Z^?E89b4xD
zTFei;7rAm-W>9G8+r38)@<d091Mi0bZGE^B{b=RuT`a&EQl<ErkR>9p1-r}roMX<z
zw;`&+grTFx9l^^N?&E`9T72;VnlyY?3N#3hJP!s_2OpAV`|+QdVUz9E+o@+nwle^M
Mr>mdKI;Vst0E*AI)Bpeg
From 61a9f9d37a566d5e03e8e218bbc94f7d7631117b Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 27 Aug 2023 01:49:42 +0000
Subject: [PATCH 19/59] v115.1 (#1703)
The .1 refers to arkenfox, and has nothing to do with Firefox's versioning. This will better align ESR115 users' defaults with AF moving forward
---
user.js | 81 +++++++++++++++++++++++++--------------------------------
1 file changed, 35 insertions(+), 46 deletions(-)
diff --git a/user.js b/user.js
index 5ed7c08..ebb40a6 100644
--- a/user.js
+++ b/user.js
@@ -1,6 +1,6 @@
/******
* name: arkenfox user.js
-* date: 26 July 2023
+* date: 27 August 2023
* version: 115
* url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -18,7 +18,6 @@
* Some site breakage and unintended consequences will happen. Everyone's experience will differ
e.g. some user data is erased on exit (section 2800), change this to suit your needs
* While not 100% definitive, search for "[SETUP" tags
- e.g. third party images/videos not loading on some sites? check 1601
5. Some tag info
[SETUP-SECURITY] it's one item, read it
[SETUP-WEB] can cause some websites to break
@@ -42,13 +41,13 @@
0300: QUIETER FOX
0400: SAFE BROWSING
0600: BLOCK IMPLICIT OUTBOUND
- 0700: DNS / DoH / PROXY / SOCKS / IPv6
+ 0700: DNS / DoH / PROXY / SOCKS
0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS
0900: PASSWORDS
1000: DISK AVOIDANCE
1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
1400: FONTS
- 1600: HEADERS / REFERERS
+ 1600: REFERERS
1700: CONTAINERS
2000: PLUGINS / MEDIA / WEBRTC
2400: DOM (DOCUMENT OBJECT MODEL)
@@ -255,20 +254,8 @@ user_pref("browser.places.speculativeConnect.enabled", false);
* [1] https://www.bleepingcomputer.com/news/software/major-browsers-to-prevent-disabling-of-click-tracking-privacy-risk/ ***/
// user_pref("browser.send_pings", false); // [DEFAULT: false]
-/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS / IPv6 ***/
+/*** [SECTION 0700]: DNS / DoH / PROXY / SOCKS ***/
user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost!");
-/* 0701: disable IPv6
- * IPv6 can be abused, especially with MAC addresses, and can leak with VPNs: assuming
- * your ISP and/or router and/or website is IPv6 capable. Most sites will fall back to IPv4
- * [SETUP-WEB] PR_CONNECT_RESET_ERROR: this pref *might* be the cause
- * [STATS] Firefox telemetry (Feb 2023) shows ~9% of successful connections are IPv6
- * [NOTE] This is an application level fallback. Disabling IPv6 is best done at an
- * OS/network level, and/or configured properly in VPN setups. If you are not masking your IP,
- * then this won't make much difference. If you are masking your IP, then it can only help.
- * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
- * [TEST] https://ipleak.org/
- * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
-user_pref("network.dns.disableIPv6", true);
/* 0702: set the proxy server to do any DNS lookups when using SOCKS
* e.g. in Tor, this stops your local DNS server from knowing your Tor destination
* as a remote Tor node will handle the DNS request
@@ -308,13 +295,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
-/* 0801: disable location bar using search
- * Don't leak URL typos to a search engine, give an error message instead
- * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
- * [NOTE] This does not affect explicit user action such as using search buttons in the
- * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo)
- * [SETUP-CHROME] Override this if you trust and use a privacy respecting search engine ***/
-user_pref("keyword.enabled", false);
/* 0802: disable location bar domain guessing
* domain guessing intercepts DNS "hostname not found errors" and resends a
* request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
@@ -527,18 +507,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
// user_pref("layout.css.font-visibility.standard", 1);
// user_pref("layout.css.font-visibility.trackingprotection", 1);
-/*** [SECTION 1600]: HEADERS / REFERERS
+/*** [SECTION 1600]: REFERERS
full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+port+path: https://example.com:8888/foo/bar.html
scheme+host+port: https://example.com:8888
[1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
***/
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
-/* 1601: control when to send a cross-origin referer
- * 0=always (default), 1=only if base domains match, 2=only if hosts match
- * [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
- * If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
-user_pref("network.http.referer.XOriginPolicy", 2);
/* 1602: control the amount of cross-origin information to send [FF52+]
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
@@ -571,17 +546,6 @@ user_pref("media.peerconnection.ice.default_address_only", true);
/* 2020: disable GMP (Gecko Media Plugins)
* [1] https://wiki.mozilla.org/GeckoMediaPlugins ***/
// user_pref("media.gmp-provider.enabled", false);
-/* 2021: disable widevine CDM (Content Decryption Module)
- * [NOTE] This is covered by the EME master switch (2022) ***/
- // user_pref("media.gmp-widevinecdm.enabled", false);
-/* 2022: disable all DRM content (EME: Encryption Media Extension)
- * Optionally hide the setting which also disables the DRM prompt
- * [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
- * [SETTING] General>DRM Content>Play DRM-controlled content
- * [TEST] https://bitmovin.com/demos/drm
- * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
-user_pref("media.eme.enabled", false);
- // user_pref("browser.eme.ui.enabled", false);
/*** [SECTION 2400]: DOM (DOCUMENT OBJECT MODEL) ***/
user_pref("_user.js.parrot", "2400 syntax error: the parrot's kicked the bucket!");
@@ -631,8 +595,6 @@ user_pref("network.IDN_show_punycode", true);
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
user_pref("pdfjs.disabled", false); // [DEFAULT: false]
user_pref("pdfjs.enableScripting", false); // [FF86+]
-/* 2621: disable links launching Windows Store on Windows 8/8.1/10 [WINDOWS] ***/
-user_pref("network.protocol-handler.external.ms-windows-store", false);
/* 2623: disable permissions delegation [FF73+]
* Currently applies to cross-origin geolocation, camera, mic and screen-sharing
* permissions, and fullscreen requests. Disabling delegation means any prompts
@@ -933,8 +895,8 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
/* 5015: disable Windows taskbar preview [WINDOWS] ***/
// user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
/* 5016: discourage downloading to desktop
- * 0=desktop, 1=downloads (default), 2=last used
- * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
+ * 0=desktop, 1=downloads (default), 2=custom
+ * [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/
// user_pref("browser.download.folderList", 2);
/* 5017: disable Form Autofill
* If .supportedCountries includes your region (browser.search.region) and .supported
@@ -949,6 +911,12 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
// user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]
/* 5020: disable Windows native notifications and use app notications instead [FF111+] [WINDOWS] ***/
// user_pref("alerts.useSystemBackend.windows.notificationserver.enabled", false);
+/* 5021: disable location bar using search
+ * Don't leak URL typos to a search engine, give an error message instead
+ * Examples: "secretplace,com", "secretplace/com", "secretplace com", "secret place.com"
+ * [NOTE] This does not affect explicit user action such as using search buttons in the
+ * dropdown, or using keyword search shortcuts you configure in options (e.g. "d" for DuckDuckGo) ***/
+ // user_pref("keyword.enabled", false);
/*** [SECTION 5500]: OPTIONAL HARDENING
Not recommended. Overriding these can cause breakage and performance issues,
@@ -989,6 +957,25 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
// user_pref("javascript.options.wasm", false);
/* 5507: disable rendering of SVG OpenType fonts ***/
// user_pref("gfx.font_rendering.opentype_svg.enabled", false);
+/* 5508: disable all DRM content (EME: Encryption Media Extension)
+ * Optionally hide the UI setting which also disables the DRM prompt
+ * [SETTING] General>DRM Content>Play DRM-controlled content
+ * [TEST] https://bitmovin.com/demos/drm
+ * [1] https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
+ // user_pref("media.eme.enabled", false);
+ // user_pref("browser.eme.ui.enabled", false);
+/* 5509: disable IPv6 if using a VPN
+ * This is an application level fallback. Disabling IPv6 is best done at an OS/network
+ * level, and/or configured properly in system wide VPN setups.
+ * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause
+ * [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
+ * [TEST] https://ipleak.org/
+ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
+ // user_pref("network.dns.disableIPv6", true);
+/* 5510: control when to send a cross-origin referer
+ * 0=always (default), 1=only if base domains match, 2=only if hosts match
+ * [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
+ // user_pref("network.http.referer.XOriginPolicy", 2);
/*** [SECTION 6000]: DON'T TOUCH ***/
user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@@ -1037,6 +1024,8 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
// user_pref("extensions.formautofill.creditCards.available", "");
// user_pref("extensions.formautofill.creditCards.supported", "");
// user_pref("middlemouse.contentLoadURL", "");
+/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/
+ // user_pref("network.protocol-handler.external.ms-windows-store", "");
/*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@@ -1082,7 +1071,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers
- * [WHY] Only cross-origin referers (1600s) need control ***/
+ * [WHY] Only cross-origin referers (1602, 5510) matter ***/
// user_pref("network.http.sendRefererHeader", 2);
// user_pref("network.http.referer.trimmingPolicy", 0);
/* 7008: set the default Referrer Policy [FF59+]
From ba173d49205ee927ed62e81e606569d98f531d38 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 28 Aug 2023 04:15:07 +0000
Subject: [PATCH 20/59] layout.css.font-visibility.resistFingerprinting
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 87556da..d3d8a98 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 26-August-2023
+ Last updated: 28-August-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -32,6 +32,8 @@
const aPREFS = [
/* DEPRECATED */
+ /* 116+ */
+ 'layout.css.font-visibility.resistFingerprinting', // 116
/* 103-115 */
'browser.cache.offline.enable', // 115
'extensions.formautofill.heuristics.enabled', // 114
From dfd5589c3dae1723b8239ad9c46e114c2f851ed2 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sat, 16 Sep 2023 07:08:33 +0000
Subject: [PATCH 21/59] v117 deprecated
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index d3d8a98..652709e 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 28-August-2023
+ Last updated: 16-September-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -33,7 +33,9 @@
const aPREFS = [
/* DEPRECATED */
/* 116+ */
+ 'dom.webnotifications.serviceworker.enabled', // 117
'layout.css.font-visibility.resistFingerprinting', // 116
+ 'security.family_safety.mode', // 117
/* 103-115 */
'browser.cache.offline.enable', // 115
'extensions.formautofill.heuristics.enabled', // 114
From 1e6e211a061b592a176087fe9f6843249852cad2 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 17 Sep 2023 07:17:40 +0000
Subject: [PATCH 22/59] v117 (#1710)
---
user.js | 65 ++++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 46 insertions(+), 19 deletions(-)
diff --git a/user.js b/user.js
index ebb40a6..5e54f30 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 27 August 2023
-* version: 115
+* date: 17 September 2023
+* version: 117
* url: https://github.com/arkenfox/user.js
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -33,6 +33,8 @@
- If you are not using arkenfox v102-1... (not a definitive list)
- 2815: clearOnShutdown cookies + offlineApps should be false
- 9999: switch the appropriate deprecated section(s) back on
+ * ESR115
+ - use https://github.com/arkenfox/user.js/releases/tag/115.1
* INDEX:
@@ -283,15 +285,23 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
* [SETUP-CHROME] If you use a proxy and you understand the security impact
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1732792,1733994,1733481 ***/
// user_pref("network.proxy.allow_bypass", false);
-/* 0710: disable DNS-over-HTTPS (DoH) rollout [FF60+]
- * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off
+/* 0710: enable DNS-over-HTTPS (DoH) [FF60+]
+ * 0=default, 2=increased (TRR (Trusted Recursive Resolver) first), 3=max (TRR only), 5=off (no rollout)
* see "doh-rollout.home-region": USA 2019, Canada 2021, Russia/Ukraine 2022 [3]
* [SETTING] Privacy & Security>DNS over HTTPS
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
* [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
* [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
- // user_pref("network.trr.mode", 5);
+ // user_pref("network.trr.mode", 3);
+/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/
+user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
+/* 0712: set DoH provider
+ * The custom uri is the value shown when you "Choose provider>Custom>"
+ * [NOTE] If you USE custom then "network.trr.uri" should be set the same
+ * [SETTING] Privacy & Security>DNS over HTTPS>Increased/Max>Choose provider ***/
+ // user_pref("network.trr.uri", "https://example.dns");
+ // user_pref("network.trr.custom_uri", "https://example.dns");
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
@@ -443,12 +453,6 @@ user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
user_pref("security.OCSP.require", true);
/** CERTS / HPKP (HTTP Public Key Pinning) ***/
-/* 1221: disable Windows 8.1's Microsoft Family Safety cert [FF50+] [WINDOWS]
- * 0=disable detecting Family Safety mode and importing the root
- * 1=only attempt to detect Family Safety mode (don't import the root)
- * 2=detect Family Safety mode and import the root
- * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686 ***/
-user_pref("security.family_safety.mode", 0);
/* 1223: enable strict PKP (Public Key Pinning)
* 0=disabled, 1=allow user MiTM (default; such as your antivirus), 2=strict
* [SETUP-WEB] MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE ***/
@@ -499,7 +503,7 @@ user_pref("browser.xul.error_pages.expert_bad_cert", true);
user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
* Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
- * In normal windows: uses the first applicable: RFP (4506) over TP over Standard
+ * In normal windows: uses the first applicable: RFP over TP over Standard
* In Private Browsing windows: uses the most restrictive between normal and private
* 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
* [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/
@@ -769,7 +773,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable privacy.resistFingerprinting
- * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a site exception via the urlbar
+ * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar
* RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
* [NOTE] pbmode applies if true and the original pref is false
* [1] https://bugzilla.mozilla.org/418986 ***/
@@ -799,8 +803,6 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
* [WARNING] DO NOT USE unless testing, see [1] comment 12
* [1] https://bugzilla.mozilla.org/1635603 ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
-/* 4506: set RFP's font visibility level (1402) [FF94+] ***/
- // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
/* 4510: disable using system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
@@ -967,7 +969,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
/* 5509: disable IPv6 if using a VPN
* This is an application level fallback. Disabling IPv6 is best done at an OS/network
* level, and/or configured properly in system wide VPN setups.
- * If you see PR_CONNECT_RESET_ERROR, this pref *might* be the cause
+ * [SETUP-WEB] PR_CONNECT_RESET_ERROR
* [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
* [TEST] https://ipleak.org/
* [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
@@ -976,6 +978,11 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
// user_pref("network.http.referer.XOriginPolicy", 2);
+/* 5511: set DoH bootstrap address [FF89+]
+ * Firefox uses the system DNS to initially resolve the IP address of your DoH server.
+ * When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox
+ * won't use the system DNS. If the IP doesn't match then DoH won't work ***/
+ // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF]
/*** [SECTION 6000]: DON'T TOUCH ***/
user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@@ -1116,11 +1123,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
/* 7017: disable service workers
* [WHY] Already isolated with TCP (2701) behind a pref (2710) ***/
// user_pref("dom.serviceWorkers.enabled", false);
-/* 7018: disable Web Notifications
+/* 7018: disable Web Notifications [FF22+]
* [WHY] Web Notifications are behind a prompt (7002)
* [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
- // user_pref("dom.webnotifications.enabled", false); // [FF22+]
- // user_pref("dom.webnotifications.serviceworker.enabled", false); // [FF44+]
+ // user_pref("dom.webnotifications.enabled", false);
/* 7019: disable Push Notifications [FF44+]
* [WHY] Push requires subscription
* [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
@@ -1212,5 +1218,26 @@ user_pref("network.cookie.lifetimePolicy", 2);
// user_pref("browser.cache.offline.enable", false);
// ***/
+/* ESR115.x still uses all the following prefs
+// [NOTE] replace the * with a slash in the line above to re-enable active ones
+// FF116
+// 4506: set RFP's font visibility level (1402) [FF94+]
+ // [-] https://bugzilla.mozilla.org/1838415
+ // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
+// FF117
+// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS]
+ // 0=disable detecting Family Safety mode and importing the root
+ // 1=only attempt to detect Family Safety mode (don't import the root)
+ // 2=detect Family Safety mode and import the root
+ // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
+ // [-] https://bugzilla.mozilla.org/1844908
+user_pref("security.family_safety.mode", 0);
+// 7018: disable service worker Web Notifications [FF44+]
+ // [WHY] Web Notifications are behind a prompt (7002)
+ // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/
+ // [-] https://bugzilla.mozilla.org/1842457
+ // user_pref("dom.webnotifications.serviceworker.enabled", false);
+// ***/
+
/* END: internal custom pref to test for syntax errors ***/
user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!");
From 3f6fcc13f0b8dcdcadf75edc55c62bb7148ab876 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 08:31:22 +0000
Subject: [PATCH 23/59] permissions.delegation.enabled
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 652709e..998974c 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 16-September-2023
+ Last updated: 18-September-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -35,6 +35,7 @@
/* 116+ */
'dom.webnotifications.serviceworker.enabled', // 117
'layout.css.font-visibility.resistFingerprinting', // 116
+ 'permissions.delegation.enabled', // 118
'security.family_safety.mode', // 117
/* 103-115 */
'browser.cache.offline.enable', // 115
From 50af4b9af4295375207eac05b2b89e05830fbd9f Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 08:34:35 +0000
Subject: [PATCH 24/59] remove old prefs
---
scratchpad-scripts/arkenfox-cleanup.js | 407 +------------------------
1 file changed, 1 insertion(+), 406 deletions(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 998974c..2878031 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -1,5 +1,5 @@
/***
- This will reset the preferences that have been
+ This will reset the preferences that since FF91 have been
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
@@ -57,193 +57,6 @@
'security.csp.enable', // 99
'security.password_lifetime', // 102
'security.ssl3.rsa_des_ede3_sha', // 93
- /* 79-91 */
- 'browser.cache.offline.storage.enable',
- 'browser.download.hide_plugins_without_extensions',
- 'browser.library.activity-stream.enabled',
- 'browser.search.geoSpecificDefaults',
- 'browser.search.geoSpecificDefaults.url',
- 'dom.ipc.plugins.flash.subprocess.crashreporter.enabled',
- 'dom.ipc.plugins.reportCrashURL',
- 'dom.w3c_pointer_events.enabled',
- 'intl.charset.fallback.override',
- 'network.ftp.enabled',
- 'plugin.state.flash',
- 'security.mixed_content.block_object_subrequest',
- 'security.ssl.errorReporting.automatic',
- 'security.ssl.errorReporting.enabled',
- 'security.ssl.errorReporting.url',
- /* 69-78 */
- 'browser.newtabpage.activity-stream.telemetry.ping.endpoint',
- 'browser.tabs.remote.allowLinkedWebInFileUriProcess',
- 'browser.urlbar.oneOffSearches',
- 'devtools.webide.autoinstallADBExtension',
- 'devtools.webide.enabled',
- 'dom.indexedDB.enabled',
- 'extensions.blocklist.url',
- 'geo.wifi.logging.enabled',
- 'geo.wifi.uri',
- 'gfx.downloadable_fonts.woff2.enabled',
- 'media.autoplay.allow-muted',
- 'media.autoplay.enabled.user-gestures-needed',
- 'offline-apps.allow_by_default',
- 'plugins.click_to_play',
- 'privacy.userContext.longPressBehavior',
- 'toolkit.cosmeticAnimations.enabled',
- 'toolkit.telemetry.hybridContent.enabled',
- 'webgl.disable-extensions',
- /* 61-68 */
- 'app.update.enabled',
- 'browser.aboutHomeSnippets.updateUrl',
- 'browser.chrome.errorReporter.enabled',
- 'browser.chrome.errorReporter.submitUrl',
- 'browser.chrome.favicons',
- 'browser.ctrlTab.previews',
- 'browser.fixup.hide_user_pass',
- 'browser.newtabpage.activity-stream.asrouter.userprefs.cfr',
- 'browser.newtabpage.activity-stream.disableSnippets',
- 'browser.onboarding.enabled',
- 'browser.search.countryCode',
- 'browser.urlbar.autocomplete.enabled',
- 'devtools.webide.adbAddonURL',
- 'devtools.webide.autoinstallADBHelper',
- 'dom.event.highrestimestamp.enabled',
- 'experiments.activeExperiment',
- 'experiments.enabled',
- 'experiments.manifest.uri',
- 'experiments.supported',
- 'lightweightThemes.update.enabled',
- 'media.autoplay.enabled',
- 'network.allow-experiments',
- 'network.cookie.lifetime.days',
- 'network.jar.block-remote-files',
- 'network.jar.open-unsafe-types',
- 'plugin.state.java',
- 'security.csp.enable_violation_events',
- 'security.csp.experimentalEnabled',
- 'shield.savant.enabled',
- /* 60 or earlier */
- 'browser.bookmarks.showRecentlyBookmarked',
- 'browser.casting.enabled',
- 'browser.crashReports.unsubmittedCheck.autoSubmit',
- 'browser.formautofill.enabled',
- 'browser.formfill.saveHttpsForms',
- 'browser.fullscreen.animate',
- 'browser.history.allowPopState',
- 'browser.history.allowPushState',
- 'browser.history.allowReplaceState',
- 'browser.newtabpage.activity-stream.enabled',
- 'browser.newtabpage.directory.ping',
- 'browser.newtabpage.directory.source',
- 'browser.newtabpage.enhanced',
- 'browser.newtabpage.introShown',
- 'browser.pocket.api',
- 'browser.pocket.enabled',
- 'browser.pocket.oAuthConsumerKey',
- 'browser.pocket.site',
- 'browser.polaris.enabled',
- 'browser.safebrowsing.appRepURL',
- 'browser.safebrowsing.enabled',
- 'browser.safebrowsing.gethashURL',
- 'browser.safebrowsing.malware.reportURL',
- 'browser.safebrowsing.provider.google.appRepURL',
- 'browser.safebrowsing.reportErrorURL',
- 'browser.safebrowsing.reportGenericURL',
- 'browser.safebrowsing.reportMalwareErrorURL',
- 'browser.safebrowsing.reportMalwareMistakeURL',
- 'browser.safebrowsing.reportMalwareURL',
- 'browser.safebrowsing.reportPhishMistakeURL',
- 'browser.safebrowsing.reportURL',
- 'browser.safebrowsing.updateURL',
- 'browser.search.showOneOffButtons',
- 'browser.selfsupport.enabled',
- 'browser.selfsupport.url',
- 'browser.sessionstore.privacy_level_deferred',
- 'browser.tabs.animate',
- 'browser.trackingprotection.gethashURL',
- 'browser.trackingprotection.updateURL',
- 'browser.urlbar.unifiedcomplete',
- 'browser.usedOnWindows10.introURL',
- 'camera.control.autofocus_moving_callback.enabled',
- 'camera.control.face_detection.enabled',
- 'datareporting.healthreport.about.reportUrl',
- 'datareporting.healthreport.about.reportUrlUnified',
- 'datareporting.healthreport.documentServerURI',
- 'datareporting.healthreport.service.enabled',
- 'datareporting.policy.dataSubmissionEnabled.v2',
- 'devtools.webide.autoinstallFxdtAdapters',
- 'dom.archivereader.enabled',
- 'dom.beforeAfterKeyboardEvent.enabled',
- 'dom.disable_image_src_set',
- 'dom.disable_window_open_feature.scrollbars',
- 'dom.disable_window_status_change',
- 'dom.enable_user_timing',
- 'dom.flyweb.enabled',
- 'dom.idle-observers-api.enabled',
- 'dom.keyboardevent.code.enabled',
- 'dom.network.enabled',
- 'dom.push.udp.wakeupEnabled',
- 'dom.telephony.enabled',
- 'dom.vr.oculus050.enabled',
- 'dom.workers.enabled',
- 'dom.workers.sharedWorkers.enabled',
- 'extensions.formautofill.experimental',
- 'extensions.screenshots.system-disabled',
- 'extensions.shield-recipe-client.api_url',
- 'extensions.shield-recipe-client.enabled',
- 'full-screen-api.approval-required',
- 'general.useragent.locale',
- 'geo.security.allowinsecure',
- 'intl.locale.matchOS',
- 'loop.enabled',
- 'loop.facebook.appId',
- 'loop.facebook.enabled',
- 'loop.facebook.fallbackUrl',
- 'loop.facebook.shareUrl',
- 'loop.feedback.formURL',
- 'loop.feedback.manualFormURL',
- 'loop.logDomains',
- 'loop.server',
- 'media.block-play-until-visible',
- 'media.eme.apiVisible',
- 'media.eme.chromium-api.enabled',
- 'media.getusermedia.screensharing.allow_on_old_platforms',
- 'media.getusermedia.screensharing.allowed_domains',
- 'media.gmp-eme-adobe.autoupdate',
- 'media.gmp-eme-adobe.enabled',
- 'media.gmp-eme-adobe.visible',
- 'network.http.referer.userControlPolicy',
- 'network.http.sendSecureXSiteReferrer',
- 'network.http.spdy.enabled.http2draft',
- 'network.http.spdy.enabled.v3-1',
- 'network.websocket.enabled',
- 'pageThumbs.enabled',
- 'pfs.datasource.url',
- 'plugin.scan.Acrobat',
- 'plugin.scan.Quicktime',
- 'plugin.scan.WindowsMediaPlayer',
- 'plugins.enumerable_names',
- 'plugins.update.notifyUser',
- 'plugins.update.url',
- 'privacy.clearOnShutdown.passwords',
- 'privacy.donottrackheader.value',
- 'security.mixed_content.send_hsts_priming',
- 'security.mixed_content.use_hsts',
- 'security.ssl3.ecdhe_ecdsa_rc4_128_sha',
- 'security.ssl3.ecdhe_rsa_rc4_128_sha',
- 'security.ssl3.rsa_rc4_128_md5',
- 'security.ssl3.rsa_rc4_128_sha',
- 'security.tls.insecure_fallback_hosts.use_static_list',
- 'security.tls.unrestricted_rc4_fallback',
- 'security.xpconnect.plugin.unrestricted',
- 'social.directories',
- 'social.enabled',
- 'social.remote-install.enabled',
- 'social.share.activationPanelEnabled',
- 'social.shareDirectory',
- 'social.toast-notifications.enabled',
- 'social.whitelist',
- 'toolkit.telemetry.unifiedIsOptIn',
/* REMOVED */
/* 116+ */
@@ -284,224 +97,6 @@
'privacy.firstparty.isolate.use_site',
'privacy.window.name.update.enabled',
'security.insecure_connection_text.enabled',
- /* 79-91 */
- 'alerts.showFavicons',
- 'browser.newtabpage.activity-stream.asrouter.providers.snippets',
- 'browser.send_pings.require_same_host',
- 'browser.urlbar.usepreloadedtopurls.enabled',
- 'dom.allow_cut_copy',
- 'dom.battery.enabled',
- 'dom.IntersectionObserver.enabled',
- 'dom.storage.enabled',
- 'dom.vibrator.enabled',
- 'extensions.screenshots.upload-disabled',
- 'general.warnOnAboutConfig',
- 'gfx.direct2d.disabled',
- 'layers.acceleration.disabled',
- 'media.getusermedia.audiocapture.enabled',
- 'media.getusermedia.browser.enabled',
- 'media.getusermedia.screensharing.enabled',
- 'media.gmp-widevinecdm.visible',
- 'media.media-capabilities.enabled',
- 'network.http.redirection-limit',
- 'privacy.partition.network_state',
- 'security.insecure_connection_icon.enabled',
- 'security.mixed_content.block_active_content',
- 'security.ssl.enable_ocsp_stapling',
- 'security.ssl3.dhe_rsa_aes_128_sha',
- 'security.ssl3.dhe_rsa_aes_256_sha',
- 'webgl.min_capability_mode',
- /* 69-78 */
- 'browser.cache.disk_cache_ssl',
- 'browser.search.geoip.url',
- 'browser.search.region',
- 'browser.sessionhistory.max_entries',
- 'dom.push.connection.enabled',
- 'dom.push.serverURL',
- 'extensions.getAddons.discovery.api_url',
- 'extensions.htmlaboutaddons.discover.enabled',
- 'extensions.webservice.discoverURL',
- 'intl.locale.requested',
- 'intl.regional_prefs.use_os_locales',
- 'media.block-autoplay-until-in-foreground',
- 'middlemouse.paste',
- 'plugin.sessionPermissionNow.intervalInMinutes',
- 'privacy.usercontext.about_newtab_segregation.enabled',
- 'security.insecure_connection_icon.pbmode.enabled',
- 'security.insecure_connection_text.pbmode.enabled',
- 'webgl.dxgl.enabled',
- /* 61-68 */
- 'app.update.service.enabled',
- 'app.update.silent',
- 'app.update.staging.enabled',
- 'browser.cache.disk.capacity',
- 'browser.cache.disk.smart_size.enabled',
- 'browser.cache.disk.smart_size.first_run',
- 'browser.cache.offline.insecure.enable',
- 'browser.contentblocking.enabled',
- 'browser.laterrun.enabled',
- 'browser.offline-apps.notify',
- 'browser.rights.3.shown',
- 'browser.safebrowsing.blockedURIs.enabled',
- 'browser.safebrowsing.downloads.remote.block_dangerous',
- 'browser.safebrowsing.downloads.remote.block_dangerous_host',
- 'browser.safebrowsing.provider.google.gethashURL',
- 'browser.safebrowsing.provider.google.reportMalwareMistakeURL',
- 'browser.safebrowsing.provider.google.reportPhishMistakeURL',
- 'browser.safebrowsing.provider.google.reportURL',
- 'browser.safebrowsing.provider.google.updateURL',
- 'browser.safebrowsing.provider.google4.dataSharing.enabled',
- 'browser.safebrowsing.provider.google4.dataSharingURL',
- 'browser.safebrowsing.provider.google4.gethashURL',
- 'browser.safebrowsing.provider.google4.reportMalwareMistakeURL',
- 'browser.safebrowsing.provider.google4.reportPhishMistakeURL',
- 'browser.safebrowsing.provider.google4.reportURL',
- 'browser.safebrowsing.provider.google4.updateURL',
- 'browser.safebrowsing.provider.mozilla.gethashURL',
- 'browser.safebrowsing.provider.mozilla.updateURL',
- 'browser.safebrowsing.reportPhishURL',
- 'browser.sessionhistory.max_total_viewers',
- 'browser.sessionstore.max_windows_undo',
- 'browser.slowStartup.maxSamples',
- 'browser.slowStartup.notificationDisabled',
- 'browser.slowStartup.samples',
- 'browser.storageManager.enabled',
- 'browser.urlbar.autoFill.typed',
- 'browser.urlbar.filter.javascript',
- 'browser.urlbar.maxHistoricalSearchSuggestions',
- 'browser.urlbar.userMadeSearchSuggestionsChoice',
- 'canvas.capturestream.enabled',
- 'dom.allow_scripts_to_close_windows',
- 'dom.disable_window_flip',
- 'dom.forms.datetime',
- 'dom.imagecapture.enabled',
- 'dom.popup_maximum',
- 'extensions.webextensions.keepStorageOnUninstall',
- 'extensions.webextensions.keepUuidOnUninstall',
- 'font.blacklist.underline_offset',
- 'font.name.monospace.x-unicode',
- 'font.name.monospace.x-western',
- 'font.name.sans-serif.x-unicode',
- 'font.name.sans-serif.x-western',
- 'font.name.serif.x-unicode',
- 'font.name.serif.x-western',
- 'gfx.offscreencanvas.enabled',
- 'javascript.options.shared_memory',
- 'layout.css.font-loading-api.enabled',
- 'media.gmp-gmpopenh264.autoupdate',
- 'media.gmp-gmpopenh264.enabled',
- 'media.gmp-manager.updateEnabled',
- 'media.gmp-manager.url',
- 'media.gmp-manager.url.override',
- 'media.gmp-widevinecdm.autoupdate',
- 'media.gmp.trial-create.enabled',
- 'media.navigator.video.enabled',
- 'media.peerconnection.ice.tcp',
- 'media.peerconnection.identity.enabled',
- 'media.peerconnection.identity.timeout',
- 'media.peerconnection.turn.disable',
- 'media.peerconnection.use_document_iceservers',
- 'media.peerconnection.video.enabled',
- 'network.auth.subresource-img-cross-origin-http-auth-allow',
- 'network.cookie.leave-secure-alone',
- 'network.cookie.same-site.enabled',
- 'network.dnsCacheEntries',
- 'network.dnsCacheExpiration',
- 'network.http.fast-fallback-to-IPv4',
- 'network.proxy.autoconfig_url.include_path',
- 'offline-apps.quota.warn',
- 'pdfjs.enableWebGL',
- 'plugin.default.state',
- 'plugin.defaultXpi.state',
- 'plugin.scan.plid.all',
- 'privacy.trackingprotection.annotate_channels',
- 'privacy.trackingprotection.lower_network_priority',
- 'privacy.trackingprotection.pbmode.enabled',
- 'privacy.trackingprotection.ui.enabled',
- 'security.data_uri.block_toplevel_data_uri_navigations',
- 'security.insecure_field_warning.contextual.enabled',
- 'security.insecure_password.ui.enabled',
- 'security.tls.version.fallback-limit',
- 'services.blocklist.addons.collection',
- 'services.blocklist.gfx.collection',
- 'services.blocklist.onecrl.collection',
- 'services.blocklist.plugins.collection',
- 'services.blocklist.signing.enforced',
- 'services.blocklist.update_enabled',
- 'signon.autofillForms.http',
- 'signon.storeWhenAutocompleteOff',
- 'toolkit.telemetry.cachedClientID',
- 'urlclassifier.trackingTable',
- 'xpinstall.whitelist.required',
- /* 60 or lower */
- 'browser.migrate.automigrate.enabled',
- 'browser.search.geoip.timeout',
- 'browser.search.reset.enabled',
- 'browser.search.reset.whitelist',
- 'browser.stopReloadAnimation.enabled',
- 'browser.tabs.insertRelatedAfterCurrent',
- 'browser.tabs.loadDivertedInBackground',
- 'browser.tabs.loadInBackground',
- 'browser.tabs.selectOwnerOnClose',
- 'browser.urlbar.clickSelectsAll',
- 'browser.urlbar.doubleClickSelectsAll',
- 'device.storage.enabled',
- 'dom.keyboardevent.dispatch_during_composition',
- 'dom.presentation.controller.enabled',
- 'dom.presentation.discoverable',
- 'dom.presentation.discovery.enabled',
- 'dom.presentation.enabled',
- 'dom.presentation.receiver.enabled',
- 'dom.presentation.session_transport.data_channel.enable',
- 'dom.vr.oculus.enabled',
- 'dom.vr.openvr.enabled',
- 'dom.vr.osvr.enabled',
- 'extensions.pocket.api',
- 'extensions.pocket.oAuthConsumerKey',
- 'extensions.pocket.site',
- 'general.useragent.compatMode.firefox',
- 'geo.wifi.xhr.timeout',
- 'gfx.layerscope.enabled',
- 'media.flac.enabled',
- 'media.mediasource.enabled',
- 'media.mediasource.mp4.enabled',
- 'media.mediasource.webm.audio.enabled',
- 'media.mediasource.webm.enabled',
- 'media.mp4.enabled',
- 'media.ogg.enabled',
- 'media.ogg.flac.enabled',
- 'media.opus.enabled',
- 'media.raw.enabled',
- 'media.wave.enabled',
- 'media.webm.enabled',
- 'media.webspeech.recognition.enable',
- 'media.wmf.amd.vp9.enabled',
- 'media.wmf.enabled',
- 'media.wmf.vp9.enabled',
- 'network.dns.blockDotOnion',
- 'network.stricttransportsecurity.preloadlist',
- 'security.block_script_with_wrong_mime',
- 'security.fileuri.strict_origin_policy',
- 'security.sri.enable',
- 'services.sync.enabled',
- 'ui.submenuDelay',
- 'webextensions.storage.sync.enabled',
- 'webextensions.storage.sync.serverURL',
- // excluding these e10 settings
- // 'browser.tabs.remote.autostart',
- // 'browser.tabs.remote.autostart.2',
- // 'browser.tabs.remote.force-enable',
- // 'browser.tabs.remote.separateFileUriProcess',
- // 'extensions.e10sBlocksEnabling',
- // 'extensions.webextensions.remote',
- // 'dom.ipc.processCount',
- // 'dom.ipc.shims.enabledWarnings',
- // 'dom.ipc.processCount.extension',
- // 'dom.ipc.processCount.file',
- // 'security.sandbox.content.level',
- // 'dom.ipc.plugins.sandbox-level.default',
- // 'dom.ipc.plugins.sandbox-level.flash',
- // 'security.sandbox.logging.enabled',
/* IMPORTANT: last active pref must not have a trailing comma */
/* reset parrot: check your open about:config after running the script */
From 336300a274a7721616d7e8109facca984b05f727 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 08:39:50 +0000
Subject: [PATCH 25/59] v118 removed
these are all at default now as of at least ESR115
---
scratchpad-scripts/arkenfox-cleanup.js | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 2878031..e06b998 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -32,7 +32,7 @@
const aPREFS = [
/* DEPRECATED */
- /* 116+ */
+ /* 116-128 */
'dom.webnotifications.serviceworker.enabled', // 117
'layout.css.font-visibility.resistFingerprinting', // 116
'permissions.delegation.enabled', // 118
@@ -59,9 +59,14 @@
'security.ssl3.rsa_des_ede3_sha', // 93
/* REMOVED */
- /* 116+ */
+ /* 116-128 */
+ 'browser.fixup.alternate.enabled',
+ 'browser.urlbar.dnsResolveSingleWordsAfterSearch',
'media.gmp-widevinecdm.enabled',
'network.protocol-handler.external.ms-windows-store',
+ 'privacy.partition.always_partition_third_party_non_cookie_storage',
+ 'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage',
+ 'privacy.partition.serviceWorkers',
/* 103-115 */
'beacon.enabled',
'browser.startup.blankWindow',
From f0513b7e64160c80f6e2430a5f3155ee855abdcf Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 11:41:47 +0000
Subject: [PATCH 26/59] inactive prefs no longer needed
encryption prefs false since FF109, taskbar since jesus or whatever
---
scratchpad-scripts/arkenfox-cleanup.js | 3 +++
1 file changed, 3 insertions(+)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index e06b998..fea7a68 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -61,12 +61,15 @@
/* REMOVED */
/* 116-128 */
'browser.fixup.alternate.enabled',
+ 'browser.taskbar.previews.enable',
'browser.urlbar.dnsResolveSingleWordsAfterSearch',
'media.gmp-widevinecdm.enabled',
'network.protocol-handler.external.ms-windows-store',
'privacy.partition.always_partition_third_party_non_cookie_storage',
'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage',
'privacy.partition.serviceWorkers',
+ 'security.ssl3.ecdhe_ecdsa_aes_128_sha',
+ 'security.ssl3.ecdhe_ecdsa_aes_256_sha',
/* 103-115 */
'beacon.enabled',
'browser.startup.blankWindow',
From bd2e5b8d1d477951d929ea7d79ceb7a13fc322a4 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 18 Sep 2023 11:47:49 +0000
Subject: [PATCH 27/59] undo encryption
they're not default false since 108, that was nightly only
---
scratchpad-scripts/arkenfox-cleanup.js | 2 --
1 file changed, 2 deletions(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index fea7a68..d8ddf31 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -68,8 +68,6 @@
'privacy.partition.always_partition_third_party_non_cookie_storage',
'privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage',
'privacy.partition.serviceWorkers',
- 'security.ssl3.ecdhe_ecdsa_aes_128_sha',
- 'security.ssl3.ecdhe_ecdsa_aes_256_sha',
/* 103-115 */
'beacon.enabled',
'browser.startup.blankWindow',
From 56f51203bf4fea8aa778b792269205d275a62665 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 21 Sep 2023 12:36:35 +0000
Subject: [PATCH 28/59] point to archived version
---
scratchpad-scripts/arkenfox-cleanup.js | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index d8ddf31..e2487fc 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,10 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- Last updated: 18-September-2023
+ There is an archived version at https://github.com/arkenfox/user.js/issues/1080
+ if you want the full list prior to FF118
+
+ Last updated: 22-September-2023
Instructions:
- [optional] close Firefox and backup your profile
From 6e79d1bba6a932480a938bec5c2cee0388e586b9 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Fri, 29 Sep 2023 10:52:55 +0000
Subject: [PATCH 29/59] deprecated v118
---
scratchpad-scripts/arkenfox-cleanup.js | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index e2487fc..6f783a4 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/1080
if you want the full list prior to FF118
- Last updated: 22-September-2023
+ Last updated: 29-September-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -37,7 +37,10 @@
/* DEPRECATED */
/* 116-128 */
'dom.webnotifications.serviceworker.enabled', // 117
+ 'layout.css.font-visibility.private', // 118
'layout.css.font-visibility.resistFingerprinting', // 116
+ 'layout.css.font-visibility.standard', // 118
+ 'layout.css.font-visibility.trackingprotection', // 118
'permissions.delegation.enabled', // 118
'security.family_safety.mode', // 117
/* 103-115 */
From f54d632da585a08185c6164017d79315c331181f Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Sat, 7 Oct 2023 10:33:49 +0000
Subject: [PATCH 30/59] v2.0 - improve root check
---
prefsCleaner.sh | 25 ++++++++++++-------------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/prefsCleaner.sh b/prefsCleaner.sh
index f36732c..6586609 100755
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
@@ -2,23 +2,12 @@
## prefs.js cleaner for Linux/Mac
## author: @claustromaniac
-## version: 1.9
+## version: 2.0
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in update_prefsCleaner() )
-# Check if running as root and if any files have the owner/group as root/wheel.
-if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
- printf "You shouldn't run this with elevated privileges (such as with doas/sudo).\n"
- exit 1
-elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
- printf 'It looks like this script was previously run with elevated privileges,
-you will need to change ownership of the following files to your user:\n'
- find . -user 0 -o -group 0
- exit 1
-fi
-
readonly CURRDIR=$(pwd)
## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
@@ -143,13 +132,23 @@ done
## change directory to the Firefox profile directory
cd "$(dirname "${SCRIPT_FILE}")"
+# Check if running as root and if any files have the owner/group as root/wheel.
+if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
+ fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)."
+elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+ printf 'It looks like this script was previously run with elevated privileges,
+you will need to change ownership of the following files to your user:\n'
+ find . -user 0 -o -group 0
+ fQuit 1
+fi
+
[ "$AUTOUPDATE" = true ] && update_prefsCleaner "$@"
echo -e "\n\n"
echo " ╔══════════════════════════╗"
echo " ║ prefs.js cleaner ║"
echo " ║ by claustromaniac ║"
-echo " ║ v1.9 ║"
+echo " ║ v2.0 ║"
echo " ╚══════════════════════════╝"
echo -e "\nThis script should be run from your Firefox profile directory.\n"
echo "It will remove any entries from prefs.js that also exist in user.js."
From 3fdcb28b8f1992b66e43582810488413b39ebdb3 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 18 Oct 2023 14:03:40 +0000
Subject: [PATCH 31/59] v118 (#1724)
---
user.js | 212 ++++++++++++++++++++++++--------------------------------
1 file changed, 92 insertions(+), 120 deletions(-)
diff --git a/user.js b/user.js
index 5e54f30..4798b8a 100644
--- a/user.js
+++ b/user.js
@@ -1,8 +1,9 @@
/******
* name: arkenfox user.js
-* date: 17 September 2023
-* version: 117
-* url: https://github.com/arkenfox/user.js
+* date: 18 October 2023
+* version: 118
+* urls: https://github.com/arkenfox/user.js [repo]
+* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
* README:
@@ -26,15 +27,15 @@
* RELEASES: https://github.com/arkenfox/user.js/releases
- * It is best to use the arkenfox release that is optimized for and matches your Firefox version
- * EVERYONE: each release
- - run prefsCleaner to reset prefs made inactive, including deprecated (9999s)
- ESR102
- - If you are not using arkenfox v102-1... (not a definitive list)
- - 2815: clearOnShutdown cookies + offlineApps should be false
- - 9999: switch the appropriate deprecated section(s) back on
- * ESR115
- - use https://github.com/arkenfox/user.js/releases/tag/115.1
+ * Use the arkenfox release that matches your Firefox version
+ - DON'T wait for arkenfox to update Firefox, nothing major changes these days
+ * Each release
+ - run prefsCleaner to reset prefs made inactive, including deprecated (9999)
+ * ESR
+ - It is recommended to not use the updater, or you will get a later version which may cause issues.
+ So you should manually append your overrides (and keep a copy), and manually update when you
+ change ESR releases (arkenfox is already past that release)
+ - If you decide to keep updating, then the onus is on - also see section 9999
* INDEX:
@@ -48,7 +49,6 @@
0900: PASSWORDS
1000: DISK AVOIDANCE
1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
- 1400: FONTS
1600: REFERERS
1700: CONTAINERS
2000: PLUGINS / MEDIA / WEBRTC
@@ -56,14 +56,14 @@
2600: MISCELLANEOUS
2700: ETP (ENHANCED TRACKING PROTECTION)
2800: SHUTDOWN & SANITIZING
- 4500: RFP (RESIST FINGERPRINTING)
+ 4500: RFP (resistFingerprinting)
5000: OPTIONAL OPSEC
5500: OPTIONAL HARDENING
6000: DON'T TOUCH
7000: DON'T BOTHER
8000: DON'T BOTHER: FINGERPRINTING
9000: NON-PROJECT RELATED
- 9999: DEPRECATED / REMOVED / LEGACY / RENAMED
+ 9999: DEPRECATED / RENAMED
******/
@@ -132,6 +132,9 @@ user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
* [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations
* [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/
user_pref("browser.discovery.enabled", false);
+/* 0323: disable shopping experience [FF116+]
+ * [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1840156#c0 ***/
+user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
/** TELEMETRY ***/
/* 0330: disable new data submission [FF41+]
@@ -269,11 +272,11 @@ user_pref("network.proxy.socks_remote_dns", true);
user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
/* 0704: disable GIO as a potential proxy bypass vector
* Gvfs/GIO has a set of supported protocols like obex, network, archive, computer,
- * dav, cdda, gphoto2, trash, etc. By default only sftp is accepted (FF87+)
+ * dav, cdda, gphoto2, trash, etc. From FF87-117, by default only sftp was accepted
* [1] https://bugzilla.mozilla.org/1433507
* [2] https://en.wikipedia.org/wiki/GVfs
* [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
-user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF]
+user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+]
/* 0705: disable proxy direct failover for system requests [FF91+]
* [WARNING] Default true is a security feature against malicious extensions [1]
* [SETUP-CHROME] If you use a proxy and you trust your extensions
@@ -305,36 +308,30 @@ user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
/*** [SECTION 0800]: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS ***/
user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
-/* 0802: disable location bar domain guessing
- * domain guessing intercepts DNS "hostname not found errors" and resends a
- * request (e.g. by adding www or .com). This is inconsistent use (e.g. FQDNs), does not work
- * via Proxy Servers (different error), is a flawed use of DNS (TLDs: why treat .com
- * as the 411 for DNS errors?), privacy issues (why connect to sites you didn't
- * intend to), can leak sensitive data (e.g. query strings: e.g. Princeton attack),
- * and is a security risk (e.g. common typos & malicious sites set up to exploit this) ***/
-user_pref("browser.fixup.alternate.enabled", false); // [DEFAULT: false FF104+]
-/* 0804: disable live search suggestions
+/* 0801: disable location bar making speculative connections [FF56+]
+ * [1] https://bugzilla.mozilla.org/1348275 ***/
+user_pref("browser.urlbar.speculativeConnect.enabled", false);
+/* 0802: disable location bar contextual suggestions [FF92+]
+ * [SETTING] Privacy & Security>Address Bar>Suggestions from...
+ * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
+user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
+user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
+/* 0803: disable live search suggestions
* [NOTE] Both must be true for the location bar to work
* [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
* [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.urlbar.suggest.searches", false);
-/* 0805: disable location bar making speculative connections [FF56+]
- * [1] https://bugzilla.mozilla.org/1348275 ***/
-user_pref("browser.urlbar.speculativeConnect.enabled", false);
-/* 0806: disable location bar leaking single words to a DNS provider **after searching** [FF78+]
- * 0=never resolve, 1=use heuristics, 2=always resolve
- * [1] https://bugzilla.mozilla.org/1642623 ***/
-user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0); // [DEFAULT: 0 FF104+]
-/* 0807: disable location bar contextual suggestions [FF92+]
- * [SETTING] Privacy & Security>Address Bar>Suggestions from...
- * [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
-user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
-user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
-/* 0808: disable tab-to-search [FF85+]
- * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
- * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
- // user_pref("browser.urlbar.suggest.engines", false);
+/* 0805: disable urlbar trending search suggestions [FF118+]
+ * [SETTING] Search>Search Suggestions>Show trending search suggestions (FF119) ***/
+user_pref("browser.urlbar.trending.featureGate", false);
+/* 0806: disable urlbar suggestions ***/
+user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
+user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
+user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
+user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
+/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
+ // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false]
/* 0810: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (2811)
@@ -342,6 +339,10 @@ user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
* [2] https://bugzilla.mozilla.org/381681 ***/
user_pref("browser.formfill.enable", false);
+/* 0815: disable tab-to-search [FF85+]
+ * Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
+ * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
+ // user_pref("browser.urlbar.suggest.engines", false);
/* 0820: disable coloring of visited links
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
@@ -499,18 +500,6 @@ user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
* [TEST] https://expired.badssl.com/ ***/
user_pref("browser.xul.error_pages.expert_bad_cert", true);
-/*** [SECTION 1400]: FONTS ***/
-user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
-/* 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
- * Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
- * In normal windows: uses the first applicable: RFP over TP over Standard
- * In Private Browsing windows: uses the most restrictive between normal and private
- * 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
- * [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc ***/
- // user_pref("layout.css.font-visibility.private", 1);
- // user_pref("layout.css.font-visibility.standard", 1);
- // user_pref("layout.css.font-visibility.trackingprotection", 1);
-
/*** [SECTION 1600]: REFERERS
full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+port+path: https://example.com:8888/foo/bar.html
@@ -558,11 +547,9 @@ user_pref("dom.disable_window_move_resize", true);
/*** [SECTION 2600]: MISCELLANEOUS ***/
user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curtain!");
-/* 2601: prevent accessibility services from accessing your browser [RESTART]
- * [1] https://support.mozilla.org/kb/accessibility-services ***/
-user_pref("accessibility.force_disabled", 1);
-/* 2603: remove temp files opened with an external application
- * [1] https://bugzilla.mozilla.org/302433 ***/
+/* 2603: remove temp files opened from non-PB windows with an external application
+ * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=302433,1738574 ***/
+user_pref("browser.download.start_downloads_in_tmp_dir", true); // [FF102+]
user_pref("browser.helperApps.deleteTempFileOnExit", true);
/* 2606: disable UITour backend so there is no chance that a remote page can use it ***/
user_pref("browser.uitour.enabled", false);
@@ -599,12 +586,6 @@ user_pref("network.IDN_show_punycode", true);
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pdf.js+firefox ***/
user_pref("pdfjs.disabled", false); // [DEFAULT: false]
user_pref("pdfjs.enableScripting", false); // [FF86+]
-/* 2623: disable permissions delegation [FF73+]
- * Currently applies to cross-origin geolocation, camera, mic and screen-sharing
- * permissions, and fullscreen requests. Disabling delegation means any prompts
- * for these will show/use their correct 3rd party origin
- * [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion ***/
-user_pref("permissions.delegation.enabled", false);
/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
@@ -625,8 +606,7 @@ user_pref("browser.download.always_ask_before_handling_new_types", true);
/* 2660: lock down allowed extension directories
* [SETUP-CHROME] This will break extensions, language packs, themes and any other
* XPI files which are installed outside of profile and application directories
- * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
- * [1] https://archive.is/DYjAM (archived) ***/
+ * [1] https://archive.is/DYjAM ***/
user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF]
user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
/* 2661: disable bypassing 3rd party extension install prompts [FF82+]
@@ -653,11 +633,6 @@ user_pref("browser.contentblocking.category", "strict");
* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
* [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
// user_pref("privacy.antitracking.enableWebcompat", false);
-/* 2710: enable state partitioning of service workers [FF96+] ***/
-user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+]
-/* 2720: enable APS (Always Partitioning Storage) ***/
-user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+]
-user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+]
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
@@ -716,7 +691,7 @@ user_pref("privacy.cpd.cookies", false);
* which will display a blank value, and are not guaranteed to work ***/
user_pref("privacy.sanitize.timeSpan", 0);
-/*** [SECTION 4500]: RFP (RESIST FINGERPRINTING)
+/*** [SECTION 4500]: RFP (resistFingerprinting)
RFP covers a wide range of ongoing fingerprinting solutions.
It is an all-or-nothing buy in: you cannot pick and choose what parts you want
[TEST] https://arkenfox.github.io/TZP/tzp.html
@@ -730,7 +705,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
FF56
1369303 - spoof/disable performance API
1333651 - spoof User Agent & Navigator API
- version: android version spoofed as ESR
+ version: android version spoofed as ESR (FF119 or lower)
OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
1369319 - disable device sensor API
1369357 - disable site specific zoom
@@ -772,7 +747,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
1794628 - return "none" with inverted-colors (FF114)
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
-/* 4501: enable privacy.resistFingerprinting
+/* 4501: enable RFP
* [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar
* RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
* [NOTE] pbmode applies if true and the original pref is false
@@ -787,7 +762,7 @@ user_pref("privacy.window.maxInnerHeight", 900);
/* 4503: disable mozAddonManager Web API [FF57+]
* [NOTE] To allow extensions to work on AMO, you also need 2662
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
-user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // [HIDDEN PREF FF57-108]
+user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
/* 4504: enable RFP letterboxing [FF67+]
* Dynamically resizes the inner window by applying margins in stepped ranges [2]
* If you use the dimension pref, then it will only apply those resolutions.
@@ -894,8 +869,6 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
// user_pref("browser.taskbar.lists.frequent.enabled", false);
// user_pref("browser.taskbar.lists.recent.enabled", false);
// user_pref("browser.taskbar.lists.tasks.enabled", false);
-/* 5015: disable Windows taskbar preview [WINDOWS] ***/
- // user_pref("browser.taskbar.previews.enable", false); // [DEFAULT: false]
/* 5016: discourage downloading to desktop
* 0=desktop, 1=downloads (default), 2=custom
* [SETTING] To set your custom default "downloads": General>Downloads>Save files to ***/
@@ -952,7 +925,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* Vulnerabilities [1] have increasingly been found, including those known and fixed
* in native programs years ago [2]. WASM has powerful low-level access, making
* certain attacks (brute-force) and vulnerabilities more possible
- * [STATS] ~0.2% of websites, about half of which are for crytopmining / malvertising [2][3]
+ * [STATS] ~0.2% of websites, about half of which are for cryptomining / malvertising [2][3]
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wasm
* [2] https://spectrum.ieee.org/tech-talk/telecom/security/more-worries-over-the-security-of-web-assembly
* [3] https://www.zdnet.com/article/half-of-the-websites-using-webassembly-use-it-for-malicious-purposes ***/
@@ -982,7 +955,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* Firefox uses the system DNS to initially resolve the IP address of your DoH server.
* When set to a valid, working value that matches your "network.trr.uri" (0712) Firefox
* won't use the system DNS. If the IP doesn't match then DoH won't work ***/
- // user_pref("network.trr.bootstrapAddr", "10.0.0.1") // [HIDDEN PREF]
+ // user_pref("network.trr.bootstrapAddr", "10.0.0.1"); // [HIDDEN PREF]
/*** [SECTION 6000]: DON'T TOUCH ***/
user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@@ -1014,7 +987,7 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
/* 6012: enforce Quarantined Domains [FF115+]
* [WHY] https://support.mozilla.org/kb/quarantined-domains */
user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
-/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF102+ ***/
+/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/
// user_pref("beacon.enabled", "");
// user_pref("browser.startup.blankWindow", "");
// user_pref("browser.newtab.preload", "");
@@ -1031,8 +1004,21 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
// user_pref("extensions.formautofill.creditCards.available", "");
// user_pref("extensions.formautofill.creditCards.supported", "");
// user_pref("middlemouse.contentLoadURL", "");
-/* 6051: prefsCleaner: reset previously active items removed from arkenfox FF115+ ***/
+/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
+ // user_pref("accessibility.force_disabled", "");
+ // user_pref("browser.fixup.alternate.enabled", "");
+ // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
// user_pref("network.protocol-handler.external.ms-windows-store", "");
+ // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
+ // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
+ // user_pref("privacy.partition.serviceWorkers", "");
+/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/
+ // user_pref("browser.cache.offline.enable", "");
+ // user_pref("extensions.formautofill.heuristics.enabled", "");
+ // user_pref("network.cookie.lifetimePolicy", "");
+ // user_pref("privacy.clearsitedata.cache.enabled", "");
+ // user_pref("privacy.resistFingerprinting.testGranularityMask", "");
+ // user_pref("security.pki.sha1_enforcement_level", "");
/*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@@ -1057,8 +1043,8 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
/* 7003: disable non-modern cipher suites [1]
* [WHY] Passive fingerprinting. Minimal/non-existent threat of downgrade attacks
* [1] https://browserleaks.com/ssl ***/
- // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); // [DEFAULT: false FF109+]
- // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false); // [DEFAULT: false FF109+]
+ // user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
+ // user_pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
// user_pref("security.ssl3.ecdhe_rsa_aes_256_sha", false);
// user_pref("security.ssl3.rsa_aes_128_gcm_sha256", false); // no PFS
@@ -1110,8 +1096,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [WHY] DNT is enforced with Tracking Protection which is used in ETP Strict (2701) ***/
// user_pref("privacy.donottrackheader.enabled", true);
/* 7016: customize ETP settings
+ * [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled
* [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
- // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5 FF103+]
+ // user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5]
+ // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
// user_pref("privacy.partition.network_state.ocsp_cache", true);
@@ -1182,42 +1170,8 @@ user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
* [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/
user_pref("browser.urlbar.showSearchTerms.enabled", false);
-/*** [SECTION 9999]: DEPRECATED / REMOVED / LEGACY / RENAMED
- Documentation denoted as [-]. Items deprecated prior to FF91 have been archived at [1]
- [1] https://github.com/arkenfox/user.js/issues/123
-***/
+/*** [SECTION 9999]: DEPRECATED / RENAMED ***/
user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
-/* ESR102.x still uses all the following prefs
-// [NOTE] replace the * with a slash in the line above to re-enable active ones
-// FF103
-// 2801: delete cookies and site data on exit - replaced by sanitizeOnShutdown* (2810)
- // 0=keep until they expire (default), 2=keep until you close Firefox
- // [SETTING] Privacy & Security>Cookies and Site Data>Delete cookies and site data when Firefox is closed
- // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1681493,1681495,1681498,1759665,1764761
-user_pref("network.cookie.lifetimePolicy", 2);
-// 6012: disable SHA-1 certificates
- // [-] https://bugzilla.mozilla.org/1766687
- // user_pref("security.pki.sha1_enforcement_level", 1); // [DEFAULT: 1]
-// FF114
-// 2816: set cache to clear on exit [FF96+]
- // [NOTE] We already disable disk cache (1001) and clear on exit (2811) which is more robust
- // [1] https://bugzilla.mozilla.org/1671182
- // [-] https://bugzilla.mozilla.org/1821651
- // user_pref("privacy.clearsitedata.cache.enabled", true);
-// 4505: experimental RFP [FF91+]
- // [-] https://bugzilla.mozilla.org/1824235
- // user_pref("privacy.resistFingerprinting.testGranularityMask", 0);
-// 5017: disable Form Autofill heuristics
- // Heuristics controls Form Autofill on forms without @autocomplete attributes
- // [-] https://bugzilla.mozilla.org/1829670
- // user_pref("extensions.formautofill.heuristics.enabled", false); // [FF55+]
-// FF115
- // 7001: disable offline cache (appCache)
- // [NOTE] appCache storage capability was removed in FF90
- // [-] https://bugzilla.mozilla.org/1677718
- // user_pref("browser.cache.offline.enable", false);
-// ***/
-
/* ESR115.x still uses all the following prefs
// [NOTE] replace the * with a slash in the line above to re-enable active ones
// FF116
@@ -1237,6 +1191,24 @@ user_pref("security.family_safety.mode", 0);
// [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/
// [-] https://bugzilla.mozilla.org/1842457
// user_pref("dom.webnotifications.serviceworker.enabled", false);
+// FF118
+// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
+ // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
+ // In normal windows: uses the first applicable: RFP over TP over Standard
+ // In Private Browsing windows: uses the most restrictive between normal and private
+ // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
+ // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
+ // [-] https://bugzilla.mozilla.org/1847599
+ // user_pref("layout.css.font-visibility.private", 1);
+ // user_pref("layout.css.font-visibility.standard", 1);
+ // user_pref("layout.css.font-visibility.trackingprotection", 1);
+// 2623: disable permissions delegation [FF73+]
+ // Currently applies to cross-origin geolocation, camera, mic and screen-sharing
+ // permissions, and fullscreen requests. Disabling delegation means any prompts
+ // for these will show/use their correct 3rd party origin
+ // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion
+ // [-] https://bugzilla.mozilla.org/1697151
+ // user_pref("permissions.delegation.enabled", false);
// ***/
/* END: internal custom pref to test for syntax errors ***/
From 35e8def0b1e5ecf1198e7efe41cfe6aa0415b320 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 18 Oct 2023 14:59:33 +0000
Subject: [PATCH 32/59] network.dns.skipTRR-when-parental-control-enabled
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 6f783a4..edb18c9 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/1080
if you want the full list prior to FF118
- Last updated: 29-September-2023
+ Last updated: 18-October-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -41,6 +41,7 @@
'layout.css.font-visibility.resistFingerprinting', // 116
'layout.css.font-visibility.standard', // 118
'layout.css.font-visibility.trackingprotection', // 118
+ 'network.dns.skipTRR-when-parental-control-enabled', // 119
'permissions.delegation.enabled', // 118
'security.family_safety.mode', // 117
/* 103-115 */
From e2681baec38e7ad09fe1f81c6da5ff84c81b7117 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 1 Nov 2023 22:02:55 +0000
Subject: [PATCH 33/59] javascript.use_us_english_locale
https://bugzilla.mozilla.org/1846224
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index edb18c9..18de648 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/1080
if you want the full list prior to FF118
- Last updated: 18-October-2023
+ Last updated: 2-November-2023
Instructions:
- [optional] close Firefox and backup your profile
@@ -37,6 +37,7 @@
/* DEPRECATED */
/* 116-128 */
'dom.webnotifications.serviceworker.enabled', // 117
+ 'javascript.use_us_english_locale', // 119
'layout.css.font-visibility.private', // 118
'layout.css.font-visibility.resistFingerprinting', // 116
'layout.css.font-visibility.standard', // 118
From d94d68245f77665546f9b736f430540295e6229e Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Thu, 2 Nov 2023 16:18:47 -0400
Subject: [PATCH 34/59] Add favicon for Mull
Signed-off-by: Tad <tad@spotco.us>
---
wikipiki/logo-mull.png | Bin 0 -> 1566 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 wikipiki/logo-mull.png
diff --git a/wikipiki/logo-mull.png b/wikipiki/logo-mull.png
new file mode 100644
index 0000000000000000000000000000000000000000..d80042f89f667fa7bd1370547fdf5a16030eac4c
GIT binary patch
literal 1566
zcmV+(2I2XMP)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F8000H$Nkl<ZSi{wq
zZA?>F7{|M0Zr|pX#l%f}Z_j-JT3T8zv{0a>Edna)bW#LL@4bBq$v!O0KF&p>+4jL~
zI%AA3i^(>pU#2c`x-4-spz&q%1)T`UOG}3@6o`t6Q&I5QITvnMO3Ri^=l0<r;Bxc)
zf9IU%dG2#G0HAr6()=d?dbzh>9HriRg$Ohoo_|_q=QPc8t}PH>B_f^*z_2zP7@|TG
zSTLpWI29VeKlcyOLEk?CB8CxO3iL4Ip>9^X-ph#NSfB`r6EP%(2*564{Jp*&w&t&b
z9hTLw&$tHKSxE&trtAz3*v19sVYub^*`^_FXzw5$JQ_jL@dzUyh#+xu6v^Hb+WObk
zcYBchGch}z?Srq)t6{6K5<V_i0SAm;1tOx8ztG@d2Z>Rwvl2WW&oq5teFFyR5Ny{~
zpFs#65p~wKq@7a!msru1M9$jIb8O2Nrs~2KR)qDoWl&k+o+hueLU}jJNQW>$@F)pZ
z>8_Xo;BvX3E~^N5!~h0Rbd?H3G68fjO|fjA1tJ5_L7m<P74GsG0M#D%Bmk0IG{aQr
zI})ra4M0&*5!m%+$VFTN;77W)H50(M+{#lbfQ9Fw%xH$PlHwTvOWp3|9SDC#f;Bm+
zr>)##u_R2BwVrmJ$OQ0Smh+4XkgP(%GHoaP&Z@~AK=K|9PO5iEu-zta0>F(4%|=sN
z0Jko;KNCO&XS|jUpun65i#)Cbz%I+1%KHOM;9bpao%}Km)<FUu&2EHs1<Rm}Pj60y
z^I?pXY8rrX1IIl|2S8MwlLzlxm%?E~-PHL@UALI#xk|kb&JWBZM}ZS;Y&8-xnyVV5
zg7H*<E~Y7-$y}9}7oZFIANDiy-d^lEqZR8ByE~I9%d#^nAsOHj<Lg(A^x1qy2ouNe
zOZzR@$W-_&DC>5raZXMSIGs)<H|%!1@~oedI#K~Ha*bWYK+SrO%L#c#!wdi`mwjgg
z?~$hg4D00iIN&JOql>ifbR{xHi4nsv;B+{^Q&tSlA_2-BWneOypobQJO$9i^HFOA;
zJn%S6q1t5!hs^?RXBp&Vaf<PhEOYD_TX(*f^*`!kq&qRX>9qs^4z@eF!(l!6lCEjd
z>-FHkE84JbE%+Mhpu{SGAPCS$NtaRq&T{pgwn9Mx{bbWeu(YBaT&2ahnhcM3a*I#m
zcgB({CZ-GQRRH327^zvEs_ps}=UwIHP-?Y+0|$1Nm4MM`geWDorvkKb4W0RB6Sy6A
zaM=k6u6=wAn@u&BQ`<FBACkszpb(7#f}uDS-i8DIo(gb{4nmE?b5HFLrKP1x4#X(A
zYeo*RjXh+m38Y%@%gf#OyI6l3bMamuBY*ZAD>bWqAeL?ih^`>{zDFp!Z8n>goFD)<
zsNg^<Kqu>0nh-hjf_yVn6&Bw)$NR?8t$u0;2Kuo#Isc8B%vJqD)t^kR4E*d?DggfG
zk0xh(3s-wKlewxWEq$mNqC+I3k6`_T^)Lg(xE<*SiMb7B4`u3vC4A0^atxdyj{ly>
zu=0mdR&MP@a%%(y+BL%qLtI=NT#Exfo^2O)=oYt1I_rf&ZEz&hx8Mr$-}H0Vj!(I&
zQ?socLrmaL@w#rEoTC|`0|IWtd*a$q{fIVLcymE`;SD;hk88sX%2+lvu3euz_Xn!^
zVa^Mi4K=XIxCFk*UX^Sx*2y+qS2G>={DXZcD0Z?TV-#mSKKJ5oB#FI9+Bd)i3pKbB
zpPOy28`1`=u;E?RxD~Adw?R<Kk@N{ut{zDFEiwu417G_m2$Jr`XmQD`b0hZtTf-$D
zS|k+!e+OVWnw%9#Rj5g~jLU<|Op`irLO&w~p6I;*n;%ypx+p(*kTC&J$(i6B(~www
zgpp1>@r%hY9m-E0-@9oM0*no0&IWC4<Fo|3ibA%hax=ooy7RB5;wTb7e`;5=j$H2x
zxNmGx8&RAJcJ?w-kJ5;cG>S`W8x%Cp`B(0SH#y%+>hBT8JNN&6IenJ;10M|{r9y|-
Q$^ZZW07*qoM6N<$g8weihyVZp
literal 0
HcmV?d00001
From 96210522d8ed072565c3d5abcbcdb0a024aa7e01 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 2 Nov 2023 20:36:12 +0000
Subject: [PATCH 35/59] Add favicon for LibreWolf
---
wikipiki/logo-librewolf.png | Bin 0 -> 1253 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 wikipiki/logo-librewolf.png
diff --git a/wikipiki/logo-librewolf.png b/wikipiki/logo-librewolf.png
new file mode 100644
index 0000000000000000000000000000000000000000..0bb9299cb2ce9fa60787c4abdaee86f6af98dd26
GIT binary patch
literal 1253
zcmaKqeK6Ds9L9g8$-6{~)49&eo-ScabdB_ayzDZY6_Rw`dU4|-=3J+otvf<*r@|q5
z>$qiY)@xp3$;%>XR#<hyid*Vb-goibp5~gnnVXw=zR&kF&&>1R6H9ZpQ&#v$fglKF
z2YVYA>EHC%$;n9FCMT|mAXXaEsIImEh%yj&Krok81S02eW-Wu%3qTYuvlOJtUv_E!
z9zG=hg!e6J@&W#b|Fb9!|E(1TkYQmJ3#$tuTL?Ke<k?VQL!}67ilABqH4fA{&?v_G
zVr(deW(jo4pj!^Ta_CpUpaP@{e0Cq7S7J*gOsZg74RSTMRbzV%EFNH2EiCI`Rfm0C
z?B~L|9`+4zcnE4EoEqWW2wD?dnn7>Ip%%Ecz=MawJb3bOq!nJR@NLKOM>x@epvU;S
z6Q?^7+=-AU2z`QZKECDSTo=B73Pv|B_8__!F}=9di&z2T1c(>lav!et;rcVA_9JHy
zzYHOF2)_!!6rx}ltYH+5fHQ*P5tNLgbQEQys1%_}glZ9L#_(VawPUCo19u$t<9PTA
z{I}?N2f-xzCh=k#!Wq1r#po=4pMz))<8yd5kJt0~V;&P?yb<HA7}E=wS-|W9<`yAY
z!om_3m#`$A2=MXwjq=jz><n{prW3Mq@=D4o8k$<#x(1}J#^gh8?jDC3(J^tC6O)pE
zPDxF>&24IKX>IT14+&q2#>OY7rsw9xlIK)~Ug_@49BlTvYH9^=WskV5SQj;zoq14D
zVie>-5||pUTQIVtJZt0lc$z=r><*GkaN3$07-5odPp#v{_)us~y-?D6y=!yvq?b2)
zi%G<pI3)}7T!O+)GjlN0&A+s&zuiCfMwx0uTmz#cy|8Mlgkrk$Ky1JT#XPww=H@Uz
zjq7{7si%wwT-h^wYCYVK9t|HnYje>q>RgqQy*JSq#GEzv>w8Db?qSU9>5~*s^4}aB
zGMf_Z*krBb7oXwK5D`lcc|h72^uyh6*76vo`*u5~-M*7`t9klaV6t(7C&Bve+Roet
zruNy4$l%<Tb%u(z<=gXS+SLy&PKG`1ZegFXPZ9)sRFPkwUA${6>y=4a!!_c`)Ot7G
zE4V+JA9&2hub(~2SzY%jC4>GI`DUbBTk5Ugy`M1XmTx@6Rf{F%Df`Exj*1l&8fDmF
zvSjW0z+EvuNi%yhjTp`>y^*UaR>sY={MQ3FEl)l@uCxPPUDS4i8hI67w4PYaP?B+R
zW-XsJZAvFu&rjHEc)3${M6(w6wE1N9K3DBjVJ<NP)T1S1GUZPGDh0|1PJ`Cgvuz+b
z@|cW3H(}&Q(v|S_dC0#qprsd0t;@9*J7x@C6Gxp=yYVW@x7M?t!?K=sBM*~!ghY41
zpXM}CncWw$(!<h|Dx73E9<z6<UC^k@3h~wYVuQ6Pv-^aJPPs%S(YK|Pl9r=nA#X{)
xq5sqQO6~ZFZcVL@M61wrzA&UCmCPe0;x{8Z|MUQz2<Zk12U};G!u?-f_!CRX$>jh5
literal 0
HcmV?d00001
From 29bb5a35f0908143f395b86263746988168c7966 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 2 Nov 2023 21:17:15 +0000
Subject: [PATCH 36/59] rename/add icons (#1760)
---
.../{logo-librewolf.png => icon-librewolf.png} | Bin
wikipiki/{logo-mull.png => icon-mull.png} | Bin
wikipiki/icon-mullvadbrowser.png | Bin 0 -> 1237 bytes
wikipiki/icon-torbrowser.png | Bin 0 -> 2044 bytes
4 files changed, 0 insertions(+), 0 deletions(-)
rename wikipiki/{logo-librewolf.png => icon-librewolf.png} (100%)
rename wikipiki/{logo-mull.png => icon-mull.png} (100%)
create mode 100644 wikipiki/icon-mullvadbrowser.png
create mode 100644 wikipiki/icon-torbrowser.png
diff --git a/wikipiki/logo-librewolf.png b/wikipiki/icon-librewolf.png
similarity index 100%
rename from wikipiki/logo-librewolf.png
rename to wikipiki/icon-librewolf.png
diff --git a/wikipiki/logo-mull.png b/wikipiki/icon-mull.png
similarity index 100%
rename from wikipiki/logo-mull.png
rename to wikipiki/icon-mull.png
diff --git a/wikipiki/icon-mullvadbrowser.png b/wikipiki/icon-mullvadbrowser.png
new file mode 100644
index 0000000000000000000000000000000000000000..f5381b62a0d4809a258f70acad763ba9c1f25af1
GIT binary patch
literal 1237
zcmV;`1S<Q9P)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F8000D>Nkl<ZcwX(6
zONd<66UKkv?e6r1dFTI^BxH0#5=?w1LCi}hqM|DUQ50NeA?|}4vl1bSh!S096*1yc
z+zA@cj0?d>9LFe#n)J+=hXhGahUuQ3?mp#^;vAZ}c5ii&Z*lJ_PF0<+>Z^0P{M)z%
z(Seb}Cq@R>lwLu$ivVN-jLvn22*KR$Kn4U1hscOw8Nq_vfyzR&d9?cR(ds`E*!0X>
zr!wgX21o{$_RSx@BQRehq0TjcnYmMnb;yl(=01AqC=QBrqP?^^kb!wVP>MCfBoh*5
z&Lc94zR3cNJPaAeE*yCRVY!*k#LUL~|B?an;x${l&DR~;rF}CuCDxa#Di>Ob#!4KR
znH+Q_V67TR=2X%1W1o{i#)p;t%r36OItr9fFc1id;ZmI=<7Y54vdp{n#!rU;6u?AJ
z0?QaE&BXdTAj}G2B_66>qVj7$fQS%SVq`pi`vv|tP^73j<`NNF4crSs)}27RxrBiD
zc>2l9SQ}_(5CoH>O#ZRJ%#D&Egh3og35^dmd0>U~;d?I83`WaDD}a5mM4U_O-GL={
zh?$FqGO$8`ws>&I91|Dsq%ytaPHAG?cxo#g7{5euut^p~$^6QOW&^Nzcy|J{8U(LK
zz8fI;J)<bbHe6%>mg}6oFhr%=6dl;LvCLh!EwE+NWwOB*7Vxf_2(6`bVGunea7UT6
z`U~T+eQow^|B;Dbp5WrOKcfHuniyNhW82Q4ffj}X;rcX}qJ=~+2^wI+@GBD&Af@-%
z#>*VoI?vSHT1{Q4B8i<FhS@tl%kbz8C>WSL1dmyfz>wr=tUH0wTqahOo}|M;hRSXB
z-u*4-FCOCD>{S!e#Q1jhY@0;=Eli}T1bKM7Aq)a$JtYXsHIT?bFuz!2cx?+Z7#o{o
z-;N58%#Ep9uiO4@Ga4S9hk_wfBH<9hB|t(J)P;aEAOvqeSS$b#)4!J?l$p415fuab
z?*EGKetv;QtEGMSypLAM0ZdoQ%-4!MynWFlGrwKn(weEq5H35@<P&u?fWYe?{NFx#
zb5Ue4JaU~!cYni;g;9n^ue<g^y!_rejy+cefrpxZh+Iw4gMd$~B*RR^p^4KRm^@d|
z<W!l1JC{)@u>0PxY1G%Ez5oHfJimssQ?g^v2B8>7`VIi72LWfAzHfL?Vi9g8dhJv{
z2j6W#meDs*qp!b~{9b%}09wm3Ye&sNHzi0pMXzgUMkdKDVA0!Btasu2(h7+I?pPnd
zoFgWte=9I^RX{-U5aJ~Y0eKEWF9NK-rvfRSV?-Q3)z2#UcnOhUxaDH{zJ&6BQVAZ9
z<&yY29Yh{T5)sPxI?FQQ3AzzTXDc0~m^@|lD)Pl!=Q<IVVe+ly(p`dlMKKAaw|W<k
zD<2^t%X#-E;99w6$4?F^4%*C>LL^2Ap<5>aIQ?0f$>|abn04y!UcCvVmV=I;9E3bU
z<N)X-6FJ%GPs`THPeP>PvhFir@I$Vo+&bBb%&I*_09xHy2o)l7nvQH9DbYLuY|crC
z;(@t;8%v8QvHSQc*(ijmW>$ZdYPHIL1-I}wde@9m!FAfg00000NkvXXu0mjfs$V|y
literal 0
HcmV?d00001
diff --git a/wikipiki/icon-torbrowser.png b/wikipiki/icon-torbrowser.png
new file mode 100644
index 0000000000000000000000000000000000000000..ad7e8d1d3e70ad8a3262ccc4a4baacf91a2131b5
GIT binary patch
literal 2044
zcmV<Y2Lt$tP)<h;3K|Lk000e1NJLTq001BW001Be1^@s6b9#F800009a7bBm000XU
z000XU0RWnu7ytkO0drDELIAGL9O(c600d`2O+f$vv5yP<VFdsH2a!ocK~#7F%~xG)
z99I?o&g}f{|Jsi0q$JIzvD&l=icM8Yc?dzON_jw0iz?a*Nb-Wj3wD4P#7lyNsGwEW
zh(}Q37bFmE8dOC*6g5SmKR}grn>ex465A<p?AWo__SpL~GnaGkot<5m76)G1k!NS_
z-<<D!=R4<K1E26kw>$CF{)K{DF#9M>93Y7Od>27R{=&sFe<Z9JWS3KRs_a<qYu_&S
zzI40a-4K8@Y}@t#CB%SXQ9<?z2qKUW{62c|JPCd`4U<w<TDW$K94j^9CXy#Zgu{=&
z*)j2d130~Jc_5L*QNuFwg2ei{La)Ah^BvU;Dhb#k30H!!(&So69;U0Iz_BO(mK*+`
z0le^V<+xQa2FX}AS;*fO1A-cTW2)D3P1s=y-k6Qxh6}OmNB|(Uh)PfXJ%8l30sQ`<
z$_cALhYTZfRL)`wqMufqS-F)RMZyL$TWoY~&mq^DflVnakD8c#xh7PcBzr_BpL)CF
z@P+_>`?-bVZdZb19yzS1wT!oxslJOBMwkvk2ASx%GmE>wRKVSjbRt_wVPQPL=m`&N
zbAejUe?#9acdcW>Xm6bO?Cc>UB?g5dh+`-CM!-LzXtsrJhY<WE`7Xl{gnF(w6JYGc
zRlM<&3Rc-@=e;H#_+b|00Dc%!7>L2)J@W$}$-s$S(?!^cSJORqG3u1;X|`n)p$X6|
zL_PfOZN7~9ih%clKx5W{W2X2{i&QpA5C5ou{B{%bml}BEXBDktLIvK+j>8i>7S}Q0
z!#HTB6UDI2Lm@q5w}obcBm=S$a9h61dAYkxY`Wh<@7Ge;`<*PZY*5Z!TM2OPrwgb|
z`sljP!uCg9YA_3aAo6uLHTWMP@I!IPun`#umBd4S29o};MZXS#i0558<%!AH*0B69
zA8y`2KZDq|&q2T_t1BU1e_lC?T~DN8BuRxr1mb(gi&qOVfM4yraeyo;N{*Ta0vR*S
zfHI^#mU=)muG`*CpKgvd#OO;N-g{+LNptr%GAjOZ&eBW+<7YfrDZ<XLB;m7Qn28R+
z?27?30{_cMD5sRCnri(nV;)Av7!QwydOTt!*=1;va{JnwRq@X6mLMH@@Vj{gz7Ud$
zskhb?3*8(F*_OaqK?h<0+_yKBYSwC(v4wnBci3jI2}H4?HL?5aS?ql#3o8Se6*To$
z6?0>CWbQCk?3r>*zgxq~tdBc(J4m>sK=~o|#{j}0?2{F*MYCx0vIR&!)g6UFN=2@B
zvIcq|NlDM7c=6A3tIFf8pLZz;AXs=}`a(_hx!ndyP#lV)Y@14efhhP)mlcRsoe}Nj
zr!8-FK_T@-Ypk%%f}LY#mIdao)>U7+JE63sayr!WOcr7gsw6MO03_;qJ%A$&G;2JX
zB{W2<PnQR3*=^gPxKEbkx)y3wGbGj8i)e`osUL*#G7Z4TLcJymp`J#1%Td(^+OXby
zbn$I&MB%zJzE%maIPHVCWo9Fx#+I)8GTv&vmD2NM2xUn4buk9e2>r>x3p?_m74hB-
zgyKKi0wQlC812Rvt~GG^l{IG4VNnU}+?Q7U<FBt!WDJ{jI%>_#m72-~zDCfdfwQcz
zzBSK>lQa<Rp=!5_kO<K#+f5+q_uQ}Nsk$WNWD1i)y7$pEw%qSx=|%%n=T-Vqcdvt7
zkBQm$YVekP6;n>3vK&-d;D`QciF9GECPN+<oK{hi8PH0>W|qkOUuEh8l`$c0e=vy$
zo-8PEXP%uEGS>3D{g3Aq+JF3EQHoMAz@ItW(tzofjYgxgx)Ky*4R=z!7b~ShG`C>U
z@?I7!tqJbse5YJD*ZTepiv8O7Uw$)(sgartq4b>gJeEU+8JRr4$^ay-V&WIxJ*Q&^
zN{hTR2`b62&)=vj!bz0@eW;1g0a23bLyig$eeqkJ*z;Hxot%c=ypJ<KpT)?_OKP%{
zHt@{QR<-EeKP@u|Un3_mjP@*0>a@)vW?|58h{COz8oIW)I^7~c>V$}PVaY(m&g_*M
ztt|z(`F?=P2L=psxvD4OWC%|WeFpi>CZ@`3`0L4eX!gV;7rq!kyc;SO5FV56c@-av
zb9H?fKn#PZnFSPg()mADaQW30+?uNE0mhnRqfeK%qNmqY)Sr2FrY(lX(Nguk39M6e
z+x7j-_;KzWl<uW6e9Y>xVVXvq1@Q?b%F)q_W$g){;Wqc?(fd#*zVOtY>PU8Nq>2}R
zd>u7U!{w!==T`1ncO?7BL+KCF<0tuXP%bkqLVlAYGC32XC52d<#<usB*m`=C=-H7+
zZc_%1lS27a6>q;#5pnHCF#No?>+pwdeeALPNM^jmE)F0f&$5WJ9k$94+cDzeaMxF_
ztNE5~qFza3dD_DGpBt#H>MdQfgP{+5z99h3#MnXp$WbCbtVBALDkd_7?W%ag>Ey~*
zC#o&+X{So-a+YT<^5%Q&Id50#<7{mBui2n`sc4wyK~Bm;Y`fT68BqX=Xl|-h0-yy@
z_{+dtEtMAg7ysM$Z~LE9c^%1KIlv`!zd_W;Rj`i%<<({-J>}xU7|wF6PX}hTypiEg
a&Gm1|sgw5)O}6a-0000<MNUMnLSTYVf#Kx<
literal 0
HcmV?d00001
From fc251637635cce451067aa448a66f803f8c4d577 Mon Sep 17 00:00:00 2001
From: Tiagoquix <30274161+Tiagoquix@users.noreply.github.com>
Date: Fri, 10 Nov 2023 20:52:23 -0300
Subject: [PATCH 37/59] Correct archived version link in arkenfox-cleanup.js
(#1763)
---
scratchpad-scripts/arkenfox-cleanup.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 18de648..1e8df4d 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -3,7 +3,7 @@
- removed from the arkenfox user.js
- deprecated by Mozilla but listed in the arkenfox user.js in the past
- There is an archived version at https://github.com/arkenfox/user.js/issues/1080
+ There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list prior to FF118
Last updated: 2-November-2023
From f95c6829fe3c0fcc478756d7acbc55020d78b141 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 19 Nov 2023 09:56:47 +0000
Subject: [PATCH 38/59] fixup date/reference
---
scratchpad-scripts/arkenfox-cleanup.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 1e8df4d..6956979 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -4,7 +4,7 @@
- deprecated by Mozilla but listed in the arkenfox user.js in the past
There is an archived version at https://github.com/arkenfox/user.js/issues/123
- if you want the full list prior to FF118
+ if you want the full list since jesus
Last updated: 2-November-2023
From fd72683abe15de5cf57574125b64879e809cf5c4 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 20 Nov 2023 02:49:16 +0000
Subject: [PATCH 39/59] v119 (#1757)
---
user.js | 98 ++++++++++++++++++++++-----------------------------------
1 file changed, 37 insertions(+), 61 deletions(-)
diff --git a/user.js b/user.js
index 4798b8a..1772671 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 18 October 2023
-* version: 118
+* date: 20 November 2023
+* version: 119
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -40,7 +40,7 @@
* INDEX:
0100: STARTUP
- 0200: GEOLOCATION / LANGUAGE / LOCALE
+ 0200: GEOLOCATION
0300: QUIETER FOX
0400: SAFE BROWSING
0600: BLOCK IMPLICIT OUTBOUND
@@ -100,7 +100,7 @@ user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); //
* [NOTE] This does not block you from adding your own ***/
user_pref("browser.newtabpage.activity-stream.default.sites", "");
-/*** [SECTION 0200]: GEOLOCATION / LANGUAGE / LOCALE ***/
+/*** [SECTION 0200]: GEOLOCATION ***/
user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!");
/* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+]
* Optionally enable logging to the console (defaults to false) ***/
@@ -109,16 +109,8 @@ user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/
/* 0202: disable using the OS's geolocation service ***/
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS]
user_pref("geo.provider.use_corelocation", false); // [MAC]
-user_pref("geo.provider.use_gpsd", false); // [LINUX]
+user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF]
user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
-/* 0210: set preferred language for displaying pages
- * [SETTING] General>Language and Appearance>Language>Choose your preferred language...
- * [TEST] https://addons.mozilla.org/about ***/
-user_pref("intl.accept_languages", "en-US, en");
-/* 0211: use en-US locale regardless of the system or region locale
- * [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
- * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630 ***/
-user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
/*** [SECTION 0300]: QUIETER FOX ***/
user_pref("_user.js.parrot", "0300 syntax error: the parrot's not pinin' for the fjords!");
@@ -268,7 +260,7 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost
user_pref("network.proxy.socks_remote_dns", true);
/* 0703: disable using UNC (Uniform Naming Convention) paths [FF61+]
* [SETUP-CHROME] Can break extensions for profiles on network shares
- * [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26424 ***/
+ * [1] https://bugzilla.mozilla.org/1413868 ***/
user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
/* 0704: disable GIO as a potential proxy bypass vector
* Gvfs/GIO has a set of supported protocols like obex, network, archive, computer,
@@ -297,8 +289,6 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""
* [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
// user_pref("network.trr.mode", 3);
-/* 0711: disable skipping DoH when parental controls are enabled [FF70+] ***/
-user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
/* 0712: set DoH provider
* The custom uri is the value shown when you "Choose provider>Custom>"
* [NOTE] If you USE custom then "network.trr.uri" should be set the same
@@ -311,11 +301,11 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
/* 0801: disable location bar making speculative connections [FF56+]
* [1] https://bugzilla.mozilla.org/1348275 ***/
user_pref("browser.urlbar.speculativeConnect.enabled", false);
-/* 0802: disable location bar contextual suggestions [FF92+]
+/* 0802: disable location bar contextual suggestions
* [SETTING] Privacy & Security>Address Bar>Suggestions from...
* [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
-user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
+user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+]
/* 0803: disable live search suggestions
* [NOTE] Both must be true for the location bar to work
* [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
@@ -354,6 +344,10 @@ user_pref("browser.formfill.enable", false);
* [4] https://earthlng.github.io/testpages/visited_links.html (see github wiki APPENDIX A on how to use)
* [5] https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html ***/
// user_pref("layout.css.visited_links_enabled", false);
+/* 0830: enable separate default search engine in Private Windows and its UI setting
+ * [SETTING] Search>Default Search Engine>Choose a different default search engine for Private Windows only ***/
+user_pref("browser.search.separatePrivateDefault", true); // [FF70+]
+user_pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+]
/*** [SECTION 0900]: PASSWORDS
[1] https://support.mozilla.org/kb/use-primary-password-protect-stored-logins-and-pas
@@ -396,7 +390,7 @@ user_pref("browser.sessionstore.privacy_level", 2);
/* 1005: disable automatic Firefox start and session restore after reboot [FF62+] [WINDOWS]
* [1] https://bugzilla.mozilla.org/603903 ***/
user_pref("toolkit.winRegisterApplicationRestart", false);
-/* 1006: disable favicons in shortcuts
+/* 1006: disable favicons in shortcuts [WINDOWS]
* URL shortcuts use a cached randomly named .ico file which is stored in your
* profile/shortcutCache directory. The .ico remains after the shortcut is deleted
* If set to false then the shortcuts use a generic Firefox icon ***/
@@ -417,7 +411,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
- * [STATS] SSL Labs (Feb 2023) reports over 99.3% of top sites have secure renegotiation [4]
+ * [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@@ -462,7 +456,7 @@ user_pref("security.cert_pinning.enforcement_level", 2);
* 0 = disabled
* 1 = consult CRLite but only collect telemetry
* 2 = consult CRLite and enforce both "Revoked" and "Not Revoked" results
- * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (FF99+, default FF100+)
+ * 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default)
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
* [2] https://blog.mozilla.org/security/tag/crlite/ ***/
user_pref("security.remote_settings.crlite_filters.enabled", true);
@@ -471,7 +465,7 @@ user_pref("security.pki.crlite_mode", 2);
/** MIXED CONTENT ***/
/* 1241: disable insecure passive content (such as images) on https pages ***/
// user_pref("security.mixed_content.block_display_content", true); // Defense-in-depth (see 1244)
-/* 1244: enable HTTPS-Only mode in all windows [FF76+]
+/* 1244: enable HTTPS-Only mode in all windows
* When the top-level is HTTPS, insecure subresources are also upgraded (silent fail)
* [SETTING] to add site exceptions: Padlock>HTTPS-Only mode>On (after "Continue to HTTP Site")
* [SETTING] Privacy & Security>HTTPS-Only Mode (and manage exceptions)
@@ -603,12 +597,13 @@ user_pref("browser.download.manager.addToRecentDocs", false);
user_pref("browser.download.always_ask_before_handling_new_types", true);
/** EXTENSIONS ***/
-/* 2660: lock down allowed extension directories
- * [SETUP-CHROME] This will break extensions, language packs, themes and any other
- * XPI files which are installed outside of profile and application directories
+/* 2660: limit allowed extension directories
+ * 1=profile, 2=user, 4=application, 8=system, 16=temporary, 31=all
+ * The pref value represents the sum: e.g. 5 would be profile and application directories
+ * [SETUP-CHROME] Breaks usage of files which are installed outside allowed directories
* [1] https://archive.is/DYjAM ***/
user_pref("extensions.enabledScopes", 5); // [HIDDEN PREF]
-user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
+ // user_pref("extensions.autoDisableScopes", 15); // [DEFAULT: 15]
/* 2661: disable bypassing 3rd party extension install prompts [FF82+]
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1659530,1681331 ***/
user_pref("extensions.postDownloadThirdPartyPrompt", false);
@@ -625,7 +620,7 @@ user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin
* [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
* [SETTING] to add site exceptions: Urlbar>ETP Shield
* [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
-user_pref("browser.contentblocking.category", "strict");
+user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
/* 2702: disable ETP web compat features [FF93+]
* [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
* Opener and redirect heuristics are granted for 30 days, see [3]
@@ -703,7 +698,6 @@ user_pref("privacy.sanitize.timeSpan", 0);
1330890 - spoof timezone as UTC0 (FF55)
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
FF56
- 1369303 - spoof/disable performance API
1333651 - spoof User Agent & Navigator API
version: android version spoofed as ESR (FF119 or lower)
OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
@@ -716,7 +710,6 @@ user_pref("privacy.sanitize.timeSpan", 0);
1369309 - spoof media statistics
1382499 - reduce screen co-ordinate fingerprinting in Touch API
1217290 & 1409677 - enable some fingerprinting resistance for WebGL
- 1382545 - reduce fingerprinting in Animation API
1354633 - limit MediaError.message to a whitelist
FF58+
1372073 - spoof/block fingerprinting in MediaDevices API (FF59)
@@ -741,7 +734,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
1653987 - limit font visibility to bundled and "Base Fonts" (Windows, Mac, some Linux) (FF80)
1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
- 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
+ 1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100-115)
1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
1422237 - return "srgb" with color-gamut (FF110)
1794628 - return "none" with inverted-colors (FF114)
@@ -973,10 +966,9 @@ user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
* [WARNING] Replaced with network partitioning (FF85+) and TCP (2701), and enabling FPI
* disables those. FPI is no longer maintained except at Tor Project for Tor Browser's config ***/
user_pref("privacy.firstparty.isolate", false); // [DEFAULT: false]
-/* 6009: enforce SmartBlock shims [FF81+]
- * In FF96+ these are listed in about:compat
+/* 6009: enforce SmartBlock shims (about:compat) [FF81+]
* [1] https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/ ***/
-user_pref("extensions.webcompat.enable_shims", true); // [DEFAULT: true]
+user_pref("extensions.webcompat.enable_shims", true); // [HIDDEN PREF] [DEFAULT: true]
/* 6010: enforce no TLS 1.0/1.1 downgrades
* [TEST] https://tls-v1-1.badssl.com:1010/ ***/
user_pref("security.tls.version.enable-deprecated", false); // [DEFAULT: false]
@@ -987,38 +979,13 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
/* 6012: enforce Quarantined Domains [FF115+]
* [WHY] https://support.mozilla.org/kb/quarantined-domains */
user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
-/* 6050: prefsCleaner: previously active items removed from arkenfox 102-114 ***/
- // user_pref("beacon.enabled", "");
- // user_pref("browser.startup.blankWindow", "");
- // user_pref("browser.newtab.preload", "");
- // user_pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", "");
- // user_pref("browser.newtabpage.activity-stream.feeds.snippets", "");
- // user_pref("browser.region.network.url", "");
- // user_pref("browser.region.update.enabled", "");
- // user_pref("browser.ssl_override_behavior", "");
- // user_pref("devtools.chrome.enabled", "");
- // user_pref("dom.disable_beforeunload", "");
- // user_pref("dom.disable_open_during_load", "");
- // user_pref("extensions.formautofill.available", "");
- // user_pref("extensions.formautofill.addresses.supported", "");
- // user_pref("extensions.formautofill.creditCards.available", "");
- // user_pref("extensions.formautofill.creditCards.supported", "");
- // user_pref("middlemouse.contentLoadURL", "");
-/* 6051: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
+/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
// user_pref("accessibility.force_disabled", "");
- // user_pref("browser.fixup.alternate.enabled", "");
// user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
// user_pref("network.protocol-handler.external.ms-windows-store", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
// user_pref("privacy.partition.serviceWorkers", "");
-/* 6052: prefsCleaner: deprecated ESR102 items from FF103-115 ***/
- // user_pref("browser.cache.offline.enable", "");
- // user_pref("extensions.formautofill.heuristics.enabled", "");
- // user_pref("network.cookie.lifetimePolicy", "");
- // user_pref("privacy.clearsitedata.cache.enabled", "");
- // user_pref("privacy.resistFingerprinting.testGranularityMask", "");
- // user_pref("security.pki.sha1_enforcement_level", "");
/*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@@ -1103,7 +1070,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
// user_pref("privacy.partition.network_state.ocsp_cache", true);
- // user_pref("privacy.query_stripping.enabled", true); // [FF101+] [ETP FF102+]
+ // user_pref("privacy.query_stripping.enabled", true); // [FF101+]
// user_pref("privacy.trackingprotection.enabled", true);
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
// user_pref("privacy.trackingprotection.cryptomining.enabled", true); // [DEFAULT: true]
@@ -1160,7 +1127,7 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan
/*** [SECTION 9000]: NON-PROJECT RELATED ***/
user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!");
/* 9001: disable welcome notices ***/
-user_pref("browser.startup.homepage_override.mstone", "ignore");
+user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF]
/* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
@@ -1209,6 +1176,15 @@ user_pref("security.family_safety.mode", 0);
// [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion
// [-] https://bugzilla.mozilla.org/1697151
// user_pref("permissions.delegation.enabled", false);
+// FF119
+// 0211: use en-US locale regardless of the system or region locale
+ // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
+ // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630
+ // [-] https://bugzilla.mozilla.org/1846224
+ // user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
+// 0711: disable skipping DoH when parental controls are enabled [FF70+]
+ // [-] https://bugzilla.mozilla.org/1586941
+user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
// ***/
/* END: internal custom pref to test for syntax errors ***/
From e4dd5aa4283560e538b4009039175018e24cdc28 Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Fri, 24 Nov 2023 13:35:14 +0000
Subject: [PATCH 40/59] updater.sh v4.0
- removed group root/wheel check
---
updater.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/updater.sh b/updater.sh
index 88e6e33..72c77fc 100755
--- a/updater.sh
+++ b/updater.sh
@@ -2,7 +2,7 @@
## arkenfox user.js updater for macOS and Linux
-## version: 3.9
+## version: 4.0
## Author: Pat Johnson (@overdodactyl)
## Additional contributors: @earthlng, @ema-pe, @claustromaniac, @infinitewarp
@@ -393,11 +393,11 @@ update_updater "$@"
getProfilePath # updates PROFILE_PATH or exits on error
cd "$PROFILE_PATH" || exit 1
-# Check if any files have the owner/group as root/wheel.
-if [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+# Check if any files have the owner as root/wheel.
+if [ -n "$(find ./ -user 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
you will need to change ownership of the following files to your user:\n'
- find . -user 0 -o -group 0
+ find . -user 0
cd "$CURRDIR"
exit 1
fi
From 4a510a4b4ceda8a177831a77309f2faccf7e18d5 Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Fri, 24 Nov 2023 13:38:25 +0000
Subject: [PATCH 41/59] prefsCleaner.sh v2.1
- remove group root/wheel check
---
prefsCleaner.sh | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/prefsCleaner.sh b/prefsCleaner.sh
index 6586609..b9739b2 100755
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
@@ -2,7 +2,7 @@
## prefs.js cleaner for Linux/Mac
## author: @claustromaniac
-## version: 2.0
+## version: 2.1
## special thanks to @overdodactyl and @earthlng for a few snippets that I stol..*cough* borrowed from the updater.sh
@@ -132,13 +132,13 @@ done
## change directory to the Firefox profile directory
cd "$(dirname "${SCRIPT_FILE}")"
-# Check if running as root and if any files have the owner/group as root/wheel.
+# Check if running as root and if any files have the owner as root/wheel.
if [ "${EUID:-"$(id -u)"}" -eq 0 ]; then
fQuit 1 "You shouldn't run this with elevated privileges (such as with doas/sudo)."
-elif [ -n "$(find ./ -user 0 -o -group 0)" ]; then
+elif [ -n "$(find ./ -user 0)" ]; then
printf 'It looks like this script was previously run with elevated privileges,
you will need to change ownership of the following files to your user:\n'
- find . -user 0 -o -group 0
+ find . -user 0
fQuit 1
fi
@@ -148,7 +148,7 @@ echo -e "\n\n"
echo " ╔══════════════════════════╗"
echo " ║ prefs.js cleaner ║"
echo " ║ by claustromaniac ║"
-echo " ║ v2.0 ║"
+echo " ║ v2.1 ║"
echo " ╚══════════════════════════╝"
echo -e "\nThis script should be run from your Firefox profile directory.\n"
echo "It will remove any entries from prefs.js that also exist in user.js."
From 33a84b608c8a1f871c6ce9c4d2b932dc57078fae Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 4 Feb 2024 20:09:30 +0000
Subject: [PATCH 42/59] v122 (#1764)
---
user.js | 37 +++++++++++++++++++++++++++++++------
1 file changed, 31 insertions(+), 6 deletions(-)
diff --git a/user.js b/user.js
index 1772671..bd7c46f 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 20 November 2023
-* version: 119
+* date: 5 February 2024
+* version: 122
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -56,6 +56,7 @@
2600: MISCELLANEOUS
2700: ETP (ENHANCED TRACKING PROTECTION)
2800: SHUTDOWN & SANITIZING
+ 4000: FPP (fingerprintingProtection)
4500: RFP (resistFingerprinting)
5000: OPTIONAL OPSEC
5500: OPTIONAL HARDENING
@@ -686,8 +687,32 @@ user_pref("privacy.cpd.cookies", false);
* which will display a blank value, and are not guaranteed to work ***/
user_pref("privacy.sanitize.timeSpan", 0);
+/*** [SECTION 4000]: FPP (fingerprintingProtection)
+ RFP (4501) overrides FPP
+
+ In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled
+ by ETP (2701). FPP will also use Remote Services in future to relax FPP protections
+ on a per site basis for compatibility (pref coming).
+
+ 1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux)
+ https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
+ 1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+)
+***/
+user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
+/* 4001: enable FPP in PB mode [FF114+]
+ * [NOTE] In FF119+, FPP for all modes (7106) is enabled with ETP Strict (2701) ***/
+ // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
+/* 4002: set global FPP overrides [FF114+]
+ * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are
+ * not used by RFP) e.g. "+AllTargets,-CSSPrefersColorScheme" or "-AllTargets,+CanvasRandomization"
+ * [NOTE] Be aware that not all RFP protections are necessarily in RFPTargets
+ * [WARNING] Not recommended. Either use RFP or FPP at defaults
+ * [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/
+ // user_pref("privacy.fingerprintingProtection.overrides", "");
+
/*** [SECTION 4500]: RFP (resistFingerprinting)
- RFP covers a wide range of ongoing fingerprinting solutions.
+ RFP overrides FPP (4000)
+
It is an all-or-nothing buy in: you cannot pick and choose what parts you want
[TEST] https://arkenfox.github.io/TZP/tzp.html
@@ -741,8 +766,8 @@ user_pref("privacy.sanitize.timeSpan", 0);
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable RFP
- * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar
- * RFP also has a few side effects: mainly timezone is UTC0, and websites will prefer light theme
+ * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar.
+ * RFP also has a few side effects: mainly timezone is UTC, and websites will prefer light theme
* [NOTE] pbmode applies if true and the original pref is false
* [1] https://bugzilla.mozilla.org/418986 ***/
user_pref("privacy.resistFingerprinting", true); // [FF41+]
@@ -1069,7 +1094,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
- // user_pref("privacy.partition.network_state.ocsp_cache", true);
+ // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+]
// user_pref("privacy.query_stripping.enabled", true); // [FF101+]
// user_pref("privacy.trackingprotection.enabled", true);
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
From c2f191448c0af23c961053b8e450f6c8a71e5567 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 6 Jun 2024 20:21:14 +0000
Subject: [PATCH 43/59] v126 (#1816)
---
user.js | 127 +++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 89 insertions(+), 38 deletions(-)
diff --git a/user.js b/user.js
index bd7c46f..fdc692e 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 5 February 2024
-* version: 122
+* date: 7 June 2024
+* version: 126
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -35,7 +35,7 @@
- It is recommended to not use the updater, or you will get a later version which may cause issues.
So you should manually append your overrides (and keep a copy), and manually update when you
change ESR releases (arkenfox is already past that release)
- - If you decide to keep updating, then the onus is on - also see section 9999
+ - If you decide to keep updating, then the onus is on you - also see section 9999
* INDEX:
@@ -95,8 +95,8 @@ user_pref("browser.startup.homepage", "about:blank");
user_pref("browser.newtabpage.enabled", false);
/* 0105: disable sponsored content on Firefox Home (Activity Stream)
* [SETTING] Home>Firefox Home Content ***/
-user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+] Pocket > Sponsored Stories
-user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Sponsored shortcuts
+user_pref("browser.newtabpage.activity-stream.showSponsored", false); // [FF58+]
+user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); // [FF83+] Shortcuts>Sponsored shortcuts
/* 0106: clear default topsites
* [NOTE] This does not block you from adding your own ***/
user_pref("browser.newtabpage.activity-stream.default.sites", "");
@@ -158,9 +158,6 @@ user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
user_pref("toolkit.coverage.endpoint.base", "");
-/* 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
- * Defense-in-depth: currently covered by 0331 ***/
-user_pref("browser.ping-centre.telemetry", false);
/* 0335: disable Firefox Home (Activity Stream) telemetry ***/
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
@@ -303,12 +300,14 @@ user_pref("_user.js.parrot", "0800 syntax error: the parrot's ceased to be!");
* [1] https://bugzilla.mozilla.org/1348275 ***/
user_pref("browser.urlbar.speculativeConnect.enabled", false);
/* 0802: disable location bar contextual suggestions
- * [SETTING] Privacy & Security>Address Bar>Suggestions from...
+ * [NOTE] The UI is controlled by the .enabled pref
+ * [SETTING] Search>Address Bar>Suggestions from...
* [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
-user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
-user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+]
+ // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false]
+ // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false]
+ // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false]
/* 0803: disable live search suggestions
- * [NOTE] Both must be true for the location bar to work
+ * [NOTE] Both must be true for live search to work in the location bar
* [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
* [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
user_pref("browser.search.suggest.enabled", false);
@@ -321,8 +320,9 @@ user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
+user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
- // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: false]
+ // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: true FF125+]
/* 0810: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (2811)
@@ -332,7 +332,7 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa
user_pref("browser.formfill.enable", false);
/* 0815: disable tab-to-search [FF85+]
* Alternatively, you can exclude on a per-engine basis by unchecking them in Options>Search
- * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest>Search engines ***/
+ * [SETTING] Search>Address Bar>When using the address bar, suggest>Search engines ***/
// user_pref("browser.urlbar.suggest.engines", false);
/* 0820: disable coloring of visited links
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
@@ -412,7 +412,7 @@ user_pref("_user.js.parrot", "1200 syntax error: the parrot's a stiff!");
* but the problem is that the browser can't know that. Setting this pref to true is the only way for the
* browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server
* [SETUP-WEB] SSL_ERROR_UNSAFE_NEGOTIATION: is it worth overriding this for that one site?
- * [STATS] SSL Labs (Nov 2023) reports over 99.5% of top sites have secure renegotiation [4]
+ * [STATS] SSL Labs (May 2024) reports over 99.7% of top sites have secure renegotiation [4]
* [1] https://wiki.mozilla.org/Security:Renegotiation
* [2] https://datatracker.ietf.org/doc/html/rfc5746
* [3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
@@ -517,6 +517,12 @@ user_pref("privacy.userContext.ui.enabled", true);
* [NOTE] The menu is always shown on long press and right click
* [SETTING] General>Tabs>Enable Container Tabs>Settings>Select a container for each new tab ***/
// user_pref("privacy.userContext.newTabContainerOnLeftClick.enabled", true);
+/* 1703: set external links to open in site-specific containers [FF123+]
+ * [SETUP-WEB] Depending on your container extension(s) and their settings
+ * true=Firefox will not choose a container (so your extension can)
+ * false=Firefox will choose the container/no-container (default)
+ * [1] https://bugzilla.mozilla.org/1874599 ***/
+ // user_pref("browser.link.force_default_user_context_id_for_external_opens", true);
/*** [SECTION 2000]: PLUGINS / MEDIA / WEBRTC ***/
user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
@@ -583,6 +589,11 @@ user_pref("pdfjs.disabled", false); // [DEFAULT: false]
user_pref("pdfjs.enableScripting", false); // [FF86+]
/* 2624: disable middle click on new tab button opening URLs or searches using clipboard [FF115+] */
user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: false NON-LINUX]
+/* 2630: disable content analysis by DLP (Data Loss Prevention) agents
+ * DLP agents are background processes on managed computers that allow enterprises to monitor locally running
+ * applications for data exfiltration events, which they can allow/block based on customer defined DLP policies.
+ * [1] https://github.com/chromium/content_analysis_sdk */
+user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false]
/** DOWNLOADS ***/
/* 2651: enable user interaction for security by always asking where to download
@@ -636,51 +647,70 @@ user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!"
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
-/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/
+/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/
/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME]
- * [NOTE] If "history" is true, downloads will also be cleared
- * [NOTE] "sessions": Active Logins: refers to HTTP Basic Authentication [1], not logins via cookies
- * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
+ * [NOTE] If "history" is true, downloads will also be cleared ***/
user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true]
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown.sessions", true); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true]
// user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
+ // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false]
/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
* [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811)
* [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/
// user_pref("privacy.clearOnShutdown.openWindows", true);
-/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ ***/
+/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/
/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME]
* [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below).
* serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for
* both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
* [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
+ * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies
* [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271)
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question)
- * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
+ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings
+ * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
+user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+]
-/** SANITIZE MANUAL: IGNORES "ALLOW" SITE EXCEPTIONS ***/
-/* 2820: reset default items to clear with Ctrl-Shift-Del [SETUP-CHROME]
- * This dialog can also be accessed from the menu History>Clear Recent History
+/** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/
+/* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+]
+ * Firefox remembers your last choices. This will reset them when you start Firefox
+ * [SETTING] Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data ***/
+user_pref("privacy.clearSiteData.cache", true);
+user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
+user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
+ // user_pref("privacy.clearSiteData.siteSettings", false);
+
+/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/
+/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME]
* Firefox remembers your last choices. This will reset them when you start Firefox
* [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
- * for "Clear Recent History" is opened, it is synced to the same as "history" ***/
+ * for "Clear Recent History" is opened, it is synced to the same as "history"
+ * [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/
user_pref("privacy.cpd.cache", true); // [DEFAULT: true]
+user_pref("privacy.clearHistory.cache", true);
user_pref("privacy.cpd.formdata", true); // [DEFAULT: true]
user_pref("privacy.cpd.history", true); // [DEFAULT: true]
+ // user_pref("privacy.cpd.downloads", true); // not used, see note above
+user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
+user_pref("privacy.cpd.cookies", false);
user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
-user_pref("privacy.cpd.cookies", false);
- // user_pref("privacy.cpd.downloads", true); // not used, see note above
+user_pref("privacy.clearHistory.cookiesAndStorage", false);
// user_pref("privacy.cpd.openWindows", false); // Session Restore
// user_pref("privacy.cpd.passwords", false);
// user_pref("privacy.cpd.siteSettings", false);
-/* 2822: reset default "Time range to clear" for "Clear Recent History" (2820)
+ // user_pref("privacy.clearHistory.siteSettings", false);
+
+/** SANITIZE MANUAL: TIMERANGE ***/
+/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830)
* Firefox remembers your last choice. This will reset the value when you start Firefox
* 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
* [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown,
@@ -692,15 +722,15 @@ user_pref("privacy.sanitize.timeSpan", 0);
In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled
by ETP (2701). FPP will also use Remote Services in future to relax FPP protections
- on a per site basis for compatibility (pref coming).
+ on a per site basis for compatibility (4003).
1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux)
https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+)
***/
-user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
+user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
/* 4001: enable FPP in PB mode [FF114+]
- * [NOTE] In FF119+, FPP for all modes (7106) is enabled with ETP Strict (2701) ***/
+ * [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/
// user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
/* 4002: set global FPP overrides [FF114+]
* Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are
@@ -709,6 +739,8 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
* [WARNING] Not recommended. Either use RFP or FPP at defaults
* [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/
// user_pref("privacy.fingerprintingProtection.overrides", "");
+/* 4003: disable remote FPP overrides [FF127+] ***/
+ // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled"; false);
/*** [SECTION 4500]: RFP (resistFingerprinting)
RFP overrides FPP (4000)
@@ -720,7 +752,6 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
418986 - limit window.screen & CSS media queries (FF41)
1281949 - spoof screen orientation (FF50)
- 1330890 - spoof timezone as UTC0 (FF55)
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
FF56
1333651 - spoof User Agent & Navigator API
@@ -740,7 +771,7 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
1372073 - spoof/block fingerprinting in MediaDevices API (FF59)
Spoof: enumerate devices as one "Internal Camera" and one "Internal Microphone"
Block: suppresses the ondevicechange event
- 1039069 - warn when language prefs are not set to "en*" (also see 0210, 0211) (FF59)
+ 1039069 - warn when language prefs are not set to "en*" (FF59)
1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events (FF59)
Spoofing mimics the content language of the document. Currently it only supports en-US.
Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
@@ -763,6 +794,9 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
1422237 - return "srgb" with color-gamut (FF110)
1794628 - return "none" with inverted-colors (FF114)
+ 1554751 - return devicePixelRatio as 2 (previously FF41+ was 1) (FF127)
+ 1787790 - normalize system fonts (FF128)
+ 1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128)
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable RFP
@@ -796,6 +830,12 @@ user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
* [WARNING] DO NOT USE unless testing, see [1] comment 12
* [1] https://bugzilla.mozilla.org/1635603 ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
+/* 4506: disable RFP spoof english prompt [FF59+]
+ * 0=prompt, 1=disabled, 2=enabled (requires RFP)
+ * [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset.
+ * [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale.
+ * [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/
+user_pref("privacy.spoof_english", 1);
/* 4510: disable using system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
@@ -867,7 +907,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
* [1] https://bugzilla.mozilla.org/1281959 ***/
// user_pref("browser.download.forbid_open_with", true);
/* 5010: disable location bar suggestion types
- * [SETTING] Privacy & Security>Address Bar>When using the address bar, suggest ***/
+ * [SETTING] Search>Address Bar>When using the address bar, suggest ***/
// user_pref("browser.urlbar.suggest.history", false);
// user_pref("browser.urlbar.suggest.bookmark", false);
// user_pref("browser.urlbar.suggest.openpage", false);
@@ -1108,7 +1148,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/ ***/
// user_pref("dom.webnotifications.enabled", false);
/* 7019: disable Push Notifications [FF44+]
- * [WHY] Push requires subscription
+ * [WHY] Website "push" requires subscription, and the API is required for CRLite (1224)
* [NOTE] To remove all subscriptions, reset "dom.push.userAgentID"
* [1] https://support.mozilla.org/kb/push-notifications-firefox ***/
// user_pref("dom.push.enabled", false);
@@ -1119,6 +1159,10 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [1] https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
* [2] https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1 ***/
// user_pref("media.peerconnection.enabled", false);
+/* 7021: enable GPC (Global Privacy Control) in non-PB windows
+ * [WHY] Passive and active fingerprinting. Mostly redundant with Tracking Protection
+ * in ETP Strict (2701) and sanitizing on close (2800s) ***/
+ // user_pref("privacy.globalprivacycontrol.enabled", true);
/*** [SECTION 8000]: DON'T BOTHER: FINGERPRINTING
[WHY] They are insufficient to help anti-fingerprinting and do more harm than good
@@ -1156,8 +1200,6 @@ user_pref("browser.startup.homepage_override.mstone", "ignore"); // [HIDDEN PREF
/* 9002: disable General>Browsing>Recommend extensions/features as you browse [FF67+] ***/
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
-/* 9003: disable What's New toolbar icon [FF69+] ***/
-user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
/* 9004: disable search terms [FF110+]
* [SETTING] Search>Search Bar>Use the address bar for search and navigation>Show search terms instead of URL... ***/
user_pref("browser.urlbar.showSearchTerms.enabled", false);
@@ -1210,6 +1252,15 @@ user_pref("security.family_safety.mode", 0);
// 0711: disable skipping DoH when parental controls are enabled [FF70+]
// [-] https://bugzilla.mozilla.org/1586941
user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
+// FF123
+// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
+ // Defense-in-depth: currently covered by 0331
+ // [-] https://bugzilla.mozilla.org/1868988
+user_pref("browser.ping-centre.telemetry", false);
+// FF126
+// 9003: disable What's New toolbar icon [FF69+]
+ // [-] https://bugzilla.mozilla.org/1724300
+user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
// ***/
/* END: internal custom pref to test for syntax errors ***/
From 9655743d8cc558e04e0742ff10d51cdda1b3c9ff Mon Sep 17 00:00:00 2001
From: eleius <42178466+eleius@users.noreply.github.com>
Date: Fri, 7 Jun 2024 20:53:34 +0000
Subject: [PATCH 44/59] fixup missing semicolon (#1850)
---
user.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/user.js b/user.js
index fdc692e..01954cc 100644
--- a/user.js
+++ b/user.js
@@ -677,7 +677,7 @@ user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [F
user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+]
+user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+]
/** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/
/* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+]
From 47cbf5b9740ef59ed866874346d3fee3379f8da3 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Fri, 7 Jun 2024 21:36:53 +0000
Subject: [PATCH 45/59] fixup sysntax, tidy
---
user.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/user.js b/user.js
index 01954cc..8087d85 100644
--- a/user.js
+++ b/user.js
@@ -322,7 +322,7 @@ user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: fal
user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
- // user_pref("browser.urlbar.clipboard.featureGate", false); // [DEFAULT: true FF125+]
+ // user_pref("browser.urlbar.clipboard.featureGate", false);
/* 0810: disable search and form history
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (2811)
@@ -740,7 +740,7 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
* [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/
// user_pref("privacy.fingerprintingProtection.overrides", "");
/* 4003: disable remote FPP overrides [FF127+] ***/
- // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled"; false);
+ // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
/*** [SECTION 4500]: RFP (resistFingerprinting)
RFP overrides FPP (4000)
From 6446d73cf572fcdf631534a5a51276a64eec4a2d Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Fri, 14 Jun 2024 06:14:26 +0000
Subject: [PATCH 46/59] add deprecated since FF119
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 6956979..1948d07 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 2-November-2023
+ Last updated: 14-June-2024
Instructions:
- [optional] close Firefox and backup your profile
@@ -36,6 +36,8 @@
const aPREFS = [
/* DEPRECATED */
/* 116-128 */
+ 'browser.messaging-system.whatsNewPanel.enabled', // 126
+ 'browser.ping-centre.telemetry', // 123
'dom.webnotifications.serviceworker.enabled', // 117
'javascript.use_us_english_locale', // 119
'layout.css.font-visibility.private', // 118
From 23caf6961483e0e55544cd4f3594734d0aa35cf0 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sat, 22 Jun 2024 15:44:54 +0000
Subject: [PATCH 47/59] v127 deprecated
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 1948d07..5155259 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 14-June-2024
+ Last updated: 23-June-2024
Instructions:
- [optional] close Firefox and backup your profile
@@ -36,6 +36,7 @@
const aPREFS = [
/* DEPRECATED */
/* 116-128 */
+ 'browser.contentanalysis.default_allow', // 127
'browser.messaging-system.whatsNewPanel.enabled', // 126
'browser.ping-centre.telemetry', // 123
'dom.webnotifications.serviceworker.enabled', // 117
@@ -47,6 +48,7 @@
'network.dns.skipTRR-when-parental-control-enabled', // 119
'permissions.delegation.enabled', // 118
'security.family_safety.mode', // 117
+ 'widget.non-native-theme.enabled', // 127
/* 103-115 */
'browser.cache.offline.enable', // 115
'extensions.formautofill.heuristics.enabled', // 114
From ff5c959cb9b5a65ede9aab82b00cbb283b160e14 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Tue, 9 Jul 2024 05:49:23 +0000
Subject: [PATCH 48/59] geo.provider*
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 5155259..50bcb8a 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 23-June-2024
+ Last updated: 9-July-2024
Instructions:
- [optional] close Firefox and backup your profile
@@ -75,6 +75,8 @@
'browser.fixup.alternate.enabled',
'browser.taskbar.previews.enable',
'browser.urlbar.dnsResolveSingleWordsAfterSearch',
+ 'geo.provider.network.url',
+ 'geo.provider.network.logging.enabled',
'media.gmp-widevinecdm.enabled',
'network.protocol-handler.external.ms-windows-store',
'privacy.partition.always_partition_third_party_non_cookie_storage',
From 11582f905a21971eb5869b48ef8c3f2d4eac4d89 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Tue, 6 Aug 2024 04:37:00 +0000
Subject: [PATCH 49/59] geo.provider.use_gpsd
https://bugzilla.mozilla.org/show_bug.cgi?id=1803234 - removed in FF131
and it doesn't work: https://bugzilla.mozilla.org/show_bug.cgi?id=1763347
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 50bcb8a..21e3438 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 9-July-2024
+ Last updated: 6-August-2024
Instructions:
- [optional] close Firefox and backup your profile
@@ -77,6 +77,7 @@
'browser.urlbar.dnsResolveSingleWordsAfterSearch',
'geo.provider.network.url',
'geo.provider.network.logging.enabled',
+ 'geo.provider.use_gpsd',
'media.gmp-widevinecdm.enabled',
'network.protocol-handler.external.ms-windows-store',
'privacy.partition.always_partition_third_party_non_cookie_storage',
From f906f7f3b41fe3f6aaa744980431f4fdcd086379 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 26 Aug 2024 08:41:28 +0000
Subject: [PATCH 50/59] v128 (#1862)
---
user.js | 122 ++++++++++++++++++++++++++++++++------------------------
1 file changed, 69 insertions(+), 53 deletions(-)
diff --git a/user.js b/user.js
index 8087d85..1dbf7d2 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 7 June 2024
-* version: 126
+* date: 26 August 2024
+* version: 128
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -57,7 +57,7 @@
2700: ETP (ENHANCED TRACKING PROTECTION)
2800: SHUTDOWN & SANITIZING
4000: FPP (fingerprintingProtection)
- 4500: RFP (resistFingerprinting)
+ 4500: OPTIONAL RFP (resistFingerprinting)
5000: OPTIONAL OPSEC
5500: OPTIONAL HARDENING
6000: DON'T TOUCH
@@ -103,14 +103,9 @@ user_pref("browser.newtabpage.activity-stream.default.sites", "");
/*** [SECTION 0200]: GEOLOCATION ***/
user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!");
-/* 0201: use Mozilla geolocation service instead of Google if permission is granted [FF74+]
- * Optionally enable logging to the console (defaults to false) ***/
-user_pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
- // user_pref("geo.provider.network.logging.enabled", true); // [HIDDEN PREF]
/* 0202: disable using the OS's geolocation service ***/
user_pref("geo.provider.ms-windows-location", false); // [WINDOWS]
user_pref("geo.provider.use_corelocation", false); // [MAC]
-user_pref("geo.provider.use_gpsd", false); // [LINUX] [HIDDEN PREF]
user_pref("geo.provider.use_geoclue", false); // [FF102+] [LINUX]
/*** [SECTION 0300]: QUIETER FOX ***/
@@ -236,7 +231,7 @@ user_pref("network.prefetch-next", false);
/* 0602: disable DNS prefetching
* [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control ***/
user_pref("network.dns.disablePrefetch", true);
- // user_pref("network.dns.disablePrefetchFromHTTPS", true); // [DEFAULT: true]
+user_pref("network.dns.disablePrefetchFromHTTPS", true);
/* 0603: disable predictor / prefetching ***/
user_pref("network.predictor.enabled", false);
user_pref("network.predictor.enable-prefetch", false); // [FF48+] [DEFAULT: false]
@@ -284,7 +279,7 @@ user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""
* [SETTING] Privacy & Security>DNS over HTTPS
* [1] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
* [2] https://wiki.mozilla.org/Security/DOH-resolver-policy
- * [3] https://support.mozilla.org/en-US/kb/firefox-dns-over-https
+ * [3] https://support.mozilla.org/kb/firefox-dns-over-https
* [4] https://www.eff.org/deeplinks/2020/12/dns-doh-and-odoh-oh-my-year-review-2020 ***/
// user_pref("network.trr.mode", 3);
/* 0712: set DoH provider
@@ -303,13 +298,13 @@ user_pref("browser.urlbar.speculativeConnect.enabled", false);
* [NOTE] The UI is controlled by the .enabled pref
* [SETTING] Search>Address Bar>Suggestions from...
* [1] https://blog.mozilla.org/data/2021/09/15/data-and-firefox-suggest/ ***/
- // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false]
- // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false]
- // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false]
+user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+]
+user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+]
+user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+]
/* 0803: disable live search suggestions
* [NOTE] Both must be true for live search to work in the location bar
* [SETUP-CHROME] Override these if you trust and use a privacy respecting search engine
- * [SETTING] Search>Provide search suggestions | Show search suggestions in address bar results ***/
+ * [SETTING] Search>Show search suggestions | Show search suggestions in address bar results ***/
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.urlbar.suggest.searches", false);
/* 0805: disable urlbar trending search suggestions [FF118+]
@@ -323,9 +318,13 @@ user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: fa
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
// user_pref("browser.urlbar.clipboard.featureGate", false);
+/* 0808: disable recent searches [FF120+]
+ * [NOTE] Recent searches are cleared with history (2811)
+ * [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
+ // user_pref("browser.urlbar.recentsearches.featureGate", false);
/* 0810: disable search and form history
- * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [NOTE] We also clear formdata on exit (2811)
+ * [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
* [2] https://bugzilla.mozilla.org/381681 ***/
@@ -377,8 +376,8 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
/*** [SECTION 1000]: DISK AVOIDANCE ***/
user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
/* 1001: disable disk cache
- * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this
- * [NOTE] We also clear cache on exit (2811) ***/
+ * [NOTE] We also clear cache on exit (2811)
+ * [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/
user_pref("browser.cache.disk.enable", false);
/* 1002: disable media cache from writing to disk in Private Browsing
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/
@@ -530,7 +529,7 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
/* 2003: force a single network interface for ICE candidates generation [FF42+]
* When using a system-wide proxy, it uses the proxy interface
- * [1] https://developer.mozilla.org/en-US/docs/Web/API/RTCIceCandidate
+ * [1] https://developer.mozilla.org/docs/Web/API/RTCIceCandidate
* [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
user_pref("media.peerconnection.ice.default_address_only", true);
/* 2004: force exclusion of private IPs from ICE candidates [FF51+]
@@ -592,8 +591,10 @@ user_pref("browser.tabs.searchclipboardfor.middleclick", false); // [DEFAULT: fa
/* 2630: disable content analysis by DLP (Data Loss Prevention) agents
* DLP agents are background processes on managed computers that allow enterprises to monitor locally running
* applications for data exfiltration events, which they can allow/block based on customer defined DLP policies.
+ * 0=Block all requests, 1=Warn on all requests (which lets the user decide), 2=Allow all requests
* [1] https://github.com/chromium/content_analysis_sdk */
-user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false]
+user_pref("browser.contentanalysis.enabled", false); // [FF121+] [DEFAULT: false]
+user_pref("browser.contentanalysis.default_result", 0); // [FF127+] [DEFAULT: 0]
/** DOWNLOADS ***/
/* 2651: enable user interaction for security by always asking where to download
@@ -638,12 +639,14 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
* Opener and redirect heuristics are granted for 30 days, see [3]
* [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
* [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
- * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
+ * [3] https://developer.mozilla.org/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
// user_pref("privacy.antitracking.enableWebcompat", false);
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
/* 2810: enable Firefox to clear items on shutdown
+ * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and
+ * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
@@ -665,9 +668,8 @@ user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [F
/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/
/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME]
- * [NOTE] Exceptions: A "cookie" block permission also controls "offlineApps" (see note below).
- * serviceWorkers require an "Allow" permission. For cross-domain logins, add exceptions for
- * both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
+ * [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins,
+ * add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
* [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
* [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies
* [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271)
@@ -722,7 +724,9 @@ user_pref("privacy.sanitize.timeSpan", 0);
In FF118+ FPP is on by default in private windows (4001) and in FF119+ is controlled
by ETP (2701). FPP will also use Remote Services in future to relax FPP protections
- on a per site basis for compatibility (4003).
+ on a per site basis for compatibility (4004).
+
+ https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc
1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux)
https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
@@ -733,19 +737,27 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
* [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/
// user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
/* 4002: set global FPP overrides [FF114+]
- * Controls what protections FPP uses globally, including "RFPTargets" (despite the name these are
- * not used by RFP) e.g. "+AllTargets,-CSSPrefersColorScheme" or "-AllTargets,+CanvasRandomization"
- * [NOTE] Be aware that not all RFP protections are necessarily in RFPTargets
- * [WARNING] Not recommended. Either use RFP or FPP at defaults
+ * uses "RFPTargets" [1] which despite the name these are not used by RFP
+ * e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone
+ * e.g. "-AllTargets,+CanvasRandomization,+JSDateTimeUTC" = no targets but do use FPP canvas and change timezone
+ * [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults
* [1] https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargets.inc ***/
// user_pref("privacy.fingerprintingProtection.overrides", "");
-/* 4003: disable remote FPP overrides [FF127+] ***/
+/* 4003: set granular FPP overrides
+ * JSON format: e.g."[{\"firstPartyDomain\": \"netflix.com\", \"overrides\": \"-CanvasRandomization,-FrameRate,\"}]"
+ * [NOTE] Not supported by arkenfox. Either use RFP or FPP at defaults ***/
+ // user_pref("privacy.fingerprintingProtection.granularOverrides", "");
+/* 4004: disable remote FPP overrides [FF127+] ***/
// user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
-/*** [SECTION 4500]: RFP (resistFingerprinting)
+/*** [SECTION 4500]: OPTIONAL RFP (resistFingerprinting)
RFP overrides FPP (4000)
- It is an all-or-nothing buy in: you cannot pick and choose what parts you want
+ FF128+ Arkenfox by default uses FPP (automatically enabled with ETP Strict). For most people
+ this is all you need. To use RFP instead, add RFP (4501) to your overrides, and optionally
+ add letterboxing (4504), spoof_english (4506), and webgl (4520).
+
+ RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want
[TEST] https://arkenfox.github.io/TZP/tzp.html
[WARNING] DO NOT USE extensions to alter RFP protected metrics
@@ -800,13 +812,12 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable RFP
- * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar.
- * RFP also has a few side effects: mainly timezone is UTC, and websites will prefer light theme
* [NOTE] pbmode applies if true and the original pref is false
- * [1] https://bugzilla.mozilla.org/418986 ***/
-user_pref("privacy.resistFingerprinting", true); // [FF41+]
+ * [SETUP-WEB] RFP can cause some website breakage: mainly canvas, use a canvas site exception via the urlbar.
+ * RFP also has a few side effects: mainly that timezone is GMT, and websites will prefer light theme ***/
+ // user_pref("privacy.resistFingerprinting", true); // [FF41+]
// user_pref("privacy.resistFingerprinting.pbmode", true); // [FF114+]
-/* 4502: set new window size rounding max values [FF55+]
+/* 4502: set RFP new window size max rounded values [FF55+]
* [SETUP-CHROME] sizes round down in hundreds: width to 200s and height to 100s, to fit your screen
* [1] https://bugzilla.mozilla.org/1330882 ***/
user_pref("privacy.window.maxInnerWidth", 1600);
@@ -815,7 +826,7 @@ user_pref("privacy.window.maxInnerHeight", 900);
* [NOTE] To allow extensions to work on AMO, you also need 2662
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
-/* 4504: enable RFP letterboxing [FF67+]
+/* 4504: enable letterboxing [FF67+]
* Dynamically resizes the inner window by applying margins in stepped ranges [2]
* If you use the dimension pref, then it will only apply those resolutions.
* The format is "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000")
@@ -824,14 +835,12 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
* [WARNING] DO NOT USE: the dimension pref is only meant for testing
* [1] https://bugzilla.mozilla.org/1407366
* [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
-user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
+ // user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
-/* 4505: experimental RFP [FF91+]
- * [WARNING] DO NOT USE unless testing, see [1] comment 12
- * [1] https://bugzilla.mozilla.org/1635603 ***/
+/* 4505: disable RFP by domain [FF91+] ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
/* 4506: disable RFP spoof english prompt [FF59+]
- * 0=prompt, 1=disabled, 2=enabled (requires RFP)
+ * 0=prompt, 1=disabled, 2=enabled
* [NOTE] When changing from value 2, preferred languages ('intl.accept_languages') is not reset.
* [SETUP-WEB] when enabled, sets 'en-US, en' for displaying pages and 'en-US' as locale.
* [SETTING] General>Language>Choose your preferred language for displaying pages>Choose>Request English... ***/
@@ -839,12 +848,6 @@ user_pref("privacy.spoof_english", 1);
/* 4510: disable using system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
-/* 4511: enforce non-native widget theme
- * Security: removes/reduces system API calls, e.g. win32k API [1]
- * Fingerprinting: provides a uniform look and feel across platforms [2]
- * [1] https://bugzilla.mozilla.org/1381938
- * [2] https://bugzilla.mozilla.org/1411425 ***/
-user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
/* 4512: enforce links targeting new windows to open in a new tab instead
* 1=most recent window or tab, 2=new window, 3=new tab
* Stops malicious window sizes and some screen resolution leaks.
@@ -856,9 +859,8 @@ user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
/* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512)
* [1] https://searchfox.org/mozilla-central/source/dom/tests/browser/browser_test_new_window_from_content.js ***/
user_pref("browser.link.open_newwindow.restriction", 0);
-/* 4520: disable WebGL (Web Graphics Library)
- * [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/
-user_pref("webgl.disabled", true);
+/* 4520: disable WebGL (Web Graphics Library) ***/
+ // user_pref("webgl.disabled", true);
/*** [SECTION 5000]: OPTIONAL OPSEC
Disk avoidance, application data isolation, eyeballs...
@@ -971,7 +973,7 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* [2] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=asm.js
* [3] https://rh0dev.github.io/blog/2017/the-return-of-the-jit/ ***/
// user_pref("javascript.options.asmjs", false);
-/* 5505: disable Ion and baseline JIT to harden against JS exploits
+/* 5505: disable Ion and baseline JIT to harden against JS exploits [RESTART]
* [NOTE] When both Ion and JIT are disabled, and trustedprincipals
* is enabled, then Ion can still be used by extensions (1599226)
* [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+jit
@@ -1000,8 +1002,8 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
/* 5509: disable IPv6 if using a VPN
* This is an application level fallback. Disabling IPv6 is best done at an OS/network
* level, and/or configured properly in system wide VPN setups.
- * [SETUP-WEB] PR_CONNECT_RESET_ERROR
* [NOTE] PHP defaults to IPv6 with "localhost". Use "php -S 127.0.0.1:PORT"
+ * [SETUP-WEB] PR_CONNECT_RESET_ERROR
* [TEST] https://ipleak.org/
* [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
// user_pref("network.dns.disableIPv6", true);
@@ -1047,6 +1049,9 @@ user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
// user_pref("accessibility.force_disabled", "");
// user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
+ // user_pref("geo.provider.network.url", "");
+ // user_pref("geo.provider.network.logging.enabled", "");
+ // user_pref("geo.provider.use_gpsd", "");
// user_pref("network.protocol-handler.external.ms-windows-store", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
// user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
@@ -1261,6 +1266,17 @@ user_pref("browser.ping-centre.telemetry", false);
// 9003: disable What's New toolbar icon [FF69+]
// [-] https://bugzilla.mozilla.org/1724300
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
+// FF127
+ // 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result
+ // [-] https://bugzilla.mozilla.org/1880314
+user_pref("browser.contentanalysis.default_allow", false);
+// 4511: enforce non-native widget theme
+ // Security: removes/reduces system API calls, e.g. win32k API [1]
+ // Fingerprinting: provides a uniform look and feel across platforms [2]
+ // [1] https://bugzilla.mozilla.org/1381938
+ // [2] https://bugzilla.mozilla.org/1411425
+ // [-] https://bugzilla.mozilla.org/1848899
+user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
// ***/
/* END: internal custom pref to test for syntax errors ***/
From bc6a2ba1450cc03952c5a09c25dc3d900be51249 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 6 Nov 2024 15:24:03 +0000
Subject: [PATCH 51/59] network.http.referer.hideOnionSource
since it was flipped to true for TB, not much point keeping it
---
scratchpad-scripts/arkenfox-cleanup.js | 2 ++
1 file changed, 2 insertions(+)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 21e3438..9cb7411 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -71,6 +71,8 @@
'security.ssl3.rsa_des_ede3_sha', // 93
/* REMOVED */
+ /* 129-140 */
+ 'network.http.referer.hideOnionSource',
/* 116-128 */
'browser.fixup.alternate.enabled',
'browser.taskbar.previews.enable',
From c6cfa10c0b647dc87fe08027af3fc086f9df72b3 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 7 Nov 2024 09:50:47 +0000
Subject: [PATCH 52/59] webchannel.allowObject.urlWhitelist
---
scratchpad-scripts/arkenfox-cleanup.js | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 9cb7411..3e074b0 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 6-August-2024
+ Last updated: 7-November-2024
Instructions:
- [optional] close Firefox and backup your profile
@@ -35,6 +35,8 @@
const aPREFS = [
/* DEPRECATED */
+ /* 129-140 */
+ 'webchannel.allowObject.urlWhitelist', // 132
/* 116-128 */
'browser.contentanalysis.default_allow', // 127
'browser.messaging-system.whatsNewPanel.enabled', // 126
From eae5762d29f18115fbffd73d89bd9e2510b25427 Mon Sep 17 00:00:00 2001
From: Mizuki Nguyen <49761211+MagicalDrizzle@users.noreply.github.com>
Date: Sat, 9 Nov 2024 19:55:49 +0700
Subject: [PATCH 53/59] Add missing -command argument in powershell call
(#1909)
* updater: add missing PowerShell argument
* prefcleaner: add missing PowerShell argument
---
prefsCleaner.bat | 6 +++---
updater.bat | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/prefsCleaner.bat b/prefsCleaner.bat
index 2e3403f..62ca5f0 100644
--- a/prefsCleaner.bat
+++ b/prefsCleaner.bat
@@ -3,7 +3,7 @@ TITLE prefs.js cleaner
REM ### prefs.js cleaner for Windows
REM ## author: @claustromaniac
-REM ## version: 2.7
+REM ## version: 2.8
CD /D "%~dp0"
@@ -15,7 +15,7 @@ ECHO:
ECHO ########################################
ECHO #### prefs.js cleaner for Windows ####
ECHO #### by claustromaniac ####
-ECHO #### v2.7 ####
+ECHO #### v2.8 ####
ECHO ########################################
ECHO:
CALL :message "This script should be run from your Firefox profile directory."
@@ -37,7 +37,7 @@ CALL :strlenCheck
CALL :FFcheck
CALL :message "Backing up prefs.js..."
-FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
+FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
COPY /B /V /Y prefs.js "prefs-backup-%ldt%.js"
CALL :message "Cleaning prefs.js..."
diff --git a/updater.bat b/updater.bat
index f6174f7..bc1078a 100644
--- a/updater.bat
+++ b/updater.bat
@@ -3,7 +3,7 @@ TITLE arkenfox user.js updater
REM ## arkenfox user.js updater for Windows
REM ## author: @claustromaniac
-REM ## version: 4.19
+REM ## version: 4.20
REM ## instructions: https://github.com/arkenfox/user.js/wiki/5.1-Updater-[Options]#-windows
SET v=4.19
@@ -177,7 +177,7 @@ IF EXIST user.js.new (
IF DEFINED _singlebackup (
MOVE /Y user.js user.js.bak >nul
) ELSE (
- FOR /F "delims=" %%# IN ('powershell get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
+ FOR /F "delims=" %%# IN ('powershell -command get-date -format "{yyyyMMdd_HHmmss}"') DO @SET ldt=%%#
MOVE /Y user.js "user-backup-!ldt!.js" >nul
)
REN user.js.new user.js
From b8f18a3d91e01e44bde7879dd13325b43fab74ab Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 12 Jan 2025 15:49:26 +0000
Subject: [PATCH 54/59] v133 (#1892)
---
user.js | 54 +++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 37 insertions(+), 17 deletions(-)
diff --git a/user.js b/user.js
index 1dbf7d2..96eba49 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 26 August 2024
-* version: 128
+* date: 13 January 2025
+* version: 133
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -312,10 +312,11 @@ user_pref("browser.urlbar.suggest.searches", false);
user_pref("browser.urlbar.trending.featureGate", false);
/* 0806: disable urlbar suggestions ***/
user_pref("browser.urlbar.addons.featureGate", false); // [FF115+]
+user_pref("browser.urlbar.fakespot.featureGate", false); // [FF130+] [DEFAULT: false]
user_pref("browser.urlbar.mdn.featureGate", false); // [FF117+] [HIDDEN PREF]
user_pref("browser.urlbar.pocket.featureGate", false); // [FF116+] [DEFAULT: false]
user_pref("browser.urlbar.weather.featureGate", false); // [FF108+] [DEFAULT: false]
-user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
+user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
// user_pref("browser.urlbar.clipboard.featureGate", false);
/* 0808: disable recent searches [FF120+]
@@ -372,6 +373,9 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
* [SETTING] Privacy & Security>Logins and Passwords>Allow Windows single sign-on for...
* [1] https://support.mozilla.org/kb/windows-sso ***/
// user_pref("network.http.windows-sso.enabled", false); // [DEFAULT: false]
+/* 0907: enforce no automatic authentication on Microsoft sites [FF131+] [MAC]
+ * On macOS, SSO only works on corporate devices ***/
+ // user_pref("network.http.microsoft-entra-sso.enabled", false); // [DEFAULT: false]
/*** [SECTION 1000]: DISK AVOIDANCE ***/
user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
@@ -379,7 +383,7 @@ user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is m
* [NOTE] We also clear cache on exit (2811)
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/
user_pref("browser.cache.disk.enable", false);
-/* 1002: disable media cache from writing to disk in Private Browsing
+/* 1002: set media cache in Private Browsing to in-memory and increase its maximum size
* [NOTE] MSE (Media Source Extensions) are already stored in-memory in PB ***/
user_pref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
user_pref("media.memory_cache_max_size", 65536);
@@ -564,8 +568,6 @@ user_pref("devtools.debugger.remote-enabled", false); // [DEFAULT: false]
/* 2616: remove special permissions for certain mozilla domains [FF35+]
* [1] resource://app/defaults/permissions ***/
user_pref("permissions.manager.defaultsUrl", "");
-/* 2617: remove webchannel whitelist ***/
-user_pref("webchannel.allowObject.urlWhitelist", "");
/* 2619: use Punycode in Internationalized Domain Names to eliminate possible spoofing
* [SETUP-WEB] Might be undesirable for non-latin alphabet users since legitimate IDN's are also punycoded
* [TEST] https://www.xn--80ak6aa92e.com/ (www.apple.com)
@@ -646,7 +648,7 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
/* 2810: enable Firefox to clear items on shutdown
* [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and
- * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)
+ * via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
@@ -728,6 +730,9 @@ user_pref("privacy.sanitize.timeSpan", 0);
https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/RFPTargetsDefault.inc
+ [NOTE] RFPTargets + granular overrides are somewhat experimental and may produce unexpected results
+ - e.g. FrameRate can only be controlled per process, not per origin
+
1826408 - restrict fonts to system (kBaseFonts + kLangPackFonts) (Windows, Mac, some Linux)
https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
1858181 - subtly randomize canvas per eTLD+1, per session and per window-mode (FF120+)
@@ -763,7 +768,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
[WARNING] DO NOT USE extensions to alter RFP protected metrics
418986 - limit window.screen & CSS media queries (FF41)
- 1281949 - spoof screen orientation (FF50)
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
FF56
1333651 - spoof User Agent & Navigator API
@@ -790,7 +794,7 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
1337157 - disable WebGL debug renderer info (FF60)
1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62)
1479239 - return "no-preference" with prefers-reduced-motion (FF63)
- 1363508 - spoof/suppress Pointer Events (FF64)
+ 1363508 & 1826051 - spoof/suppress Pointer Events (FF64, FF132)
1492766 - spoof pointerEvent.pointerid (FF65)
1485266 - disable exposure of system colors to CSS or canvas (FF67)
1494034 - return "light" with prefers-color-scheme (FF67)
@@ -806,9 +810,15 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
1692609 - reduce JS timing precision to 16.67ms (previously FF55+ was 100ms) (FF102)
1422237 - return "srgb" with color-gamut (FF110)
1794628 - return "none" with inverted-colors (FF114)
- 1554751 - return devicePixelRatio as 2 (previously FF41+ was 1) (FF127)
1787790 - normalize system fonts (FF128)
1835987 - spoof timezone as Atlantic/Reykjavik (previously FF55+ was UTC) (FF128)
+ 1834307 - always use smooth scrolling (FF132)
+ 1918202 - spoof screen orientation based on spoofed screen size and platform (FF132)
+ previously it always returned landscape-primary and an angle of 0 (FF50+)
+ 1390465 - load all subtitles in WebVTT (Video Text Tracks) (FF133)
+ 1873382 - make spoofed devicePixelRatio and CSS media queries match (FF133)
+ previously FF41+ devicePixelRatio was hardcoded as 1 and FF127+ as 2
+ previously FF41+ CSS media queries were spoofed as zoom level at a devicePixelRatio of 1
***/
user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
/* 4501: enable RFP
@@ -834,10 +844,12 @@ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
* dislike the margins, then flip this pref, keeping in mind that it is effectively fingerprintable
* [WARNING] DO NOT USE: the dimension pref is only meant for testing
* [1] https://bugzilla.mozilla.org/1407366
- * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/
+ * [2] https://hg.mozilla.org/mozilla-central/rev/7211cb4f58ff#l5.13 ***/
// user_pref("privacy.resistFingerprinting.letterboxing", true); // [HIDDEN PREF]
// user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF]
-/* 4505: disable RFP by domain [FF91+] ***/
+/* 4505: disable RFP by domain [FF91+]
+ * [NOTE] Working examples: "arkenfox.github.io", "*github.io"
+ * Non-working examples: "https://arkenfox.github.io", "github.io", "*arkenfox.github.io" ***/
// user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid");
/* 4506: disable RFP spoof english prompt [FF59+]
* 0=prompt, 1=disabled, 2=enabled
@@ -848,6 +860,8 @@ user_pref("privacy.spoof_english", 1);
/* 4510: disable using system colors
* [SETTING] General>Language and Appearance>Fonts and Colors>Colors>Use system colors ***/
user_pref("browser.display.use_system_colors", false); // [DEFAULT: false NON-WINDOWS]
+/* 4511: disable using system accent colors ***/
+user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false WINDOWS]
/* 4512: enforce links targeting new windows to open in a new tab instead
* 1=most recent window or tab, 2=new window, 3=new tab
* Stops malicious window sizes and some screen resolution leaks.
@@ -1096,10 +1110,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [WHY] Passive fingerprinting and perf costs. These are session-only
* and isolated with network partitioning (FF85+) and/or containers ***/
// user_pref("security.ssl.disable_session_identifiers", true);
-/* 7006: onions
- * [WHY] Firefox doesn't support hidden services. Use Tor Browser ***/
- // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
- // user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers
* [WHY] Only cross-origin referers (1602, 5510) matter ***/
// user_pref("network.http.sendRefererHeader", 2);
@@ -1136,9 +1146,11 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
* [NOTE] FPP (fingerprintingProtection) is ignored when RFP (4501) is enabled
* [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
// user_pref("network.cookie.cookieBehavior", 5); // [DEFAULT: 5]
- // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
+ // user_pref("network.cookie.cookieBehavior.optInPartitioning", true); // [ETP FF132+]
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
+ // user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+]
+ // user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
// user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+]
// user_pref("privacy.query_stripping.enabled", true); // [FF101+]
// user_pref("privacy.trackingprotection.enabled", true);
@@ -1279,5 +1291,13 @@ user_pref("browser.contentanalysis.default_allow", false);
user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
// ***/
+/* ESR128.x still uses all the following prefs
+// [NOTE] replace the * with a slash in the line above to re-enable active ones
+// FF132
+/* 2617: remove webchannel whitelist
+ // [-] https://bugzilla.mozilla.org/1275612
+ // user_pref("webchannel.allowObject.urlWhitelist", "");
+// ***/
+
/* END: internal custom pref to test for syntax errors ***/
user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!");
From 80fa110f499d3d3f6763ea5db0f015e1a3bc3ad4 Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 12 Jan 2025 19:01:32 +0000
Subject: [PATCH 55/59] dom.securecontext.allowlist_onions
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 3e074b0..8153642 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 7-November-2024
+ Last updated: 13-January-2024
Instructions:
- [optional] close Firefox and backup your profile
@@ -74,6 +74,7 @@
/* REMOVED */
/* 129-140 */
+ 'dom.securecontext.allowlist_onions',
'network.http.referer.hideOnionSource',
/* 116-128 */
'browser.fixup.alternate.enabled',
From c25187332e19c633b956a6755a7971a6591d3e8d Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Sun, 12 Jan 2025 19:02:07 +0000
Subject: [PATCH 56/59] fix the year
---
scratchpad-scripts/arkenfox-cleanup.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 8153642..34d1ba5 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 13-January-2024
+ Last updated: 13-January-2025
Instructions:
- [optional] close Firefox and backup your profile
From 9bba5788aa07f67b37abc025782113a43c717b7f Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Wed, 5 Mar 2025 07:21:39 +0000
Subject: [PATCH 57/59] legacy sanitizing prefs
In FF128 these were used to migrate to
- clearOnShutdown to clearOnShutdown_v2
- cpd to clearHistory
They are then no longer used.
The migration can be checked with
- privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs2
- privacy.sanitize.cpd.hasMigratedToNewPrefs2
Note: in FF136 there was another migration, where it changes the `ToNewPrefs2` to false
- privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs3
- privacy.sanitize.cpd.hasMigratedToNewPrefs3
AFAICT, cpd.hasMigrated* doesn't migrate until you open the clear history dialog.
---
scratchpad-scripts/arkenfox-cleanup.js | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 34d1ba5..58a0e1f 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 13-January-2025
+ Last updated: 5-March-2025
Instructions:
- [optional] close Firefox and backup your profile
@@ -76,6 +76,19 @@
/* 129-140 */
'dom.securecontext.allowlist_onions',
'network.http.referer.hideOnionSource',
+ 'privacy.clearOnShutdown.cache',
+ 'privacy.clearOnShutdown.cookies',
+ 'privacy.clearOnShutdown.downloads',
+ 'privacy.clearOnShutdown.formdata',
+ 'privacy.clearOnShutdown.history',
+ 'privacy.clearOnShutdown.offlineApps',
+ 'privacy.clearOnShutdown.sessions',
+ 'privacy.cpd.cache',
+ 'privacy.cpd.cookies',
+ 'privacy.cpd.formdata',
+ 'privacy.cpd.history',
+ 'privacy.cpd.offlineApps',
+ 'privacy.cpd.sessions',
/* 116-128 */
'browser.fixup.alternate.enabled',
'browser.taskbar.previews.enable',
From 3d76c74c80485931425464fec0e59d6cb461677a Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Thu, 6 Mar 2025 02:52:08 +0000
Subject: [PATCH 58/59] v135 (#1929)
---
user.js | 290 +++++++++++++++++++++++---------------------------------
1 file changed, 118 insertions(+), 172 deletions(-)
diff --git a/user.js b/user.js
index 96eba49..08c51ca 100644
--- a/user.js
+++ b/user.js
@@ -1,7 +1,7 @@
/******
* name: arkenfox user.js
-* date: 13 January 2025
-* version: 133
+* date: 6 March 2025
+* version: 135
* urls: https://github.com/arkenfox/user.js [repo]
* : https://arkenfox.github.io/gui/ [interactive]
* license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt
@@ -63,6 +63,7 @@
6000: DON'T TOUCH
7000: DON'T BOTHER
8000: DON'T BOTHER: FINGERPRINTING
+ 8500: TELEMETRY
9000: NON-PROJECT RELATED
9999: DEPRECATED / RENAMED
@@ -82,7 +83,7 @@ user_pref("browser.aboutConfig.showWarning", false);
user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
/* 0102: set startup page [SETUP-CHROME]
* 0=blank, 1=home, 2=last visited page, 3=resume previous session
- * [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode
+ * [NOTE] Session Restore is cleared with history (2811+), and not used in Private Browsing mode
* [SETTING] General>Startup>Restore previous session ***/
user_pref("browser.startup.page", 0);
/* 0103: set HOME+NEWWINDOW page
@@ -116,8 +117,8 @@ user_pref("extensions.getAddons.showPane", false); // [HIDDEN PREF]
/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
/* 0322: disable personalized Extension Recommendations in about:addons and AMO [FF65+]
- * [NOTE] This pref has no effect when Health Reports (0331) are disabled
- * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to make personalized extension recommendations
+ * [NOTE] This pref has no effect when Health Reports (8501) are disabled
+ * [SETTING] Privacy & Security>Firefox Data Collection and Use>Allow personalized extension recommendations
* [1] https://support.mozilla.org/kb/personalized-extension-recommendations ***/
user_pref("browser.discovery.enabled", false);
/* 0323: disable shopping experience [FF116+]
@@ -125,41 +126,13 @@ user_pref("browser.discovery.enabled", false);
user_pref("browser.shopping.experience2023.enabled", false); // [DEFAULT: false]
/** TELEMETRY ***/
-/* 0330: disable new data submission [FF41+]
- * If disabled, no policy is shown or upload takes place, ever
- * [1] https://bugzilla.mozilla.org/1195552 ***/
-user_pref("datareporting.policy.dataSubmissionEnabled", false);
-/* 0331: disable Health Reports
- * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send technical... data ***/
-user_pref("datareporting.healthreport.uploadEnabled", false);
-/* 0332: disable telemetry
- * The "unified" pref affects the behavior of the "enabled" pref
- * - If "unified" is false then "enabled" controls the telemetry module
- * - If "unified" is true then "enabled" only controls whether to record extended data
- * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2]
- * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
- * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
-user_pref("toolkit.telemetry.unified", false);
-user_pref("toolkit.telemetry.enabled", false); // see [NOTE]
-user_pref("toolkit.telemetry.server", "data:,");
-user_pref("toolkit.telemetry.archive.enabled", false);
-user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
-user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
-user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
-user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter
-user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
-/* 0333: disable Telemetry Coverage
- * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/
-user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
-user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
-user_pref("toolkit.coverage.endpoint.base", "");
/* 0335: disable Firefox Home (Activity Stream) telemetry ***/
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
/** STUDIES ***/
/* 0340: disable Studies
- * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to install and run studies ***/
+ * [SETTING] Privacy & Security>Firefox Data Collection and Use>Install and run studies ***/
user_pref("app.shield.optoutstudies.enabled", false);
/* 0341: disable Normandy/Shield [FF60+]
* Shield is a telemetry system that can push and test "recipes"
@@ -173,7 +146,7 @@ user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false); // [FF44+]
// user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // [FF51+] [DEFAULT: false]
/* 0351: enforce no submission of backlogged Crash Reports [FF58+]
- * [SETTING] Privacy & Security>Firefox Data Collection & Use>Allow Firefox to send backlogged crash reports ***/
+ * [SETTING] Privacy & Security>Firefox Data Collection and Use>Send backlogged crash reports ***/
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // [DEFAULT: false]
/** OTHER ***/
@@ -261,7 +234,7 @@ user_pref("network.file.disable_unc_paths", true); // [HIDDEN PREF]
* [1] https://bugzilla.mozilla.org/1433507
* [2] https://en.wikipedia.org/wiki/GVfs
* [3] https://en.wikipedia.org/wiki/GIO_(software) ***/
-user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: "" FF118+]
+user_pref("network.gio.supported-protocols", ""); // [HIDDEN PREF] [DEFAULT: ""]
/* 0705: disable proxy direct failover for system requests [FF91+]
* [WARNING] Default true is a security feature against malicious extensions [1]
* [SETUP-CHROME] If you use a proxy and you trust your extensions
@@ -320,11 +293,11 @@ user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+]
/* 0807: disable urlbar clipboard suggestions [FF118+] ***/
// user_pref("browser.urlbar.clipboard.featureGate", false);
/* 0808: disable recent searches [FF120+]
- * [NOTE] Recent searches are cleared with history (2811)
+ * [NOTE] Recent searches are cleared with history (2811+)
* [1] https://support.mozilla.org/kb/search-suggestions-firefox ***/
// user_pref("browser.urlbar.recentsearches.featureGate", false);
/* 0810: disable search and form history
- * [NOTE] We also clear formdata on exit (2811)
+ * [NOTE] We also clear formdata on exit (2811+)
* [SETUP-WEB] Be aware that autocomplete form data can be read by third parties [1][2]
* [SETTING] Privacy & Security>History>Custom Settings>Remember search and form history
* [1] https://blog.mindedsecurity.com/2011/10/autocompleteagain.html
@@ -337,7 +310,7 @@ user_pref("browser.formfill.enable", false);
/* 0820: disable coloring of visited links
* [SETUP-HARDEN] Bulk rapid history sniffing was mitigated in 2010 [1][2]. Slower and more expensive
* redraw timing attacks were largely mitigated in FF77+ [3]. Using RFP (4501) further hampers timing
- * attacks. Don't forget clearing history on exit (2811). However, social engineering [2#limits][4][5]
+ * attacks. Don't forget clearing history on exit (2811+). However, social engineering [2#limits][4][5]
* and advanced targeted timing attacks could still produce usable results
* [1] https://developer.mozilla.org/docs/Web/CSS/Privacy_and_the_:visited_selector
* [2] https://dbaron.org/mozilla/visited-privacy
@@ -380,7 +353,7 @@ user_pref("network.auth.subresource-http-auth-allow", 1);
/*** [SECTION 1000]: DISK AVOIDANCE ***/
user_pref("_user.js.parrot", "1000 syntax error: the parrot's gone to meet 'is maker!");
/* 1001: disable disk cache
- * [NOTE] We also clear cache on exit (2811)
+ * [NOTE] We also clear cache on exit (2811+)
* [SETUP-CHROME] If you think disk cache helps perf, then feel free to override this ***/
user_pref("browser.cache.disk.enable", false);
/* 1002: set media cache in Private Browsing to in-memory and increase its maximum size
@@ -442,13 +415,14 @@ user_pref("security.tls.enable_0rtt_data", false);
* [1] https://en.wikipedia.org/wiki/Ocsp ***/
user_pref("security.OCSP.enabled", 1); // [DEFAULT: 1]
/* 1212: set OCSP fetch failures (non-stapled, see 1211) to hard-fail
- * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR
+ * [SETUP-WEB] SEC_ERROR_OCSP_SERVER_ERROR | SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST
* When a CA cannot be reached to validate a cert, Firefox just continues the connection (=soft-fail)
* Setting this pref to true tells Firefox to instead terminate the connection (=hard-fail)
* It is pointless to soft-fail when an OCSP fetch fails: you cannot confirm a cert is still valid (it
* could have been revoked) and/or you could be under attack (e.g. malicious blocking of OCSP servers)
* [1] https://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
- * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html ***/
+ * [2] https://www.imperialviolet.org/2014/04/19/revchecking.html
+ * [3] https://letsencrypt.org/2024/12/05/ending-ocsp/ ***/
user_pref("security.OCSP.require", true);
/** CERTS / HPKP (HTTP Public Key Pinning) ***/
@@ -463,7 +437,7 @@ user_pref("security.cert_pinning.enforcement_level", 2);
* 3 = consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked" (default)
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1429800,1670985,1753071
* [2] https://blog.mozilla.org/security/tag/crlite/ ***/
-user_pref("security.remote_settings.crlite_filters.enabled", true);
+user_pref("security.remote_settings.crlite_filters.enabled", true); // [DEFAULT: true FF137+]
user_pref("security.pki.crlite_mode", 2);
/** MIXED CONTENT ***/
@@ -647,41 +621,33 @@ user_pref("browser.contentblocking.category", "strict"); // [HIDDEN PREF]
/*** [SECTION 2800]: SHUTDOWN & SANITIZING ***/
user_pref("_user.js.parrot", "2800 syntax error: the parrot's bleedin' demised!");
/* 2810: enable Firefox to clear items on shutdown
- * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811), or manually via site data (2820) and
+ * [NOTE] In FF129+ clearing "siteSettings" on shutdown (2811+), or manually via site data (2820+) and
* via history (2830), will no longer remove sanitize on shutdown "cookie and site data" site exceptions (2815)
* [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes | Settings ***/
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
-/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS | v2 migration is FF128+ ***/
-/* 2811: set/enforce what items to clear on shutdown (if 2810 is true) [SETUP-CHROME]
- * [NOTE] If "history" is true, downloads will also be cleared ***/
-user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true]
-user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true]
- // user_pref("privacy.clearOnShutdown.siteSettings", false); // [DEFAULT: false]
- // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false]
-/* 2812: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
- * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811)
+/** SANITIZE ON SHUTDOWN: IGNORES "ALLOW" SITE EXCEPTIONS ***/
+/* 2811: set/enforce clearOnShutdown items (if 2810 is true) [SETUP-CHROME] [FF128+] ***/
+user_pref("privacy.clearOnShutdown_v2.cache", true); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [DEFAULT: true]
+ // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [DEFAULT: false]
+/* 2812: set/enforce clearOnShutdown items [FF136+] ***/
+user_pref("privacy.clearOnShutdown_v2.browsingHistoryAndDownloads", true); // [DEFAULT: true]
+user_pref("privacy.clearOnShutdown_v2.downloads", true);
+user_pref("privacy.clearOnShutdown_v2.formdata", true);
+/* 2813: set Session Restore to clear on shutdown (if 2810 is true) [FF34+]
+ * [NOTE] Not needed if Session Restore is not used (0102) or it is already cleared with history (2811+)
* [NOTE] If true, this prevents resuming from crashes (also see 5008) ***/
// user_pref("privacy.clearOnShutdown.openWindows", true);
-/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS FF103+ | v2 migration is FF128+ ***/
-/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME]
- * [NOTE] Exceptions: A "cookie" permission also controls "offlineApps" (see note below). For cross-domain logins,
- * add exceptions for both sites e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
- * [NOTE] "offlineApps": Offline Website Data: localStorage, service worker cache, QuotaManager (IndexedDB, asm-cache)
- * [NOTE] "sessions": Active Logins (has no site exceptions): refers to HTTP Basic Authentication [1], not logins via cookies
+/** SANITIZE ON SHUTDOWN: RESPECTS "ALLOW" SITE EXCEPTIONS ***/
+/* 2815: set "Cookies" and "Site Data" to clear on shutdown (if 2810 is true) [SETUP-CHROME] [FF128+]
+ * [NOTE] Exceptions: For cross-domain logins, add exceptions for both sites
+ * e.g. https://www.youtube.com (site) + https://accounts.google.com (single sign on)
* [WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271)
* [SETTING] to add site exceptions: Ctrl+I>Permissions>Cookies>Allow (when on the website in question)
- * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings
- * [1] https://en.wikipedia.org/wiki/Basic_access_authentication ***/
-user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
-user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
-user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true]
-user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+]
+ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Settings ***/
+user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
/** SANITIZE SITE DATA: IGNORES "ALLOW" SITE EXCEPTIONS ***/
/* 2820: set manual "Clear Data" items [SETUP-CHROME] [FF128+]
@@ -691,30 +657,24 @@ user_pref("privacy.clearSiteData.cache", true);
user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
// user_pref("privacy.clearSiteData.siteSettings", false);
+/* 2821: set manual "Clear Data" items [FF136+] ***/
+user_pref("privacy.clearSiteData.browsingHistoryAndDownloads", true);
+user_pref("privacy.clearSiteData.formdata", true);
-/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/
-/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME]
+/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS ***/
+/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME] [FF128+]
* Firefox remembers your last choices. This will reset them when you start Firefox
- * [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
- * for "Clear Recent History" is opened, it is synced to the same as "history"
* [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/
-user_pref("privacy.cpd.cache", true); // [DEFAULT: true]
-user_pref("privacy.clearHistory.cache", true);
-user_pref("privacy.cpd.formdata", true); // [DEFAULT: true]
-user_pref("privacy.cpd.history", true); // [DEFAULT: true]
- // user_pref("privacy.cpd.downloads", true); // not used, see note above
-user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
-user_pref("privacy.cpd.cookies", false);
-user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
-user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
+user_pref("privacy.clearHistory.cache", true); // [DEFAULT: true]
user_pref("privacy.clearHistory.cookiesAndStorage", false);
- // user_pref("privacy.cpd.openWindows", false); // Session Restore
- // user_pref("privacy.cpd.passwords", false);
- // user_pref("privacy.cpd.siteSettings", false);
- // user_pref("privacy.clearHistory.siteSettings", false);
+user_pref("privacy.clearHistory.historyFormDataAndDownloads", true); // [DEFAULT: true]
+ // user_pref("privacy.clearHistory.siteSettings", false); // [DEFAULT: false]
+/* 2831: set manual "Clear History" items [FF136+] ***/
+user_pref("privacy.clearHistory.browsingHistoryAndDownloads", true); // [DEFAULT: true]
+user_pref("privacy.clearHistory.formdata", true);
/** SANITIZE MANUAL: TIMERANGE ***/
-/* 2840: set "Time range to clear" for "Clear Data" (2820) and "Clear History" (2830)
+/* 2840: set "Time range to clear" for "Clear Data" (2820+) and "Clear History" (2830+)
* Firefox remembers your last choice. This will reset the value when you start Firefox
* 0=everything, 1=last hour, 2=last two hours, 3=last four hours, 4=today
* [NOTE] Values 5 (last 5 minutes) and 6 (last 24 hours) are not listed in the dropdown,
@@ -740,7 +700,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
/* 4001: enable FPP in PB mode [FF114+]
* [NOTE] In FF119+, FPP for all modes (7016) is enabled with ETP Strict (2701) ***/
- // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true FF118+]
+ // user_pref("privacy.fingerprintingProtection.pbmode", true); // [DEFAULT: true]
/* 4002: set global FPP overrides [FF114+]
* uses "RFPTargets" [1] which despite the name these are not used by RFP
* e.g. "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC" = all targets but allow prefers-color-scheme and do not change timezone
@@ -763,7 +723,6 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
add letterboxing (4504), spoof_english (4506), and webgl (4520).
RFP is an all-or-nothing buy in: you cannot pick and choose what parts you want
- [TEST] https://arkenfox.github.io/TZP/tzp.html
[WARNING] DO NOT USE extensions to alter RFP protected metrics
@@ -771,8 +730,8 @@ user_pref("_user.js.parrot", "4000 syntax error: the parrot's bereft of life!");
1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
FF56
1333651 - spoof User Agent & Navigator API
- version: android version spoofed as ESR (FF119 or lower)
- OS: JS spoofed as Windows 10, OS 10.15, Android 10, or Linux | HTTP Headers spoofed as Windows or Android
+ JS: spoofed as Windows 10, OS 10.15, Android 10, or Linux
+ HTTP Header: spoofed as Windows 10 or Android 10.15 until FF136 then matches JS spoof
1369319 - disable device sensor API
1369357 - disable site specific zoom
1337161 - hide gamepads from content
@@ -867,7 +826,6 @@ user_pref("widget.non-native-theme.use-theme-accent", false); // [DEFAULT: false
* Stops malicious window sizes and some screen resolution leaks.
* You can still right-click a link and open in a new window
* [SETTING] General>Tabs>Open links in tabs instead of new windows
- * [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
* [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/9881 ***/
user_pref("browser.link.open_newwindow", 3); // [DEFAULT: 3]
/* 4513: set all open window methods to abide by "browser.link.open_newwindow" (4512)
@@ -935,7 +893,7 @@ user_pref("_user.js.parrot", "5000 syntax error: the parrot's taken 'is last bow
* [1] https://support.mozilla.org/kb/address-bar-autocomplete-firefox#w_url-autocomplete ***/
// user_pref("browser.urlbar.autoFill", false);
/* 5013: disable browsing and download history
- * [NOTE] We also clear history and downloads on exit (2811)
+ * [NOTE] We also clear history and downloads on exit (2811+)
* [SETTING] Privacy & Security>History>Custom Settings>Remember browsing and download history ***/
// user_pref("places.history.enabled", false);
/* 5014: disable Windows jumplist [WINDOWS] ***/
@@ -1060,16 +1018,20 @@ user_pref("extensions.webcompat-reporter.enabled", false); // [DEFAULT: false]
/* 6012: enforce Quarantined Domains [FF115+]
* [WHY] https://support.mozilla.org/kb/quarantined-domains */
user_pref("extensions.quarantinedDomains.enabled", true); // [DEFAULT: true]
-/* 6050: prefsCleaner: previously active items removed from arkenfox 115-127 ***/
- // user_pref("accessibility.force_disabled", "");
- // user_pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", "");
- // user_pref("geo.provider.network.url", "");
- // user_pref("geo.provider.network.logging.enabled", "");
- // user_pref("geo.provider.use_gpsd", "");
- // user_pref("network.protocol-handler.external.ms-windows-store", "");
- // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", "");
- // user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", "");
- // user_pref("privacy.partition.serviceWorkers", "");
+/* 6050: prefsCleaner: reset previously active items removed from arkenfox FF128+ ***/
+ // user_pref("privacy.clearOnShutdown.cache", "");
+ // user_pref("privacy.clearOnShutdown.cookies", "");
+ // user_pref("privacy.clearOnShutdown.downloads", "");
+ // user_pref("privacy.clearOnShutdown.formdata", "");
+ // user_pref("privacy.clearOnShutdown.history", "");
+ // user_pref("privacy.clearOnShutdown.offlineApps", "");
+ // user_pref("privacy.clearOnShutdown.sessions", "");
+ // user_pref("privacy.cpd.cache", "");
+ // user_pref("privacy.cpd.cookies", "");
+ // user_pref("privacy.cpd.formdata", "");
+ // user_pref("privacy.cpd.history", "");
+ // user_pref("privacy.cpd.offlineApps", "");
+ // user_pref("privacy.cpd.sessions", "");
/*** [SECTION 7000]: DON'T BOTHER ***/
user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies!");
@@ -1151,7 +1113,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
// user_pref("privacy.bounceTrackingProtection.mode", 1); // [FF131+] [ETP FF133+]
// user_pref("privacy.fingerprintingProtection", true); // [FF114+] [ETP FF119+]
- // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true FF123+]
+ // user_pref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT: true]
// user_pref("privacy.query_stripping.enabled", true); // [FF101+]
// user_pref("privacy.trackingprotection.enabled", true);
// user_pref("privacy.trackingprotection.socialtracking.enabled", true);
@@ -1210,6 +1172,58 @@ user_pref("_user.js.parrot", "8000 syntax error: the parrot's crossed the Jordan
// user_pref("ui.use_standins_for_native_colors", "");
// user_pref("webgl.enable-debug-renderer-info", "");
+/*** [SECTION 8500]: TELEMETRY
+ Arkenfox does not consider Firefox telemetry to be a privacy or security concern - comments below.
+ But since most arkenfox users prefer it disabled, we'll do that rather than cause overrides.
+
+ Opt-out
+ - Telemetry is essential: a browser engine is a _very_ large complex beast costing billions to maintain
+ - Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading
+ Choice
+ - Every new profile on first use provides data collection/use policy and the abillty to opt-out
+ - It can be disabled at any time (Settings>Privacy & Security>Data Collection and Use)
+ Data
+ - no PII (Personally Identifiable Information)
+ - can be viewed in about:telemetry
+ - uses Prio [1][2][3], Glean [4], Oblivious HTTP [5][6]
+
+ [1] https://crypto.stanford.edu/prio/
+ [2] https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/
+ [3] https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/
+ [4] https://firefox-source-docs.mozilla.org/toolkit/components/glean/index.html
+ [5] https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/ohttp.html
+ [6] https://blog.mozilla.org/en/tag/oblivious-http/
+***/
+user_pref("_user.js.parrot", "8500 syntax error: the parrot's off the twig!");
+/* 8500: disable new data submission [FF41+]
+ * If disabled, no policy is shown or upload takes place, ever
+ * [1] https://bugzilla.mozilla.org/1195552 ***/
+user_pref("datareporting.policy.dataSubmissionEnabled", false);
+/* 8501: disable Health Reports
+ * [SETTING] Privacy & Security>Firefox Data Collection and Use>Send technical... data ***/
+user_pref("datareporting.healthreport.uploadEnabled", false);
+/* 0802: disable telemetry
+ * The "unified" pref affects the behavior of the "enabled" pref
+ * - If "unified" is false then "enabled" controls the telemetry module
+ * - If "unified" is true then "enabled" only controls whether to record extended data
+ * [NOTE] "toolkit.telemetry.enabled" is now LOCKED to reflect prerelease (true) or release builds (false) [2]
+ * [1] https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/internals/preferences.html
+ * [2] https://medium.com/georg-fritzsche/data-preference-changes-in-firefox-58-2d5df9c428b5 ***/
+user_pref("toolkit.telemetry.unified", false);
+user_pref("toolkit.telemetry.enabled", false); // see [NOTE]
+user_pref("toolkit.telemetry.server", "data:,");
+user_pref("toolkit.telemetry.archive.enabled", false);
+user_pref("toolkit.telemetry.newProfilePing.enabled", false); // [FF55+]
+user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); // [FF55+]
+user_pref("toolkit.telemetry.updatePing.enabled", false); // [FF56+]
+user_pref("toolkit.telemetry.bhrPing.enabled", false); // [FF57+] Background Hang Reporter
+user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); // [FF57+]
+/* 8503: disable Telemetry Coverage
+ * [1] https://blog.mozilla.org/data/2018/08/20/effectively-measuring-search-in-firefox/ ***/
+user_pref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
+user_pref("toolkit.coverage.opt-out", true); // [FF64+] [HIDDEN PREF]
+user_pref("toolkit.coverage.endpoint.base", "");
+
/*** [SECTION 9000]: NON-PROJECT RELATED ***/
user_pref("_user.js.parrot", "9000 syntax error: the parrot's cashed in 'is chips!");
/* 9001: disable welcome notices ***/
@@ -1223,74 +1237,6 @@ user_pref("browser.urlbar.showSearchTerms.enabled", false);
/*** [SECTION 9999]: DEPRECATED / RENAMED ***/
user_pref("_user.js.parrot", "9999 syntax error: the parrot's shuffled off 'is mortal coil!");
-/* ESR115.x still uses all the following prefs
-// [NOTE] replace the * with a slash in the line above to re-enable active ones
-// FF116
-// 4506: set RFP's font visibility level (1402) [FF94+]
- // [-] https://bugzilla.mozilla.org/1838415
- // user_pref("layout.css.font-visibility.resistFingerprinting", 1); // [DEFAULT: 1]
-// FF117
-// 1221: disable Windows Microsoft Family Safety cert [FF50+] [WINDOWS]
- // 0=disable detecting Family Safety mode and importing the root
- // 1=only attempt to detect Family Safety mode (don't import the root)
- // 2=detect Family Safety mode and import the root
- // [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/21686
- // [-] https://bugzilla.mozilla.org/1844908
-user_pref("security.family_safety.mode", 0);
-// 7018: disable service worker Web Notifications [FF44+]
- // [WHY] Web Notifications are behind a prompt (7002)
- // [1] https://blog.mozilla.org/en/products/firefox/block-notification-requests/
- // [-] https://bugzilla.mozilla.org/1842457
- // user_pref("dom.webnotifications.serviceworker.enabled", false);
-// FF118
-// 1402: limit font visibility (Windows, Mac, some Linux) [FF94+]
- // Uses hardcoded lists with two parts: kBaseFonts + kLangPackFonts [1], bundled fonts are auto-allowed
- // In normal windows: uses the first applicable: RFP over TP over Standard
- // In Private Browsing windows: uses the most restrictive between normal and private
- // 1=only base system fonts, 2=also fonts from optional language packs, 3=also user-installed fonts
- // [1] https://searchfox.org/mozilla-central/search?path=StandardFonts*.inc
- // [-] https://bugzilla.mozilla.org/1847599
- // user_pref("layout.css.font-visibility.private", 1);
- // user_pref("layout.css.font-visibility.standard", 1);
- // user_pref("layout.css.font-visibility.trackingprotection", 1);
-// 2623: disable permissions delegation [FF73+]
- // Currently applies to cross-origin geolocation, camera, mic and screen-sharing
- // permissions, and fullscreen requests. Disabling delegation means any prompts
- // for these will show/use their correct 3rd party origin
- // [1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/BdFOMAuCGW8/discussion
- // [-] https://bugzilla.mozilla.org/1697151
- // user_pref("permissions.delegation.enabled", false);
-// FF119
-// 0211: use en-US locale regardless of the system or region locale
- // [SETUP-WEB] May break some input methods e.g xim/ibus for CJK languages [1]
- // [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=867501,1629630
- // [-] https://bugzilla.mozilla.org/1846224
- // user_pref("javascript.use_us_english_locale", true); // [HIDDEN PREF]
-// 0711: disable skipping DoH when parental controls are enabled [FF70+]
- // [-] https://bugzilla.mozilla.org/1586941
-user_pref("network.dns.skipTRR-when-parental-control-enabled", false);
-// FF123
-// 0334: disable PingCentre telemetry (used in several System Add-ons) [FF57+]
- // Defense-in-depth: currently covered by 0331
- // [-] https://bugzilla.mozilla.org/1868988
-user_pref("browser.ping-centre.telemetry", false);
-// FF126
-// 9003: disable What's New toolbar icon [FF69+]
- // [-] https://bugzilla.mozilla.org/1724300
-user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
-// FF127
- // 2630: disable content analysis by DLP (Data Loss Prevention) agents - replaced by default_result
- // [-] https://bugzilla.mozilla.org/1880314
-user_pref("browser.contentanalysis.default_allow", false);
-// 4511: enforce non-native widget theme
- // Security: removes/reduces system API calls, e.g. win32k API [1]
- // Fingerprinting: provides a uniform look and feel across platforms [2]
- // [1] https://bugzilla.mozilla.org/1381938
- // [2] https://bugzilla.mozilla.org/1411425
- // [-] https://bugzilla.mozilla.org/1848899
-user_pref("widget.non-native-theme.enabled", true); // [DEFAULT: true]
-// ***/
-
/* ESR128.x still uses all the following prefs
// [NOTE] replace the * with a slash in the line above to re-enable active ones
// FF132
From 7f852e94fc80fd0aa19f1c948319974e3301187f Mon Sep 17 00:00:00 2001
From: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date: Mon, 21 Apr 2025 15:04:04 +0000
Subject: [PATCH 59/59] media.ondevicechange.enabled
---
scratchpad-scripts/arkenfox-cleanup.js | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scratchpad-scripts/arkenfox-cleanup.js b/scratchpad-scripts/arkenfox-cleanup.js
index 58a0e1f..3434fc7 100644
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@@ -6,7 +6,7 @@
There is an archived version at https://github.com/arkenfox/user.js/issues/123
if you want the full list since jesus
- Last updated: 5-March-2025
+ Last updated: 21-April-2025
Instructions:
- [optional] close Firefox and backup your profile
@@ -36,6 +36,7 @@
const aPREFS = [
/* DEPRECATED */
/* 129-140 */
+ 'media.ondevicechange.enabled', // 137
'webchannel.allowObject.urlWhitelist', // 132
/* 116-128 */
'browser.contentanalysis.default_allow', // 127