s83/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

mirror of https://github.com/arkenfox/user.js.git synced 2025-04-30 22:13:40 +02:00

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening

anti-fingerprinting anti-tracking arkenfox firefox mozilla privacy security settings

Find a file

Thorin-Oakenpants 3207478033 make 2803 inactive: thirdparty.sessionOnly reasons why - third party cookies are NOT are not real ... they are partitioned to the first party (with dFPI) - at the very least nonsecure is redundant - no one in this day and age is going to want the config of keeping all secure but not insecure, it doesn't make any sense: especially since 85% (from memory) of traffic from telemetry is secure, and 70+% of the top 1M sites are secure ( https://scotthelme.co.uk/top-1-million-analysis-november-2021/ shows almost 72% of the sites in the Top 1 Million now actively _redirecting_ traffic to use HTTPS) - in other words, the reasons for keeping secure cookies (like banks, logins) but ditching the rest in the old days are over as being secure is not a distinction, but the norm - we previously blocked all third party cookies, so this was never really used - we then moved to lifetime pref = 2 (which makes everything session only), so again, this isn't really adding anything - we sanitize on close (always have) - we will be moving off lifetime pref (because deprecation), but we still sanitize on close - when we move off lifetime pref, I think these prefs could cause issues with dFPI / sanitizing (wouldn't surprise me: they are old and outdated as a concept), and I think we're better off making them inactive We could also remove them. If that's not enough to convince you, then I have no more words		2022-05-10 15:03:36 +00:00
.github/ISSUE_TEMPLATE	Update troubleshooting-help.md	2022-02-27 10:44:04 +00:00
scratchpad-scripts	long standing defaults	2022-05-09 19:25:18 +00:00
wikipiki	Add files via upload	2022-02-25 23:15:01 +13:00
.gitattributes	Update .gitattributes	2019-06-26 13:32:12 +00:00
.travis.yml	Added Travis CI configuration	2017-03-01 00:11:05 +02:00
_config.yml	migration: cleanup code references	2020-09-15 06:07:32 +00:00
LICENSE.txt	Update LICENSE.txt	2020-09-15 04:19:03 +00:00
prefsCleaner.bat	v2.4 - add strlen check for prefs.js	2021-01-17 15:27:50 +00:00
prefsCleaner.sh	Made prefsCleaner.sh executable (#1416 )	2022-04-08 07:03:43 +00:00
README.md	Update README.md	2022-01-30 08:53:08 +00:00
updater.bat	Update wiki link for updater options (#1364 )	2022-02-06 12:23:20 +00:00
updater.sh	Update updater.sh	2022-03-19 07:47:46 +00:00
user.js	make 2803 inactive: thirdparty.sessionOnly	2022-05-10 15:03:36 +00:00

README.md

🟪 user.js

A user.js is a configuration file that can control Firefox settings - for a more technical breakdown and explanation, you can read more in the wiki

🟩 the arkenfox user.js

The arkenfox user.js is a template which aims to provide as much privacy and enhanced security as possible, and to reduce tracking and fingerprinting as much as possible - while minimizing any loss of functionality and breakage (but it will happen).

Everyone, experts included, should at least read the wiki, as it contains important information regarding a few user.js settings.

Note that we do not recommend connecting over Tor on Firefox. Use the Tor Browser if your threat model calls for it, or for accessing hidden services.

Also be aware that the arkenfox user.js is made specifically for desktop Firefox. Using it as-is in other Gecko-based browsers can be counterproductive, especially in the Tor Browser.

🟧 sitemap

🟥 acknowledgments

Literally thousands of sources, references and suggestions. Many thanks, and much appreciated.