user.js v107 releases: configuring and hardening Firefox privacy, security and anti-fingerprinting
The user.js is a template that aims to provide as much privacy and enhanced security as possible and to reduce tracking and fingerprinting as much as possible – while minimizing any loss of functionality and breakage (but it will happen).
A user.js which resides in the root directory of a profile is used to set preferences for that profile when Firefox starts. Preferences are settings that control Firefox’s behavior. Some can be set from the Options interface and all can be found in about:config, except for what is called hidden preferences which will only show when they are set by the user.
That’s a bit to digest, so here is a pretty picture showing a preference with the same value as status user set/modified and default. In about:config’s search box, you can use wildcards (e.g network*policy) to save time typing, and it is case insensitive.
And why would you want a user.js?
- It is used to reset settings on a restart, making certain preferences more or less “permanent”. You can still change preferences via about:config for testing
- It can be used to migrate a lot of settings to a new profile, and can be easily modified and deployed for multiple profiles
- There are a lot of preferences in about:config. There are over 3000 firefox ones alone. A user.js is a great repository for information. For example, it can be used as a basis for mozilla.cfg files and lockprefs.
- It can help you to better understand how to protect your privacy, enhance your security, and reduce fingerprinting
Working with a user.js
Preferences must follow Mozilla’s syntax which is user_pref(“prefname”, value);. Note that the preference name must be wrapped in quotation marks, and do not forget the semi-colon at the end. The value must also be wrapped in quotation marks, but only if it is a string. Preferences are case sensitive.
- made inactive
- // user_pref(“browser.region.network.url”, “”);
- // user_pref(“browser.uitour.url”, “”);
- // user_pref(“security.mixed_content.block_display_content”, true);
- removed (now inactive in section 6050 for prefsCleaner)
- // user_pref(“dom.disable_open_during_load”, “”);
Copyright (c) 2017 ghacksuserjs