user.js v118 releases: configuring and hardening Firefox privacy, security and anti-fingerprinting

user.js

The user.js is a template that aims to provide as much privacy and enhanced security as possible and to reduce tracking and fingerprinting as much as possible – while minimizing any loss of functionality and breakage (but it will happen).

A user.js which resides in the root directory of a profile is used to set preferences for that profile when Firefox starts. Preferences are settings that control Firefox’s behavior. Some can be set from the Options interface and all can be found in about:config, except for what is called hidden preferences which will only show when they are set by the user.

That’s a bit to digest, so here is a pretty picture showing a preference with the same value as status user set/modified and default. In about:config’s search box, you can use wildcards (e.g network*policy) to save time typing, and it is case insensitive.

And why would you want a user.js?

• It is used to reset settings on a restart, making certain preferences more or less “permanent”. You can still change preferences via about:config for testing
• It can be used to migrate a lot of settings to a new profile, and can be easily modified and deployed for multiple profiles
• There are a lot of preferences in about:config. There are over 3000 firefox ones alone. A user.js is a great repository for information. For example, it can be used as a basis for mozilla.cfg files and lockprefs.
• It can help you to better understand how to protect your privacy, enhance your security, and reduce fingerprinting

Working with a user.js

The user.js file is a javascript file and is text-based. If you use Windows, make sure you unhide extensions for known filetypes in Folder Options, so that the file isn’t really called user.js.txt. It is recommended that you use an editor that supports syntax highlighting. You can edit and work on your user.js while Firefox is open, it is only ever read when Firefox is started.

Preferences must follow Mozilla’s syntax which is user_pref(“prefname”, value);. Note that the preference name must be wrapped in quotation marks, and do not forget the semi-colon at the end. The value must also be wrapped in quotation marks, but only if it is a string. Preferences are case sensitive.

Changelog v118

• new
  • user_pref(“browser.download.start_downloads_in_tmp_dir”, true);
  • user_pref(“browser.shopping.experience2023.enabled”, false);
  • user_pref(“browser.urlbar.addons.featureGate”, false);
  • user_pref(“browser.urlbar.mdn.featureGate”, false);
  • user_pref(“browser.urlbar.pocket.featureGate”, false);
  • user_pref(“browser.urlbar.trending.featureGate”, false);
  • user_pref(“browser.urlbar.weather.featureGate”, false);
• new but inactive
  • // user_pref(“browser.urlbar.clipboard.featureGate”, false);
  • // user_pref(“network.trr.bootstrapAddr”, “10.0.0.1”);
  • // user_pref(“privacy.fingerprintingProtection”, true);
• removed (in section 6050s for prefsCleaner)
  • // user_pref(“accessibility.force_disabled”, “”);
  • // user_pref(“browser.fixup.alternate.enabled”, “”);
  • // user_pref(“browser.urlbar.dnsResolveSingleWordsAfterSearch”, “”);
  • // user_pref(“privacy.partition.always_partition_third_party_non_cookie_storage”, “”);
  • // user_pref(“privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage”, “”);
  • // user_pref(“privacy.partition.serviceWorkers”, “”);
• deprecated
  • // user_pref(“layout.css.font-visibility.private”, 1);
  • // user_pref(“layout.css.font-visibility.standard”, 1);
  • // user_pref(“layout.css.font-visibility.trackingprotection”, 1);
  • // user_pref(“permissions.delegation.enabled”, false);

Download && Use

Copyright (c) 2017 ghacksuserjs