Skip to content

user.js v.119
Compare
Choose a tag to compare
@yokoffing yokoffing released this 10 Nov 16:56
119.0
4b75f95
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

📣 Release Notes

As Betterfox evolves, we are becoming more modular to respond to different needs. What is “best” depends on the use case.

Therefore, all users should, at minimum:

  1. Review Common Overrides.
  2. If you care a bit more about privacy, review Optional Hardening as well.

Add any prefs that are needed to your overrides at the bottom of the user.js file.

We invested effort into eliminating subjective prefs and responding to community feedback.

For new profiles applying Betterfox, we will:

  • 🆕 No longer disable Firefox Sync.
    • On everything from YouTube videos to Reddit to forums, this was the most common complaint among users.
    • If you want to continue to force this behavior, see here in Optional Hardening.
  • 🆕 No longer force disable the disk cache.
    • A sizeable amount of users still run a machine with 8GB or less RAM, or have bad internet speeds.
    • If you want to continue to force this behavior, see here in Optional Hardening.
    • We continue to enforce memory-only media cache in Private Browsing windows.
    • We also added bytecode compression. #247
  • No longer disable displaying your top sites when clicking on the URL bar, which is unique to Firefox.

We will continue to:

  • Disable the built-in password, credit card, and address manager.
    • However, we added a few prefs to enhance security in the user.js for users who do use the built-in credential manager.
    • If you want to use the built-in manager, see here in Common Overrides.

In addition, we:

  • Adjusted cookie banner handling to reject "optional" cookies.
  • Disabled new "trending" searches in the URL bar.
  • Reorder some prefs and added more subcategories for easier searching.
  • Modified SameSite rules so they’re strict on non-http websites.
Click me for details on SameSite rules

The SameSite cookie attribute is a way to control when and how cookies are sent to a website.

The SameSite attribute lets websites specify whether they want to receive cookies only from requests that originate from the same website (SameSite=Strict), or also from requests that originate from other websites but are top-level navigations, such as clicking a link or typing a URL in the address bar (SameSite=Lax). Alternatively, websites can explicitly allow cookies to be sent with any request, regardless of where it comes from (SameSite=None).

However, allowing cookies to be sent with any request can be risky, especially if the website uses an insecure connection (HTTP instead of HTTPS).

If a cookie does not have a SameSite attribute specified, it behaves as if SameSite=None is set. This means the cookie will be sent in both cross-site and same-site requests.

The network.cookie.sameSite.noneRequiresSecure pref changes this behavior. When enabled, it requires cookies with SameSite=None to also be marked Secure, meaning they require HTTPS.

This prevents CSRF (cross-site request forgery) attacks on plain HTTP sites. By requiring SameSite=None cookies to be Secure, it prevents malicious sites from abusing these cookies that get sent cross-site.

🦊 Firefox Release

119.0 +119.0.1

The latest Firefox brings:

  • Canvas fingerprint protection with Strict ETP, with more protections in the future 👀
    • Read more:
      • https://github.com/arkenfox/user.js/issues/1661
      • https://github.com/arkenfox/user.js/issues/1729
  • A new entry that trims https:// from the URL bar, for those of you who like a clean aesthetic.
  • Restricted font visibility to system fonts and language pack fonts in ETP strict mode to mitigate font fingerprinting.
  • Partitioning of Blob URLs, mitigating a potential tracking vector that third-party agents can use to track an individual.

💗 Community Updates

  • The Optional Hardening doc is now shown more prominently under Getting Started to accommodate more privacy-minded users.

💡 If you think an override is common enough to belong to Common Overrides or Optional Hardening, then please make a suggestion. We obviously don't want to re-create the docs, so prefs here should be reasonable.

Thank you for supporting Betterfox! ❤️

Assets 2
Loading