{ /*** [SECTION 4500]: RFP (RESIST FINGERPRINTING) RFP covers a wide range of ongoing fingerprinting solutions. It is an all-or-nothing buy in: you cannot pick and choose what parts you want [WARNING] DO NOT USE extensions to alter RFP protected metrics [WARNING] DO NOT USE prefs in section 4600 with RFP as they can interfere FF41+ 418986 - limit window.screen & CSS media queries leaking identifiable info [TEST] https://arkenfox.github.io/TZP/tzp.html#screen FF50+ 1281949 - spoof screen orientation 1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50+) FF55+ 1330890 - spoof timezone as UTC 0 1360039 - spoof navigator.hardwareConcurrency as 2 (see 4601) 1217238 - reduce precision of time exposed by javascript FF56+ 1369303 - spoof/disable performance API (see 4602, 4603) 1333651 - spoof User Agent & Navigator API (see section 4700) JS: FF78+ the version is spoofed as ESR, and the OS as Windows 10, OS 10.15, Android 9 (FF91+ as 10), or Linux HTTP Headers: spoofed as Windows or Android 1369319 - disable device sensor API (see 4604) 1369357 - disable site specific zoom (see 4605) 1337161 - hide gamepads from content (see 4606) 1372072 - spoof network information API as "unknown" when dom.netinfo.enabled = true (see 4607) 1333641 - reduce fingerprinting in WebSpeech API (see 4608) FF57+ 1369309 - spoof media statistics (see 4610) 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) 1217290 & 1409677 - enable some fingerprinting resistance for WebGL 1382545 - reduce fingerprinting in Animation API 1354633 - limit MediaError.message to a whitelist 1382533 & 1697680 - enable fingerprinting resistance for Presentation API (FF57-87) This blocks exposure of local IP Addresses via mDNS (Multicast DNS) FF58+ 967895 - spoof canvas and enable site permission prompt before allowing canvas data extraction FF59+ 1372073 - spoof/block fingerprinting in MediaDevices API Spoof: enumerate devices reports one "Internal Camera" and one "Internal Microphone" if media.navigator.enabled is true (see 4612) Block: suppresses the ondevicechange event (see 4613) 1039069 - warn when language prefs are set to non en-US (see 0210, 0211) 1222285 & 1433592 - spoof keyboard events and suppress keyboard modifier events Spoofing mimics the content language of the document. Currently it only supports en-US. Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected. FF60-67 1337157 - disable WebGL debug renderer info (see 4614) (FF60+) 1459089 - disable OS locale in HTTP Accept-Language headers (ANDROID) (FF62+) 1479239 - return "no-preference" with prefers-reduced-motion (see 4615) (FF63+) 1363508 - spoof/suppress Pointer Events (see 4616) (FF64+) FF65: pointerEvent.pointerid (1492766) 1485266 - disable exposure of system colors to CSS or canvas (see 4617) (FF67+) 1407366 - enable inner window letterboxing (see 4504) (FF67+) 1494034 - return "light" with prefers-color-scheme (see 4618) (FF67+) FF68-77 1564422 - spoof audioContext outputLatency (see 4619) (FF70+) 1595823 - return audioContext sampleRate as 44100 (see 4619) (FF72+) 1607316 - spoof pointer as coarse and hover as none (ANDROID) (FF74+) FF78-90 1621433 - randomize canvas (previously FF58+ returned an all-white canvas) (FF78+) 1653987 - limit font visibility to bundled and "Base Fonts" (see 4620) (Windows, Mac, some Linux) (FF80+) 1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82+) ***/ /* 4501: enable privacy.resistFingerprinting [FF41+] * [SETUP-WEB] RFP can cause the odd website to break in strange ways, and has a few side affects, * but is largely robust nowadays. Give it a try. Your choice. Also see 4504 (letterboxing). * [1] https://bugzilla.mozilla.org/418986 ***/ "privacy.resistFingerprinting" = true; /* 4502: set new window sizes to round to hundreds [FF55+] [SETUP-CHROME] * Width will round down to multiples of 200s and height to 100s, to fit your screen. * The override values are a starting point to round from if you want some control * [1] https://bugzilla.mozilla.org/1330882 ***/ # // user_pref("privacy.window.maxInnerWidth", 1000); # // user_pref("privacy.window.maxInnerHeight", 1000); /* 4503: disable mozAddonManager Web API [FF57+] * [NOTE] To allow extensions to work on AMO, you also need 2662 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ "privacy.resistFingerprinting.block_mozAddonManager" = true; # [HIDDEN PREF] /* 4504: enable RFP letterboxing [FF67+] * Dynamically resizes the inner window by applying margins in stepped ranges [2] * If you use the dimension pref, then it will only apply those resolutions. The format is * "width1xheight1, width2xheight2, ..." (e.g. "800x600, 1000x1000, 1600x900") * [SETUP-WEB] This does NOT require RFP (see 4501) **for now**, so if you're not using 4501, or you are but * dislike margins being applied, then flip this pref, keeping in mind that it is effectively fingerprintable * [WARNING] DO NOT USE: the dimension pref is only meant for testing * [1] https://bugzilla.mozilla.org/1407366 * [2] https://hg.mozilla.org/mozilla-central/rev/6d2d7856e468#l2.32 ***/ "privacy.resistFingerprinting.letterboxing" = true; # [HIDDEN PREF] # // user_pref("privacy.resistFingerprinting.letterboxing.dimensions", ""); // [HIDDEN PREF] /* 4505: experimental RFP [FF91+] * [WARNING] DO NOT USE unless testing, see [1] comment 12 * [1] https://bugzilla.mozilla.org/1635603 ***/ # // user_pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); # // user_pref("privacy.resistFingerprinting.testGranularityMask", 0); /* 4510: disable showing about:blank as soon as possible during startup [FF60+] * When default true this no longer masks the RFP chrome resizing activity * [1] https://bugzilla.mozilla.org/1448423 ***/ "browser.startup.blankWindow" = false; /* 4520: disable chrome animations [FF77+] [RESTART] * [NOTE] pref added in FF63, but applied to chrome in FF77. RFP spoofs this for web content ***/ "ui.prefersReducedMotion" = 1; # [HIDDEN PREF] }