K-Meleon on Goanna :  K-Meleon Forum
Building K-Meleon on top of the Goanna engine 
Pages: 12Next
Current Page: 1 of 2
Testing better privacy & security settings for KMeleon + travelling USB devices
Posted by: J.G.
Date: December 30, 2017 08:19PM

Mostly all security tweaks have been found here:
https://forum.palemoon.org/viewtopic.php?t=13486
The rest have been added following @hermes and @callahan advices.

Main post about all these tweaks for K-Meleon here:
http://kmeleonbrowser.org/forum/read.php?19,144468,144512#msg-144512
Thank you @siria for all your recommendations and useful help also.

- Deleted previous content to avoid get confused by older values.



Edited 12 time(s). Last edit at 03/05/2018 04:18PM by J.G..

Options: ReplyQuote
Re: [TEST] KM76-Goanna 3.4.1 (Build 20171223)
Posted by: hermes
Date: December 30, 2017 08:43PM

About two years ago, I was engaged a similar question. As a result, made a configuration file for KM. Much had to bring, as part of settings causes failure for many sites. More of all it is necessary to be careful in blocking so-called weak encryption (128 bits). Setup for advanced default protection is not universal. And every single case it is impossible to foresee. For myself, I have set up, but this required multiple experiments of trial and error. But my setup bad for fans of social networks.
...
For example, I completely turn off OCSP mechanism to reduce communication with not production server. Someone may call it a reduction of protection, but tests over the years suggest otherwise. This way, a good recommendation when working with tor (or similar networks).

Do note, when you request something look in about:networking (very useful). Sometimes even query search engines require so many third-party servers... immediately obvious why need filters for URL.



Edited 6 time(s). Last edit at 12/30/2017 09:13PM by hermes.

Options: ReplyQuote
Re: [TEST] KM76-Goanna 3.4.1 (Build 20171223)
Posted by: J.G.
Date: December 30, 2017 09:16PM

Quote
siria
This is a HUGE theme, and a general subject, prefs apply to older KM-versions too.
Perhaps better make this a separate thread? Title something like Better Pricacy Security settings, just as example?

@Hermes, your words make sense, it's a complex and useful theme.
@Siria, As you wish, I love the way you keep organized this forum! smiling smiley

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: Yogi
Date: December 30, 2017 10:21PM

Somehow related to prefs. Which Firefox version stands as code base for actual Goanna fork?

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: J.G.
Date: December 30, 2017 11:06PM

Quote
siria
@JG, you can update the subject yourself, as you like it?
The first posting is the most important one regarding titles, this appears in the subforum view.

Topic's title updated following your nice suggestion about privacy & security. smiling smiley

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: J.G.
Date: December 30, 2017 11:18PM

Quote
Yogi
Somehow related to prefs. Which Firefox version stands as code base for actual Goanna fork?

Using @Siria's extension:

(Current GLOBAL settings. Can NOT check site exceptions!)

K-MELEON VERSION = 0 (from platform.ini)
BuildID=20171223100831 / Gecko=3.4.1

GENERAL.USERAGENT.OVERRIDE (fake) ==>
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.9) Gecko/20100101 Firefox/52.9;
general.useragent.compatMode.firefox = true
general.useragent.vendor + vendorSub =
-----
network.cookie.cookieBehavior = 0 (0=all, 1=domain, 2=none, 3=special, 8=session?)
network.http.sendRefererHeader = 2 (HTTP 0=No, 1=links, 2=links+images)
network.http.sendSecureXSiteReferrer = true (HTTPS)
dom.disable_image_src_set = false ('true' can block maps, captchas etc)
kmeleon.adblocking = false ('true' can block too much)
(If you have other AdBlock-tools installed, check them manually)
-----
security.enable_ssl3 = false (old unsafe)
security.tls.version.min = 1 (TLS 0=SSL3, 1=TLS 1.0, 2=TLS1.1, 3=TLS 1.2)
security.tls.version.max = 4


After applied this script I can see now the about: addons pictures and text.
It also opens some tabs and one window:
chrome://console2/content/blank.html
about:
about: config
about: permissions
about: addons
error console

confused smiley



Edited 2 time(s). Last edit at 12/30/2017 11:24PM by J.G..

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: siria
Date: December 30, 2017 11:36PM

Uhm no, Yogis question was for the Firefox version (probably rather Gecko, at any rate Goanna-question for roytam)

But at least we can now be sure you're using the latest test build, from 20711223 grinning smiley

Sigh, that macro is still only half-finished, too busy yet with other stuff :-/

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: hermes
Date: December 31, 2017 12:19AM

Quote
Yogi
Which Firefox version stands as code base for actual Goanna fork?

rv:52.9) ... Firefox/52.9 (almost ESR branch + patches and changes)



Edited 4 time(s). Last edit at 12/31/2017 12:26AM by hermes.

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: roytam1
Date: December 31, 2017 12:33AM

Quote
hermes
Quote
Yogi
Which Firefox version stands as code base for actual Goanna fork?

rv:52.9) ... Firefox/52.9 (almost ESR branch + patches and changes)

Goanna pretends so, but its actual codebase is 38ESR with various fixes from 38~57.

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: hermes
Date: December 31, 2017 01:16AM

Ie sometimes even to 57? smiling smiley colossally!

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: J.G.
Date: December 31, 2017 03:18AM

- Content deleted to avoid get confused about old values.



Edited 7 time(s). Last edit at 01/08/2018 02:38PM by J.G..

Options: ReplyQuote
Re: Better Privacy Security settings?
Posted by: J.G.
Date: December 31, 2017 02:57PM

------------------------------------
Final Tweaks tested
- Updated 20180416
Advice: if not sure, test them with one 'cloned' KMeleon folder.
------------------------------------

Recommended elevated privacy and security for travelling USB devices.
All tweaks are reversible. Any issue found will be informed in this post. smiling smiley

Following @siria recommendations, all these settings can be added all together to prefs.js file located at profile folder of any KMeleon and KMeleon Goanna too, just copy and paste the next useful lines:

user_pref("beacon.enabled", false);
user_pref("browser.cache.disk_cache_ssl", false);
user_pref("browser.cache.disk.enable", false);
user_pref("browser.link.open_newwindow.restriction", 0);
user_pref("camera.control.face_detection.enabled", false);
user_pref("canvas.poisondata", true);
user_pref("device.sensors.enabled", false);
user_pref("dom.disable_window_flip", false);
user_pref("dom.disable_window_open_feature.resizable", false);
user_pref("dom.disable_window_open_feature.status", false);
user_pref("dom.disable_window_showModalDialog", false);
user_pref("dom.enable_performance", false);
user_pref("dom.enable_resource_timing", false);
user_pref("dom.enable_user_timing", false);
user_pref("dom.idle-observers-api.enabled", false);
user_pref("dom.ipc.plugins.enabled.npietab2.dll", false);
user_pref("dom.ipc.plugins.enabled.npswf32.dll", false);
user_pref("dom.keyboardevent.code.enabled", false);
user_pref("dom.popup_allowed_events", "click");
user_pref("dom.server-events.enabled", false);
user_pref("dom.sms.requestStatusReport", false);
user_pref("dom.storage.default_quota", 0);
user_pref("dom.storage.enabled", false);
user_pref("dom.workers.sharedWorkers.enabled", false);
user_pref("dom.workers.websocket.enabled", false);
user_pref("geo.enabled", false);
user_pref("gfx.font_rendering.graphite.enabled", false);
user_pref("javascript.options.asmjs", false);
user_pref("kmeleon.favicons.cached", false);
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.identity.timeout", 0);
user_pref("media.peerconnection.turn.disable", true);
user_pref("media.peerconnection.video.enabled", false);
user_pref("network.automatic-ntlm-auth.allow-proxies", false);
user_pref("network.negotiate-auth.allow-proxies", false);
user_pref("network.protocol-handler.external.ms-windows-store", false);
user_pref("network.protocol-handler.external.news", false);
user_pref("network.protocol-handler.external.nntp", false);
user_pref("network.protocol-handler.external.snews", false);
user_pref("network.websocket.enabled", false);
user_pref("network.websocket.max-connections", 0);
user_pref("network.websocket.max-message-size", 0);
user_pref("network.websocket.timeout.close", 0);
user_pref("network.websocket.timeout.open", 0);
user_pref("network.websocket.timeout.ping.request", 0);
user_pref("network.websocket.timeout.ping.response", 0);
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
user_pref("security.ssl3.dhe_rsa_camellia_128_sha", false);
user_pref("security.ssl3.dhe_rsa_camellia_256_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
user_pref("security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256", false);
user_pref("security.ssl3.rsa_aes_128_sha", false);
user_pref("security.ssl3.rsa_aes_256_gcm_sha384", false);
user_pref("security.ssl3.rsa_aes_256_sha", false);
user_pref("security.ssl3.rsa_aes_256_sha256", false);
user_pref("security.ssl3.rsa_camellia_128_sha", false);
user_pref("security.ssl3.rsa_camellia_256_sha", false);
user_pref("security.ssl3.rsa_camellia_256_sha", false);
user_pref("security.tls.unrestricted_rc4_fallback", false); 
user_pref("security.tls.insecure_fallback_hosts.use_static_list", false); 
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); 
user_pref("security.ssl.false_start.require-npn", true); 
user_pref("security.OCSP.GET.enabled", false); 
user_pref("security.OCSP.enabled", 0); 
user_pref("security.OCSP.require", false); 
user_pref("security.ssl.enable_ocsp_stapling", false);
user_pref("security.xpconnect.plugin.unrestricted", false);
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");
user_pref("webgl.disable-extensions", true);
user_pref("webgl.disabled", true);
user_pref("webgl.min_capability_mode", true);


Further explanations about prefs.js can be read at this post by @siria:
http://kmeleonbrowser.org/forum/read.php?19,144468,144897#msg-144897
@Hermes thank you for your valuable recommendations.
@callahan thank you for your advice about 'weak':
https://www.ssllabs.com/ssltest/viewMyClient.html

Sources of these security/privacy tweaks:
https://forum.palemoon.org/viewtopic.php?t=13486
https://www.heise.de/forum/heise-online/News-Kommentare/Frankreich-laesst-Google-buessen/Google-Co-im-Firefox-loeschen/thread-1264641/#posting_7080470
smiling smiley



Edited 43 time(s). Last edit at 04/16/2018 01:41PM by J.G..

Options: ReplyQuote
Re: Better Privacy & Security settings for KMeleon Goanna (and other versions too) smiling smiley
Posted by: roytam1
Date: January 01, 2018 01:06AM

Quote
J.G.
I have been surfing for a while to find tweaks for Goanna engine and I found some from a german user of Palemoon named dark_moon, and probably they were applied to Goanna browser due that they were recommended in 2016 (and Goanna was merged to Palemoon in 2015 if I am right). Those tweaks seem important for privacy and security, so I ask the KM forum about the importance of these tweaks in order to be added to KM-Goanna or not.

https://forum.palemoon.org/viewtopic.php?t=13486

* I just copy and paste them because its too long text:
-
disable unsecure ciphers
:: 128 bits ::
security.ssl3.rsa_camellia_128_sha false
security.ssl3.ecdhe_rsa_aes_128_sha false
security.ssl3.ecdhe_ecdsa_aes_128_sha false
security.ssl3.dhe_rsa_camellia_128_sha false
security.ssl3.dhe_rsa_aes_128_sha false


:: 3DES < 128bits - http://www-archive.mozilla.org/projects ... uites.html
:: https://en.wikipedia.org/wiki/3des#Security + http://en.citizendium.org/wiki/Meet-in- ... dle_attack ::
fehlt security.ssl3.dhe_rsa_des_ede3_sha false
fehlt security.ssl3.ecdhe_rsa_des_ede3_sha false
security.ssl3.rsa_des_ede3_sha false


:: 256bits without PFS ::
security.ssl3.rsa_camellia_256_sha false

:: Susceptible to the logjam attack - https://weakdh.org ::
security.ssl3.dhe_rsa_camellia_256_sha false
security.ssl3.dhe_rsa_aes_256_sha false


:: DSA max 1024bits ::
fehlt security.ssl3.dhe_dss_aes_128_sha false
fehlt security.ssl3.dhe_dss_aes_256_sha false


:: don't found any problems but maybe let it on for compatibility ::
security.ssl3.rsa_aes_128_sha false
security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256 false
security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256 false

-
disable DOM windows manipulation
dom.disable_window_* true
-
disable network API - fingerprinting vector (doesn't exist in Pale Moon 27. Don't know if the setting does anything)
fehlt dom.network.enabled false
-
block extern protocols
network.protocol-handler.external.nntp false
network.protocol-handler.external.snews false
network.protocol-handler.external.ms-windows-store false
network.protocol-handler.external.news false

-
disable idle (mous+keyboard) observation
dom.idle-observers-api.enabled false
-
limit JavaScript popup windows if you click on a link which request >2 windows (to avoid window spam)
dom.popup_allowed_events <click>
-
addon security - CIS 2.7.4 Disable Scripting of Plugins by JavaScript
security.xpconnect.plugin.unrestricted false
-
disable timing attacks - javascript performance fingerprinting - https://wiki.mozilla.org/Security/Revie ... nTimingAPI
dom.enable_performance false
-
disable asmjs (http://asmjs.org/ ; https://www.mozilla.org/en-US/security/ ... sa2015-29/ ; https://www.mozilla.org/en-US/security/ ... sa2015-50/ ; https://cve.mitre.org/cgi-bin/cvename.c ... -2015-2712
javascript.options.asmjs false
-
block supercookie
dom.sms.requestStatusReport false
dom.server-events.enabled false

-
disable websocket - websockets can break the Firewall: http://debianforum.de/forum/viewtopic.php?f=37&t=151571 (doesn't exist in Pale Moon 27. Don't know if the setting does anything)
network.websocket.enabled false
network.websocket.max-* 1
network.websocket.timeout* 1

-
disable WebGL - potential security risk: http://security.stackexchange.com/quest ... ty-concern & http://www.contextis.com/resources/blog ... loitation/ */
webgl.disabled true
webgl.min_capability_mode true
webgl.disable-extensions true

-
disable links opening in a new window
https://trac.torproject.org/projects/tor/ticket/9881
test url: https://people.torproject.org/~gk/misc/ ... sktop.html
You can still right click a link and select open in a new window. This is to stop malicious window sizes and screen res leaks etc
in conjunction with
dom.disable_window_move_resize=true
browser.link.open_newwindow.restriction 0
-
disable device sensor API - fingerprinting vector - https://wiki.mozilla.org/Sensor_API
device.sensors.enabled false
-
disable vulnerable font - https://wiki.mozilla.org/Features/Platf ... nt_shaping (its fixed in Pale Moon already, but i see no reason to used that font anyway)
gfx.font_rendering.graphite.enabled false
-
use Pale Moon internal canvas poison
canvas.poisondata true
-
disable beacon - websites can used this to send data (ArrayBufferView, Blob, DOMString, FormData) before user leave the site
beacon.enabled false
-
disable MediaDevices - don't send infos about camera, microphone, sound (hardware fingerprint)
https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices
part of WebRTC - see: media.peerconnection.enabled
media.navigator.enabled false
camera.control.face_detection.enabled false
-
disable WebRTC
media.gmp-manager.url <>
media.peerconnection.enabled false // [boolean] whether to enable WebRTC - Real-Time Communications between peers for voice, video, file and desktop sharing, etc. - potential security/privacy risk - WebRTC can be controlled with HTTP UserAgaent cleaner
media.peerconnection.identity.timeout 1
media.peerconnection.turn.disable true
media.peerconnection.video.enabled false

-
disable keyboard tracking - https://bugzilla.mozilla.org/show_bug.cgi?id=865649
dom.keyboardevent.code.enabled false
-
disable social stuff - if you doesn't need it
social.remote-install.enabled false
social.directories <>
social.toast-notifications.enabled false
social.whitelist <>

-
proxie hardening
network.negotiate-auth.allow-proxies false
network.automatic-ntlm-auth.allow-proxies false

-
network hardening
dom.workers.websocket.enabled false
dom.enable_resource_timing false
dom.enable_user_timing false
dom.ipc.plugins.enabled false // [boolean] whether to allow JS to discover plugins
dom.workers.sharedWorkers.enabled false

-

Latest KM-Goanna has none of them applied by default. confused smiley

for SSL/TLS, you may check https://www.howsmyssl.com/
some outdated/insecure encryption methods are already disabled by Goanna engine.

and IIRC WebRTC is already removed in Goanna.

Options: ReplyQuote
Re: Better Privacy & Security settings for KMeleon Goanna (and other versions too) smiling smiley
Posted by: J.G.
Date: January 01, 2018 04:33AM

Quote
roytam1
(...)
for SSL/TLS, you may check https://www.howsmyssl.com/
some outdated/insecure encryption methods are already disabled by Goanna engine.

(...)

About SSL/TLS, I browse everywhere with only this six:
security.ssl3.ecdhe_ecdsa_aes_256_sha
security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384
security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256
security.ssl3.ecdhe_rsa_aes_256_sha
security.ssl3.ecdhe_rsa_aes_256_gcm_sha384
security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256

And about the rest of the tweaks, they worked for me (e.g. no error 804b000c).
I recommended to unblock one 128 cypher after @Hermes suggestions about security for security.ssl3.ecdhe_rsa_aes_128_sha to true. However I always blocked all 128 and left only those six of above and I have never found a major problem while browsing. If somebody found one problem with them, let me know the site and the required 128/256 cypher if possible. smiling smiley

Edited: if you prefer other choice than security.ssl3.ecdhe_rsa_aes_128_sha you can give a try to security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 for some old or non updated sites.



Edited 4 time(s). Last edit at 01/01/2018 04:27PM by J.G..

Options: ReplyQuote
Re: Better Privacy & Security settings for KMeleon Goanna (and other versions too) smiling smiley
Posted by: J.G.
Date: January 01, 2018 02:00PM

Quote
roytam1
(...)
and IIRC WebRTC is already removed in Goanna.

Sorry for the delay to answer but I have some folders of KMeleon and I was updating the new version. Now I open only the folder needed for tweaking something and I work mainly with the direct access of the icons to avoid more confusion. Anyway, you are right, there is no WebRTC support in KM-Goanna latest version 20180101:

https://www.webrtc-experiment.com/DetectRTC/

Operating System Windows version: 8
# Browser Firefox version: 52.9
Private browsing? Nope
# Display resolutions 1366 x 768
# Display aspect ratio 1.78
# System has Speakers? Nope
# System has Microphone? Nope
# System has Webcam? Nope
# Website has webcam permissions? Nope
# Website has microphone permissions? Nope
# Browser allows getUserMedia on this page? Nope
# Can you change output audio devices?
Nope
# Can you change camera resolutions without making new getUserMedia request?
Nope
# Browser Supports WebRTC (Either 1.0 or 1.1)? Nope
# Browser Supports ORTC (WebRTC 1.1)? Nope
# Can you replace tracks without renegotiating peers?
Nope
# Can your browser record remote audio or process remote audio stream in WebAudio API? Yep
# Browser Supports WebSockets API? Yep
# Your system blocked WebSockets protocol or WebSockets server is not accessible? Nope
# Browser Supports WebAudio API? Yep
# Browser Supports SCTP Data Channels? Yep
# Browser Supports RTP Data Channels? Nope
# This page Supports Screen Capturing API? Yep
# Is this browser supports multi-monitor selection & capturing screen of any monitor? Yep
# Is it a mobile device? Nope
# Is Browser Supports Stream Capturing from Canvas? Yep
# Is Browser Supports Stream Capturing from Video? Yep
# Is Browser Supports Promises? Yep
# Click to show IP addresses

smiling smiley

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 07, 2018 06:51PM

What I keep wondering: are you aware you can collect all your desired settings into a separate defaults file?



Edited 1 time(s). Last edit at 01/07/2018 06:52PM by siria.

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: J.G.
Date: January 07, 2018 07:21PM

Quote
siria
What I keep wondering: are you aware you can collect all your desired settings into a separate defaults file?

I never added this big amount of tweaks to about.config before, so I don't know how to do it exactly for new profiles. If any suggestion in that way may be provided, please help. It would be very useful. smiling smiley

* Added dom.storage.enabled false, dom.storage.default_quota 0

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 07, 2018 08:04PM

You really entered all that manually on about:config? Ouf...

There are several possiblities, all by storing the pref collection in a *.js file. Nothing scary, it's not a script inside, just a collection of pref-lines. As example, look at those in KM/browser/defaults/preferences/*.js, and you'll already get the idea. You can also write comments inside.

After putting your list together, you can put it either:

1) in defaults/preferences
start lines in betterprivsecprefs.js (?) with pref("...
That will make them "default" prefs, available in all profiles, also new ones. Such settings you can change during session, that means the new setting will be non-default and now gets stored in profile/prefs.js. It remains there permanently, until some day you decide to reset one or many to "default", by double-click or right-click or by macro. That will remove it from prefs.js again and the value from preferences folder appears again.

2) or store your collection file in your PROFILE folder, in the already existing file "user.js". Two options:

2a) start lines in user.js with user_pref("...
Then they become "STARTUP" prefs. During session they can be changed like normal ones, and are written to prefs.js, but at next startup the values in "user.js" will have priority and become active again. This is a "read-only" file for the browser, except a few special prefs on top, above that warning line. But below it you can write what you want.

2b) start lines in user.js with lock_pref("...
Then they bekome LOCKED, and nothing can change them during session, not even yourself. Only when the browser is CLOSED you can manually change them.

ATTENTION, the syntax is important and slightly different among those options. Also important, for INT prefs, there must be no " " around the numbers. And neither around true+false, only around "STRING" prefs, that means normal text.

How to COLLECT that list now again?
Partly you can copy the lines from prefs.js, but it holds only the non-default settings.
The others you'll have to find either in another defaults pref file (attention duplicates?) or just write them out manually again.

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: J.G.
Date: January 07, 2018 08:36PM

Quote
siria
You really entered all that manually on about:config? Ouf...

There are several possiblities, all by storing the pref collection in a *.js file. Nothing scary, it's not a script inside, just a collection of pref-lines. As example, look at those in KM/browser/defaults/preferences/*.js, and you'll already get the idea. You can also write comments inside.
(...)
How to COLLECT that list now again?
Partly you can copy the lines from prefs.js, but it holds only the non-default settings.
The others you'll have to find either in another defaults pref file (attention duplicates?) or just write them out manually again.

Best post ever, very useful! I will edit the file at profile folder, to keep it for future updates of KMeleon-Goanna (I just copy and paste the entire profile to the unzipped main folder before execute k-meleon.exe, you know). Thank you very much @siria, I will read again carefully this useful post; I haved added a link to these instructions in my post. smiling smiley

Also I liked more the lock_pref choice due to security/privacy reasons. tongue sticking out smiley

http://kmeleonbrowser.org/forum/read.php?19,144468,144512#msg-144512



Edited 2 time(s). Last edit at 01/07/2018 09:06PM by J.G..

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 07, 2018 10:18PM

Glad if it helps smiling smiley
Have heard of those possibilites only way too late myself. One of those things you wish for YEARS that it should be possible somehow and some day realize shocked: it WAS already possible, all the time - Oops...
Similar like all those permissions.default.xx prefs, also missed for way too many years although long since existing. Argh.

Thanks for the reminder about howto-install, please check again in a week or so and if necessary drop me a note again...

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: J.G.
Date: January 07, 2018 10:52PM

Quote
siria
Glad if it helps smiling smiley
Have heard of those possibilites only way too late myself. One of those things you wish for YEARS that it should be possible somehow and some day realize shocked: it WAS already possible, all the time - Oops...
Similar like all those permissions.default.xx prefs, also missed for way too many years although long since existing. Argh.

Thanks for the reminder about howto-install, please check again in a week or so and if necessary drop me a note again...

Instructions for user.js user_pref, pref, and locked_pref don't work with KM-Goanna 20180107, tried multiple combinations in both default and profile folders with no success. They don't override about.config settings (mainly if changes were made manually at about.config). confused smiley


- Some content deleted to avoid get confused about old values.



Edited 5 time(s). Last edit at 01/08/2018 02:38PM by J.G..

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 07, 2018 11:12PM

Hmm.... hope they haven't removed that options, but there's hope yet. Meant to post this line from my own user.js, but looks like forgot it above:
// IMPORTANT: no syntax error in here, or the whole file is ignored!!

Perhaps Goanna is just less fault-tolerant? or perhaps you still have those entries defined elsewhere in 76Pro, perhaps prefs.js or whatever...

Anyway, what I've found at a first glance so far:
-the last line is missing a closing ")"
-the pref for media.navigator is missing a comma
-several empty string prefs have no empty quotes "" after the comma, to indicate they are STRING type (although no idea if it matters)

PS: posting the same package in 3 versions is a bit overkill, mass-replacing is easy ;-)

Quote

They don't override about.config settings (mainly if changes were made manually at about.config)

That depends where they are, and if they are simple prefs in default folder: then about:config (=prefs.js) has priority, because "user" settings overrule "default" settings...
And if they are in user.js, the browser must first be fully closed and restarted to "import" that file again...



Edited 1 time(s). Last edit at 01/07/2018 11:21PM by siria.

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: J.G.
Date: January 07, 2018 11:43PM

@siria
yes, you were completely right, prefs.js overrides all user.js settings!
Also you have found some syntax mistakes very quickly, so amazing, thanks!
smiling smiley



Edited 1 time(s). Last edit at 01/07/2018 11:45PM by J.G..

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 07, 2018 11:57PM

Quote
J.G.
yes, you were completely right, prefs.js overrides all user.js settings!

Uhm, no, it shouldn't... at least not after next restart! Unless with "user.js" you do NOT mean the file "user.js" in the profile??
Priority should have if I'm not mistaken (?):

1) Profiles/.../user.js with "lock_pref" (=not changeable)
2) Profiles/.../user.js with "user_pref" (=at startup)
3) Profiles/.../prefs.js (=non-default, user-settings)
4) defaults/preferences/*.js (=default)

(other sources are macros etc., they can change prefs during session, but probably no lock-prefs)



Edited 2 time(s). Last edit at 01/08/2018 12:08AM by siria.

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 08, 2018 12:12AM

Ah... just remember something!
Some days ago have noticed a strange behaviour on GOANNA on about:config
Bold user-prefs did NOT vanish when they had the same value as default?? They remainded bold?
But haven't investigated that further yet... may be mistaken... and perhaps one of the new engine fixes helped already...?
Can anyone check?

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: J.G.
Date: January 08, 2018 12:29AM

Quote
siria
Ah... just remember something!
Some days ago have noticed a strange behaviour on GOANNA on about:config
Bold user-prefs did NOT vanish when they had the same value as default?? They remainded bold?
But haven't investigated that further yet... may be mistaken... and perhaps one of the new engine fixes helped already...?
Can anyone check?

The fastest way for me to change all tweaks in a row (I meant all together) is to add them to prefs.js, being carefully to not write the same line with different values. I tested again with user.js in a fresh installation of KMeleon Goanna (with new profile created, no updating) and all worked well as expected, so probably it's something related with updating process itself that I have missed. Thank you very much for all the valuable help you are providing. smiling smiley



Edited 1 time(s). Last edit at 01/08/2018 12:30AM by J.G..

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 08, 2018 12:44AM

You're welcome smiling smiley Here's another trick:
Quote
J.G.
add them to prefs.js, being carefully to not write the same line with different values.

Just add them at the end, then they will overwrite any duplicate lines above. KM will clean it up automatically, remove duplicates, sort alphabetically again. At least it was that way in KM1.6, but hopefully still...



Edited 1 time(s). Last edit at 01/08/2018 12:48AM by siria.

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: J.G.
Date: January 08, 2018 01:03AM

Quote
siria
You're welcome smiling smiley Here's another trick:
Quote
J.G.
add them to prefs.js, being carefully to not write the same line with different values.

Just add them at the end, then they will overwrite any duplicate lines above. KM will clean it up automatically, remove duplicates, sort alphabetically again. At least it was that way in KM1.6, but hopefully still...

Yes, you're right again, duplicates are removed! Thanks! smiling smiley

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: siria
Date: January 08, 2018 01:38AM

Thinking again... grinning smiley In prefs.js they have the disadvantage that after toggling you don't see anymore what the 'best' settings was. You cannot 'reset' them, which either returns to the normal KM-default, or can even make that pref vanish completely, if it wasn't visible before either. That's why I collect mine in the defaults folder. And also because there can be comments and explanations and links.

To quickly delete 'wrong' entries in prefs.js, I'd just put the file into the preferences folder while the browser is closed, AND append the same values at the end of prefs.js. This way KM would do an auto-cleanup at next start and -poof- all settings automatically return to default (=your list).
(Although slight doubts now if Goanna isn't a bit buggy there, would have to test first)

Options: ReplyQuote
Re: Better Privacy & Security settings for K-Meleon
Posted by: J.G.
Date: January 08, 2018 01:54AM

Quote
siria
(...)
To quickly delete 'wrong' entries in prefs.js, I'd just put the file into the preferences folder while the browser is closed, AND append the same values at the end of prefs.js. This way KM would do an auto-cleanup at next start and -poof- all settings automatically return to default (=your list).
(Although slight doubts now if Goanna isn't a bit buggy there, would have to test first)

Very nice idea indeed! I will also backup prefs.js file for safety. smiling smiley

Options: ReplyQuote
Pages: 12Next
Current Page: 1 of 2


K-Meleon forum is powered by Phorum.