Testing better privacy & security settings for KMeleon + travelling USB devices
Posted by:
J.G.
Date: December 30, 2017 08:19PM
Mostly all security tweaks have been found here:
https://forum.palemoon.org/viewtopic.php?t=13486
The rest have been added following @hermes and @callahan advices.
Main post about all these tweaks for K-Meleon at this post:
http://kmeleonbrowser.org/forum/read.php?19,144468,144512#msg-144512
Thank you @siria for all your recommendations and useful help also.
- Deleted previous content to avoid get confused by older values.
Edited 13 time(s). Last edit at 10/22/2018 02:06PM by J.G..
Re: [TEST] KM76-Goanna 3.4.1 (Build 20171223)
Posted by:
hermes
Date: December 30, 2017 08:43PM
About two years ago, I was engaged a similar question. As a result, made a configuration file for KM. Much had to bring, as part of settings causes failure for many sites. More of all it is necessary to be careful in blocking so-called weak encryption (128 bits). Setup for advanced default protection is not universal. And every single case it is impossible to foresee. For myself, I have set up, but this required multiple experiments of trial and error. But my setup bad for fans of social networks.
...
For example, I completely turn off OCSP mechanism to reduce communication with not production server. Someone may call it a reduction of protection, but tests over the years suggest otherwise. This way, a good recommendation when working with tor (or similar networks).
Do note, when you request something look in about:networking (very useful). Sometimes even query search engines require so many third-party servers... immediately obvious why need filters for URL.
Edited 6 time(s). Last edit at 12/30/2017 09:13PM by hermes.
Re: [TEST] KM76-Goanna 3.4.1 (Build 20171223)
Posted by:
J.G.
Date: December 30, 2017 09:16PM
Quote
siria
This is a HUGE theme, and a general subject, prefs apply to older KM-versions too.
Perhaps better make this a separate thread? Title something like Better Pricacy Security settings, just as example?
@Hermes, your words make sense, it's a complex and useful theme.
@Siria, As you wish, I love the way you keep organized this forum!
Re: Better Privacy Security settings?
Posted by:
Yogi
Date: December 30, 2017 10:21PM
Somehow related to prefs. Which Firefox version stands as code base for actual Goanna fork?
Re: Better Privacy Security settings?
Posted by:
J.G.
Date: December 30, 2017 11:06PM
Quote
siria
@JG, you can update the subject yourself, as you like it?
The first posting is the most important one regarding titles, this appears in the subforum view.
Topic's title updated following your nice suggestion about privacy & security.
Re: Better Privacy Security settings?
Posted by:
J.G.
Date: December 30, 2017 11:18PM
Quote
Yogi
Somehow related to prefs. Which Firefox version stands as code base for actual Goanna fork?
Using @Siria's extension:
(Current GLOBAL settings. Can NOT check site exceptions!)
K-MELEON VERSION = 0 (from platform.ini)
BuildID=20171223100831 / Gecko=3.4.1
GENERAL.USERAGENT.OVERRIDE (fake) ==>
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.9) Gecko/20100101 Firefox/52.9;
general.useragent.compatMode.firefox = true
general.useragent.vendor + vendorSub =
-----
network.cookie.cookieBehavior = 0 (0=all, 1=domain, 2=none, 3=special, 8=session?)
network.http.sendRefererHeader = 2 (HTTP 0=No, 1=links, 2=links+images)
network.http.sendSecureXSiteReferrer = true (HTTPS)
dom.disable_image_src_set = false ('true' can block maps, captchas etc)
kmeleon.adblocking = false ('true' can block too much)
(If you have other AdBlock-tools installed, check them manually)
-----
security.enable_ssl3 = false (old unsafe)
security.tls.version.min = 1 (TLS 0=SSL3, 1=TLS 1.0, 2=TLS1.1, 3=TLS 1.2)
security.tls.version.max = 4
After applied this script I can see now the about: addons pictures and text.
It also opens some tabs and one window:
chrome://console2/content/blank.html
about:
about: config
about: permissions
about: addons
error console
:s
Edited 2 time(s). Last edit at 12/30/2017 11:24PM by J.G..
Re: Better Privacy Security settings?
Posted by:
siria
Date: December 30, 2017 11:36PM
Uhm no, Yogis question was for the Firefox version (probably rather Gecko, at any rate Goanna-question for roytam)
But at least we can now be sure you're using the latest test build, from 20711223
Sigh, that macro is still only half-finished, too busy yet with other stuff :-/
Re: Better Privacy Security settings?
Posted by:
hermes
Date: December 31, 2017 12:19AM
Quote
Yogi
Which Firefox version stands as code base for actual Goanna fork?
rv:52.9) ... Firefox/52.9 (almost ESR branch + patches and changes)
Edited 4 time(s). Last edit at 12/31/2017 12:26AM by hermes.
Re: Better Privacy Security settings?
Posted by:
roytam1
Date: December 31, 2017 12:33AM
Quote
hermes
Quote
Yogi
Which Firefox version stands as code base for actual Goanna fork?
rv:52.9) ... Firefox/52.9 (almost ESR branch + patches and changes)
Goanna pretends so, but its actual codebase is 38ESR with various fixes from 38~57.
Re: Better Privacy Security settings?
Posted by:
hermes
Date: December 31, 2017 01:16AM
Ie sometimes even to 57?
colossally!Re: Better Privacy Security settings?
Posted by:
J.G.
Date: December 31, 2017 03:18AM
- Content deleted to avoid get confused about old values.
Edited 7 time(s). Last edit at 01/08/2018 02:38PM by J.G..
Re: Better Privacy Security settings?
Posted by:
J.G.
Date: December 31, 2017 02:57PM
------------------------------------
Final Tweaks tested
- Updated 20181022
Advice: if not sure, test them with one 'cloned' KMeleon folder.
------------------------------------
Recommended elevated privacy and security for travelling USB devices.
All tweaks are reversible. Any issue found will be informed in this post.
Following @siria recommendations, all these settings can be added all together
to prefs.js file located at profile's folder of any KMeleon or KMeleon Goanna,
just copy and add the next useful lines below:
user_pref("beacon.enabled", false);
user_pref("browser.cache.disk_cache_ssl", false);
user_pref("browser.cache.disk.enable", false);
user_pref("browser.link.open_newwindow.restriction", 0);
user_pref("camera.control.face_detection.enabled", false);
user_pref("canvas.poisondata", true);
user_pref("device.sensors.enabled", false);
user_pref("dom.disable_window_flip", false);
user_pref("dom.disable_window_open_feature.resizable", false);
user_pref("dom.disable_window_open_feature.status", false);
user_pref("dom.disable_window_showModalDialog", false);
user_pref("dom.enable_performance", false);
user_pref("dom.enable_resource_timing", false);
user_pref("dom.enable_user_timing", false);
user_pref("dom.idle-observers-api.enabled", false);
user_pref("dom.ipc.plugins.enabled.npietab2.dll", false);
user_pref("dom.ipc.plugins.enabled.npswf32.dll", false);
user_pref("dom.keyboardevent.code.enabled", false);
user_pref("dom.popup_allowed_events", "click");
user_pref("dom.server-events.enabled", false);
user_pref("dom.sms.requestStatusReport", false);
user_pref("dom.storage.default_quota", 0);
user_pref("dom.storage.enabled", false);
user_pref("dom.workers.sharedWorkers.enabled", false);
user_pref("dom.workers.websocket.enabled", false);
user_pref("geo.enabled", false);
user_pref("gfx.font_rendering.graphite.enabled", false);
user_pref("javascript.options.asmjs", false);
user_pref("kmeleon.favicons.cached", false);
user_pref("media.navigator.enabled", false);
user_pref("media.peerconnection.enabled", false);
user_pref("media.peerconnection.identity.timeout", 0);
user_pref("media.peerconnection.turn.disable", true);
user_pref("media.peerconnection.video.enabled", false);
user_pref("network.automatic-ntlm-auth.allow-proxies", false);
user_pref("network.negotiate-auth.allow-proxies", false);
user_pref("network.protocol-handler.external.ms-windows-store", false);
user_pref("network.protocol-handler.external.news", false);
user_pref("network.protocol-handler.external.nntp", false);
user_pref("network.protocol-handler.external.snews", false);
user_pref("network.websocket.enabled", false);
user_pref("network.websocket.max-connections", 0);
user_pref("network.websocket.max-message-size", 0);
user_pref("network.websocket.timeout.close", 0);
user_pref("network.websocket.timeout.open", 0);
user_pref("network.websocket.timeout.ping.request", 0);
user_pref("network.websocket.timeout.ping.response", 0);
user_pref("security.ssl3.rsa_camellia_128_sha", false);
user_pref("security.ssl3.rsa_camellia_256_sha", false);
user_pref("security.ssl3.rsa_aes_128_sha", false);
user_pref("security.ssl3.rsa_des_ede3_sha", false);
user_pref("security.ssl3.ecdhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256", false);
user_pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false);
user_pref("security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256", false);
user_pref("security.ssl3.dhe_rsa_camellia_128_sha", false);
user_pref("security.ssl3.dhe_rsa_camellia_256_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
user_pref("security.ssl3.dhe_dss_aes_128_sha", false);
user_pref("security.ssl3.dhe_dss_aes_256_sha", false);
user_pref("security.ssl3.dhe_rsa_des_ede3_sha", false);
user_pref("security.tls.unrestricted_rc4_fallback", false);Â
user_pref("security.tls.insecure_fallback_hosts.use_static_list", false);Â
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);Â
user_pref("security.ssl.false_start.require-npn", true);Â
user_pref("security.OCSP.GET.enabled", false);Â
user_pref("security.OCSP.enabled", 0);Â
user_pref("security.OCSP.require", false);Â
user_pref("security.ssl.enable_ocsp_stapling", false);
user_pref("security.xpconnect.plugin.unrestricted", false);
user_pref("social.directories", "");
user_pref("social.remote-install.enabled", false);
user_pref("social.toast-notifications.enabled", false);
user_pref("social.whitelist", "");
user_pref("webgl.disable-extensions", true);
user_pref("webgl.disabled", true);
user_pref("webgl.min_capability_mode", true);
user_pref("network.proxy.socks_remote_dns", true);
user_pref("network.dns.disablePrefetch", true);
Further explanations about prefs.js can be read at this post by @siria:
http://kmeleonbrowser.org/forum/read.php?19,144468,144897#msg-144897
@Hermes thank you for your valuable recommendations.
@callahan thank you for your advice about 'weak':
https://www.ssllabs.com/ssltest/viewMyClient.html
@luk3Z thank you for two more security settings:
http://kmeleonbrowser.org/forum/read.php?19,147072,148046#msg-148046
Sources of these security/privacy tweaks:
https://forum.palemoon.org/viewtopic.php?t=13486
https://www.heise.de/forum/heise-online/News-Kommentare/Frankreich-laesst-Google-buessen/Google-Co-im-Firefox-loeschen/thread-1264641/#posting_7080470
* Other sources are available at their respective posts.
Edited 49 time(s). Last edit at 04/22/2020 10:36PM by J.G..
Re: Better Privacy & Security settings for KMeleon Goanna (and other versions too)
Posted by:
roytam1
Date: January 01, 2018 01:06AM
Quote
J.G.
I have been surfing for a while to find tweaks for Goanna engine and I found some from a german user of Palemoon named dark_moon, and probably they were applied to Goanna browser due that they were recommended in 2016 (and Goanna was merged to Palemoon in 2015 if I am right). Those tweaks seem important for privacy and security, so I ask the KM forum about the importance of these tweaks in order to be added to KM-Goanna or not.
https://forum.palemoon.org/viewtopic.php?t=13486
* I just copy and paste them because its too long text:
-
disable unsecure ciphers
:: 128 bits ::
security.ssl3.rsa_camellia_128_sha false
security.ssl3.ecdhe_rsa_aes_128_sha false
security.ssl3.ecdhe_ecdsa_aes_128_sha false
security.ssl3.dhe_rsa_camellia_128_sha false
security.ssl3.dhe_rsa_aes_128_sha false
:: 3DES < 128bits - http://www-archive.mozilla.org/projects ... uites.html
:: https://en.wikipedia.org/wiki/3des#Security + http://en.citizendium.org/wiki/Meet-in- ... dle_attack ::
fehlt security.ssl3.dhe_rsa_des_ede3_sha false
fehlt security.ssl3.ecdhe_rsa_des_ede3_sha false
security.ssl3.rsa_des_ede3_sha false
:: 256bits without PFS ::
security.ssl3.rsa_camellia_256_sha false
:: Susceptible to the logjam attack - https://weakdh.org ::
security.ssl3.dhe_rsa_camellia_256_sha false
security.ssl3.dhe_rsa_aes_256_sha false
:: DSA max 1024bits ::
fehlt security.ssl3.dhe_dss_aes_128_sha false
fehlt security.ssl3.dhe_dss_aes_256_sha false
:: don't found any problems but maybe let it on for compatibility ::
security.ssl3.rsa_aes_128_sha false
security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256 false
security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256 false
-
disable DOM windows manipulation
dom.disable_window_* true
-
disable network API - fingerprinting vector (doesn't exist in Pale Moon 27. Don't know if the setting does anything)
fehlt dom.network.enabled false
-
block extern protocols
network.protocol-handler.external.nntp false
network.protocol-handler.external.snews false
network.protocol-handler.external.ms-windows-store false
network.protocol-handler.external.news false
-
disable idle (mous+keyboard) observation
dom.idle-observers-api.enabled false
-
limit JavaScript popup windows if you click on a link which request >2 windows (to avoid window spam)
dom.popup_allowed_events <click>
-
addon security - CIS 2.7.4 Disable Scripting of Plugins by JavaScript
security.xpconnect.plugin.unrestricted false
-
disable timing attacks - javascript performance fingerprinting - https://wiki.mozilla.org/Security/Revie ... nTimingAPI
dom.enable_performance false
-
disable asmjs (http://asmjs.org/ ; https://www.mozilla.org/en-US/security/ ... sa2015-29/ ; https://www.mozilla.org/en-US/security/ ... sa2015-50/ ; https://cve.mitre.org/cgi-bin/cvename.c ... -2015-2712
javascript.options.asmjs false
-
block supercookie
dom.sms.requestStatusReport false
dom.server-events.enabled false
-
disable websocket - websockets can break the Firewall: http://debianforum.de/forum/viewtopic.php?f=37&t=151571 (doesn't exist in Pale Moon 27. Don't know if the setting does anything)
network.websocket.enabled false
network.websocket.max-* 1
network.websocket.timeout* 1
-
disable WebGL - potential security risk: http://security.stackexchange.com/quest ... ty-concern & http://www.contextis.com/resources/blog ... loitation/ */
webgl.disabled true
webgl.min_capability_mode true
webgl.disable-extensions true
-
disable links opening in a new window
https://trac.torproject.org/projects/tor/ticket/9881
test url: https://people.torproject.org/~gk/misc/ ... sktop.html
You can still right click a link and select open in a new window. This is to stop malicious window sizes and screen res leaks etc
in conjunction with
dom.disable_window_move_resize=true
browser.link.open_newwindow.restriction 0
-
disable device sensor API - fingerprinting vector - https://wiki.mozilla.org/Sensor_API
device.sensors.enabled false
-
disable vulnerable font - https://wiki.mozilla.org/Features/Platf ... nt_shaping (its fixed in Pale Moon already, but i see no reason to used that font anyway)
gfx.font_rendering.graphite.enabled false
-
use Pale Moon internal canvas poison
canvas.poisondata true
-
disable beacon - websites can used this to send data (ArrayBufferView, Blob, DOMString, FormData) before user leave the site
beacon.enabled false
-
disable MediaDevices - don't send infos about camera, microphone, sound (hardware fingerprint)
https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices
part of WebRTC - see: media.peerconnection.enabled
media.navigator.enabled false
camera.control.face_detection.enabled false
-
disable WebRTC
media.gmp-manager.url <>
media.peerconnection.enabled false // [boolean] whether to enable WebRTC - Real-Time Communications between peers for voice, video, file and desktop sharing, etc. - potential security/privacy risk - WebRTC can be controlled with HTTP UserAgaent cleaner
media.peerconnection.identity.timeout 1
media.peerconnection.turn.disable true
media.peerconnection.video.enabled false
-
disable keyboard tracking - https://bugzilla.mozilla.org/show_bug.cgi?id=865649
dom.keyboardevent.code.enabled false
-
disable social stuff - if you doesn't need it
social.remote-install.enabled false
social.directories <>
social.toast-notifications.enabled false
social.whitelist <>
-
proxie hardening
network.negotiate-auth.allow-proxies false
network.automatic-ntlm-auth.allow-proxies false
-
network hardening
dom.workers.websocket.enabled false
dom.enable_resource_timing false
dom.enable_user_timing false
dom.ipc.plugins.enabled false // [boolean] whether to allow JS to discover plugins
dom.workers.sharedWorkers.enabled false
-
Latest KM-Goanna has none of them applied by default. :s
for SSL/TLS, you may check https://www.howsmyssl.com/
some outdated/insecure encryption methods are already disabled by Goanna engine.
and IIRC WebRTC is already removed in Goanna.
Re: Better Privacy & Security settings for KMeleon Goanna (and other versions too)
Posted by:
J.G.
Date: January 01, 2018 04:33AM
Quote
roytam1
(...)
for SSL/TLS, you may check https://www.howsmyssl.com/
some outdated/insecure encryption methods are already disabled by Goanna engine.
(...)
About SSL/TLS, I browse everywhere with only this six:
security.ssl3.ecdhe_ecdsa_aes_256_sha
security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384
security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256
security.ssl3.ecdhe_rsa_aes_256_sha
security.ssl3.ecdhe_rsa_aes_256_gcm_sha384
security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256
And about the rest of the tweaks, they worked for me (e.g. no error 804b000c).
I recommended to unblock one 128 cypher after @Hermes suggestions about security for security.ssl3.ecdhe_rsa_aes_128_sha to true. However I always blocked all 128 and left only those six of above and I have never found a major problem while browsing. If somebody found one problem with them, let me know the site and the required 128/256 cypher if possible.
Edited: if you prefer other choice than security.ssl3.ecdhe_rsa_aes_128_sha you can give a try to security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 for some old or non updated sites.
Edited 4 time(s). Last edit at 01/01/2018 04:27PM by J.G..
Re: Better Privacy & Security settings for KMeleon Goanna (and other versions too)
Posted by:
J.G.
Date: January 01, 2018 02:00PM
Quote
roytam1
(...)
and IIRC WebRTC is already removed in Goanna.
Sorry for the delay to answer but I have some folders of KMeleon and I was updating the new version. Now I open only the folder needed for tweaking something and I work mainly with the direct access of the icons to avoid more confusion. Anyway, you are right, there is no WebRTC support in KM-Goanna latest version 20180101:
https://www.webrtc-experiment.com/DetectRTC/
Operating System Windows version: 8
# Browser Firefox version: 52.9
Private browsing? Nope
# Display resolutions 1366 x 768
# Display aspect ratio 1.78
# System has Speakers? Nope
# System has Microphone? Nope
# System has Webcam? Nope
# Website has webcam permissions? Nope
# Website has microphone permissions? Nope
# Browser allows getUserMedia on this page? Nope
# Can you change output audio devices?
Nope
# Can you change camera resolutions without making new getUserMedia request?
Nope
# Browser Supports WebRTC (Either 1.0 or 1.1)? Nope
# Browser Supports ORTC (WebRTC 1.1)? Nope
# Can you replace tracks without renegotiating peers?
Nope
# Can your browser record remote audio or process remote audio stream in WebAudio API? Yep
# Browser Supports WebSockets API? Yep
# Your system blocked WebSockets protocol or WebSockets server is not accessible? Nope
# Browser Supports WebAudio API? Yep
# Browser Supports SCTP Data Channels? Yep
# Browser Supports RTP Data Channels? Nope
# This page Supports Screen Capturing API? Yep
# Is this browser supports multi-monitor selection & capturing screen of any monitor? Yep
# Is it a mobile device? Nope
# Is Browser Supports Stream Capturing from Canvas? Yep
# Is Browser Supports Stream Capturing from Video? Yep
# Is Browser Supports Promises? Yep
# Click to show IP addresses
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 07, 2018 06:51PM
What I keep wondering: are you aware you can collect all your desired settings into a separate defaults file?
Edited 1 time(s). Last edit at 01/07/2018 06:52PM by siria.
Re: Better Privacy & Security settings for K-Meleon
Posted by:
J.G.
Date: January 07, 2018 07:21PM
Quote
siria
What I keep wondering: are you aware you can collect all your desired settings into a separate defaults file?
I never added this big amount of tweaks to about.config before, so I don't know how to do it exactly for new profiles. If any suggestion in that way may be provided, please help. It would be very useful.
* Added dom.storage.enabled false, dom.storage.default_quota 0
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 07, 2018 08:04PM
You really entered all that manually on about:config? Ouf...
There are several possiblities, all by storing the pref collection in a *.js file. Nothing scary, it's not a script inside, just a collection of pref-lines. As example, look at those in KM/browser/defaults/preferences/*.js, and you'll already get the idea. You can also write comments inside.
After putting your list together, you can put it either:
1) in defaults/preferences
start lines in betterprivsecprefs.js (?) with pref("...
That will make them "default" prefs, available in all profiles, also new ones. Such settings you can change during session, that means the new setting will be non-default and now gets stored in profile/prefs.js. It remains there permanently, until some day you decide to reset one or many to "default", by double-click or right-click or by macro. That will remove it from prefs.js again and the value from preferences folder appears again.
2) or store your collection file in your PROFILE folder, in the already existing file "user.js". Two options:
2a) start lines in user.js with user_pref("...
Then they become "STARTUP" prefs. During session they can be changed like normal ones, and are written to prefs.js, but at next startup the values in "user.js" will have priority and become active again. This is a "read-only" file for the browser, except a few special prefs on top, above that warning line. But below it you can write what you want.
2b) start lines in user.js with lock_pref("...
Then they bekome LOCKED, and nothing can change them during session, not even yourself. Only when the browser is CLOSED you can manually change them.
ATTENTION, the syntax is important and slightly different among those options. Also important, for INT prefs, there must be no " " around the numbers. And neither around true+false, only around "STRING" prefs, that means normal text.
How to COLLECT that list now again?
Partly you can copy the lines from prefs.js, but it holds only the non-default settings.
The others you'll have to find either in another defaults pref file (attention duplicates?) or just write them out manually again.
Re: Better Privacy & Security settings for K-Meleon
Posted by:
J.G.
Date: January 07, 2018 08:36PM
Quote
siria
You really entered all that manually on about:config? Ouf...
There are several possiblities, all by storing the pref collection in a *.js file. Nothing scary, it's not a script inside, just a collection of pref-lines. As example, look at those in KM/browser/defaults/preferences/*.js, and you'll already get the idea. You can also write comments inside.
(...)
How to COLLECT that list now again?
Partly you can copy the lines from prefs.js, but it holds only the non-default settings.
The others you'll have to find either in another defaults pref file (attention duplicates?) or just write them out manually again.
Best post ever, very useful! I will edit the file at profile folder, to keep it for future updates of KMeleon-Goanna (I just copy and paste the entire profile to the unzipped main folder before execute k-meleon.exe, you know). Thank you very much @siria, I will read again carefully this useful post; I haved added a link to these instructions in my post.
Also I liked more the lock_pref choice due to security/privacy reasons.
http://kmeleonbrowser.org/forum/read.php?19,144468,144512#msg-144512
Edited 2 time(s). Last edit at 01/07/2018 09:06PM by J.G..
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 07, 2018 10:18PM
Glad if it helps
Have heard of those possibilites only way too late myself. One of those things you wish for YEARS that it should be possible somehow and some day realize shocked: it WAS already possible, all the time - Oops...
Similar like all those permissions.default.xx prefs, also missed for way too many years although long since existing. Argh.
Thanks for the reminder about howto-install, please check again in a week or so and if necessary drop me a note again...
Re: Better Privacy & Security settings for K-Meleon
Posted by:
J.G.
Date: January 07, 2018 10:52PM
Quote
siria
Glad if it helps
Have heard of those possibilites only way too late myself. One of those things you wish for YEARS that it should be possible somehow and some day realize shocked: it WAS already possible, all the time - Oops...
Similar like all those permissions.default.xx prefs, also missed for way too many years although long since existing. Argh.
Thanks for the reminder about howto-install, please check again in a week or so and if necessary drop me a note again...
Instructions for user.js user_pref, pref, and locked_pref don't work with KM-Goanna 20180107, tried multiple combinations in both default and profile folders with no success. They don't override about.config settings (mainly if changes were made manually at about.config). :s
- Some content deleted to avoid get confused about old values.
Edited 5 time(s). Last edit at 01/08/2018 02:38PM by J.G..
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 07, 2018 11:12PM
Hmm.... hope they haven't removed that options, but there's hope yet. Meant to post this line from my own user.js, but looks like forgot it above:
// IMPORTANT: no syntax error in here, or the whole file is ignored!!
Perhaps Goanna is just less fault-tolerant? or perhaps you still have those entries defined elsewhere in 76Pro, perhaps prefs.js or whatever...
Anyway, what I've found at a first glance so far:
-the last line is missing a closing ")"
-the pref for media.navigator is missing a comma
-several empty string prefs have no empty quotes "" after the comma, to indicate they are STRING type (although no idea if it matters)
PS: posting the same package in 3 versions is a bit overkill, mass-replacing is easy ;-)
Quote
They don't override about.config settings (mainly if changes were made manually at about.config)
That depends where they are, and if they are simple prefs in default folder: then about:config (=prefs.js) has priority, because "user" settings overrule "default" settings...
And if they are in user.js, the browser must first be fully closed and restarted to "import" that file again...
Edited 1 time(s). Last edit at 01/07/2018 11:21PM by siria.
Re: Better Privacy & Security settings for K-Meleon
Posted by:
J.G.
Date: January 07, 2018 11:43PM
@siria
yes, you were completely right, prefs.js overrides all user.js settings!
Also you have found some syntax mistakes very quickly, so amazing, thanks!
Edited 1 time(s). Last edit at 01/07/2018 11:45PM by J.G..
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 07, 2018 11:57PM
Quote
J.G.
yes, you were completely right, prefs.js overrides all user.js settings!
Uhm, no, it shouldn't... at least not after next restart! Unless with "user.js" you do NOT mean the file "user.js" in the profile??
Priority should have if I'm not mistaken (?):
1) Profiles/.../user.js with "lock_pref" (=not changeable)
2) Profiles/.../user.js with "user_pref" (=at startup)
3) Profiles/.../prefs.js (=non-default, user-settings)
4) defaults/preferences/*.js (=default)
(other sources are macros etc., they can change prefs during session, but probably no lock-prefs)
Edited 2 time(s). Last edit at 01/08/2018 12:08AM by siria.
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 08, 2018 12:12AM
Ah... just remember something!
Some days ago have noticed a strange behaviour on GOANNA on about:config
Bold user-prefs did NOT vanish when they had the same value as default?? They remainded bold?
But haven't investigated that further yet... may be mistaken... and perhaps one of the new engine fixes helped already...?
Can anyone check?
Re: Better Privacy & Security settings for K-Meleon
Posted by:
J.G.
Date: January 08, 2018 12:29AM
Quote
siria
Ah... just remember something!
Some days ago have noticed a strange behaviour on GOANNA on about:config
Bold user-prefs did NOT vanish when they had the same value as default?? They remainded bold?
But haven't investigated that further yet... may be mistaken... and perhaps one of the new engine fixes helped already...?
Can anyone check?
The fastest way for me to change all tweaks in a row (I meant all together) is to add them to prefs.js, being carefully to not write the same line with different values. I tested again with user.js in a fresh installation of KMeleon Goanna (with new profile created, no updating) and all worked well as expected, so probably it's something related with updating process itself that I have missed. Thank you very much for all the valuable help you are providing.
Edited 1 time(s). Last edit at 01/08/2018 12:30AM by J.G..
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 08, 2018 12:44AM
You're welcome
Here's another trick:
Quote
J.G.
add them to prefs.js, being carefully to not write the same line with different values.
Just add them at the end, then they will overwrite any duplicate lines above. KM will clean it up automatically, remove duplicates, sort alphabetically again. At least it was that way in KM1.6, but hopefully still...
Edited 1 time(s). Last edit at 01/08/2018 12:48AM by siria.
Re: Better Privacy & Security settings for K-Meleon
Posted by:
J.G.
Date: January 08, 2018 01:03AM
Quote
siria
You're welcome
Quote
J.G.
add them to prefs.js, being carefully to not write the same line with different values.
Just add them at the end, then they will overwrite any duplicate lines above. KM will clean it up automatically, remove duplicates, sort alphabetically again. At least it was that way in KM1.6, but hopefully still...
Yes, you're right again, duplicates are removed! Thanks!
Re: Better Privacy & Security settings for K-Meleon
Posted by:
siria
Date: January 08, 2018 01:38AM
Thinking again...
In prefs.js they have the disadvantage that after toggling you don't see anymore what the 'best' settings was. You cannot 'reset' them, which either returns to the normal KM-default, or can even make that pref vanish completely, if it wasn't visible before either. That's why I collect mine in the defaults folder. And also because there can be comments and explanations and links.
To quickly delete 'wrong' entries in prefs.js, I'd just put the file into the preferences folder while the browser is closed, AND append the same values at the end of prefs.js. This way KM would do an auto-cleanup at next start and -poof- all settings automatically return to default (=your list).
(Although slight doubts now if Goanna isn't a bit buggy there, would have to test first)
Re: Better Privacy & Security settings for K-Meleon
Posted by:
J.G.
Date: January 08, 2018 01:54AM
Quote
siria
(...)
To quickly delete 'wrong' entries in prefs.js, I'd just put the file into the preferences folder while the browser is closed, AND append the same values at the end of prefs.js. This way KM would do an auto-cleanup at next start and -poof- all settings automatically return to default (=your list).
(Although slight doubts now if Goanna isn't a bit buggy there, would have to test first)
Very nice idea indeed! I will also backup prefs.js file for safety.
English