129.0

📣 Release Notes

• Removed dom.private-attribution.submission.enabled as the pref is now connected to the main telemetry switch, which we disable.
  • Website Advertising Preferences should be grayed out under about:preferences#privacy.
• After further deliberation, I decided to add browser.urlbar.untrimOnUserInteraction.featureGate to the user.js (see previous release notes).
• ESR128 now has its own branch.
• Users will now see Firefox's profile switcher behind the three bar / hamburger menu button (experimental).
• Added the option for users to add wallpapers to the new tab page.
• Updated the sanitize on close explainer to reflect the v2 settings migration.
• I finally gave up and removed download prefs related to security from the user.js. You'll now find them added as an option in Optional Hardening, because people still can't fucking read. (Again, see previous release notes for context.)

🦊 Firefox Releases

129.0, .0.1, .0.2

• Many reddit users noticed speed improvements with Firefox 129.

💗 Community Updates

• Andrew Moore gave a shoutout to Securefox.js on his blog.
• A modified version of Betterfox is now used in the Zen browser.
  • At least 7 (seven!) Firefox forks use Betterfox in some way.
  • A big thank you to the community for the support! I never imagined my hobby project would ever gain the attention of users and, in a few cases, small organizations.
• Special shoutout to a new sponsor, Jonas.

⚠️ Public Service Announcement

• While some Firefox forks incorporate Betterfox to an extent, they often modify it in ways that reduce its effectiveness.
• For maximum effectiveness, apply the user.js file even when using Firefox forks.
  • Sometimes, other prefs are added or removed seemingly at random, despite the hours of research and warnings about certain prefs curated in this repository.
• When new browsers promise ✨ privacy ✨, always look closely at the details to understand exactly what they deliver. It's important to dig into the specifics, as privacy claims can mean very different things.
  • That's one reason I link to the Betterfox configuration files used in Firefox forks in the README — to provide transparency on the privacy enhancements being implemented under the hood.

128.0

📣 Release Notes

• Privacy-Preserving Attribution is disabled.
  • BTW, I think this is a step in the right direction for normies; but if you're already using an adblocker, then this API is pointless.
  • Read more about this from Mozilla's CTO on Reddit.
• We now trim https from the URL bar, which is fine since the padlock icon in the URL bar indicates whether a site has a secure connection. The https will still be included if you copy the site address.
  • You can choose to reveal URL scheme on double-click by activating the pref browser.urlbar.untrimOnUserInteraction.featureGate.
  • Alternatively, you can disable this feature entirely by adding user_pref("browser.urlbar.trimHttps", false); to your overrides.
• To address repeated issues (#209, #285, #304, #286, #267, #216, #298), I have added the Color Themes and Downloads sections to Common Overrides page.
• Firefox Suggest is now completely hidden in the settings UI and the URL bar.
• We added options to disable WASM and JIT (not recommended). #299
• Various documentation cleanup and improvements.

🦊 Firefox Releases

127.0, .0.1, .0.2
128.0

• Most notably, Mozilla's geo-location service has been shut down as an alternative to Google. After applying the new user.js, you'll need to reset the pref geo.provider.network.url. mozilla/ichnaea#2065
• They also made further improvements to mixed content handling on sites, allowing us to remove a few related prefs.
• Santize on Close prefs have been reworked and will be updated in the Optional Hardening page soon™. Hopefully, Mozilla will clear out the old prefs so it's less of a mess.
• Speaking of a mess: Mozilla Sued for Discrimination by Former CEO-To-Be

126.0

📣 Release Notes

• Disabling telemetry in Firefox's user-facing settings also disables the new SERP telemetry, so we don't need to add a new preference for it.
• Modified Smoothfox to account for msdPhysics being enabled on Firefox Nightly.
• Firefox 126 now uses NVIDIA Super Resolution and HDR, so you can remove gfx.webrender.super-resolution.nvidia if you were using it.
• Added details about Race Cache With Network (RCWN). You can view how beneficial it is by going to about:networking#rcwn in the URL bar. Disable it if you want to increase cache usage and reduce network usage. And if you're up for some nerdy reading, these slides and this explainer was really informative.
• CSS :has() selector now ships on all Firefox versions.

All changes

🦊 Firefox Releases

Nothing too crazy for the past few releases: 123.0, 124.0, 125.0.1, 126.0

• Mozilla finally increased the count of network.dns.max_high_priority_threads and network.dns.max_any_priority_threads, as well as network.http.speculative-parallel-limit.
• They also finally fixed <link rel=dns-prefetch> (HTTPS) in the upcoming Firefox 127.
• Firefox Nightly users can add wallpaper and show the weather on the New Tab page.
• Nightly also added Bounce Tracking Protection, which adds heuristics to Redirect Tracking Protection. "The feature detects bounce trackers based on redirect behavior and periodically purges their cookies and site data to prevent tracking." We'll be looking for those to come down the line in the next couple of months.

💗 Community Updates

Many thanks to our sponsors on Ko-fi! 🎊

You can now support my work for as little as $1/month, or make a one-time donation.

As always, thank you for supporting Betterfox! ❤️

user.js v.122.1

📣 Release Notes

• Fixed #279. Special thanks to @surapunoyousei.
• If you use local HTML files in Firefox, update your user.js and then reset the pref network.buffer.cache.size.

user.js v.122

📣 Release Notes

• Fixed #271. Completely disabling the credentials manager leads to issues in browser forks.
  • To continue disabling password, credit card, and address management, add the necessary prefs to your overrides section using the link provided.
• Implemented #267. Removed browser.download.useDownloadDir false from the user.js, making "always ask where to download" optional.
  • Firefox will still ask you about files types you have set to Always ask or have never interacted with.
• Removed depreciated prefs.
• Added credit/source notes throughout the repository.

Firefox Nightly users: Smoothfox settings do not account for general.smoothScroll.msdPhysics.enabled being enabled by default in Nightly v.122+. You will need to disable that pref. If it gets push to the stable build, I'll have to adjust the first three configurations in Smoothfox.

🦊 Firefox Releases

Nothing too crazy for the past few releases.

120.0 ^+120.0.1
121.0 ^+121.0.1
122.0 ^+122.0.1

But we did get:

• Mozilla has a new CEO
• Mozilla refocus efforts on Firefox and AI

Let's see what happens!

💗 Community Updates

Special thanks to our new sponsors! 🎊

• AdditionalPylons
• AuRiMaS666

If you benefit from the guides I've curated, please consider becoming a sponsor. I want to be able to focus on projects like this full-time.

In other news: I have a project to release soon 👀. I was hoping to have it out sooner, but there were delays. I hope to release it in a month or two. ✨

As always, thank you for supporting Betterfox! ❤️

user.js v.119

📣 Release Notes

As Betterfox evolves, we are becoming more modular to respond to different needs. What is “best” depends on the use case.

Therefore, all users should, at minimum:

1. Review Common Overrides.
2. If you care a bit more about privacy, review Optional Hardening as well.

Add any prefs that are needed to your overrides at the bottom of the user.js file.

---

We invested effort into eliminating subjective prefs and responding to community feedback.

For new profiles applying Betterfox, we will:

• 🆕 No longer disable Firefox Sync.
  • On everything from YouTube videos to Reddit to forums, this was the most common complaint among users.
  • If you want to continue to force this behavior, see here in Optional Hardening.
• 🆕 No longer force disable the disk cache.
  • A sizeable amount of users still run a machine with 8GB or less RAM, or have bad internet speeds.
  • If you want to continue to force this behavior, see here in Optional Hardening.
  • We continue to enforce memory-only media cache in Private Browsing windows.
  • We also added bytecode compression. #247
• No longer disable displaying your top sites when clicking on the URL bar, which is unique to Firefox.

We will continue to:

• Disable the built-in password, credit card, and address manager.
  • However, we added a few prefs to enhance security in the user.js for users who do use the built-in credential manager.
  • If you want to use the built-in manager, see here in Common Overrides.

In addition, we:

• Adjusted cookie banner handling to reject "optional" cookies.
• Disabled new "trending" searches in the URL bar.
• Reorder some prefs and added more subcategories for easier searching.
• Modified SameSite rules so they’re strict on non-http websites.

Click me for details on SameSite rules

The SameSite cookie attribute is a way to control when and how cookies are sent to a website.

The SameSite attribute lets websites specify whether they want to receive cookies only from requests that originate from the same website (SameSite=Strict), or also from requests that originate from other websites but are top-level navigations, such as clicking a link or typing a URL in the address bar (SameSite=Lax). Alternatively, websites can explicitly allow cookies to be sent with any request, regardless of where it comes from (SameSite=None).

However, allowing cookies to be sent with any request can be risky, especially if the website uses an insecure connection (HTTP instead of HTTPS).

If a cookie does not have a SameSite attribute specified, it behaves as if SameSite=None is set. This means the cookie will be sent in both cross-site and same-site requests.

The network.cookie.sameSite.noneRequiresSecure pref changes this behavior. When enabled, it requires cookies with SameSite=None to also be marked Secure, meaning they require HTTPS.

This prevents CSRF (cross-site request forgery) attacks on plain HTTP sites. By requiring SameSite=None cookies to be Secure, it prevents malicious sites from abusing these cookies that get sent cross-site.

🦊 Firefox Release

119.0 ^+119.0.1

The latest Firefox brings:

• Canvas fingerprint protection with Strict ETP, with more protections in the future 👀
  • Read more:
    • https://github.com/arkenfox/user.js/issues/1661
    • https://github.com/arkenfox/user.js/issues/1729
• A new entry that trims https:// from the URL bar, for those of you who like a clean aesthetic.
• Restricted font visibility to system fonts and language pack fonts in ETP strict mode to mitigate font fingerprinting.
• Partitioning of Blob URLs, mitigating a potential tracking vector that third-party agents can use to track an individual.

💗 Community Updates

• The Optional Hardening doc is now shown more prominently under Getting Started to accommodate more privacy-minded users.

💡 If you think an override is common enough to belong to Common Overrides or Optional Hardening, then please make a suggestion. We obviously don't want to re-create the docs, so prefs here should be reasonable.

Thank you for supporting Betterfox! ❤️

user.js v.118

🦊 Firefox Release

• 118.0 | 118.0.1

✅ Community Updates

• Betterfox has reached over 2000 ⭐ since the last release. Thank you for the support!
• ❗ Please vote and comment on whether we should continue to disable Firefox Sync by default.

📝 Release Notes

v.118 changes

• Recent updates have removed the need for accessibility.force_disabled. People who use assistive technology no longer need to override this pref to use Betterfox.
  • See https://github.com/arkenfox/user.js/issues/1728 for more info.
• Removed browser.tabs.loadBookmarksInTabs — a common complaint by users — which forced bookmarks to open in a new tab and not the current tab.
  • Just like links, you can Ctrl/Cmd + Right click to open bookmarks in new tabs, or add this pref as an override.
• Removed permissions.delegation.enabled as it's depreciated in FF118+.
• Thanks @alana-glitch for updating the pref for the UI setting: "Ctrl+Tab cycles through tabs in recently used order". #230
• Thanks again to @alana-glitch for pointing out that the modes for DNS-over-HTTPS needed updating. #229

user.js v.117

🦊 Firefox Release Notes

• 117.0 | 117.0.1

🗒️ Changelog

0334bea

📝 Betterfox Release Notes

• enabled HTML Sanitizer API
• removed depreciated pref browser.privatebrowsing.enable-new-indicator
• minor adjustments to documentation

user.js 116.1

📝 Release Notes

user.js Version: 116.1 / esr115.1

Fixes

• Cannot login to EA.com (and possibly other sites) due to user_pref("security.ssl.require_safe_negotiation", true);.
• If you are concerned about possible site breakage, please reset security.ssl.require_safe_negotiation to false.

user.js v.116 (beta)

🦊 Firefox Release Notes

• 116.0
  • 116.0.1 | 116.0.2 | 116.0.3

✅ Community Updates

• We have blasted off from 800 to 1700 ⭐ in a little over a month 🔥 🚀 🌔
  • Thank you for the support!
• Discussions tab is now open so that Issues will be used for... issues. 🙃
• As of April 2023, Betterfox is an optional install in the Floorp browser. 🎊

📝 Release Notes

General

• Fast, Secure, and Pesky all received a facelift to their documentation, esp. the former two.
• The README is now more streamlined, with a few more tweaks to come.
  • I created an easy 4-step guide to install the user.js file (after watching others suggest a lot of convoluted ways for mainstream users to do this).
• While still WiP, we are making more use of the wiki.

Fastfox

• commented out gfx.canvas.accelerated (default on macOS Linux but not Windows)
  • Added note in the user.js for Windows users to manually enable.
  • Caused issues for Windows users with integrated GPUs.
• improved network.dnsCacheExpiration for longer browsing sessions: set to 86400 (1 day).
  • This corrects an assumption from the 110 release about network.trr.mode (DoH) being enabled by default.
  • Note that dnsCache prefs only work for non-DoH users.
    • Recommended DoH solutions: NextDNS with Cache Boost or ControlD with TTL overrides.
• removed layout.css.animation-composition.enabled (default FF115+).
• removed ineffective or unnecessary tweaks for performance.
• added new network enhancements.
• Speculative Connections category was moved from Securefox to Fastfox.
• Prefs surrounding Firefox caches will likely change.
  • Currently investigating what is optimal for the average PC.

Securefox

• enabled security.mixed_content.block_display_content
• enabled security.ssl.require_safe_negotiation
  • See possible error codes.
• removed PROXY / SOCKS / IPv6 category from the user.js (out of scope).
• removed prefs that disabled geolocation from the user.js (out of scope).
• removed default-browser-agent.enabled as it breaks the Make Default... button in the Firefox UI.
  • It also affected FF forks that use the user.js.
  • Added this pref to our new Optional Hardening document.
• removing browser.sessionstore.privacy_level from the user.js in the next release (out of scope).

Peskyfox

• added browser.translations.enable
  • Firefox will now ask to translate pages in certain foreign languages 💬
  • Set Firefox to auto-translate pages by adding user_pref("browser.translations.autoTranslate", true); to your overrides.
    • You can disable translations for specific languages or pages in URL bar.
• disabled browser.aboutConfig.showWarning
• disabled browser.privateWindowSeparation.enabled (Windows only pref)