Comments (5)
IMO we can leave these prefs as FF52's default, all true.
from user.js.
If there is no other issues, I am voting for default also.
from user.js.
[...] setting the lot to true, commenting them all out, and moving to the personal section
I agree. Moreover that besides personal considerations untied to privacy and security (as far as I know) I see no reason for disabling these settings, so left as default (true) and commented out seems pertinent, leaving the information raw for a user who might have his reasons to disable one or another.
Generally speaking, and this is my very personal approach, a work such as this one, that is to summarize and detail all available settings (hidden included) in Firefox's about:config, could point to only privacy and security settings. Going ahead of those means an increased amount of work for the developers, possible confusion for the user (commented out is understood as referring to either a problematic pro/con setting either to a cosmetic/practical setting not related to privacy/security) but nevertheless valuable information for "diggers" who have then an "encyclopedia" of settings, be they security/privacy related or not. IMO, privacy/security settings only is the best approach. Hence, in this example, simply removing the above from the user.js list would be far better. Otherwise we may lead to a bloated user.js ...
from user.js.
it makes more sense to set them all to FALSE and comment them out. Otherwise we might as well remove them all together.
re: security - there have been exploitable flaws in the past in some media formats fe. see here. But they are probably way too hard to find and exploit for most "attackers". On linux (and mac?) there's maybe more of a risk because flaws in FFmpeg are likely easier to find.
I'm not aware that the CIA's Vault7 leaks made any mention of media format exploits but we'll only know for sure once those exploits are made public, if ever. So I'd agree the risk is atm slim to none with keeping FF's default values.
I personally will probably never need the raw and wave formats for example, so I'll keep those disabled.
re: FP - the fact that the youtube HTML5 page can detect which formats you support without even loading a video is a pretty clear indicator that it can be fingerprinted.
Does it really matter?
probably not - we're already easily fingerprinted and I'm okay with whatever you guys want to do with it
from user.js.
re: FP - the fact that the youtube HTML5 page can detect which formats you support without even loading a video is a pretty clear indicator that it can be fingerprinted.
In that case should be set to default or even better, as @earthlng proposed to comment them out, since it will lower entropy, as far as FP is concerned.
I don't have a personal opinion on security part, yet.
I know FP resistance is a bit futile, but I don't have government grade FP in mind... just want to make a "noise" to commercial ADV databases.
from user.js.
Related Issues (20)
- ToDo: work out WTF this all means and fixup if required HOT 5
- Privacy-Preserving Attribution (FF 128) HOT 14
- Make Updater.sh shell agnostic HOT 3
- Is it necessary to disable canvas from the browser if it offers to disable or allow them on the site? As well as browser security settings presets HOT 3
- add FPP granularOverrides for the FYI factor HOT 30
- Overrides won't work HOT 6
- ToDo: diffs FF126-FF127 HOT 14
- v128 SOCKS change HOT 2
- RFP: exclude timezone as UTC/GMT and use my real one HOT 2
- How to enable click to copy? HOT 2
- Quarantined domains aren't enforced if a certain add-on is disabled HOT 3
- extensions.enabledScopes HOT 1
- Are `network.dns.disablePrefetch`/`network.dns.disablePrefetchFromHTTPS` master switches of `dom.prefetch_dns_for_anchor_http_document`/`dom.prefetch_dns_for_anchor_https_document`? HOT 2
- ToDo: diffs FF127-FF128 HOT 27
- Question about extensions HOT 1
- Wiki Question: Is the "xxx fingerprint defender" suite of Addons recommended ? HOT 2
- linux: Is it possible to force Firefox use StandardFonts HOT 12
- Firefox HTTP -> HTTPS change in version 129 HOT 1
- confused... HOT 4
- [Question] Implications of disabling `network.dns.native_https_query` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from user.js.