Add new browser tweaks and remove deprecated info #1772
No reviewers
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1772
Loading…
Reference in New Issue
No description provided.
Delete Branch "patch-3"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
Resolves: #1594 and Part 1&2a of #1430
Removed the sentence about redundancy because it is not truly redundant (i.e. privileged pages), and explaining to uBO users how to adjust their settings to handle privileged pages would be too complicated; the filter list overlap is not that important.
Moved the thing about DoH and stuff to the bottom for aesthetic reasons.
I wasn't sure how to handle the bundle of prefetch tweaks, whether to:
After a bunch of thinking I went with 3. since it seemed like the most elegant and logical option but if anyone has a better way feel free to change it ^ ^
Deploy preview for privacytools-io ready!
Built with commit
bb1547ec06
https://deploy-preview-1772--privacytools-io.netlify.com
I'm thinking we should add Temporary Containers and link to this article under the power user section. Mention that Cookie Autodelete is not necessary when using.
I also think CleanURLs is certainly worth adding, typically as people make the mistake of pasting URLs they've visited with those tracking parameters on them.
For the uMatrix description we should describe that you don't need NoScript in addition to uMatrix, if you configure uMatrix to How to block 1st party scripts everywhere by default.
We should also mention for Decentraleyes that might need further configuration if used in conjunction with uMatrix or uBlock.
How I have mine configured (obviously a very much power user setup):
IMO this should be done in a different PR addressing #1328 specifically as there are many issues with the add-ons section. This PR is for about:config specifically. I could add it in but I am generally against big PRs.
Ah yes, I agree.
The link has changed
It looks good to me. if @Thorin-Oakenpants could give it a quick overlook aswell, that would be great.
change the order so 1) its alphabetical, 2) true vs false logic is split
I guess if the only problem was the ordering then everything else is fine 😄 I just put them in haphazardly because you said so in the issue
I guess the SB binary description is OK (it's ambiguous IMO, but not sure if I could do better: it's still ambiguous without going into more detail), but that's what part 4 is for
The rest looks fine - it'll all get revisited anyway
That's the ordering of the "items" - a clump of prefs like what you did is one item. I was talking about the ordering within your clump :)
Btw @Thorin-Oakenpants while I was writing this commit I remembered that privacy.trackingprotection.enabled enables DNT and this option is also enabled in ghacks-user.js. I was curious what your thought process was on this since AFAIK most sites don't respect DNT and it can even be used to fingerprint
the mozilla guys (the ones I spoke with in person, who run ETP etc) would like to get rid of it, the tor guys (the ones I spoke with in person) hate it - everyone agrees it's a failed experiment - but it's tied to a number of things in FF, such as ETP, PB mode, and privileged domains - so it's not trivial to remove, and it's low priority - basically no one cares (and that's how I feel about it as well)
AFAIC everyone is already highly fingerprintable: you control 90% of FPing by controlling third parties and scripts. Yes, I know DNT is also an http header - but if they don't detect you're in PB mode, you look like all those who use PB mode (I read a study somewhere that 1/3rd of FF users use a PB window: i.e use, not use exclusively). So I think the numbers are fine.
Furthermore (not sure what the hold up is: there's a bugzilla somewhere), but ETP was/is going to flipped on in normal windows: currently on Nightly 76 it still says TP only for private windows. Anyway, when that happens, everyone will end up the same re DNT. Meanwhile: people also turn on TP in all windows (like you recommend) - but IDK if that makes a significant difference.
Mozilla also respects DNT on AMO etc for those who don't want to
fuckmess with privileged domains etc. And lastly, it might even help, what with all the privacy issues in Europe and the GDR...forgot the acronymtl;dr: it can't hurt tracking wise, it probably doesn't hurt FPing wise
Cool, good to know. Yeah the issue in OP was specifically about tracking on privileged pages since WebExtensions are disabled there and I think that TP is just the easiest way to fix that since DNT is respected on those. The other way would be setting
extensions.webextensions.restrictedDomains
andprivacy.resistFingerprinting.block_mozAddonManager
but I think the former is more elegant and doesn't expose privileged pages to all addons and throw warnings anytime extensions are installed...I stayed away. I'm done with explaining and justifying everything to everyone. But the proposal is just plain wrong. Something like that is a security loss vs a perceived privacy gain. It shouldn't be mentioned anywhere near the level of PTIO readers
Edit: For the record: if it's not an active (i.e not commented out) pref in the ghacks user.js - then it definitely shouldn't be mentioned at PTIO.
extensions.webextensions.restrictedDomains
is inactive for a reason: it opens up security risks. Security always trumps privacy.Thank you @zenithium for the PR and @Thorin-Oakenpants for the review 💜