Add new browser tweaks and remove deprecated info #1772

2020-03-07T22:47:51Z

Zenithium commented

2020-03-07 22:47:51 +00:00

(Migrated from github.com)

Description

Resolves: #1594 and Part 1&2a of #1430

Removed the sentence about redundancy because it is not truly redundant (i.e. privileged pages), and explaining to uBO users how to adjust their settings to handle privileged pages would be too complicated; the filter list overlap is not that important.

Moved the thing about DoH and stuff to the bottom for aesthetic reasons.

I wasn't sure how to handle the bundle of prefetch tweaks, whether to:

Put them all one after the other with an explanation at the bottom
Write a description for each (even though the nuances are barely important IMO) and take up a bunch of space
Make a sublist about prefetch and just put them all together

After a bunch of thinking I went with 3. since it seemed like the most elegant and logical option but if anyone has a better way feel free to change it ^ ^

Netlify preview for the mainly edited page: https://deploy-preview-1772--privacytools-io.netlify.com/browsers/#about_config

## Description Resolves: #1594 and Part 1&2a of #1430 Removed the sentence about redundancy because it is not truly redundant (i.e. privileged pages), and explaining to uBO users how to adjust their settings to handle privileged pages would be too complicated; the filter list overlap is not that important. Moved the thing about DoH and stuff to the bottom for aesthetic reasons. I wasn't sure how to handle the bundle of prefetch tweaks, whether to: 1. Put them all one after the other with an explanation at the bottom 2. Write a description for each (even though the nuances are barely important IMO) and take up a bunch of space 3. Make a sublist about prefetch and just put them all together After a bunch of thinking I went with 3. since it seemed like the most elegant and logical option but if anyone has a better way feel free to change it ^ ^ - Netlify preview for the mainly edited page: https://deploy-preview-1772--privacytools-io.netlify.com/browsers/#about_config

blacklight447 (Migrated from github.com) reviewed 2020-03-07 22:47:51 +00:00

netlify[bot] commented

2020-03-07 22:48:29 +00:00

(Migrated from github.com)

Deploy preview for privacytools-io ready!

Built with commit bb1547ec06

https://deploy-preview-1772--privacytools-io.netlify.com

Deploy preview for *privacytools-io* ready! Built with commit bb1547ec06a2436004a9292ec46d2f4f35e03397 https://deploy-preview-1772--privacytools-io.netlify.com

dngray commented

2020-03-08 05:01:42 +00:00

(Migrated from github.com)

I'm thinking we should add Temporary Containers and link to this article under the power user section. Mention that Cookie Autodelete is not necessary when using.

I also think CleanURLs is certainly worth adding, typically as people make the mistake of pasting URLs they've visited with those tracking parameters on them.

For the uMatrix description we should describe that you don't need NoScript in addition to uMatrix, if you configure uMatrix to How to block 1st party scripts everywhere by default.

We should also mention for Decentraleyes that might need further configuration if used in conjunction with uMatrix or uBlock.

How I have mine configured (obviously a very much power user setup):

dngray/ghacks-user.js/tree/fx-desktop#addons
dngray/ghacks-user.js/tree/fx-android#addons
Useful information about addons: 4.1 Extensions (ghacks-user.js)

I'm thinking we should add [Temporary Containers](https://github.com/stoically/temporary-containers) and link to [this article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) under the power user section. Mention that Cookie Autodelete is not necessary when using. I also think [CleanURLs](https://addons.mozilla.org/firefox/addon/clearurls/) is certainly worth adding, typically as people make the mistake of pasting URLs they've visited with those tracking parameters on them. For the uMatrix description we should describe that you don't need NoScript in addition to uMatrix, if you configure uMatrix to [How to block 1st party scripts everywhere by default](https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default). We should also mention for Decentraleyes that [might need further configuration](https://git.synz.io/Synzvato/decentraleyes/-/wikis/Frequently-Asked-Questions#for-umatrix-and-ublock-origin-non-easy-mode-users) if used in conjunction with uMatrix or uBlock. How I have mine configured (obviously a very much power user setup): - [dngray/ghacks-user.js/tree/fx-desktop#addons](https://github.com/dngray/ghacks-user.js/tree/fx-desktop#addons) - [dngray/ghacks-user.js/tree/fx-android#addons](https://github.com/dngray/ghacks-user.js/tree/fx-android#addons) - Useful information about addons: [4.1 Extensions (ghacks-user.js)](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions#small_orange_diamond-extensions-in-no-particular-order)

👍 1 ❤️ 1

Zenithium commented

2020-03-08 11:52:56 +00:00

(Migrated from github.com)

I'm thinking we should add Temporary Containers and link to this article under the power user section. Mention that Cookie Autodelete is not necessary when using.

I also think CleanURLs is certainly worth adding, typically as people make the mistake of pasting URLs they've visited with those tracking parameters on them.

For the uMatrix description we should describe that you don't need NoScript in addition to uMatrix, if you configure uMatrix to How to block 1st party scripts everywhere by default.

We should also mention for Decentraleyes that might need further configuration if used in conjunction with uMatrix or uBlock.

How I have mine configured (obviously a very much power user setup):
* [dngray/ghacks-user.js/tree/fx-desktop#addons](https://github.com/dngray/ghacks-user.js/tree/fx-desktop#addons)

* [dngray/ghacks-user.js/tree/fx-android#addons](https://github.com/dngray/ghacks-user.js/tree/fx-android#addons)

* Useful information about addons: [4.1 Extensions (ghacks-user.js)](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions#small_orange_diamond-extensions-in-no-particular-order)

IMO this should be done in a different PR addressing #1328 specifically as there are many issues with the add-ons section. This PR is for about:config specifically. I could add it in but I am generally against big PRs.

> I'm thinking we should add [Temporary Containers](https://github.com/stoically/temporary-containers) and link to [this article](https://medium.com/@stoically/enhance-your-privacy-in-firefox-with-temporary-containers-33925cd6cd21) under the power user section. Mention that Cookie Autodelete is not necessary when using. > > I also think [CleanURLs](https://addons.mozilla.org/firefox/addon/clearurls/) is certainly worth adding, typically as people make the mistake of pasting URLs they've visited with those tracking parameters on them. > > For the uMatrix description we should describe that you don't need NoScript in addition to uMatrix, if you configure uMatrix to [How to block 1st party scripts everywhere by default](https://github.com/gorhill/uMatrix/wiki/How-to-block-1st-party-scripts-everywhere-by-default). > > We should also mention for Decentraleyes that [might need further configuration](https://git.synz.io/Synzvato/decentraleyes/-/wikis/Frequently-Asked-Questions#for-umatrix-and-ublock-origin-non-easy-mode-users) if used in conjunction with uMatrix or uBlock. > > How I have mine configured (obviously a very much power user setup): > > * [dngray/ghacks-user.js/tree/fx-desktop#addons](https://github.com/dngray/ghacks-user.js/tree/fx-desktop#addons) > > * [dngray/ghacks-user.js/tree/fx-android#addons](https://github.com/dngray/ghacks-user.js/tree/fx-android#addons) > > * Useful information about addons: [4.1 Extensions (ghacks-user.js)](https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1-Extensions#small_orange_diamond-extensions-in-no-particular-order) IMO this should be done in a different PR addressing #1328 specifically as there are many issues with the add-ons section. This PR is for about:config specifically. I could add it in but I am generally against big PRs.

dngray commented

2020-03-08 15:02:40 +00:00

(Migrated from github.com)

IMO this should be done in a different PR addressing #1328 specifically as there are many issues with the add-ons section.

Ah yes, I agree.

> IMO this should be done in a different PR addressing #1328 specifically as there are many issues with the add-ons section. Ah yes, I agree.

Mikaela (Migrated from github.com) reviewed 2020-03-10 09:06:14 +00:00

_includes/sections/browser-tweaks.html

Mikaela (Migrated from github.com) commented

2020-03-10 09:06:13 +00:00

  <dd>They have moved to <a href="/providers/dns/#dns">our DNS page</a>.</dd>

The link has changed

```suggestion <dd>They have moved to <a href="/providers/dns/#dns">our DNS page</a>.</dd> ``` The link has changed

blacklight447 (Migrated from github.com) reviewed 2020-03-10 16:05:39 +00:00

blacklight447 (Migrated from github.com) left a comment

It looks good to me. if @Thorin-Oakenpants could give it a quick overlook aswell, that would be great.

blacklight447 (Migrated from github.com) reviewed 2020-03-10 16:06:47 +00:00

Thorin-Oakenpants commented

2020-03-10 16:24:39 +00:00

(Migrated from github.com)

change the order so 1) its alphabetical, 2) true vs false logic is split

 <ul>
    <li>network.dns.disablePrefetch = true</li>
    <li>network.dns.disablePrefetchFromHTTPS = true</li>
    <li>network.predictor.enabled = false</li>
    <li>network.predictor.enable-prefetch = false</li>
    <li>network.prefetch-next = false</li>
  </dd>

change the order so 1) its alphabetical, 2) true vs false logic is split ``` <ul> <li>network.dns.disablePrefetch = true</li> <li>network.dns.disablePrefetchFromHTTPS = true</li> <li>network.predictor.enabled = false</li> <li>network.predictor.enable-prefetch = false</li> <li>network.prefetch-next = false</li> </dd> ```

Zenithium commented

2020-03-10 16:32:06 +00:00

(Migrated from github.com)

I guess if the only problem was the ordering then everything else is fine 😄 I just put them in haphazardly because you said so in the issue

just plonk it anywhere, we'll deal with the order/sectioning later

I guess if the only problem was the ordering then everything else is fine :smile: I just put them in haphazardly because you said so in the issue > just plonk it anywhere, we'll deal with the order/sectioning later

Thorin-Oakenpants commented

2020-03-10 16:33:29 +00:00

(Migrated from github.com)

I guess the SB binary description is OK (it's ambiguous IMO, but not sure if I could do better: it's still ambiguous without going into more detail), but that's what part 4 is for

Part 4 : Sectionize
...

at the same time we fixup descriptions and explain the breakage or why there are dragons

The rest looks fine - it'll all get revisited anyway

I guess the SB binary description is OK (it's ambiguous IMO, but not sure if I could do better: it's still ambiguous without going into more detail), but that's what part 4 is for >**Part 4** : Sectionize > ... > * at the same time we fixup descriptions and explain the breakage or why there are dragons The rest looks fine - it'll all get revisited anyway

Thorin-Oakenpants commented

2020-03-10 16:35:07 +00:00

(Migrated from github.com)

just plonk it anywhere, we'll deal with the order/sectioning later

That's the ordering of the "items" - a clump of prefs like what you did is one item. I was talking about the ordering within your clump :)

> just plonk it anywhere, we'll deal with the order/sectioning later That's the ordering of the "items" - a clump of prefs like what you did is one item. I was talking about the ordering within your clump :)

👍 1

Zenithium commented

2020-03-10 16:59:10 +00:00

(Migrated from github.com)

Btw @Thorin-Oakenpants while I was writing this commit I remembered that privacy.trackingprotection.enabled enables DNT and this option is also enabled in ghacks-user.js. I was curious what your thought process was on this since AFAIK most sites don't respect DNT and it can even be used to fingerprint

Thorin-Oakenpants commented

2020-03-10 17:21:36 +00:00

(Migrated from github.com)

the mozilla guys (the ones I spoke with in person, who run ETP etc) would like to get rid of it, the tor guys (the ones I spoke with in person) hate it - everyone agrees it's a failed experiment - but it's tied to a number of things in FF, such as ETP, PB mode, and privileged domains - so it's not trivial to remove, and it's low priority - basically no one cares (and that's how I feel about it as well)

AFAIC everyone is already highly fingerprintable: you control 90% of FPing by controlling third parties and scripts. Yes, I know DNT is also an http header - but if they don't detect you're in PB mode, you look like all those who use PB mode (I read a study somewhere that 1/3rd of FF users use a PB window: i.e use, not use exclusively). So I think the numbers are fine.

Furthermore (not sure what the hold up is: there's a bugzilla somewhere), but ETP was/is going to flipped on in normal windows: currently on Nightly 76 it still says TP only for private windows. Anyway, when that happens, everyone will end up the same re DNT. Meanwhile: people also turn on TP in all windows (like you recommend) - but IDK if that makes a significant difference.

Mozilla also respects DNT on AMO etc for those who don't want to ~~fuck~~ mess with privileged domains etc. And lastly, it might even help, what with all the privacy issues in Europe and the GDR...forgot the acronym

tl;dr: it can't hurt tracking wise, it probably doesn't hurt FPing wise

the mozilla guys (the ones I spoke with in person, who run ETP etc) would like to get rid of it, the tor guys (the ones I spoke with in person) hate it - everyone agrees it's a failed experiment - but it's tied to a number of things in FF, such as ETP, PB mode, and privileged domains - so it's not trivial to remove, and it's low priority - basically no one cares (and that's how I feel about it as well) AFAIC everyone is already highly fingerprintable: you control 90% of FPing by controlling third parties and scripts. Yes, I know DNT is also an http header - but if they don't detect you're in PB mode, you look like all those who use PB mode (I read a study somewhere that 1/3rd of FF users use a PB window: i.e use, not use exclusively). So I think the numbers are fine. Furthermore (not sure what the hold up is: there's a bugzilla somewhere), but ETP was/is going to flipped on in normal windows: currently on Nightly 76 it still says TP only for private windows. Anyway, when that happens, everyone will end up the same re DNT. Meanwhile: people also turn on TP in all windows (like you recommend) - but IDK if that makes a significant difference. Mozilla also respects DNT on AMO etc for those who don't want to ~~fuck~~ mess with privileged domains etc. And lastly, it might even help, what with all the privacy issues in Europe and the GDR...forgot the acronym tl;dr: it can't hurt tracking wise, it probably doesn't hurt FPing wise

Zenithium commented

2020-03-10 18:00:19 +00:00

(Migrated from github.com)

Cool, good to know. Yeah the issue in OP was specifically about tracking on privileged pages since WebExtensions are disabled there and I think that TP is just the easiest way to fix that since DNT is respected on those. The other way would be setting extensions.webextensions.restrictedDomains and privacy.resistFingerprinting.block_mozAddonManager but I think the former is more elegant and doesn't expose privileged pages to all addons and throw warnings anytime extensions are installed...

Cool, good to know. Yeah the issue in OP was specifically about tracking on privileged pages since WebExtensions are disabled there and I think that TP is just the easiest way to fix that since DNT is respected on those. The other way would be setting `extensions.webextensions.restrictedDomains` and `privacy.resistFingerprinting.block_mozAddonManager` but I think the former is more elegant and doesn't expose privileged pages to all addons and throw warnings anytime extensions are installed...

Thorin-Oakenpants commented

2020-03-10 18:06:58 +00:00

(Migrated from github.com)

Yeah the issue in OP...

I stayed away. I'm done with explaining and justifying everything to everyone. But the proposal is just plain wrong. Something like that is a security loss vs a perceived privacy gain. It shouldn't be mentioned anywhere near the level of PTIO readers

Edit: For the record: if it's not an active (i.e not commented out) pref in the ghacks user.js - then it definitely shouldn't be mentioned at PTIO. extensions.webextensions.restrictedDomains is inactive for a reason: it opens up security risks. Security always trumps privacy.

> Yeah the issue in OP... I stayed away. I'm done with explaining and justifying everything to everyone. But the proposal is just plain wrong. Something like that is a security loss vs a perceived privacy gain. It shouldn't be mentioned anywhere near the level of PTIO readers Edit: For the record: if it's not an active (i.e not commented out) pref in the ghacks user.js - then it definitely shouldn't be mentioned at PTIO. `extensions.webextensions.restrictedDomains` is inactive for a reason: it opens up security risks. Security always trumps privacy.

👍 3

Mikaela (Migrated from github.com) approved these changes 2020-03-11 10:25:13 +00:00

dngray (Migrated from github.com) approved these changes 2020-03-11 12:19:06 +00:00

Mikaela commented

2020-03-11 12:35:53 +00:00

(Migrated from github.com)

Thank you @zenithium for the PR and @Thorin-Oakenpants for the review 💜

Thank you @zenithium for the PR and @Thorin-Oakenpants for the review :purple_heart:

This repo is archived. You cannot comment on pull requests.

No reviewers

blacklight447

Mikaela