The great browser section cleanup #2081
No reviewers
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2081
Loading…
Reference in New Issue
No description provided.
Delete Branch "pr-browser_cleanup_1257_1328_1430"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
Resolves: https://github.com/privacytools/privacytools.io/issues/1326
Resolves: https://github.com/privacytools/privacytools.io/pull/1931
Resolves: https://github.com/privacytools/privacytools.io/pull/2005
Resolves: https://github.com/privacytools/privacytools.io/issues/1430
Resolves: https://github.com/privacytools/privacytools.io/issues/1313
Resolves: https://github.com/privacytools/privacytools.io/issues/1704
Resolves: https://github.com/privacytools/privacytools.io/issues/1328
Resolves: https://github.com/privacytools/privacytools.io/issues/2117
Resolves: https://github.com/privacytools/privacytools.io/issues/1292
Resolves: https://github.com/privacytools/privacytools.io/issues/2169
Check List
I understand that by not opening an issue about a software/service/similar addition/removal, this pull request will be closed without merging.
I have read and understand the contributing guidelines.
The project is Free Libre and/or Open Source Software
Still not sure if outright removing Decentraleyes is the correct way to go. It may not help if people enable FPI, but if they don't then decentraleyes will atleast give you partial protection.
Not really no. The reason we would suggest removing it is because it doesn't actually work as the resources are horribly out of date.
@Thorin-Oakenpants does describe https://github.com/privacytools/privacytools.io/issues/1430#issuecomment-704335991 why FPI is really the only way to achieve these addons set out to do.
That being said, when LocalCDN is available for Fenix, we could revisit this. According to the author it works in a different mode of operation where:
This would be infinitely more useful than Decentraleyes, even if your use case is simply to save bandwidth.
I think like other things, we really should be suggesting people do things that don't actually work. I have been using
privacy.firstparty.isolate
and have to say I haven't found anything broken yet. The only one there that is really meaningful is third party logins, and nobody really should be using social sso logins anyway as those are terrible for privacy. Yay for advertisers when you group all your activities to a particular Facebook/Google account.I've decided with we will do separately https://github.com/privacytools/privacytools.io/issues/1257
I've decided to tackle https://github.com/privacytools/privacytools.io/issues/1257 in it's own PR, not this one.
@dngray
I imagine you already have this covered.
It's worth adding that when it comes to anti fingerprinting.
It's better to spoof trackers than block as a fingerprint can still be made of you if you block.
That's way too generalized, and makes no sense. I can't even tell what you mean
If you mean it's better to spoof to trackers than to block trackers: I disagree. Blocking the source of the FPing is the first step of many (but ultimately a game of whack a mole). Actual fingerprinting countermeasures are for when something gets through
If you mean disabling an API vs dealing with it, then the only reason to do that would be because there isn't a solution. For example, Tor Browser disable the web audio API. The entropy comes from floating points and the math libraries play a role. Since legitimate web audio API use is pretty much non-existant, then it's easier for RFP/Tor Uplift/TB to de-prioritize it and kick it upstream to the standards body. Meanwhile, all TB users are still exactly the same on that web audio metric: so it's effectively the same as if they were spoofing as far as entropy goes
It really depends on the metric. Generally speaking, you want anti-fingerprinting to cause as little breakage or side-effects as possible: but if there's no solution, it's better to disable the API and everyone will be the same, than allow the entropy to leveraged. Note: we're talking about sets of users: you cannot hide your engine, you cannot hide that you are FF vs TB, you cannot hide if you have RFP on or not, etc.
/end of rambling
Should CDNs be un-nooped in uBO once I uninstall Decentraleyes, if FPI is on?
If you're using advanced mode/umatrix/noscript in advanced/hard mode the noop rules were so that they could be served locally.
If you're still using those addons in that way you'd need to allow them. Noop just disables dynamic filtering (filter lists), for those CDNs.
@dngray why would I want to allow them? I still want to use the default blocking lists on everything, including CDNs (especially CDNs). Right now they're nooped globally (as per the Decentraleyes requirement that you linked).
I'm asking if I should un-noop them globally and start nooping on a per-page basis like I do with the other domains. That'd be kinda frustrating, since so many sites use them. But if I keep them nooped globally, would that be worse privacy-wise than doing the same (global noop) but with Decentraleyes installed?
As far as I can tell, the following recommendations are already the default values:
browser.send_pings
= falsenetwork.dns.disablePrefetchFromHTTPS
= truenetwork.predictor.enable-prefetch
= falseSo, I think they can be removed for the sake of brevity, right?
Firefox 86 has introduced a concept called "Total Cookie Protection" for both desktop and Android. The Temporary Containers add-on is now probably unnecessary. If this is true, then we can remove that section.
Further, they are introducing dynamic first-party isolation if Enhanced Tracking Protection is set to "strict". So
privacy.firstparty.isolate
can also be removed, as the new feature provides the same protection while having exceptions for certain third party login systems."Total Cookie Protection" is dFPI.
FTR: AFAIK only if
privacy.partition.network_state=true
(default for FF 85+).ETP=strict is not the default. If FPI will be removed, it must also be recommended to set this to strict, otherwise it's much lower protection.
It's still "necessary" (whatevery this means), because it provides automatic clean within a session. dFPI only isolates different sites, while TC can also isolate the same site. Assuming that the automatic mode is used.
Does Cookie AutoDelete cover the same cleaning that Temporary Containers does? It allows automatically removing cookies, LocalStorage, cache, IndexedDB, plugin data and service workers.
https://github.com/stoically/temporary-containers/wiki/Comparison#cookies-autodelete
New Firefox 87 update has introduced a new default HTTP Referrer policy and SmartBlock.
@dngray and all this fork of decentraleyes seems to be getting very frequent updates has anyone looked into it?
https://codeberg.org/nobody/LocalCDN
Firefox recently introduce site isolation, it seem's to me that it would be a good addition to this PR
There are so many merge requests that aren't in the preview page, that I can't keep up with all of them.
There are some points I want to add:
Maybe we should let people set Firefox's protection to strict, and then tweak the about:config settings, that are still not tweaked. (People love to work with guis).
uBO: we should tell users that the default settings are okay. However, the recommended mode is the medium mode (sugessted by Raymond Hill). I personally lernt how to use it perfectly from a youtube video from (The Hated One) and I highly recommend to put a link for it. There's also a trick to activate that "green option", which is in my eyes important when using the medium mode. Some websites will break and you can't fix them without it.
Why use an addon (xbrowsersync) to increase the attack surface and cpu usage, when you can make a firefox account to synchronize between devices? Firefox already uses e2ee and you can set a 2FA for your account. If you really want to use it, this addon should be not under the "recommended Addon" section, but rather "Additional functionality"
On Windows, we should advice people, who saves their passwords in their browser (most people will do, believe me) to use a master password. Even if the device got comprissed or someone had physical access to the device, they can't access the passwords.
We should also state that Containers Addons won't isolate sites from each other better than FPI. But it will let people isolate their profiles/Accounts on the same websites from each other. (This gets asked really really alot on reddit and it has to stop)
uMatrix shouldn't be recommended anymore
Is Canvas Blocker necessary? I tested my canvas signature and I get a different one with a new window. It's probably due to (privacy.resistfingerprinting). We don't need to make that section any more complicated and make firefox buggier with all these addons.
We should write some possible "side effects" of the about:config tweaks, so that people already know what problems they will have and can easily fix them. We're working on it here:
https://github.com/privacytools/privacytools.io/issues/2347
Someone should get started on this, it has taken a really long time.
Agree with 4-9 but:
I think doing nothing (i.e. how it is now, just double-click a script that transfers the user.js) is preferable to working with a GUI. Besides, if they're already working with about:config, why overcomplicate it by introducing a new thing?
Unless you can link those websites you're referring to (and they're actually broken until you allow a domain), that kinda tells me you haven't learned how to use it perfectly.
https://github.com/gorhill/ublock/wiki/Overview-of-uBlock's-network-filtering-engine
Do you think gorhill would remove the option in the first place, if it were a good one?
Because it's always better to be platform-agnostic and work with your data yourself when it comes to privacy (and convenience in this case, as you're not locked into Firefox). Not to mention, if you care at all about privacy, it's a bad idea to sign into a Firefox account.. in Firefox. Don't do it. Also, CPU usage? lol
Copied from another comment:
ClearURLs isn't availabe on android, but uBO is. We probably need some more testing, but uBO can now replace ClearURLs with an Adguard List (both on mobile and desktop). And if it's done correctly then again: less cpu usage + less attack surface.
https://www.reddit.com/r/privacytoolsIO/comments/ooie4u/psa_ublock_origin_added_two_new_stock_filter/
Because as I said, people will think it's advanced tweaks and can only done with you agree to "accept the risk of modifing these values". Doing it on in the gui takes even less time.
And PTIO isn't interessted in coping some user.js, they like to do their own thing.
I apologzie on this one. After playing a little with the green button, it didn't offer me any help. I was screwing up my uBO setup with other ways, that the grey buttion didn't seem to work on some websites.
If it's e2ee encrypted, I would rather trust Mozilla rather then that addon. An Account lets you sync your passwords too (when you're using Firefox Clockwise, which a lot of people will already do. I'm not going to discuss what it offers when comparing to Bitwarden and its addon).
And yeah, you won't be locked into firefox, but that's the recommended browser lol. If if the user wants to use something else, well that's why there's a section called "Additional functionality" instead of making the illusion that using this addon will make you "more private".
In this PR, the plan is to move away from specifying any
about:config
defaults, and go over to providing screenshots with UI facing options, which is necessary for Google Play versions of Firefox anyway. Advanced users should be directed towards https://github.com/arkenfox/user.jsWe should make that part of this PR.
@dngray please consider Mull Browser (https://github.com/privacytools/privacytools.io/issues/2248) it comes with all right settings out of the box. I think this is a lot easier for the general user.
Another question, does anybody know if uBO also prevents ETag tracking? This currently is also a reason for listing ClearURLs.
It don't. The work etag does not even appear in it's codebase.
Who cares? It's isolated.
Do you block all cookies? And disable TLS Session tickets?
@rusty-snake if
privacy.firstparty.isolate
is on I believe you are right. But generally on mobile this won't be the case for most users as afaik this is not enabled by default. As @dngray also said about:config manually isn't very accessible to the average user. It might actually discourage people from doing so. Privacy should be easy and for everyone, also to make it more effective.Is that a good decision tho?
Some tweaks can't be achieved using the UI, such as "privacy.resistFingerprinting = true" being the most important one to resist fingerprinting, and "beacon.enabled = false" and others.
I also wanted to link a discussion from firefox's github about FPI, dFPI (= Total Cookie Protection) and all these terms. To summarize it, dFPI is their way to implement FPI in a more web compatible way. We can enable dFPI just by setting ETP in the UI to strict (which is also availabe for Firefox on android).
https://github.com/mozilla/multi-account-containers/issues/1974
So "privacy.firstparty.isolate" is no longer needed, and as I understood from others, this will also isolate ETags. So ETag Stoppa and its replacment ClearURLs are also no longer needed I suppose.
@ph00lt0 Here's your reading: https://blog.mozilla.org/security/2021/01/26/supercookie-protections/
INANE for firefox under android, but I have no hint that this isn't the case for android.
@youdontneedtoknow22
Not some user.js. Your own user.js.
Not really. You have to dig through settings and look for the right buttons and checkmarks and stuff.
That's a bad mindset. You should always trust local (an open source addon) vs cloud (Mozilla).
Recommended where? On Windows? Mac? iOS? That's why I said platform-agnostic. For example, you probably shouldn't be using Firefox on Android. And you definitely shouldn't be using it on iOS. What are you gonna do about your bookmarks there? Not to mention, some platforms don't even have Firefox.
ph00lt0 said
This is a complete parroting of what you said about Librewolf. I get that you're keen, but stop pushing obscure browsers and provide facts, not opinions - in the appropriate issue, not here. Why are these are all the right settings? How do you know? Where are your references and proof? What are your credentials/experience in all of this (optional but lends credence)? You also suggested a problematic extension Privacy Possum as an alternative, and one that has been abandoned for 3 years, for a problem that does not exist. And you keep making incorrect statements about a number of Firefox developments.
Instead of personally blocking me because you don't like my factual answers, you should read what I'm telling you. Blocking someone doesn't suddenly make your points correct
Are you not able to check uBO yourself? And, no, etags are not currently a reason for listing ClearURLs. Etags are not even an issue. Neither is it the history API setting (this is a myth), nor the hyperlink auditing (you can use a pref). It is because it "clears" urls of tracking parameters. Side note: if uBO's new filters cover this, then ClearURLs could be probably be dropped IMO - needs a discussion, analysis elsewhere
rusty-snake: "ETag tracking" Who cares? It's isolated. Do you block all cookies? And disable TLS Session tickets?
ph00lt0: if
privacy.firstparty.isolate
is on I believe you are right. But generally on mobile this won't be the caseme right now: to add to rusty's comment "do you change your IP"?
It was already pointed out that etags are not an issue since FF85. More reading, less talking. Here is a link to what network partitioning covers. This is enabled by default for all users, all platforms
If you still think etags are an issue, then please explain why, so I can explain why it isn't.
So I did some digging how does the new list from Adguard compare to ClearURLs. I believe the new list from adguard has a long way a head of it before it catches the list form ClearURLs (unless they copy their work, which makes more sense IMO). Also some people on Reddit pointed out that the list from adguard didn't remove the parameters from sites like bing (do they even have referrral parameters?) and some parameters from amazon.
Here's the post: https://www.reddit.com/r/uBlockOrigin/comments/oothk8/psa_ublock_origin_added_two_new_stock_filter/
And here's the list for ClearURLs: https://gitlab.com/anti-tracking/ClearURLs/rules/-/raw/master/data.min.json
And here's the list from Adguard: https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt
You can compare the parameters for each site. I compared 2 or 3 (including amazon), and CleanURLs seems to have more parameters.
Also Bing isn't mentioned in the Adguard List (and its parameters aren't in the general parameter list in the beginning of their list) and lots and lots of other websites, like aliexpress for example.
Everything I said could be wrong and I may didn't understand the whole concept of their lists, so feel free to correct me (while still being polite, I'm trying to learn for myself and to protect my privacy and benefit others from this, just like most people who are spending their free time discussing such topics here)