Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cleanup continued: 5000s: optional opsec #1239

Closed
Thorin-Oakenpants opened this issue Aug 23, 2021 · 3 comments
Closed

cleanup continued: 5000s: optional opsec #1239

Thorin-Oakenpants opened this issue Aug 23, 2021 · 3 comments
Labels
enhancement

Comments

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Aug 23, 2021
edited
Loading

after #1235

               TOT ACTIVE INACTIVE EFFECT
v60  MAY-2018  425   328      97    316
v66                                     <- 139kb / 2297 lines: peak
v68  JUL-2019  339   245      94    227 <- 109kb / 1776 lines: last major cleanup
v78  JUN-2020  330   229      99    214
v90  JUL-2021  322   207     115    188 <- 107kb / 1725 lines
v91                                     <- next major cleanup

at the time of writing (updated)

v90
- 106.9 KB
- 1725 lines
- end of section 4500: line 1497
- items with [WARNING]: 23

v91-alpha
- 89.3 KB
- 1469 lines
- end of section 4500: line 1108
- items with [WARNING]: 5

savings
- 16.5% - size: 17.6 KB
- 14.8% - lines: 256
- 26.0% - end of section 4500: 389 lines less
- 78.3% - items with [WARNING]: 18 less
-  0.0% - no parrots were sacrificed

ALL HAIL PANTS

There is still some descriptions, section headers etc that can be simplified, reduced. This is about moving items into 5000s

  • except for one item they are all about state (touching the disk, or memory), or eyeballs, AFAICT. Most people won't care about this, and they were all inactive (except windows jumplists). Will post my initial list next comment

Obvious benefits

  • makes the active prefs and applied sections, troubleshooting etc smaller
  • clumps a large chunk of [SETUP items into a single group, with no warnings: do as you like
Thorin-Oakenpants added a commit that referenced this issue Aug 24, 2021
@Thorin-Oakenpants
cleanup continued, #1239
7144f8b 
More minor tweaks to come. This isn't final
- 0102: ambiguous that the clearing was related to PB mode
- 0900s:
   - get rid of 0901, it has no pref, stick link in header
   - 0905: values on multi-lines use spaces = more readable
- 1000s:
   - rename as disk avoidance and remove sub-section headers
   - remove the outdated section header
- 4001: it will never be perfected, it's doing it's job
- 5500s: optional hardening
   - legit security measures, but commonality in caveats, so I made them a separate section
   - this flips graphite, asm.js and wasm from active to inactive: these are overkill: exhibit A: hundreds of millions of Firefox users
   - e.g. graphite and wasm are enabled on Tor Browser
   - new CVE keyword links
- 7000s: don't bother - two more items added
- 5000s: optional opsec and cleanout 0800s header
- re-number
   - 0900s, 1000s, 1400s, 2400s

PS: I need a new parrot: "9000 syntax error: I ran out of parrots"
@Thorin-Oakenpants
Copy link
Contributor Author

Excluding descriptions and musical chairs etc ... five pref changes so far (I didn't do a diff)

  • graphite, asm.js, wasm, http alt services, and windows jumplists are all now inactive

FYI:

  • the HTTP alt services is likely to break things soon and I don't fully agree with the threat. Besides, we can't control CDNs, or required 3rd parties, or HTTP2 or HTTP3 really, etc .. disabling APIs is not the answer
  • the windows jumplists was so all items in 5000s are optional: i.,e default inactive
  • the others, in 5500s optional hardening: are explained in the commit - 7144f8b

If you disagree, or want more info, speak up

@icpantsparti
Copy link
Contributor

If anyone needs to see the user_pref difference... this link generates a table comparing two user.js files (fetched direct from the arkenfox github).

compare user_pref: master + version 90.0

https://icpantsparti.github.io/firefox-user.js-tool/userjs-tool.html?box=a&action=compare:1:4&load1=%68ttps://raw.githubusercontent.com/arkenfox/user.js/master/user.js&load4=%68ttps://raw.githubusercontent.com/arkenfox/user.js/90.0/user.js

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Aug 25, 2021
edited
Loading

quick summary so far

removed: [i] = inactive

[i] alerts.showFavicons
    dom.allow_cut_cop
[i] dom.battery.enabled
[i] dom.storage.enabled
    dom.vibrator.enabled
    general.warnOnAboutConfig
[i] gfx.direct2d.disabled
[i] layers.acceleration.disabled
[i] media.media-capabilities.enabled

changed to active

    network.http.referer.spoofSource // enforcing default

changed to inactive

    browser.taskbar.lists.enabled // <-- optional device/disk hardening
    browser.taskbar.lists.frequent.enabled
    browser.taskbar.lists.recent.enabled
    browser.taskbar.lists.tasks.enabled

    gfx.font_rendering.graphite.enabled // <-- overkill
    javascript.options.asmjs
    javascript.options.wasm

    network.http.altsvc.enabled // <-- overkill, perf, will probably start to break things like RR
    network.http.altsvc.oe

    privacy.donottrackheader.enabled // not needed with ETP
    ui.prefersReducedMotion // not a privacy issue
    webgl.disable-fail-if-major-performance-caveat // not needed with webgl disabled
    webgl.enable-webgl2 // not needed with webgl disabled

Honestly, you won't even notice anything .. except less breakage, and probably perf - apparently asm makes a noticeable difference, especially to people who went from enabled->disabled

Personally, I added prefersReducedMotion and jumplists to my overrides

closing, any other edits are going to be cosmetic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Thorin-Oakenpants @icpantsparti