Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

changelog v126 [important: read upcoming changes for FF128] #1846

Closed
Thorin-Oakenpants opened this issue Jun 6, 2024 · 59 comments
Closed

changelog v126 [important: read upcoming changes for FF128] #1846

Thorin-Oakenpants opened this issue Jun 6, 2024 · 59 comments

Comments

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Jun 6, 2024

🟩 v126

FF126 release notes
FF126 for developers
FF126 security advisories


NOTE

⚠️ there is a migration of prefs coming in FF128 for sanitizing (on close and manually), including new ones,

so make sure to add any new corresponding sanitizing prefs to your overrides if required before 128

⚠️ in FF128 I will also move arkenfox to using FPP not RFP see #1804

if you want to continue to use RFP (4501) and/or LB (4504) and/or disable webgl (4520) then you might as well add them to your overrides as well, so I don't change them on you without warning.

see this comment below for my overrides


CHANGELOG


user_pref("browser.contentanalysis.default_allow", false); // [FF124+] [DEFAULT: false]
user_pref("browser.urlbar.yelp.featureGate", false); // [FF124+] [DEFAULT: false]
user_pref("privacy.spoof_english", 1);
  • new and inactive in user.js 126
   // user_pref("browser.link.force_default_user_context_id_for_external_opens", true);
   // user_pref("browser.urlbar.quicksuggest.enabled", false); // [FF92+] [DEFAULT: false]
   // user_pref("privacy.fingerprintingProtection.remoteOverrides.enabled", false); // [FF127+]
   // user_pref("privacy.globalprivacycontrol.enabled", true);
  • new in user.js 126, required for 128
    • see track sanitizing migration slated for FF127/8 #1837
    • clearSiteData FF128+ = Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data
    • privacy.cpd old prefs migrate to clearHistory
    • privacy.clearOnShutdown migrates to clearOnShutdown_v2
    • migration (the prefs are reduced) is documented at here
    • I have kept the same values as before, so all you need to do is update your overrides to suit
user_pref("privacy.clearHistory.cache", true);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
user_pref("privacy.clearHistory.cookiesAndStorage", false);
   // user_pref("privacy.clearHistory.siteSettings", false);

user_pref("privacy.clearOnShutdown_v2.cache", true);  // [FF128+] [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true]
   // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false]
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+]

user_pref("privacy.clearSiteData.cache", true);
user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
   // user_pref("privacy.clearSiteData.siteSettings", false);
  • made inactive in user.js 126
    • they are default false
   // user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false]
   // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false]
  • moved to 9999: DEPRECATED / REMOVED
user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // deprecated FF126
user_pref("browser.ping-centre.telemetry", false); // deprecated FF123

STATS

 STATS v126: up to and including section 4500, minus the parrots
 =========
    total: 192
 inactive:  50
      n/a    9 (FF128+: clearHistory, clearOnShutdown_v2, clearSiteData prefs)
           ---
   active: 133
  default:  23 (at least)
      n/a:   2 (of the three prefs in 0204, only one will apply)
           ---
  flipped: 108 (at most)
@Thorin-Oakenpants
Copy link
Contributor Author

allhail-AF

@Thorin-Oakenpants
Copy link
Contributor Author

all up, very boring .. only 1 new active pref (spoof english) which if anyone is already using it, it should be in their overrides.

Everything else is upcoming (FF128 sanitizing migration), or commented out since it's at default-what-we-want (or for prefsCleaner), or deprecated

Enjoy the stability of arkenfox :)

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jun 7, 2024

10fddc8

my overrides for FF128 - add em now if you want to continue with RFP in FF128+

user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.letterboxing", true); // optional
user_pref("webgl.disabled", true); // optional
user_pref("privacy.spoof_english", 2); // optional
   // ^ I have en-US app lang and a non-matching en-** OS
  //  so my locale without spoof_english is the same as OS which is not desirable

FYI: re spoof english and en-US on english but not en-US OSes

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1739712#c5
  • Soo, we devised this slightly sophisticated system where if the language portion of your OS locale matches langauge portion of Firefox locale (for example "en-US" and "en-GB"), then we will use the region portfion of your OS locale in Firefox.

  • edit: this happened when they ripped out the javascript.use_us_english_locale pref in FF119 1846224

@c3d1c06c-bf26-477e-b0eb-c50ef4477ba6

When switching to FPP should privacy.window.maxInner* be disabled, too?

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jun 7, 2024

no, newwin (max sizes) is only used when RFP is enabled

edit: letterboxing is the one that is not tied to RFP

@Thorin-Oakenpants
Copy link
Contributor Author

I'll add some info to #1804 tomorrow hopefully and unlock the topic and everyone can go have a good yarn and discuss it to death :) I of course will unsubscribe having said my bit :) e.g. why I plan to keep using RFP

@Tiagoquix
Copy link
Contributor

Tiagoquix commented Jun 7, 2024

About privacy.spoof_english 1, if I:

  • don't use RFP;
  • have set intl.accept_languages to en-US, en;
  • don't have the deprecated preferences anymore;
  • am on the latest Firefox version;
  • use the language EN-US for the app itself;
  • and have intl.regional_prefs.use_os_locales set to true (regional pref. from OS is different from en-US);

am I good?

@eleius
Copy link
Contributor

eleius commented Jun 7, 2024

Noob question: I couldn't find browser.search.serpEventTelemetryCategorization.enabled in the new user.js, should I disable it (as suggested here) or is there a master switch somewhere already?

@rusty-snake
Copy link
Contributor

#1840 ?

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jun 7, 2024

@Tiagoquix IDK - languages is just languages - i.e request page in x,y,z ... and the app language can be different if you want

So you have en-US interface, en-US,en languages - that's all groovey (app language is used by webcontent for a lot of things, e.g. look and feel for widgets: buttons, input fields, etc - which to me is backwards but probably a legacy thing: they should eventually make all chrome use app lang, and all web content use web-request lang, but that also has issues)

Anyway, so what really matters here is the locale - all the Intl....resolvedOptions. If you have en-US language/app-lang and your os is en-US you're cool, but if your os is en-CA or en-GB then it uses that for locale. Same goes for the locales for spanish, french, german etc. But if you have en-US and your os is es-ES then it will use en-US (or so I believe, I do not have a non-english OS handy)

And that's before you start using spoof_english, which only allows spoofing for a single language, not all (because of all the places the app language leaks or is used in web content)

And resetting spoof english also has issues and I think bad design - it does not reset things which actually caused a major regression in Tor Browser where users could mix and match languages and locales - e.g. german language and english locale - relaly bad.

All I can say is test it: https://arkenfox.github.io/TZP/tzp.html#region

@Tiagoquix
Copy link
Contributor

Thanks for the info and the testing site! Really helpful.


@Thorin-Oakenpants Out of context: could you consider releasing arkenfox v126.1 to fix the semi-colons? I think they're important fixes.

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jun 7, 2024

I already updated the live user.js with the active missing ; - updater will pick up on this. The other is commented out and non-breaking IMO, and is a FF127+ pref recommended not to use (but I get that this is about the syntax part)

What am I missing here? Do I really need to a 126.1 release?

edit: ok, users may not run updater unless they see a new release version, because let's face it, it's manual

@Tiagoquix
Copy link
Contributor

edit: ok, users may not run updater unless they see a new release version, because let's face it, it's manual

exactly that!

@Thorin-Oakenpants
Copy link
Contributor Author

126.0...126.1

@g-2-s
Copy link

g-2-s commented Jun 8, 2024

You're good people, Thorin-Oakenpants.

@Thorin-Oakenpants Thorin-Oakenpants changed the title changelog v126 changelog v126 [important: read upcoming changes for FF128] Jun 8, 2024
@Thorin-Oakenpants Thorin-Oakenpants pinned this issue Jun 8, 2024
@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jun 11, 2024

now at 31 spartas

31 spartas

last time I counted in sparta units cc: @bagder I will catch you :) edit: curl at 34.6k right now

@MagicalDrizzle
Copy link
Contributor

may I ask if the cpd migration to clearHistory already happened? because there are only the latter in user.js, as opposed to the v2 prefs where we have both until 128 rolls out

@Thorin-Oakenpants
Copy link
Contributor Author

because there are only the latter in user.js

they are both in the user.js - migration should not be happening until 128 AFAIK

user.js/user.js

Lines 691 to 710 in 47cbf5b

/** SANITIZE HISTORY: IGNORES "ALLOW" SITE EXCEPTIONS | clearHistory migration is FF128+ ***/
/* 2830: set manual "Clear History" items, also via Ctrl-Shift-Del [SETUP-CHROME]
* Firefox remembers your last choices. This will reset them when you start Firefox
* [NOTE] Regardless of what you set "downloads" to, as soon as the dialog
* for "Clear Recent History" is opened, it is synced to the same as "history"
* [SETTING] Privacy & Security>History>Custom Settings>Clear History ***/
user_pref("privacy.cpd.cache", true); // [DEFAULT: true]
user_pref("privacy.clearHistory.cache", true);
user_pref("privacy.cpd.formdata", true); // [DEFAULT: true]
user_pref("privacy.cpd.history", true); // [DEFAULT: true]
// user_pref("privacy.cpd.downloads", true); // not used, see note above
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
user_pref("privacy.cpd.cookies", false);
user_pref("privacy.cpd.sessions", true); // [DEFAULT: true]
user_pref("privacy.cpd.offlineApps", false); // [DEFAULT: false]
user_pref("privacy.clearHistory.cookiesAndStorage", false);
// user_pref("privacy.cpd.openWindows", false); // Session Restore
// user_pref("privacy.cpd.passwords", false);
// user_pref("privacy.cpd.siteSettings", false);
// user_pref("privacy.clearHistory.siteSettings", false);

@opusforlife2
Copy link

For choosing between FPP and RFP from 128 onwards, can we summarise RFP as "If it doesn't break anything (important) for you, you should use it."?

@Tiagoquix
Copy link
Contributor

For choosing between FPP and RFP from 128 onwards, can we summarise RFP as "If it doesn't break anything (important) for you, you should use it."?

There's a wiki page about RFP: https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D

After reading, the user can decide to have it enabled or not.

@opusforlife2
Copy link

RFP is on for every AF user by default. That's a privacy recommendation. The users choosing to disable it are the odd ones out, effectively saying "I don't care about what AF recommends, I'm okay with reduced privacy protection because I want XYZ to work".

From 128, RFP will be off by default, in favour of FPP. Does this mean AF is saying:

  1. "FPP is now recommended, don't bother with RFP.", similar to how FPI was deprecated in favour of the superior dFPI,
    or
  2. "AF is reducing privacy protection for all users by default. If you want to maintain the same level of privacy as before, keep RFP enabled."

?

All I care about is a one word answer to the question "Does AF still recommend RFP over FPP for more privacy protection, damn the breakages?". Yes or no?

#1804 doesn't provide an answer, and #1716 is far too long-winded and confusing to be able to spot one, if it is even there.

Right now, my tentative answer is yes, because "Thorin is still using it, so it must be good."

@Thorin-Oakenpants
Copy link
Contributor Author

#1846 (comment) - when I feel like it, I grew to hate writing about FPing due to incessant nature of idiots and having to repeat myself, to the point where it's a blocker

that said the answer is really simple - do what you like - if shit doesn't break (much) RFP is better and more robust. If you can't handle the breakage (or usability shit like FPS at 60 or timezone as iceland) then don't use it. Same as always. I'm just changing the DEFAULT in the TEMPLATE

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jun 12, 2024

without my support,. users can also use FPP (default) but kick in RFPTargets - so all RFP minus the bits that break (edit: but I'm not going to support that here, as in helping people with it, fuck that, I have enough to do)

@opusforlife2
Copy link

I'm just changing the DEFAULT in the TEMPLATE

I think this is a POV problem. You're underestimating the psychological impact such changes can have on users, because you're sitting on top of a hill with all the background knowledge and expertise on the issue.

What may be a simple "Eh, I'll just add a couple slashes to the RFP prefs." to you might be a "Holy shit AF just turned off RFP entirely what does this MEAN!?" for mere users.

if shit doesn't break (much) RFP is better and more robust

THANK YOU. The fact that you're still saying this, now that the decision to move to FPP by default is already made, is what mattered here.

runs away to order buckets of ice cream in celebration

@Tiagoquix
Copy link
Contributor

Thorin has a strong position on Arkenfox being just a template, and not a file-that-dicatates-your-usage. I like it. As long Thorin makes it very clear in the new release notes (possibly with a link to the RFP page on the wiki), I'm fine with it.

Big spoilers ahead!

have some ice cream, people!
image

@opusforlife2
Copy link

file-that-dicatates-your-usage

Dictation is different from recommendation. There are entire sections in the user.js labelled "don't touch" or "don't bother". Of course the user is free to mess around with every single pref, but AF defaults are defaults for a reason, and deviating from them isn't done lightly.

@Opening-Button-8988
Copy link

Opening-Button-8988 commented Jun 15, 2024

Just want to add my two cents. @Thorin-Oakenpants it looks like you spend quite a bit of time replying to people in issues, turning the issue tracker into basically a forum. It takes a long time to understand anything, because you assume so much prior knowledge. We're not all up to date on what's going on here. I really think you need to focus on the documentation, focus on summarising and keeping things simple (while retaining references to more complicated material) such that this project can be more accessible to a wider (but still technical) audience. I recommend also adding a Discussions page. People can read the documentation and get answers from other people telling them to read the docs again because it already contains everything necessary. This is what all developers should do, really.

Discussion doesn't belong in issue trackers, and when you don't have your own dedicated page for discussion you encourage it on other platforms, which leads to people taking information out of context and doesn't aid in comprehension.

Otherwise, love what you're doing, I respect your decisions regardless.

@hankertrix
Copy link

hankertrix commented Jul 13, 2024

#1080 (comment)

The override here needs to be updated with the migrated prefs for history, specifically:

user_pref("privacy.clearOnShutdown.history", false);

To:

user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);

@Thorin-Oakenpants
Copy link
Contributor Author

^DONE

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jul 15, 2024

#1846 (comment)

LMFAO .. once again, do not use entropy figures from fucking test sites, they are BULLSHIT

bollocks

So it's been less than a week or so since RFP in FF128+ took effect (and a bit longer in TB/MB stable). If I remember, I will revisit in a couple of months time, where I expect that number to drop significantly (not that it matters but it is hilarious)

So apparently 1 in 23 users are on Icelandic timezone. Whilst not all countries have equal internet access or usage, and population is not a perfect measure .. let's just examine how ludicrous this estimation is

back of the napkin math

  • the population of Iceland is 400k
  • all things being equal, if Iceland is 1/23rd this would make the world's population 9.2mn
    • the world's population is ~ 8.1 billion .. we'll call it 8 billion
    • that's off by a factor of 870 .. i.e 870 x 9.2mn = 8bn
  • lets say that only half the world has internet access but ALL of Iceland does, that's still skewed by a factor of 435

Edit: more math

  • 1/23rd of 8.something billion is 350mn give or take
  • Iceland is 0.4mn
  • so for this to even remotely accurate, RFP/TB/MB users would need to be around 350mn users give or take - we wish
    • or using half that since large chunks of the world are internet poor ... 175mn users (we'll take it if we could)

@Tiagoquix
Copy link
Contributor

@Thorin-Oakenpants wdym by that comment? is the new timezone useless and/or is the coveryourtracks site useless?

@Thorin-Oakenpants
Copy link
Contributor Author

I summarized it for you

once again, do not use entropy figures from fucking test sites, they are BULLSHIT

@Thorin-Oakenpants
Copy link
Contributor Author

out of interest I thought I would actually list the amiunique tests and how relevant they are for TB entropy wise. This "protection" rather than "entropy" applies to RFP and arkenfox as well except for

  • fonts: RFP uses a different mechanism but is just as tight on windows and mac, but linux is very hit and miss IIUIC (I need to check it since I last did a year ago now FPP is here), whereas TB bundles most or all fonts (desktop) and covers way more script support, and linux is super tight (no system fonts used, all bundled)
  • webGL: we disable it but TB allows some of it in standard but nixes readPixels. Both are not great options.

So the thing with TB/MB is that they are a crowd. And how you defeat FPing is to take metric by metric and make it useless (hide the real value and reduce to all the same or equivalency). We do not care about other browsers, or BS entropy figures, when we have math and science (and common sense) on our side

immediately 32% of metrics do not even apply and another 39% are ineffective (we know because we enforce a value, or we set defaults - we should harden some of them, and plan to) and another 10% are equivalency. The header items not included in this list below are equivalency of some JS items.

19/59 non-gecko/pointless
---
17 - Java enabled
18 - Device memory
43 - Accelerometer
44 - Gyroscope
45 - Proximity sensor
46 - Keyboard layout
47 - Battery
48 - Connection
49 - key
50 - Location bar
51 - Menu bar
52 - Personal bar
53 - Status bar
54 - Tool bar
55 - Result state
56 - List of fonts (Flash)
57 - Screen resolution (Flash)
58 - Language (Flash)
59 - Platform (Flash) 

23/59 all users the s/be the same (unless users add extensions/meddle with prefs)
---
3 - Cookies enabled
4 - Timezone
6 - Canvas
8 - Use of Adblock
9 - Do Not Track
10 - Navigator properties
11 - BuildID
12 - Product
13 - Product sub
14 - Vendor
15 - Vendor sub
16 - Hardware concurrency
19 - List of plugins
22 - Screen depth
23 - Screen available top
24 - Screen available Left
27 - Screen left
28 - Screen top
29 - Permissions
34 - Use of local storage
35 - Use of session storage
36 - Use of IndexedDB
42 - Media devices

6/59 equivalency of OS or language (or for audio x86/amd vs ARM when enabled, e.g. in MB14)
---
1 - User agent
2 - Platform
5 - Content language
38 - Audio context
39 - Frequency analyser
40 - Audio data

~~11~~ 4 things left
---
7 - List of fonts
   - desktop mostly mitigated by bundling and allowlisting
20-26 - Screen width height availableHeight availableWidth
   - all screen/inner largely mitigated with newwin & letterboxing
30-33 - WebGL Vendor Renderer Data Parameters
   - webgl needs work
37+41 - Audio/Video formats
   - formats needs work

tl;dr: TB is world leading and can deal with unsophisticated tests like amiunique

@dptpirate
Copy link

dptpirate commented Jul 17, 2024

Is there a bug in Firefox 128? I modified user-overrides.js with the new settings for 128 but every time I restart the browser, "Clear history when Firefox closes" is always checked again.

/*** MY OVERRIDES ***/
user_pref("_user.js.parrot", "overrides section syntax error");

/* override recipe: enable session restore ***/
user_pref("browser.startup.page", 1);
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtabpage.enabled", true);
user_pref("browser.pagethumbnails.capturing_disabled", false);
user_pref("browser.privatebrowsing.autostart", false);
user_pref("places.history.enabled", true);
user_pref("browser.sessionstore.privacy_level", 0);
//user_pref("privacy.cpd.history", false);
//user_pref("privacy.cpd.cookies", false);
//user_pref("privacy.cpd.formdata", false);
user_pref("privacy.clearHistory.cache", false);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", false);
user_pref("privacy.clearOnShutdown.cache", false);
user_pref("privacy.clearOnShutdown.history", false);
user_pref("privacy.clearOnShutdown.sessions", false);
user_pref("privacy.clearOnShutdown_v2.cache", false);
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", false);
user_pref("privacy.clearSiteData.cache", false);
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
user_pref("network.dns.blockDotOnion", false);
user_pref("network.dns.disableIPv6", false);
user_pref("media.eme.enabled", true);
user_pref("network.cookie.lifetimePolicy", 0);
user_pref("privacy.resistFingerprinting", false);
//user_pref("privacy.resistFingerprinting.exemptedDomains", "*.netflix.com");
user_pref("privacy.window.maxInnerWidth", 1024);
user_pref("privacy.window.maxInnerHeight", 800);

user_pref("_user.js.parrot", "overrides section successful");

@therealmate

This comment was marked as off-topic.

@Thorin-Oakenpants
Copy link
Contributor Author

AF defaults (minus the old prefs which shouldn't be used if you have migrated and commented out items)

// shutdown
user_pref("privacy.clearOnShutdown_v2.cache", true);
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true);
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);

// manual clear data: Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data
user_pref("privacy.clearSiteData.cache", true);
user_pref("privacy.clearSiteData.cookiesAndStorage", false);
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);

// manual clear history: Ctrl-Shift-Del | Privacy & Security>History>Custom Settings>Clear History
user_pref("privacy.clearHistory.cache", true);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
user_pref("privacy.clearHistory.cookiesAndStorage", false);

what you added as overrides: AFAICT this should work

// shutdown
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", false);

// manual clear data
user_pref("privacy.clearSiteData.cache", false);
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false);

// manual clear history
user_pref("privacy.clearHistory.cache", false);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", false);

now tell me WHERE in the three sections, with your overrides, are you seeing clear history checked? One of them, all of them? What does your overrides parrot say in about:config? There may be a bug upstream

@Thorin-Oakenpants
Copy link
Contributor Author

the vikings are multiplying faster than rabbits .. now down to 1 in 19.18 (for the record I am responsible for about 5 visits)

okie dokie

@opusforlife2
Copy link

the vikings are multiplying faster than rabbits

No wonder they needed to invade other territories.

@therealmate
Copy link

Isn't he just talking about "Clear history when Firefox closes" in the settings? Which is privacy.sanitize.sanitizeOnShutdown

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jul 17, 2024

Isn't he just talking about "Clear history when Firefox closes" in the settings? Which is privacy.sanitize.sanitizeOnShutdown

yup - but I want to know what happens in all three

1853996 [meta] Revamp Clear Data Dialog

edit: maybe Firefox Sync ?

@AeliusSaionji
Copy link

I got bit by this.

The v2 historyformdata also controls history. You can see the setting box and about:config update each other in real time.

privacy.clearOnShutdown_v2.historyFormDataAndDownloads

image
image

@rusty-snake
Copy link
Contributor

The v2 historyformdata also controls history.

@AeliusSaionji
Copy link

Indeed, but with the new change to combine two settings into one key combined with not being intimately familiar with all the available options has created something of a nasty trap.

I freely admit that I did not realize until your post that the history is its own entity in that key, rather than referring to a history of form data.

@Thorin-Oakenpants
Copy link
Contributor Author

rather than referring to a history of form data

so I listed the new item under the old items - so cache -> v2.cache etc

user.js/user.js

Lines 653 to 658 in ff5c959

user_pref("privacy.clearOnShutdown.cache", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true]
user_pref("privacy.clearOnShutdown.downloads", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.formdata", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown.history", true); // [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true]

and here I even listed the combined items in // comments

user.js/user.js

Lines 677 to 680 in ff5c959

user_pref("privacy.clearOnShutdown.cookies", true); // Cookies
user_pref("privacy.clearOnShutdown.offlineApps", true); // Site Data
user_pref("privacy.clearOnShutdown.sessions", true); // Active Logins [DEFAULT: true]
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true); // Cookies, Site Data, Active Logins [FF128+]

It also makes no sense to call something a history of form data and downloads or a history of form data and downloads - when sanitizing form data, downloads you are wiping them, the word history is redundant. The word history refers to history as it's own entity

Anyway ... I have to admit it's all a little messy, roll on EOL of ESR115 and I can remove all the old prefs

@AeliusSaionji
Copy link

makes no sense

You're right. Now that this has been brought to my full attention and scrutiny, I would find it silly and redundant were it named such.

However, I am only human, and at the time I was reviewing the settings, the dots took a while to connect- the odd name didn't make me immediately realize the old history setting had no new equivalent.

@mherrmann3
Copy link

mherrmann3 commented Jul 22, 2024

I too got trapped by the naming of historyFormDataAndDownloads, so I also forgot to override it with false during reviewing new settings back in June, believing it doesn't affect history. Btw: it also clears tabs!
I was wondering why the FF devs didn't call it history*And*FormDataAndDownloads (* for emphasis) or historyFormdataDownloads (no And + small d in Formdata)...

@rusty-snake
Copy link
Contributor

Likely "history, form data and downloads" then remove non-alphanumeric characters (,) and switch to camelCase for word splitting. (The name of internal preferences must be understood by its developers, not by endusers).

Btw: it also clears tabs!

In Ctrl-Shift-Entf or during session restore? Because during SR this is known as it was with the old system.

@mherrmann3
Copy link

In Ctrl-Shift-Entf or during session restore? Because during SR this is known as it was with the old system.

Yes, with the session restore override ("browser.startup.page", 3) of #1080 and ("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true) (when it was not yet in the recipe). Okay, good to know; now I found the corresponding doc 😬:

* [NOTE] Session Restore is cleared with history (2811), and not used in Private Browsing mode

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Jul 25, 2024

go vikings (i am now responsible for about 8 visits)

tada

the fact that it is changing is proof that the entropy values are BS

edit: using the default for icelandic in languages (as shown in headers) - this is FF128

okie dokie

If, and they should have a fairly close relationship (and all things being equal)

  • Iceland has a population of 400k vs 8bn+ for the world = 1 in 20k
  • here it is 1 in 42k for using Icelandic (at defaults)
    • from earlier: lets say that only half the world has internet access but ALL of Iceland does
      • that would make it about 1 in 21k
    • or some icelandic users prefer other languages
    • or some icelandic users modified the languages
    • or the figures are skewed due to such a small sample size
    • or the figures are skewed due to a large numbers of users (repeatedly) testing their non-icelandic profiles, e.g. TB in en-US
    • ^ all of the above

regardless, if icelandic languages was 1 in 42k I would expect similar or at most half (allow some icelanders to make language changes) - at similar 1 in 12 vs 42k is skewed 3500x and at half around 1750x.

If anyone was doing scientific experiments and they introduced a bias of even a few per percent, their results would be rejected

edit edit: ok, language seems a little more realistic to population (again, not a perfect analogy due to internet accessibility and usage)

lang

@Thorin-Oakenpants
Copy link
Contributor Author

Thorin-Oakenpants commented Aug 8, 2024

ok, it's been a month .. let's check in on our viking fiends

grey goo

https://en.wikipedia.org/wiki/Gray_goo

@ntnguyen1234
Copy link

Hi, when I checked https://arkenfox.github.io/TZP/tzp.html with arkenfox' default user.js and new Firefox 129 profile, I see 2 values related to EXSLT that are marked red: 1 in [offset] timezone section which shows my timezone and the other in timing precision.

I found the timezone has been patched in 131: https://bugzilla.mozilla.org/show_bug.cgi?id=1891690

However I couldn't find much information the other. Anyone has more information about this? Is it addressed together with the timezone issue in 131? Thank you.

@Thorin-Oakenpants
Copy link
Contributor Author

links

so back in the day timing was set at 100ms but in FF102 this was changed to link to rAF (animation frames) and set at 60 FPS == 16.6667ms which solved a lot of issues (but also still causes issues). Not really all that productive now to limit exslt timing from 10ms (there are easy ways to get 1ms timing) since we're already at 16.7ms but why not - 1sec it is.

Both exslt timezone and timing will be backported to ESR for Tor Browser

@ntnguyen1234
Copy link

Thank you for your information 🙂

@Thorin-Oakenpants
Copy link
Contributor Author

jfc ...

JFC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests