-
Notifications
You must be signed in to change notification settings - Fork 523
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
changelog v126 [important: read upcoming changes for FF128] #1846
Comments
all up, very boring .. only 1 new active pref (spoof english) which if anyone is already using it, it should be in their overrides. Everything else is upcoming (FF128 sanitizing migration), or commented out since it's at default-what-we-want (or for prefsCleaner), or deprecated Enjoy the stability of arkenfox :) |
my overrides for FF128 - add em now if you want to continue with RFP in FF128+ user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.letterboxing", true); // optional
user_pref("webgl.disabled", true); // optional
user_pref("privacy.spoof_english", 2); // optional
// ^ I have en-US app lang and a non-matching en-** OS
// so my locale without spoof_english is the same as OS which is not desirable FYI: re spoof english and en-US on english but not en-US OSes
|
When switching to FPP should |
no, newwin (max sizes) is only used when RFP is enabled edit: letterboxing is the one that is not tied to RFP |
I'll add some info to #1804 tomorrow hopefully and unlock the topic and everyone can go have a good yarn and discuss it to death :) I of course will unsubscribe having said my bit :) e.g. why I plan to keep using RFP |
About
am I good? |
Noob question: I couldn't find |
#1840 ? |
@Tiagoquix IDK - languages is just languages - i.e request page in x,y,z ... and the app language can be different if you want So you have en-US interface, Anyway, so what really matters here is the And that's before you start using spoof_english, which only allows spoofing for a single language, not all (because of all the places the app language leaks or is used in web content) And resetting spoof english also has issues and I think bad design - it does not reset things which actually caused a major regression in Tor Browser where users could mix and match languages and locales - e.g. german language and english locale - relaly bad. All I can say is test it: https://arkenfox.github.io/TZP/tzp.html#region |
Thanks for the info and the testing site! Really helpful. @Thorin-Oakenpants Out of context: could you consider releasing arkenfox v126.1 to fix the semi-colons? I think they're important fixes. |
I already updated the live user.js with the active missing What am I missing here? Do I really need to a 126.1 release? edit: ok, users may not run updater unless they see a new release version, because let's face it, it's manual |
exactly that! |
You're good people, Thorin-Oakenpants. |
now at 31 spartas last time I counted in sparta units cc: @bagder I will catch you :) edit: curl at 34.6k right now |
may I ask if the |
they are both in the user.js - migration should not be happening until 128 AFAIK Lines 691 to 710 in 47cbf5b
|
For choosing between FPP and RFP from 128 onwards, can we summarise RFP as "If it doesn't break anything (important) for you, you should use it."? |
There's a wiki page about RFP: https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D After reading, the user can decide to have it enabled or not. |
RFP is on for every AF user by default. That's a privacy recommendation. The users choosing to disable it are the odd ones out, effectively saying "I don't care about what AF recommends, I'm okay with reduced privacy protection because I want XYZ to work". From 128, RFP will be off by default, in favour of FPP. Does this mean AF is saying:
? All I care about is a one word answer to the question "Does AF still recommend RFP over FPP for more privacy protection, damn the breakages?". Yes or no? #1804 doesn't provide an answer, and #1716 is far too long-winded and confusing to be able to spot one, if it is even there. Right now, my tentative answer is yes, because "Thorin is still using it, so it must be good." |
#1846 (comment) - when I feel like it, I grew to hate writing about FPing due to incessant nature of idiots and having to repeat myself, to the point where it's a blocker that said the answer is really simple - do what you like - if shit doesn't break (much) RFP is better and more robust. If you can't handle the breakage (or usability shit like FPS at 60 or timezone as iceland) then don't use it. Same as always. I'm just changing the DEFAULT in the TEMPLATE |
without my support,. users can also use FPP (default) but kick in RFPTargets - so all RFP minus the bits that break (edit: but I'm not going to support that here, as in helping people with it, fuck that, I have enough to do) |
I think this is a POV problem. You're underestimating the psychological impact such changes can have on users, because you're sitting on top of a hill with all the background knowledge and expertise on the issue. What may be a simple "Eh, I'll just add a couple slashes to the RFP prefs." to you might be a "Holy shit AF just turned off RFP entirely what does this MEAN!?" for mere users.
THANK YOU. The fact that you're still saying this, now that the decision to move to FPP by default is already made, is what mattered here. runs away to order buckets of ice cream in celebration |
Dictation is different from recommendation. There are entire sections in the user.js labelled "don't touch" or "don't bother". Of course the user is free to mess around with every single pref, but AF defaults are defaults for a reason, and deviating from them isn't done lightly. |
Just want to add my two cents. @Thorin-Oakenpants it looks like you spend quite a bit of time replying to people in issues, turning the issue tracker into basically a forum. It takes a long time to understand anything, because you assume so much prior knowledge. We're not all up to date on what's going on here. I really think you need to focus on the documentation, focus on summarising and keeping things simple (while retaining references to more complicated material) such that this project can be more accessible to a wider (but still technical) audience. I recommend also adding a Discussions page. People can read the documentation and get answers from other people telling them to read the docs again because it already contains everything necessary. This is what all developers should do, really. Discussion doesn't belong in issue trackers, and when you don't have your own dedicated page for discussion you encourage it on other platforms, which leads to people taking information out of context and doesn't aid in comprehension. Otherwise, love what you're doing, I respect your decisions regardless. |
The override here needs to be updated with the migrated prefs for history, specifically: user_pref("privacy.clearOnShutdown.history", false); To: user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false); |
^DONE |
LMFAO .. once again, do not use entropy figures from fucking test sites, they are BULLSHIT So it's been less than a week or so since RFP in FF128+ took effect (and a bit longer in TB/MB stable). If I remember, I will revisit in a couple of months time, where I expect that number to drop significantly (not that it matters but it is hilarious) So apparently 1 in 23 users are on Icelandic timezone. Whilst not all countries have equal internet access or usage, and population is not a perfect measure .. let's just examine how ludicrous this estimation is back of the napkin math
Edit: more math
|
@Thorin-Oakenpants wdym by that comment? is the new timezone useless and/or is the coveryourtracks site useless? |
I summarized it for you
|
out of interest I thought I would actually list the amiunique tests and how relevant they are for TB entropy wise. This "protection" rather than "entropy" applies to RFP and arkenfox as well except for
So the thing with TB/MB is that they are a crowd. And how you defeat FPing is to take metric by metric and make it useless (hide the real value and reduce to all the same or equivalency). We do not care about other browsers, or BS entropy figures, when we have math and science (and common sense) on our side immediately 32% of metrics do not even apply and another 39% are ineffective (we know because we enforce a value, or we set defaults - we should harden some of them, and plan to) and another 10% are equivalency. The header items not included in this list below are equivalency of some JS items.
tl;dr: TB is world leading and can deal with unsophisticated tests like amiunique |
Is there a bug in Firefox 128? I modified user-overrides.js with the new settings for 128 but every time I restart the browser, "Clear history when Firefox closes" is always checked again. /*** MY OVERRIDES ***/
user_pref("_user.js.parrot", "overrides section syntax error");
/* override recipe: enable session restore ***/
user_pref("browser.startup.page", 1);
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtabpage.enabled", true);
user_pref("browser.pagethumbnails.capturing_disabled", false);
user_pref("browser.privatebrowsing.autostart", false);
user_pref("places.history.enabled", true);
user_pref("browser.sessionstore.privacy_level", 0);
//user_pref("privacy.cpd.history", false);
//user_pref("privacy.cpd.cookies", false);
//user_pref("privacy.cpd.formdata", false);
user_pref("privacy.clearHistory.cache", false);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", false);
user_pref("privacy.clearOnShutdown.cache", false);
user_pref("privacy.clearOnShutdown.history", false);
user_pref("privacy.clearOnShutdown.sessions", false);
user_pref("privacy.clearOnShutdown_v2.cache", false);
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", false);
user_pref("privacy.clearSiteData.cache", false);
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
user_pref("network.dns.blockDotOnion", false);
user_pref("network.dns.disableIPv6", false);
user_pref("media.eme.enabled", true);
user_pref("network.cookie.lifetimePolicy", 0);
user_pref("privacy.resistFingerprinting", false);
//user_pref("privacy.resistFingerprinting.exemptedDomains", "*.netflix.com");
user_pref("privacy.window.maxInnerWidth", 1024);
user_pref("privacy.window.maxInnerHeight", 800);
user_pref("_user.js.parrot", "overrides section successful"); |
This comment was marked as off-topic.
This comment was marked as off-topic.
AF defaults (minus the old prefs which shouldn't be used if you have migrated and commented out items) // shutdown
user_pref("privacy.clearOnShutdown_v2.cache", true);
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true);
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true);
// manual clear data: Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data
user_pref("privacy.clearSiteData.cache", true);
user_pref("privacy.clearSiteData.cookiesAndStorage", false);
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true);
// manual clear history: Ctrl-Shift-Del | Privacy & Security>History>Custom Settings>Clear History
user_pref("privacy.clearHistory.cache", true);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", true);
user_pref("privacy.clearHistory.cookiesAndStorage", false); what you added as overrides: AFAICT this should work // shutdown
user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", false);
user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", false);
// manual clear data
user_pref("privacy.clearSiteData.cache", false);
user_pref("privacy.clearSiteData.historyFormDataAndDownloads", false);
// manual clear history
user_pref("privacy.clearHistory.cache", false);
user_pref("privacy.clearHistory.historyFormDataAndDownloads", false); now tell me WHERE in the three sections, with your overrides, are you seeing |
No wonder they needed to invade other territories. |
Isn't he just talking about "Clear history when Firefox closes" in the settings? Which is privacy.sanitize.sanitizeOnShutdown |
yup - but I want to know what happens in all three 1853996 [meta] Revamp Clear Data Dialog edit: maybe Firefox Sync ? |
|
Indeed, but with the new change to combine two settings into one key combined with not being intimately familiar with all the available options has created something of a nasty trap. I freely admit that I did not realize until your post that the history is its own entity in that key, rather than referring to a history of form data. |
so I listed the new item under the old items - so cache -> v2.cache etc Lines 653 to 658 in ff5c959
and here I even listed the combined items in // comments Lines 677 to 680 in ff5c959
It also makes no sense to call something a Anyway ... I have to admit it's all a little messy, roll on EOL of ESR115 and I can remove all the old prefs |
You're right. Now that this has been brought to my full attention and scrutiny, I would find it silly and redundant were it named such. However, I am only human, and at the time I was reviewing the settings, the dots took a while to connect- the odd name didn't make me immediately realize the old history setting had no new equivalent. |
I too got trapped by the naming of |
Likely "history, form data and downloads" then remove non-alphanumeric characters (
In Ctrl-Shift-Entf or during session restore? Because during SR this is known as it was with the old system. |
Yes, with the session restore override Line 85 in ff5c959
|
go vikings (i am now responsible for about 8 visits) the fact that it is changing is proof that the entropy values are BS edit: using the default for icelandic in languages (as shown in headers) - this is FF128 If, and they should have a fairly close relationship (and all things being equal)
regardless, if icelandic languages was 1 in 42k I would expect similar or at most half (allow some icelanders to make language changes) - at similar If anyone was doing scientific experiments and they introduced a bias of even a few per percent, their results would be rejected edit edit: ok, language seems a little more realistic to population (again, not a perfect analogy due to internet accessibility and usage) |
ok, it's been a month .. let's check in on our viking fiends |
Hi, when I checked https://arkenfox.github.io/TZP/tzp.html with arkenfox' default user.js and new Firefox 129 profile, I see 2 values related to I found the timezone has been patched in 131: https://bugzilla.mozilla.org/show_bug.cgi?id=1891690 However I couldn't find much information the other. Anyone has more information about this? Is it addressed together with the timezone issue in 131? Thank you. |
links
so back in the day timing was set at 100ms but in FF102 this was changed to link to rAF (animation frames) and set at 60 FPS == 16.6667ms which solved a lot of issues (but also still causes issues). Not really all that productive now to limit exslt timing from 10ms (there are easy ways to get 1ms timing) since we're already at 16.7ms but why not - 1sec it is. Both exslt timezone and timing will be backported to ESR for Tor Browser |
Thank you for your information 🙂 |
🟩 v126
FF126 release notes
FF126 for developers
FF126 security advisories
NOTE
⭐⚠️ there is a migration of prefs coming in FF128 for sanitizing (on close and manually), including new ones,
so make sure to add any new corresponding sanitizing prefs to your overrides if required before 128
⭐⚠️ in FF128 I will also move arkenfox to using FPP not RFP see #1804
if you want to continue to use RFP (4501) and/or LB (4504) and/or disable webgl (4520) then you might as well add them to your overrides as well, so I don't change them on you without warning.
see this comment below for my overrides
CHANGELOG
clearSiteData
FF128+ =Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data
privacy.cpd
old prefs migrate toclearHistory
privacy.clearOnShutdown
migrates toclearOnShutdown_v2
9999: DEPRECATED / REMOVED
STATS
The text was updated successfully, but these errors were encountered: