Question/discussion: relaxed settings variant/branch

[pyllyukko]

So I was thinking of creating a bit more relaxed version of our user.js for other purposes / social media / "normal users". It would just be a separate branch in the repo (e.g. "relaxed") and with the current master being the default.

Here are some features that I thought could deviate from master:

• Commenting out browser.privatebrowsing.autostart
  • Note that disk caching (and other similar settings) would still be disabled, so that no sensitive data would reside on disk
• Commenting out service workers & notifications settings
• Commenting out browser.urlbar.maxRichResults & browser.urlbar.autocomplete.enabled
  • Adding browser.urlbar.suggest.history == false and making sure that only bookmarked sites and existing tabs are suggested if any
• Commenting out privacy.clearOnShutdown.cookies & altering network.cookie.lifetimePolicy
  • Of course cookies are a major privacy issue, but users have the possibility to deal with this manually
• Commenting out privacy.clearOnShutdown.passwords so that Firefox's password manager can be used

So the actual questions here are:

• What do you think about having this kind of branch?
• What other settings/features "normal users" actually use? 😃

[Atavic]

Do they normally start on private browsing?

user_pref("browser.privatebrowsing.autostart", true);

Do they normally delete their cookies?

user_pref("privacy.clearOnShutdown.cookies", true);

[Thorin-Oakenpants]

Gee @pyllyukko , we discussed just that the other day on irc. I think it's a great idea because I said I was planning on doing it - I am literally weeks away from providing three branch templates from tiny-if-any-breakage-must-have-settings to current to the-bastard-uber-hardened. Way to to go bro.

[nodiscc]

@pyllyukko Once #229 is solved, I intend to propose some changes from my adapted user.js, these changes mostly fall in the following categories:

• Re-enable caching/password storage/histories, don't use private browsing by default (improves performance, reduces amount of data transfered over the network, improves usability. Full Disk Encryption mitigates some threats related to storing this kind of personal information.)
• Re-enable usability features that don't leak data over the network (re-enable form auto-filling and related. Basically remove mitigation of the shoulder-surfing threat.)

One question remains, where/how to store/distribute the relaxed settings:

• As a separate file relaxed.js containing all the changes?
• As separate files relaxed-caching.js, relaxed-shouldersurfing.js... and let users pick the one they want? (there might be a lot of possible combinations...)
• As separate branches? (this might increase complexity of the installation procedure)
• In all cases, documentation must be updated

[pyllyukko]

Gee @pyllyukko , we discussed just that the other day on irc. I think it's a great idea because I said I was planning on doing it - I am literally weeks away from providing three branch templates from tiny-if-any-breakage-must-have-settings to current to the-bastard-uber-hardened. Way to to go bro.

And as I said, it has been in my mind also. Although I'm thinking of keeping it quite simple and still quite close the the main version, with only minor differences. I'm not stealing your ideas here. I already started testing/using this branch on one of my machines with my SoMe FF profile.

[pyllyukko]

@pyllyukko Once #229 is solved, I intend to propose some changes from my adapted user.js, these changes mostly fall in the following categories:

There's no rush. I think we could push the branch at some point and leave it as a "hidden feature" and document it when we have the time and when we have agreed on the subset of changes.

Re-enable caching/password storage/histories, don't use private browsing by default (improves performance, reduces amount of data transfered over the network, improves usability. Full Disk Encryption mitigates some threats related to storing this kind of personal information.)

I still want to keep all the caching and disk artifacts to absolute minimum. As full disk encryption is out of this project's reach, I want to play it safe. And even though I use full disk encryption myself, I still don't want Firefox to store anything even remotely sensitive about my browser usage on disk.

Re-enable usability features that don't leak data over the network (re-enable form auto-filling and related. Basically remove mitigation of the shoulder-surfing threat.)

Well I still want to keep the shoulder-surfing aspect and don't really see form auto-filling enabled either.

One question remains, where/how to store/distribute the relaxed settings:

As a separate file relaxed.js containing all the changes?

No.

As separate files relaxed-caching.js, relaxed-shouldersurfing.js... and let users pick the one they want? (there might be a lot of possible combinations...)

No.

As separate branches? (this might increase complexity of the installation procedure)

Separate branch. It also helps to keep them in sync.

In all cases, documentation must be updated

True.

[pyllyukko]

Do they normally start on private browsing?

user_pref("browser.privatebrowsing.autostart", true);

See about:privatebrowsing

Do they normally delete their cookies?

user_pref("privacy.clearOnShutdown.cookies", true);

Yes.

I didn't quite get the point. Can you elaborate a bit more?

[Atavic]

How much open will be the new branch?
Non-techies do not care about private browsing or deleted cookies.

[pyllyukko]

How much open will be the new branch?

You mean how much "more relaxed"? Not that much, but still the tiny bits to make it a bit more user friendly.

Non-techies do not care about private browsing or deleted cookies.

Thanks for the clarification.

That is my impression also. And yes, I was thinking to relax these two features among others.

[Atavic]

e.g. browser.safebrowsing is a good option for newbies.

You have user_pref("browser.safebrowsing.downloads.remote.enabled", false); for good.

But the tracking may happen even with:

browser.safebrowsing.provider.google.lists
browser.safebrowsing.provider.mozilla.lists

I completely delete those strings and use a system-wide proxy or other options in a router for that.

Here's a repo: https://github.com/mozilla-services/shavar-plugin-blocklist

[pyllyukko]

See the relaxed branch. This branch requires constant rebasing, as the main development will happen in master.

[nodiscc]

👏 thank you for releasing this.

This branch requires constant rebasing,

For what it's worth I use meld to resolve merge/rebase conflicts. It makes things easier.

$ cat ~/.gitconfig
[merge]
	tool = meld

Another trick is to not care about the contents of What does it do?/Known problems and limitations sections in the README while fixing conflicts, and just run make whatdoesitdo after the fact.

There, just my 2 cents. It may seem obvious but apparently for me it wasn't \_(ツ)_/

[pyllyukko]

For what it's worth I use meld to resolve merge/rebase conflicts. It makes things easier.

vimdiff FTW 👌

[nodiscc]

• It would be good to advertise the relaxed branch from the README.md in master. Something similar to the This a relaxed variant. Differences with the original hardened version text in relaxed:

This is a default template with every possible hardening measure enforced. See the relaxed branch for a variant providing more usability

[pyllyukko]

Sure, why not.

[Ratator]

Hello everyone. Great project! Thank you very much!

I have a question.

For hours I have been trying to find out how to activate the password manager at the master.

What exactly was changed in relaxed for Password Manager to work?

By the way, I have to say that I dare to leave the IndexedDB enabled. Researchers at KU Leuven (Belgium) have already pointed out in the summer of 2014 that this technology is already being used to restore deleted tracking cookies.
For german readers: https://www.heise.de/newsticker/meldung/Gefaehrdeter-Datenschutz-Firefox-loescht-lokale-Datenbanken-nicht-3835084.html
English: https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo

Despite master user.js, after a personal test I can say 95% probability that Facebook still knew which shopping articles I was interested in.
When I disabled IndexedDB, Facebook did not know anything new.

I will only activate the Password Manager on the master and safely disable IndexedDB.

[pyllyukko]

Hello everyone. Great project! Thank you very much!

Thank you! 😊

I have a question.

For hours I have been trying to find out how to activate the password manager at the master.

What exactly was changed in relaxed for Password Manager to work?

See here: #314

By the way, I have to say that I dare to leave the IndexedDB enabled. Researchers at KU Leuven (Belgium) have already pointed out in the summer of 2014 that this technology is already being used to restore deleted tracking cookies.
For german readers: https://www.heise.de/newsticker/meldung/Gefaehrdeter-Datenschutz-Firefox-loescht-lokale-Datenbanken-nicht-3835084.html
English: https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo

Despite master user.js, after a personal test I can say 95% probability that Facebook still knew which shopping articles I was interested in.
When I disabled IndexedDB, Facebook did not know anything new.

There is a separate issue about this (#263). At some point, the state was that disabling indexedDB broke a whole lot of things.

[Ratator]

I have commented the following value in the master, and it does not work:
user_pref("signon.rememberSignons", false);

And this is the same in master as in relaxed:
user_pref("security.ask_for_password", 2);

And user_pref("privacy.clearOnShutdown.passwords", true); does not exist in the master at all.

I suspect that commenting user_pref("privacy.clearOnShutdown.cookies", true); helped?

With relaxed you are asked for saving a password. Not with master.
If you do not remember what changes lead to it, then it is ok. Then I take relaxed.

[Thorin-Oakenpants]

^^

• signon.rememberSignons => false does not clear any already saved passwords. It is merely a switch to remember site logins
  • [SETTING-ESR] Options>Security>Logins>Remember logins for sites
• security.ask_for_password => 2 : this sets how often Firefox should ask for the master password (if you have one set)
  • • 0=the first time (default), 1=every time it's needed, 2=every n minutes
• If you use a value of two in the above pref, then the minutes setting is in the pref security.password_lifetime (default is 30 minutes)
• privacy.clearOnShutdown.password was removed in Firefox 42 - see 1102184

[pyllyukko]

And user_pref("privacy.clearOnShutdown.passwords", true); does not exist in the master at all.

Was removed in #306.

With relaxed you are asked for saving a password. Not with master.
If you do not remember what changes lead to it, then it is ok. Then I take relaxed.

Also: https://support.mozilla.org/en-US/kb/usernames-and-passwords-are-not-saved#w_private-browsing, so browser.privatebrowsing.autostart.