Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let's create a list on github-docs about buggy web pages if you use user.js #449

Closed
jackTaw88 opened this issue Feb 26, 2019 · 18 comments
Closed

Comments

@jackTaw88
Copy link

jackTaw88 commented Feb 26, 2019

As you know it is hard to surf on web with user.js. I always have problem with many sites, but it i realyly takes time to find which config is not compatibale with the visited site. I think we can create a list of buggy sites so anyone can contribute it.

I can start with mines:


  • site
  • bug
  • comments
  • how to fix

  • linkedin.com
  • does not go home page after login
  • this is not happening at the moment. but I will point an important think. if you have dom.enable_performance=false you can not login to linkedin. But resistFingerprinting overrides these value. so if you have resistFingerprinting=true linkedin works. but if you have resistFingerprinting=false you can not loggin, until you set dom.enable_performance=true.
  • resistFingerprinting=true or ( resistFingerprinting=false and dom.enable_performance=true)

  • console.firebase.google.com
  • the page is buggy (you can not use it)
  • icons are not rendering. instead of icons, the browser shows the meta-datas of icons. so the page is mixed/broken.
  • browser.display.use_document_fonts = 1

  • chat.google.com
  • home page does not work after login
  • loading notification stays there. any click event does not work on page.
  • dom.webaudio.enabled=true

It would be great if you pin this issue, or close it and copy it to docs.

Thank you

@Thorin-Oakenpants
Copy link

Do not mess with dom.enable_performance if you use privacy.resistFingerprinting (RFP for short) enabled. Leave it at default. RFP already has timing protections in it since FF56 (see bugzilla 1369303) - and don't mess with dom.enable_resource_timing, and definitely don't mess with dom.event.highrestimestamp.enabled

PK's user.js is (was?) aimed at ESR52 at a minimum and needs a little overhaul, and most RFP patches didn't arrive until well after that (most came around the FF55-60 mark). It's unfortunate that a large number of prefs that we (anti-FPing people) used, were modified under RFP: and effects are often different (e.g a pref might only be able to turn an api on or off, but RFP can code under the hood and do a lot more, e.g rounding numbers, spoofing some events but blocking others) A good example if media stats where RFP spoofs results, but the pref disables the API entirely - and that adds entropy.

If DO you use RFP then you DO NOT need these redundant prefs. In fact, some even cause RFP to not behave as you would expect and alter your fingerprint. Comment them out, and make sure they are RESET in about:config

These are all in PK's user.js, btw. Sometimes the pref may win, sometimes RFP - it depends how they coded it (e.g the UA spoofing ignores a general agent override pref, by design - but the net info pref will override RFP's spoof)

  • dom.maxHardwareConcurrency (probably does no harm since its the same value of 2)
  • dom.enable_resource_timing
  • dom.enable_performance
  • device.sensors.enabled
  • dom.gamepad.enabled (you can detect if the api is enabled or not, so don't be THAT one guy. also does nothing unless you plug one in, in which case I would assume you want to use it)
  • dom.netinfo.enabled (is at least default false on desktop, not sure when that happened, but fiddling with it may affect mobile - the original RFP patch for this spoofed it as "unknown", whereas the pref returns "undefined"- i think, I'm a bit hazy on it all now, it was so long ago)
  • media.webspeech.synth.enabled
  • media.video_stats.enabled
  • webgl.enable-debug-renderer-info

^^ you don't need any of those if you use RFP, and as you have already found out, you have an issue with mixing timing prefs & RFP

@Thorin-Oakenpants
Copy link

icons are not rendering

This is called tofu, it looks like a domino with hexadecimal code on it. What is your OS. You need to change your default font to something so the PUAs actually map to something.

And that's assuming that you are not actually blocking a webfont

@jackTaw88
Copy link
Author

jackTaw88 commented Feb 27, 2019

icons are not rendering

This is called tofu, it looks like a domino with hexadecimal code on it. What is your OS. You need to change your default font to something so the PUAs actually map to something.

And that's assuming that you are not actually blocking a webfont

I use Ubuntu 18.04 (English). Most of thing on my OS are as default. I have not installed any app which installs/removes fonts. Is this issue normal about firebase page?

If DO you use RFP then you DO NOT need these redundant prefs.

Which prefs you mean? The list that you write below right? Or all the PK user.js?

@Thorin-Oakenpants
Copy link

Thorin-Oakenpants commented Feb 27, 2019

Or all the PK user.js?

No, just the ones I listed

I use Ubuntu 18.04

OK, so it's linux. Change your default serif, or sans serif (one of those, not sure which one) font to deja vu - see #395 (comment)

@jackTaw88
Copy link
Author

I could nto get the point exactly about font issue. My firefox settings are here:

1

I could not understand what should I do? Is my fingerprint is not unique if I have:

resistFingerprinting=false AND dom.enable_performance=true

@Thorin-Oakenpants
Copy link

Is my fingerprint is not unique if I have

No, because RFP does not do anything about fonts yet, which is why you should/could limit fonts.

I see you are allowing pages to choose their own fonts. So now I'm not even sure what your issue is with console.firebase.google.com (I can't check because it requires me to log in with a google account) - maybe you're blocking a webfont.

Post a screen shot of the offending icon that should be a font. Look at the source code and work out what that element is using.

Maybe someone else can help. For all I know it's a ligature?

@Atavic
Copy link

Atavic commented Mar 1, 2019

Try installing fonts-noto.

@jackTaw88
Copy link
Author

jackTaw88 commented Mar 2, 2019

@Thorin-Oakenpants

sccren2
scren1

@Atavic thank you but the issue is not about solving the problem. its only about information. I have already the solution written.

@Thorin-Oakenpants
Copy link

That looks like a ligature (because it's displaying readable text or whatever), rather than a missing font icon/glyph or tofu (which as I said looks like a domino, or a rectangle with some code in it)

https://google.github.io/material-design-icons/ <-- i suspect it has something to do with all of this

@Atavic
Copy link

Atavic commented Mar 2, 2019

material-icons

@e-t-l
Copy link

e-t-l commented Jul 27, 2020

I've found that video chat doesn't work well. Doesn't matter if it's Skype (for web), Google Duo (for web), Jitsi Meet, Facebook Messenger, etc. The video window won't load and/or will throw a vague error. Haven't been able to find the pref responsible though. Any ideas?

@rusty-snake
Copy link

Enable WebRTC.

user_pref("media.peerconnection.enabled", false);

There are more WebRTC prefs below if it still breaks.

@e-t-l
Copy link

e-t-l commented Jul 28, 2020

Thanks. Looks like the culprits were primarily media.peerconnection.enabled like you said, as well as:

user_pref("media.navigator.video.enabled", false);

Commenting these out fixed video chat for Jitsi Meet and FB Messenger. Skype, as it turns out, just doesn't like Firefox, but a simple Chrome useragent override makes Skype for web work like a charm. Google Duo works after commenting out:

user.js/user.js

Line 714 in 2929c68

user_pref("network.http.referer.spoofSource", true);

which I believe is a breakage like the kind discussed in #227
.
As for Discord, it looks like they simply don't want to support video chat in Firefox. Couldn't find a pref to fix it, and useragent didn't make a difference.

@nodiscc
Copy link
Contributor

nodiscc commented Apr 4, 2021

create a list of buggy sites so anyone can contribute it

These should be added to the NOTICE above the pref that breaks a particular website. For example:

-// NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...)
+// NOTICE: Disabling WebRTC breaks peer-to-peer file sharing tools (reep.io ...) and video chat (Jitsi, FB Messenger...)

@e-t-l do you want to send a patch with your findings?

@e-t-l
Copy link

e-t-l commented Apr 25, 2021

I don't have time to do it right now (I'm also pretty new to using Git, and most of my contributions on Github so far have been in the form of opening/commenting on issues. Sending a PR is a whole new thing I'll have to work out).

I'm just going to comment so I don't forget:

user.js/user.js

Line 200 in d6ce4eb

user_pref("javascript.options.wasm", false);

breaks in-browser Zoom calls.

After more experimentation, it looks like media.navigator.enabled, media.getusermedia.audiocapture.enabled, and media.getusermedia.screensharing.enabled can all be left on False, but media.peerconnection.enabled must be True to prevent breakage on FB Messenger and Jitsi.

@nodiscc
Copy link
Contributor

nodiscc commented Apr 26, 2021

javascript.options.wasm", false also breaks Jitsi Meet calls

@nodiscc
Copy link
Contributor

nodiscc commented Jul 5, 2023

There is now a mechanism to warn about possible breakage caused by user.js: under the relevant // PREF: ... entry and associated documentation links, add a line beginning with // NOTICE: and describe the problem caused by changes to the value of this pref. Then run make doc-whatdoesitdo to update README.md and submit a Pull Request.

See https://github.com/pyllyukko/user.js/pull/542/files for an example.

I suggest closing this issue.

@pyllyukko
Copy link
Owner

Indeed. All the breakages should be documented with NOTICE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

7 participants