Commit Graph

802 Commits

Author SHA1 Message Date
Thorin-Oakenpants
45bd5ccc02
PB Mode: ref added 2019-01-16 02:07:06 +00:00
Thorin-Oakenpants
7bf5790f2b
RFP: FF66 changes to UA HTTP Headers 2019-01-11 05:14:59 +00:00
Thorin-Oakenpants
075d6fe6e4
2615: s/cut keys: bug fix in 66+ 2019-01-11 05:09:14 +00:00
Thorin-Oakenpants
4604cf0d4e
references to other prefs s/be explicit 2018-12-21 11:02:40 +00:00
Thorin-Oakenpants
ac4e764c37
http2, altsvc, ssl session ids vs FPI vs TB #571 2018-12-18 15:54:57 +00:00
Thorin-Oakenpants
5bd5f6b28e
0912: HTTP Auth sub-resources #585 (#602) 2018-12-18 01:41:37 +13:00
earthlng
55c2cacbce 0335: toolkit.telemetry.coverage.opt-out (#600) 2018-12-17 22:43:45 +13:00
Thorin-Oakenpants
4badc42879
0105b: kill snippets endpoint #528
it's too hard to follow AS changes, and work out if disabling showing items (basic toggling of show/hide sections etc) actually stops downloading a localized local copy etc. For items we actually want to block, let the endpoint slaughter begin.
2018-12-17 09:36:26 +00:00
Thorin-Oakenpants
da80e39064
0105s: description s/be self explanatory #578
when filtered and 0105a is not shown, AS doesn't mean anything
2018-12-16 17:37:42 +00:00
Thorin-Oakenpants
c1d6d81528
add PERF tags to wasm, asm.js, closes #599 2018-12-16 14:10:32 +00:00
Thorin-Oakenpants
d5ece0f6f4 1700s: revamp Containers header #585 (#596) 2018-12-14 07:05:43 +00:00
Thorin-Oakenpants
f6ea20a8b0
0335: Telemetry Coverage endpoint
let's just coverage-our-ass on this one

While I don't mind telemetry (development needs meaningful feedback to better the product), and I trust the data is not PII, and/or anonymized into buckets etc (you can check this you know), and I understand this one needs to be outside the Telemetry pref in order to gather the one-time ping ... and I trust Mozilla's motives ... I'm starting to get a little annoyed at the non-stop incessant increasing telemetry bullshittery and ass-fuckery around sending data home, and the lengths some Mozilla devs will go to, to hide this info (hidden prefs, access denied tickets to hide discussion of what should be public, and even **not even adhering to their own documentation**).

I will also be killing as many Activity Stream endpoints as well - as long as they are in line with our js - pocket, snippets, onboarding etc. And I will add those from personal as inactive for end-users - eg cfr
2018-12-13 17:28:16 +00:00
Thorin-Oakenpants
645492e82f
grammar, case, etc, closes #594
thanks @Just-me-ghacks
2018-12-14 04:49:50 +13:00
earthlng
15c68dc344 disable System Add-on updates (#595)
remember the new Coverage Telemetry shit? with a **hidden** opt-out pref? guess what, they are already collecting for 3 months ...

https://bugzilla.mozilla.org/show_bug.cgi?id=1487578 - **3 months ago**: "I see data coming in that looks reasonable"

guess what else ...

"It has also replaced the previous version that was there (from bug 1480194)" and oh, surprise surprise, 1480194 is ACCESS DENIED!

they're not just using private tickets to hide security critical information from potential hackers and blackhats, no they also use it to hide shady AF things. Things that they fully know are shady as fuck and that they absolutely know a lot of people would not like. There's simply no other reason why they'd do that

but wait, that's not all. If you think an opt-out pref that 99% of people wouldn't know about even if it showed up in about:config BUT ALSO HAPPENS TO BE HIDDEN is kind of questionable, well ... the system addon that they use for this shit apparently looked or still looks for `toolkit.telemetry.coverage.opt-out` [1] instead of `toolkit.coverage.opt-out` as their documentation [2] claims

[1] https://github.com/mozilla/one-off-system-add-ons/pull/131/files#diff-6e0cbf76986d04383ccb32a29ef27a7aR25
[2] https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/docs/data/coverage-ping.rst#l32

It's time to opt out of all that shit for good. Disable system addon updates and kill it at the root

> In FF61 and lower, you will not get any System Add-on updates except when you update Firefox

on its own that's not true. You will get SA updates unless you disable app update checks + auto install. Let's just remove that as well.
2018-12-14 03:21:57 +13:00
Thorin-Oakenpants
04b797f1aa
0209: remove trailing space
@Just-me-ghacks 💋
2018-12-13 11:14:44 +00:00
Thorin-Oakenpants
e60abd6c44
64-beta 2018-12-12 17:17:33 +00:00
Thorin-Oakenpants
d55b8176ad
dyslexia and/or dementia 2018-12-12 16:52:12 +00:00
Thorin-Oakenpants
31adbba774
5000s: disable CFR 2018-12-12 16:34:27 +00:00
Thorin-Oakenpants
879f0abf28
2201: more garbage 2018-12-12 13:21:24 +00:00
earthlng
3916e38681 taking out the garbage (#590) 2018-12-13 02:02:38 +13:00
Thorin-Oakenpants
51ac69874b
0105* remove // has setting 2018-12-12 11:58:48 +00:00
earthlng
2d956d04f3 move 1260 to 122x (#591)
* move 1260 to 122x

"disable or limit SHA-1 certificates" is about certs, not ciphers.
Because CERTS is 1st in the title I moved it to the 1st item there because it's arguably also the most important of the lot (and renumbered the rest)
We can also drop HSTS from the subgroup title because there's nothing HSTS left atm.
2018-12-13 00:52:49 +13:00
Thorin-Oakenpants
9d6bfb650c
disable Telemetry Coverage (#589) 2018-12-13 00:29:29 +13:00
Thorin-Oakenpants
ccdd4decf0
Pocket: 0510->0370
Pocket is no longer a System Add-on in FF64+
2018-12-12 08:25:25 +00:00
Thorin-Oakenpants
88b747ef36
0911: remove it, #585
it is default false in FF59+
2018-12-11 17:42:19 +00:00
Thorin-Oakenpants
c6ebe36165
1022: resume from crash=>inactive, closes #575 2018-12-11 17:28:21 +00:00
Thorin-Oakenpants
7684e83aba
0102 add SR info #575 2018-12-11 17:18:26 +00:00
Thorin-Oakenpants
26b874bed7
1020: remove max_windows #575 2018-12-11 16:43:11 +00:00
earthlng
61be5ae563 all Deprecations + new ADB extension prefs (#587) 2018-12-12 05:07:28 +13:00
Thorin-Oakenpants
ef1e61ebcd
start 64-alpha 2018-12-11 16:05:07 +00:00
Thorin-Oakenpants
205c48d9d3
final 63 release 2018-12-11 15:49:31 +00:00
earthlng
0e1b0a4b6e move 0370 to 0105b (#586) 2018-12-12 04:40:29 +13:00
Thorin-Oakenpants
778dc89bb6
2002 WebRTC tests #580
FYI, the https://www.privacytools.io/webrtc.html test in our wiki is 404, so I gave it a strikethru and added this one. This is also handy for 2001, but do we need to double up on it? We're only disabling WebRTC because of IP leaks, so I don't see the point in testing if WebRTC is disabled.
2018-12-11 00:40:03 +00:00
Thorin-Oakenpants
23733097a9
2302 FF version 2018-12-11 00:13:07 +00:00
earthlng
71a2d393f3 minor wording changes (#583) 2018-12-11 11:23:00 +13:00
Thorin-Oakenpants
74ebacc0dd
obey rules for [setting] tag location #578
all setting tags must be between `/* ... ***/`
2018-12-10 19:52:48 +00:00
Thorin-Oakenpants
45e3b3a0e0
2682: put correct version back
0a67cdec8b (comments)
2018-12-10 19:35:41 +00:00
Thorin-Oakenpants
5c85e61bb4 4000: remove old FPI notes (#581) 2018-12-10 18:36:07 +00:00
Thorin-Oakenpants
0a67cdec8b
#578 cleanups (#576)
- cleanup of tags placement, order consistency, and to use square brackets (allows usage elsewhere to not get tagged, eg 1402)
- other bits and bobs
2018-12-11 07:18:26 +13:00
Thorin-Oakenpants
b85668c2cd
make description & info & notes concurrent #574 2018-12-08 04:10:13 +13:00
Thorin-Oakenpants
786839ffc1
2701: fix split multi-[notes] 2018-12-06 08:16:01 +00:00
Thorin-Oakenpants
8313f2e01a
1020: fix description
Session Restore cannot be disabled in Normal mode, it is also used internally. FYI: PB Mode does not use Session Restore. The description is still not 100%, as it refers to what is restored, not what is kept in the recovery.jsonlz4 (at least for tabs)
2018-12-06 05:41:25 +00:00
Thorin-Oakenpants
0a87c99a0e
1203: ssl session ids are 24hrs 2018-12-05 20:58:07 +00:00
Thorin-Oakenpants
91fed43fc7
0703 atl-svc, better ref, #571 2018-12-05 20:36:20 +00:00
Thorin-Oakenpants
74f029566e
enforce DOMHighResTimeStamp API #491
flipped true in FF54: https://bugzilla.mozilla.org/show_bug.cgi?id=1026804 but unsure when the pref itself was introduced. note: other timing prefs were always in 2400's see 4602: [2411] disable resource/navigation timing / 4603: [2412] disable timing attacks
2018-12-04 10:34:02 +00:00
Thorin-Oakenpants
571be93ae0
proper case convention after tags
Can't believe I did this. Out of 32 `[setup*` and  9 `[warning]` tags (excluding the readme), I let one capital letter get past me, the bastard!
2018-12-04 10:26:44 +00:00
Thorin-Oakenpants
11b16c9c6d
move PB mode into STARTUP section #567 2018-12-04 08:51:19 +00:00
Thorin-Oakenpants
c4ec4dbc77
move 0000 to personal #567
it has zero to do with privacy etc, and in fact most users will only ever encounter it once (and check the box) when they first go to about:config, so it's not even useful as an override or a new profile IMO. This removes one of three numbers that don't have a section
2018-12-04 08:34:36 +00:00
Thorin-Oakenpants
67998eb4af
section naming convention consistency 2018-12-04 08:27:52 +00:00
Thorin-Oakenpants
834857b564
tag sections #567 2018-12-04 20:03:19 +13:00
Thorin-Oakenpants
25923f1acd
add index #567 2018-12-04 06:03:11 +00:00
Thorin-Oakenpants
85eaba2571
TAG! You're it! #545 2018-12-04 18:36:03 +13:00
earthlng
db56940422
typos 2018-11-29 14:10:08 +00:00
claustromaniac
b182946ae4
Tor-related warnings (#551)
Also reworded some stuff.
2018-11-24 05:19:24 +00:00
Thorin-Oakenpants
2ae3a3e4e1
1700s: enable containers, #438
AFAIK there's no technical reasons for containers to be disabled in FF63+
2018-11-21 23:53:00 +00:00
Thorin-Oakenpants
0ff610c056
there is no spoon 2018-11-20 18:14:23 +00:00
Thorin-Oakenpants
661a314e28
RFP: pointerEvent.pointerid 2018-11-20 17:36:04 +00:00
Thorin-Oakenpants
643cba63cf
Activity Stream is no longer a System Add-on 2018-11-19 03:00:40 +00:00
Thorin-Oakenpants
36b90cd5e6
1830: remove hiding the DRM UI
out of interest, it no longer requires a restart
2018-11-19 00:34:56 +00:00
Thorin-Oakenpants
299a03663f
0351: move *autoSubmit to deprecated
https://github.com/ghacksuserjs/ghacks-user.js/issues/302#issuecomment-359245047
2018-11-19 00:12:07 +00:00
Thorin-Oakenpants
13550d18a1
update [SETTING] info (#538) 2018-11-19 12:56:12 +13:00
Thorin-Oakenpants
c12eb0fdc6
0201b+2305 Permissions API info 2018-11-18 12:56:51 +00:00
Thorin-Oakenpants
acbf881b1f
saving the world bytes at a time 2018-11-15 15:47:21 +00:00
Thorin-Oakenpants
7351e561c4
1243: mixed OBJECT_SUBREQUESTS 2018-11-15 07:06:34 +00:00
Thorin-Oakenpants
4e42bad6a1
0201: default geo=> inactive, #533 2018-11-14 17:12:03 +00:00
Thorin-Oakenpants
b85e748b53
2204: FS API=>inactive, #533 2018-11-13 18:56:51 +00:00
Thorin-Oakenpants
0cc4007eda
1202: tls.min => inactive #533
TLS 1.0 and 1.1 are still secure. Sure, later versions are more secure, but 98% of the web is already upgraded - less than 2% of sites use < v1.2. So it's not very likely you would come across a site that requires it, but if you did, what's the point in breaking it. Mozilla and Chrome already have plans to deprecate TLS 1.0 & 1.1, and force that last 2% of sites.

TLS settings can be FP'ed without JS. By sticking with the defaults, I do not see any security issues, but an increase in potential anti-FPing. TBH, the chances of either (i.e being FP'ed with TLS as a entropy point, or being compromised due to TLS<1.2) are slim to non anyway.

Any arguments, please see @earthlng
2018-11-13 16:19:23 +00:00
Thorin-Oakenpants
3003f2dd85
make up yer mind
stick it back in for two releases - pref gets removed in FF65 anyway
2018-11-13 15:30:39 +00:00
Thorin-Oakenpants
ce48306a0d
finalize beta 2018-11-13 15:12:20 +00:00
Thorin-Oakenpants
3423d39fa9
2517 Media Capabilities => inactive
see f214e4bc4e (comments)
2018-11-13 15:11:01 +00:00
Thorin-Oakenpants
4834472107
remove 0426 content blocking 2018-11-13 15:01:35 +00:00
Thorin-Oakenpants
f214e4bc4e
2517: disable Media Capabilities API (for now) 2018-11-13 08:42:49 +00:00
Thorin-Oakenpants
8fd6061bcc
0426: enforce CB 2018-11-13 08:19:19 +00:00
Thorin-Oakenpants
92acb6b2f7
saving the world, one byte at a time 2018-11-12 00:06:19 +00:00
earthlng
b6b9733afa remove old information (#531)
Pants said "We do not need to keep anything for ESR users. ESR users are on v60, and we have an archived 60 for them."
This isn't even affecting ESR60 but only older versions.
2018-11-08 04:14:32 +13:00
claustromaniac
89bc0bee16 scheme+host+path+port -> scheme+host+port+path (#530) 2018-11-04 14:44:20 +00:00
earthlng
f8fc465d0a 2701: add new descriptions and new value (#527) 2018-10-30 04:40:24 +13:00
earthlng
58fa4e9b6d
0514: disable snippets, top stories, telemetry 2018-10-29 14:26:49 +00:00
Thorin-Oakenpants
afee555045
FPI: isolate postMessage... 2018-10-28 16:46:22 +00:00
Thorin-Oakenpants
e8bfa93696
0410s: SBv4 & cookies, #520 2018-10-25 00:13:50 +00:00
Thorin-Oakenpants
1abe1fd4df
4702: buildID cleanup, closes 518 2018-10-24 10:15:37 +00:00
Thorin-Oakenpants
24f7847f73
2703: make value 3 info clearer 2018-10-23 16:13:23 +00:00
earthlng
56206f77ba removed, renamed or hidden in v63.0 (#523)
* removed, renamed or hidden in v63.0

- 0301a - do you want to add the `[NOTE] Firefox currently checks every 12 hrs  ...` to `0302a` ? The problem is it also checks for updates every time you open/reload about:preferences and in Menu>Help>About Firefox regardless of when the last check was.

- 0513 - removed because follow-on-search is no longer a deletable system addon

- 2703 - do we just remove `3=for n days` or add a [NOTE] that value 3 was remove in FF63 or something?

- `browser.ctrlTab.recentlyUsedOrder` replaces `browser.ctrlTab.previews` but it now defaults to true. No need to list the new one under 5000 IMO

* Update user.js

* 1031 add more info

https://bugzilla.mozilla.org/show_bug.cgi?id=1453751#c28

* 0301a: remove update-check timing info

* 2703: add version deprecation for value 3
2018-10-24 04:45:31 +13:00
Thorin-Oakenpants
587194ce84
1403: icon fonts: flip, make inactive, closes #521 2018-10-20 01:35:37 +00:00
Thorin-Oakenpants
7aac6d476a
1270: link to 1201, #519 2018-10-16 12:01:42 +00:00
Thorin-Oakenpants
9e073ea5d5
1201: SSL renegotiation -> active, closes #519 2018-10-16 11:57:32 +00:00
Thorin-Oakenpants
732c438148
0710: disable GIO... #442 2018-10-14 12:11:56 +00:00
Thorin-Oakenpants
58931bc15d
start 63 commits 2018-10-11 11:25:03 +00:00
Thorin-Oakenpants
21b18cbe49
finalize 62 2018-10-11 10:46:35 +00:00
Thorin-Oakenpants
cbcd293e68
RFP: spoof/suppress Pointer Events
https://bugzilla.mozilla.org/show_bug.cgi?id=1363508
2018-10-11 05:50:09 +00:00
earthlng
aacf5d4a0b
update 1031 description 2018-09-30 15:30:32 +00:00
earthlng
b2fc9bc266
remove 0421: privacy.trackingprotection.ui.enabled
- pref removed in FF63 (https://bugzilla.mozilla.org/1476879)
- when we added it the default was false
- default is true since FF57
- it's only an UI thing

ergo we don't need to move it to 9999
2018-09-30 15:20:36 +00:00
Thorin-Oakenpants
1c6c5ea2ff
1000s: cache header section #496 2018-09-13 05:09:07 +00:00
Thorin-Oakenpants
36c791c4bc
remove 2661: *webextensions.keep*
Added in FF51 with defaults false and never changed since
2018-09-12 22:23:59 +00:00
earthlng
ee213f2bab infos about default values (#504)
* more infos

* add colons

not all EOL comments for defaults start with `// default` (23). The common string is `default:` (27 incl. these ones) with or without preceding or trailing spaces
2018-09-13 10:17:56 +12:00
Thorin-Oakenpants
01a978e33a
add 0864: dom.forms.datetime, closes #495 2018-09-11 16:43:18 +00:00
Thorin-Oakenpants
6717bc0674
1024: toolkit.winRegisterApplicationRestart 2018-09-09 20:46:35 +00:00
Thorin-Oakenpants
11a94c7e32
4503: add bugzilla 2018-09-09 20:43:56 +00:00
earthlng
b7c0e816a0 remove ESR52 grouping in 9999 (#499) 2018-09-10 08:33:43 +12:00
Thorin-Oakenpants
8b5547a973
4504: browser.startup.blankWindow 2018-09-08 17:23:48 +00:00