flipped true in FF54: https://bugzilla.mozilla.org/show_bug.cgi?id=1026804 but unsure when the pref itself was introduced. note: other timing prefs were always in 2400's see 4602: [2411] disable resource/navigation timing / 4603: [2412] disable timing attacks
it has zero to do with privacy etc, and in fact most users will only ever encounter it once (and check the box) when they first go to about:config, so it's not even useful as an override or a new profile IMO. This removes one of three numbers that don't have a section
TLS 1.0 and 1.1 are still secure. Sure, later versions are more secure, but 98% of the web is already upgraded - less than 2% of sites use < v1.2. So it's not very likely you would come across a site that requires it, but if you did, what's the point in breaking it. Mozilla and Chrome already have plans to deprecate TLS 1.0 & 1.1, and force that last 2% of sites.
TLS settings can be FP'ed without JS. By sticking with the defaults, I do not see any security issues, but an increase in potential anti-FPing. TBH, the chances of either (i.e being FP'ed with TLS as a entropy point, or being compromised due to TLS<1.2) are slim to non anyway.
Any arguments, please see @earthlng
Pants said "We do not need to keep anything for ESR users. ESR users are on v60, and we have an archived 60 for them."
This isn't even affecting ESR60 but only older versions.
* removed, renamed or hidden in v63.0
- 0301a - do you want to add the `[NOTE] Firefox currently checks every 12 hrs ...` to `0302a` ? The problem is it also checks for updates every time you open/reload about:preferences and in Menu>Help>About Firefox regardless of when the last check was.
- 0513 - removed because follow-on-search is no longer a deletable system addon
- 2703 - do we just remove `3=for n days` or add a [NOTE] that value 3 was remove in FF63 or something?
- `browser.ctrlTab.recentlyUsedOrder` replaces `browser.ctrlTab.previews` but it now defaults to true. No need to list the new one under 5000 IMO
* Update user.js
* 1031 add more info
https://bugzilla.mozilla.org/show_bug.cgi?id=1453751#c28
* 0301a: remove update-check timing info
* 2703: add version deprecation for value 3
- pref removed in FF63 (https://bugzilla.mozilla.org/1476879)
- when we added it the default was false
- default is true since FF57
- it's only an UI thing
ergo we don't need to move it to 9999
* more infos
* add colons
not all EOL comments for defaults start with `// default` (23). The common string is `default:` (27 incl. these ones) with or without preceding or trailing spaces
FF61 introduced quite a few changes, including removing the ability to set a blank startpage in the UI, and a new Home options tab with unified Activity Stream (AS) defaults and dropdown options. Because the only way to stop AS on startup is to enforce a blank page (pref 0102), and setting this auto changes `home+newwindow` (0103) and `newtab` (0104) to a blank page, then we're just going to go ahead and enforce that on all of them.
For more info see the discussion in #426
Both deprecated in FF61, but we'll remove them from the user.js
- `services.blocklist.signing.enforced` is default true since FF50
- `browser.storageManager.enabled` only controls "Site Data" UI visibility
2732 was just enforcing default since at least FF52, and 2733 has never been used, was only there for info. Offline Cache or appCache (2730) is already behind a prompt (2731), and is already limited (in FF60+) to HTTPS (2730b).
Note: I am not 100% sure what happens with an app update. If this is divorced from that check now, you should be able to get FF updated without any system addons. We'll have to wait until 62 needs an update to test it. In the meantime I've edited the [NOTE]. I've also left this inactive (eg imagine if they pushed a critical update for formfill), so this is an end-user decision. Added to sticky to revisit this pref
I see no point in keeping this to enforce a default that FF itself doesn't use - see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox
- "... is an optional compatibility token that some Gecko-based browsers may choose to incorporate, to achieve maximum compatibility with websites that expect Firefox"
The last one-off ESR cycle of 8 releases is now behind us, new algorithm for FF60+ is back to 7 releases per ESR numbering, starting at 60... 67... etc. Note: This does not do anything for Aurora or Nightly spoofing the next ESR early (but we have until Nightly 67 before this becomes a problem). The ticket 1418162 was meant to cover this but instead was just used for the new algorithm. There is currently no ticket for the Aurora/Nightly issue - but never fear, Pants is here!! It is not forgotten, and I have emails with Tom Ritter et al on it
AS is out of control. No master switch in FF60+, and in order to 100% sure nothing is collected locally (or external connections made), there are now some 28 prefs (including those coming in FF61). This is re-DICK-ulous. We're not going to bother tracking all that, let alone the labyrinth of code. All users are advised to just make sure they remove the XPI every time they update FF.
