search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
10.11k stars 515 forks source link

sticky: platform specific prefs & values #109

Closed Thorin-Oakenpants closed 6 years ago

Thorin-Oakenpants commented 7 years ago

Use this issue to post info about Mac / Linux / Windows / Android specific preferences and differences

Please note: The comments here will be regularly cleaned out to keep this sticky usable

Diffs: https://earthlng.github.io/FFprefs-diffs/index.html

grauenwolfe commented 7 years ago

INTRODUCTORY NOTE - INTENDED TO BE DELETED Here is an initial list of Mac-specific differences, just a few of the more obvious ones to get the ball rolling. There are a number of differences in the Mac default settings but I don't know them offhand since I've never documented them and so will just have to wait until I come across them again. They will be noted and then added to this thread as they come up.

Also, I welcome any input on the manner in which I've posted, i.e., hierarchy, formatting, overall clarity, etc.

Mac-specific / macOS / OS X

The following entries do not exist in Mac versions of Firefox installations.

DONE means they now have a [WINDOWS] tag - so says I, Thorin

atomGit commented 7 years ago

linux mint 18.x - these were found in a minimal preconfigured prefs.js

user_pref("network.protocol-handler.app.apt", "/usr/bin/apturl");
user_pref("network.protocol-handler.app.apt+http", "/usr/bin/apturl");
user_pref("network.protocol-handler.warn-external.apt", true);
user_pref("network.protocol-handler.warn-external.apt+http", true);

also the default browser check is disabled in mint (and probably all of debian distros at a minimum i would imagine) - you guys already have this in your .js though...

user_pref("browser.shell.checkDefaultBrowser", false);

Atavic commented 7 years ago

Dapper Linux hardened-browser config.

Thorin-Oakenpants commented 7 years ago

There are now 10 [WINDOWS] tags, 1 [MAC], and zero [LINUX] or [ANDROID], done during cleaning up of descriptions and other commits. Now we just need to work our way thru earthlng's diff etc

Thorin-Oakenpants commented 7 years ago

I had a look at the "FF53.0 prefs - Windows vs Linux" last night and almost everything is covered - maybe a couple to look at. I also found out that 2503 dom.netinfo.enabled is only used on android - see here - but this may change, and I don't think its worth adding that info

icpantsparti commented 6 years ago

I notice dom.presentation.device.name on Android Firefox, it contains the exact device model number. On reset or blanking it repopulates, seems to hold if changed to something else. Wondering if it is a fingerprinting issue, cannot find any info. Grateful for any advice.

Thorin-Oakenpants commented 6 years ago

its used in mDNS (multicasting DNS)

DXR if string is empty, reset it (not sure when this code is called)

See 1382533 which covers this under privacy.resistFingerprinting. [EDIT: actually that patch only stops the exposure of your local IP addresses] However, that pref is not great for mobile, as web pages tend to get served as if you are on a desktop, as the UA spoof lies (for non-Windows OS) and every site thinks you are on Windows. In FF59+ the UA spoof will auto-use Android as a platform in its "spoof" if you're on Android (see 1404608 which is the original bug for the mobile/desktop thing, but was used to make the spoof changes)

also see https://bugzilla.mozilla.org/show_bug.cgi?id=1185806 which was linked in the DXR above

I'm not entirely sure exactly what mDNS is, when it gets used, and how websites could grab this info.

Thorin-Oakenpants commented 6 years ago

https://en.wikipedia.org/wiki/MDNS

I'm guessing this would cover things like device discovery/connection for casting eg a youtube video to chromecast

The mDNS protocol is published as RFC 6762, uses IP multicast User Datagram Protocol (UDP) packets, and is implemented by the Apple Bonjour, Spotify Connect, Philips Hue, Google Chromecast...

Atavic commented 6 years ago

dom.presentation.device.name is used to identify the connected device.

Similar to Apple Bonjour and NSD.

Thorin-Oakenpants commented 6 years ago

Yup.. says it right there in the pref name :) and outlined in the links

https://bugzilla.mozilla.org/show_bug.cgi?id=1185806#c1

mDNS requires name uniqueness and can detect conflict from its protocol

Thorin-Oakenpants commented 6 years ago

As an aside... after this discussion, when I went to bed and was about to watch a movie using Plex, before I did, I went into FF, reset the pref etc - it did everything that @icpantsparti said. I was just checking it out, not doubting.

Then my Plex app couldn't find my bedroom chromecast (I have two, and LlamaHub was nowhere to be found, GoatHub was not on as I power them via USB - do not mock my naming convention xD). I just quickly rebooted my phone and all was well .. except THIS time, as Plex connected (I think it's when you do a refresh for devices in the Plex app), my device name was displayed on the TV center top - never seen that before. Likely not related, I mean how could it be.

/end of useless story :)

Edit: and now, after that one time at Llamacamp, it doesn't happen .. spookie

crssi commented 6 years ago

Chromecast has wifi problems or more correctly is a wifi problem. AFAIK, the patch was just released.

Thorin-Oakenpants commented 6 years ago

as I power them via USB

doesn't affect me. when not in use, they are off - anyway I have bandwidth to spare (but yeah, who ever thought (tens of) hundreds of millions of devices downloading screen papers all the time was a good idea needs a bullet

icpantsparti commented 6 years ago

Thanks for your replies. 👍 :)

Thorin-Oakenpants commented 6 years ago

going to retire this sticky, it's served its initial purpose for fixing up labeling some existing prefs. New prefs we deal with as we get to them