Open Thorin-Oakenpants opened 3 weeks ago
all up, very boring .. only 1 new active pref (spoof english) which if anyone is already using it, it should be in their overrides.
Everything else is upcoming (FF128 sanitizing migration), or commented out since it's at default-what-we-want (or for prefsCleaner), or deprecated
Enjoy the stability of arkenfox :)
https://github.com/arkenfox/user.js/pull/1847/commits/10fddc8072b69cb7f3448fb4c5e09c8bc23b72f3
my overrides for FF128 - add em now if you want to continue with RFP in FF128+
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.resistFingerprinting.letterboxing", true); // optional
user_pref("webgl.disabled", true); // optional
user_pref("privacy.spoof_english", 2); // optional
// ^ I have en-US app lang and a non-matching en-** OS
// so my locale without spoof_english is the same as OS which is not desirable
FYI: re spoof english and en-US on english but not en-US OSes
Soo, we devised this slightly sophisticated system where if the language portion of your OS locale matches langauge portion of Firefox locale (for example "en-US" and "en-GB"), then we will use the region portfion of your OS locale in Firefox.
javascript.use_us_english_locale
pref in FF119 1846224When switching to FPP should privacy.window.maxInner*
be disabled, too?
no, newwin (max sizes) is only used when RFP is enabled
edit: letterboxing is the one that is not tied to RFP
I'll add some info to #1804 tomorrow hopefully and unlock the topic and everyone can go have a good yarn and discuss it to death :) I of course will unsubscribe having said my bit :) e.g. why I plan to keep using RFP
About privacy.spoof_english 1
, if I:
intl.accept_languages
to en-US, en
;intl.regional_prefs.use_os_locales
set to true
(regional pref. from OS is different from en-US);am I good?
Noob question: I couldn't find browser.search.serpEventTelemetryCategorization.enabled
in the new user.js, should I disable it (as suggested here) or is there a master switch somewhere already?
@Tiagoquix IDK - languages is just languages - i.e request page in x,y,z ... and the app language can be different if you want
So you have en-US interface, en-US,en
languages - that's all groovey (app language is used by webcontent for a lot of things, e.g. look and feel for widgets: buttons, input fields, etc - which to me is backwards but probably a legacy thing: they should eventually make all chrome use app lang, and all web content use web-request lang, but that also has issues)
Anyway, so what really matters here is the locale
- all the Intl....resolvedOptions. If you have en-US
language/app-lang and your os is en-US you're cool, but if your os is en-CA or en-GB then it uses that for locale. Same goes for the locales for spanish, french, german etc. But if you have en-US
and your os is es-ES
then it will use en-US
(or so I believe, I do not have a non-english OS handy)
And that's before you start using spoof_english, which only allows spoofing for a single language, not all (because of all the places the app language leaks or is used in web content)
And resetting spoof english also has issues and I think bad design - it does not reset things which actually caused a major regression in Tor Browser where users could mix and match languages and locales - e.g. german language and english locale - relaly bad.
All I can say is test it: https://arkenfox.github.io/TZP/tzp.html#region
Thanks for the info and the testing site! Really helpful.
@Thorin-Oakenpants Out of context: could you consider releasing arkenfox v126.1 to fix the semi-colons? I think they're important fixes.
I already updated the live user.js with the active missing ;
- updater will pick up on this. The other is commented out and non-breaking IMO, and is a FF127+ pref recommended not to use (but I get that this is about the syntax part)
What am I missing here? Do I really need to a 126.1 release?
edit: ok, users may not run updater unless they see a new release version, because let's face it, it's manual
edit: ok, users may not run updater unless they see a new release version, because let's face it, it's manual
exactly that!
You're good people, Thorin-Oakenpants.
now at 31 spartas
last time I counted in sparta units cc: @bagder I will catch you :) edit: curl at 34.6k right now
may I ask if the cpd
migration to clearHistory
already happened? because there are only the latter in user.js, as opposed to the v2 prefs where we have both until 128 rolls out
because there are only the latter in user.js
they are both in the user.js - migration should not be happening until 128 AFAIK
https://github.com/arkenfox/user.js/blob/47cbf5b9740ef59ed866874346d3fee3379f8da3/user.js#L691-L710
For choosing between FPP and RFP from 128 onwards, can we summarise RFP as "If it doesn't break anything (important) for you, you should use it."?
For choosing between FPP and RFP from 128 onwards, can we summarise RFP as "If it doesn't break anything (important) for you, you should use it."?
There's a wiki page about RFP: https://github.com/arkenfox/user.js/wiki/3.3-Overrides-%5BTo-RFP-or-Not%5D
After reading, the user can decide to have it enabled or not.
RFP is on for every AF user by default. That's a privacy recommendation. The users choosing to disable it are the odd ones out, effectively saying "I don't care about what AF recommends, I'm okay with reduced privacy protection because I want XYZ to work".
From 128, RFP will be off by default, in favour of FPP. Does this mean AF is saying:
?
All I care about is a one word answer to the question "Does AF still recommend RFP over FPP for more privacy protection, damn the breakages?". Yes or no?
Right now, my tentative answer is yes, because "Thorin is still using it, so it must be good."
https://github.com/arkenfox/user.js/issues/1846#issuecomment-2153972165 - when I feel like it, I grew to hate writing about FPing due to incessant nature of idiots and having to repeat myself, to the point where it's a blocker
that said the answer is really simple - do what you like - if shit doesn't break (much) RFP is better and more robust. If you can't handle the breakage (or usability shit like FPS at 60 or timezone as iceland) then don't use it. Same as always. I'm just changing the DEFAULT in the TEMPLATE
without my support,. users can also use FPP (default) but kick in RFPTargets - so all RFP minus the bits that break (edit: but I'm not going to support that here, as in helping people with it, fuck that, I have enough to do)
I'm just changing the DEFAULT in the TEMPLATE
I think this is a POV problem. You're underestimating the psychological impact such changes can have on users, because you're sitting on top of a hill with all the background knowledge and expertise on the issue.
What may be a simple "Eh, I'll just add a couple slashes to the RFP prefs." to you might be a "Holy shit AF just turned off RFP entirely what does this MEAN!?" for mere users.
if shit doesn't break (much) RFP is better and more robust
THANK YOU. The fact that you're still saying this, now that the decision to move to FPP by default is already made, is what mattered here.
runs away to order buckets of ice cream in celebration
Thorin has a strong position on Arkenfox being just a template, and not a file-that-dicatates-your-usage. I like it. As long Thorin makes it very clear in the new release notes (possibly with a link to the RFP page on the wiki), I'm fine with it.
file-that-dicatates-your-usage
Dictation is different from recommendation. There are entire sections in the user.js labelled "don't touch" or "don't bother". Of course the user is free to mess around with every single pref, but AF defaults are defaults for a reason, and deviating from them isn't done lightly.
Just want to add my two cents. @Thorin-Oakenpants it looks like you spend quite a bit of time replying to people in issues, turning the issue tracker into basically a forum. It takes a long time to understand anything, because you assume so much prior knowledge. We're not all up to date on what's going on here. I really think you need to focus on the documentation, focus on summarising and keeping things simple (while retaining references to more complicated material) such that this project can be more accessible to a wider (but still technical) audience. I recommend also adding a Discussions page. People can read the documentation and get answers from other people telling them to read the docs again because it already contains everything necessary. This is what all developers should do, really.
Discussion doesn't belong in issue trackers, and when you don't have your own dedicated page for discussion you encourage it on other platforms, which leads to people taking information out of context and doesn't aid in comprehension.
Otherwise, love what you're doing, I respect your decisions regardless.
yeah the topic and the acronyms are already hard to follow, and then the changes by mozilla year after year makes it more nebulous lol
I can help out with documentation if stuff is explained to me.
https://discuss.privacyguides.net/t/why-rfp-changes-time-zone-to-atlantic-reykjavik/19044
https://github.com/arkenfox/user.js/blob/6446d73cf572fcdf631534a5a51276a64eec4a2d/user.js#L799
for those wondering why
Atlantic/Reykjavik
- we chose Icelandsince we only really care about recent (and future) date-times
to clarify, that means usability for the user with their calendars, current day/date/time etc = to stay consistent all year round with UTC. Historically dates differ (prior to 1912 - but all users are the same, so not an entropy or usability issue)
Holly crap, I remember barely reading through the Wiki, implementing Arkenfox into my browser, albeit not understanding the update & maintain section. A couple months of University went by, I read this, and I have no clue what is going on tbh. Anyway, two questions, (1) can we cut out all the BS so to say and make a concise summary and guide to implement and maintain Arkenfox, only with integral steps and information necessary to get it running, in one central location (i.e., 1 webpage or document), this would really help put people who do not have a background in computer science (2) this is kinda pointless, but can we add rounded edges to the letterbox like Mullvad?
:green_square: v126
FF126 release notes FF126 for developers FF126 security advisories
NOTE
⭐ ⚠️ there is a migration of prefs coming in FF128 for sanitizing (on close and manually), including new ones,
so make sure to add any new corresponding sanitizing prefs to your overrides if required before 128
⭐ ⚠️ in FF128 I will also move arkenfox to using FPP not RFP see #1804
if you want to continue to use RFP (4501) and/or LB (4504) and/or disable webgl (4520) then you might as well add them to your overrides as well, so I don't change them on you without warning.
see this comment below for my overrides
CHANGELOG
new and active in user.js 126
new and inactive in user.js 126
new in user.js 126, required for 128
clearSiteData
FF128+ =Privacy & Security>Browser Privacy>Cookies and Site Data>Clear Data
privacy.cpd
old prefs migrate toclearHistory
privacy.clearOnShutdown
migrates toclearOnShutdown_v2
user_pref("privacy.clearOnShutdown_v2.cache", true); // [FF128+] [DEFAULT: true] user_pref("privacy.clearOnShutdown_v2.historyFormDataAndDownloads", true); // [FF128+] [DEFAULT: true] // user_pref("privacy.clearOnShutdown_v2.siteSettings", false); // [FF128+] [DEFAULT: false] user_pref("privacy.clearOnShutdown_v2.cookiesAndStorage", true) // Cookies, Site Data, Active Logins [FF128+]
user_pref("privacy.clearSiteData.cache", true); user_pref("privacy.clearSiteData.cookiesAndStorage", false); // keep false until it respects "allow" site exceptions user_pref("privacy.clearSiteData.historyFormDataAndDownloads", true); // user_pref("privacy.clearSiteData.siteSettings", false);
// user_pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // [FF95+] [DEFAULT: false] // user_pref("browser.urlbar.suggest.quicksuggest.sponsored", false); // [FF92+] [DEFAULT: false]
STATS