ToDo: diffs FF127-FF128

[earthlng]

FF128 release date: Jul. 9th 2024

FF128 release notes FF128 for developers FF128 security advisories

---

140 diffs ( 80 new, 37 gone, 23 different )

• [x] pref("browser.urlbar.recentsearches.featureGate", true); 1900900 - https://github.com/arkenfox/user.js/pull/1862/commits/e0ec4d04563969ac0fcb7491ceeda5b5d9662be7 & https://github.com/arkenfox/user.js/pull/1862/commits/b1c43d41db1319a54573d690ced9f084b7173435
• [x] FF129+ 1658094 Clearing site preferences on shutdown also clears exceptions for clearing on shutdown
  • https://github.com/arkenfox/user.js/pull/1862/commits/b498a6582c671916daf37b0fc76b6ad8ab85f123
  • tested all three site settings clearing methods
  • for the record arkenfox has never sanitized site settings (or passwords), but this may now be feasible for some users
• FYI
  • 0805 pref("browser.urlbar.trending.featureGate", true);
  • pref("browser.backup.scheduled.enabled", false);
  • hoverPreview
    • pref("browser.tabs.hoverPreview.enabled", false);
    • pref("browser.tabs.hoverPreview.showThumbnails", true);
    • when enabled = true you get the URL on a secondary line and a thumbnail if that is true

new in v128.0:

pref("network.cookie.CHIPS.enabled", false);
pref("network.cookie.cookieBehavior.optInPartitioning.pbmode", false);
pref("network.cookie.sameSite.crossSiteIframeSetCheck", true);
pref("network.proxy.socks5_remote_dns", true);

changed in v128.0:

FYI

• pref("privacy.bounceTrackingProtection.enabled", true); // prev: false
  • URLs and timestamps are stored in bounce-tracking-protection.sqlite
  • these are not sanitized on close: not sure how long lived they are
  • this will become part of ETP Strict
  • the benefits of bounce tracking protection outweigh touching the disk - if your disk was compromised you have bigger issues to worry about, so this is out of scope for this project

---

ignore

click me for details

==NEW ```js pref("browser.mailto.dualPrompt.dismissNotNowMinutes", 525600); pref("browser.mailto.dualPrompt.dismissXClickMinutes", 1440); pref("browser.mailto.dualPrompt.onLocationChange", false); pref("browser.ml.chat.enabled", false); pref("browser.ml.chat.prompt.prefix", "I’m on page \"%currentTabTitle%\" with \"%selection|12000%\" selected. "); pref("browser.ml.chat.prompts.0", "{\"label\":\"Summarize\",\"value\":\"Please summarize the selection using precise and concise language. Highlight the main themes and conclusions. Use headers and bulleted lists in the summary, to make it scannable. Maintain the meaning of the selection.\"}"); pref("browser.ml.chat.prompts.1", "{\"label\":\"Simplify language\",\"value\":\"Please rewrite the selection in plain, clear language suitable for a general audience without specialized knowledge. Use all of the following tactics: simple vocabulary; short sentences; active voice; examples where applicable to make explanations clearer; explanations for jargon and technical terms; headers and bulleted lists for scannability. Maintain factual accuracy while simplifying.\"}"); pref("browser.ml.chat.prompts.2", "{\"label\":\"Quiz me\",\"value\":\"Please create questions related to the selection. Ask the questions one by one. Wait for my response before moving on to the next question. Evaluate each response. Ask a variety of types of questions, like multiple choice, true or false and short answer.\"}"); pref("browser.ml.chat.provider", ""); pref("browser.newtabpage.activity-stream.newtabWallpapers.highlightContentText", ""); pref("browser.newtabpage.activity-stream.newtabWallpapers.highlightCtaText", ""); pref("browser.newtabpage.activity-stream.newtabWallpapers.highlightDismissed", false); pref("browser.newtabpage.activity-stream.newtabWallpapers.highlightEnabled", false); pref("browser.newtabpage.activity-stream.newtabWallpapers.highlightHeaderText", ""); pref("browser.newtabpage.activity-stream.newtabWallpapers.highlightSeenCounter", 0); pref("browser.newtabpage.activity-stream.newtabWallpapers.v2.enabled", false); pref("browser.newtabpage.activity-stream.newtabWallpapers.wallpaper", ""); pref("browser.privateWindowSeparation.enabled", true); pref("browser.shell.setDefaultBrowserUserChoice.regRename", false); pref("browser.shell.setDefaultGuidanceNotifications", true); pref("browser.spin_cursor_while_busy", false); pref("browser.tabs.allow_transparent_browser", false); pref("browser.topsites.component.enabled", false); pref("browser.urlbar.scotchBonnet.enableOverride", false); pref("browser.urlbar.trending.enabledLocales", "en-US, en-CA"); pref("browser.urlbar.trending.requireSearchMode", false); pref("dom.document_priority.incremental", true); pref("dom.fullscreen.force_exit_on_multiple_escape_interval", 500); pref("dom.origin-trials.private-attribution.state", 0); pref("dom.private-attribution.submission.enabled", true); pref("dom.security.credentialmanagement.identity.heavyweight.enabled", false); pref("dom.security.credentialmanagement.identity.lightweight.enabled", false); pref("dom.security.https_first_add_exception_on_failiure", true); pref("extensions.addonAbuseReport.url", "https://services.addons.mozilla.org/api/v5/abuse/report/addon/"); pref("extensions.script_blob_without_match_origin_as_fallback", false); pref("gfx.canvas.remote.recycle-used-data-surface", false); pref("gfx.remote-texture.wait-owner-at-image-host", true); pref("image.priority.incremental", true); pref("javascript.options.experimental.arraybuffer_resizable", true); pref("javascript.options.experimental.sharedarraybuffer_growable", true); pref("layout.css.anchor-positioning.enabled", false); pref("layout.forms.textarea-sizing-excludes-auto-scrollbar.enabled", true); pref("layout.overflow-underflow.content.enabled", true); pref("layout.overflow-underflow.content.enabled_in_addons", true); pref("logging.config.modules", ""); pref("media.gmp.encoder.enabled", false); pref("media.gmp.encoder.multithreaded", false); pref("media.gmp.encoder.preferred", false); pref("media.navigator.video.disable_h264_baseline", true); pref("media.webrtc.encoder_creation_strategy", 0); pref("memory.phc.avg_delay.content.first", 16384); pref("memory.phc.avg_delay.content.normal", 4096); pref("memory.phc.avg_delay.content.page_reuse", 262144); pref("network.auth.sort_challenge_in_progress", false); pref("network.cache.persist_permanent_redirects_http", false); pref("network.decompression_off_mainthread2", true); pref("network.fetchpriority.adjust_urgency", true); pref("network.http.http3.enable_kyber", false); pref("privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs2", false); pref("privacy.sanitize.cpd.hasMigratedToNewPrefs2", false); pref("reader.font_type.values", "[\"sans-serif\",\"serif\",\"monospace\"]"); pref("reader.font_weight", "regular"); pref("reader.font_weight.values", "[\"regular\",\"light\",\"bold\"]"); pref("screenshots.browser.component.preventContentEvents", true); pref("security.tls.enable_certificate_compression_brotli", false); pref("security.tls.enable_certificate_compression_zlib", false); pref("startup.homepage_override_nimbus_minVersion", ""); pref("toolkit.contentRelevancy.log", false); pref("toolkit.telemetry.translations.logLevel", "Error"); pref("webgl.glsl.max_private_var_size_in_bytes", -1); pref("webgl.glsl.max_var_size_in_kibytes", -1); ``` ==REMOVED, RENAMED or HIDDEN ```js pref("browser.firefox-view.search.enabled", true); pref("browser.mailto.prompt.os", true); pref("browser.search.newSearchConfig.enabled", false); pref("browser.tabs.cardPreview.enabled", false); pref("browser.tabs.cardPreview.showThumbnails", true); pref("browser.urlbar.secondaryActions.featureGate", false); pref("browser.urlbar.update2.emptySearchBehavior", 0); pref("dom.animations-api.compositing.enabled", true); pref("dom.animations-api.timelines.enabled", true); pref("dom.document.exec_command.nested_calls_allowed", false); pref("dom.forms.number.hide_spin_buttons_when_no_hover_or_focus", false); pref("dom.mutation-events.cssom.disabled", true); pref("dom.no_unknown_protocol_error.enabled", true); pref("dom.security.https_only_check_path_upgrade_downgrade_endless_loop", true); pref("dom.window.event.enabled", true); pref("extensions.formautofill.heuristics.interactivityCheckMode", "focusability"); pref("io.activity.enabled", false); pref("layout.css.computed-style.shorthands", true); pref("layout.css.container-queries.enabled", true); pref("layout.css.individual-transform.enabled", true); pref("media.webrtc.platformencoder", false); pref("media.webrtc.platformencoder.sw_only", true); pref("media.webrtc.software_encoder.fallback", true); pref("network.auth.choose_most_secure_challenge", true); pref("network.cors_preflight.block_userpass_uri", false); pref("network.decompression_off_mainthread", true); pref("network.dns.force_waiting_https_rr", true); pref("network.fetch.redirect.stripAuthHeader", true); pref("network.http.originextension", true); pref("network.http.redirect.stripAuthHeader", true); pref("network.trr.fetch_off_main_thread", true); pref("network.url.strip-data-url-whitespace", false); pref("privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs", false); pref("privacy.sanitize.cpd.hasMigratedToNewPrefs", false); pref("security.allow_disjointed_external_uri_loads", false); pref("toolkit.telemetry.geckoview.streaming", false); pref("widget.non-native-theme.solid-outline-style", false); ``` ==CHANGED ```js pref("browser.contentanalysis.allow_url_regex_list", "^about:(?!blank|srcdoc).*"); // prev: "" pref("browser.display.use_document_fonts.icon_font_allowlist", "Material Icons, Material Icons Extended, Material Icons Outlined, Material Icons Round, Material Icons Sharp, Material Icons Two Tone, Google Material Icons, Google Material Icons Filled, Material Symbols Outlined, Material Symbols Round, Material Symbols Rounded, Material Symbols Sharp"); // prev: "Material Icons, Material Icons Extended, Material Icons Outlined, Material Icons Round, Material Icons Sharp, Material Icons Two Tone, Google Material Icons, Material Symbols Outlined, Material Symbols Round, Material Symbols Rounded, Material Symbols Sharp" pref("browser.translations.select.enable", true); // prev: false pref("browser.urlbar.contextualSearch.enabled", true); // prev: false pref("extensions.abuseReport.amoFormURL", "https://addons.mozilla.org/%LOCALE%/firefox/feedback/addon/%addonID%/"); // prev: "https://addons.mozilla.org/%LOCALE%/%APP%/feedback/addon/%addonID%/" pref("extensions.blocklist.addonItemURL", "https://addons.mozilla.org/%LOCALE%/firefox/blocked-addon/%addonID%/%addonVersion%/"); // prev: "https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/" pref("identity.fxaccounts.toolbar.pxiToolbarEnabled", true); // prev: false pref("javascript.options.mem.gc_incremental_slice_ms", 10); // prev: 5 pref("layout.css.content.alt-text.enabled", true); // prev: false pref("layout.css.properties-and-values.enabled", true); // prev: false pref("layout.css.relative-color-syntax.enabled", true); // prev: false pref("media.eme.encrypted-media-encryption-scheme.enabled", true); // prev: false pref("media.eme.hdcp-policy-check.enabled", true); // prev: false pref("media.seekToNextFrame.enabled", false); // prev: true pref("network.auth.use_redirect_for_retries", true); // prev: false pref("network.http.http2.enabled.deps", false); // prev: true pref("privacy.sanitize.useOldClearHistoryDialog", false); // prev: true pref("reader.character_spacing", 0); // prev: "" pref("reader.word_spacing", 0); // prev: "" pref("security.sandbox.content.level", 7); // prev: 6 pref("security.webauthn.webauthn_enable_android_fido2.residentkey", true); // prev: false pref("toolkit.telemetry.dap_leader", "https://dap-09-3.api.divviup.org/"); // prev: "https://dap-07-1.api.divviup.org/" ```

[earthlng]

some bugzilla tickets

* browser.backup.scheduled.enabled Bug [1893277](https://bugzilla.mozilla.org/show_bug.cgi?id=1893277) - build initial UI for turning on scheduled backups. * browser.contentanalysis.allow_url_regex_list Bug [1901065](https://bugzilla.mozilla.org/show_bug.cgi?id=1901065) - do not exempt about:blank and about:srcdoc from DLP Bug [1886558](https://bugzilla.mozilla.org/show_bug.cgi?id=1886558) - exempt about pages from DLP * browser.firefox-view.search.enabled Bug [1893013](https://bugzilla.mozilla.org/show_bug.cgi?id=1893013) - Remove browser.firefox-view.search.enabled preference * browser.mailto.dualPrompt.dismissNotNowMinutes Bug [1894024](https://bugzilla.mozilla.org/show_bug.cgi?id=1894024) - mailto: remind users to finish the configuration of a webmailer, * browser.mailto.dualPrompt.dismissXClickMinutes Bug [1894024](https://bugzilla.mozilla.org/show_bug.cgi?id=1894024) - mailto: remind users to finish the configuration of a webmailer, * browser.mailto.dualPrompt.onLocationChange Bug [1894024](https://bugzilla.mozilla.org/show_bug.cgi?id=1894024) - mailto: remind users to finish the configuration of a webmailer, * browser.mailto.prompt.os Bug [1894024](https://bugzilla.mozilla.org/show_bug.cgi?id=1894024) - mailto: remind users to finish the configuration of a webmailer, * browser.ml.chat.enabled Bug [1894998](https://bugzilla.mozilla.org/show_bug.cgi?id=1894998) - Add prefs to control chat, provider, prompts * browser.ml.chat.prompt.prefix Bug [1894998](https://bugzilla.mozilla.org/show_bug.cgi?id=1894998) - Add prefs to control chat, provider, prompts * browser.ml.chat.prompts.0 Bug [1894998](https://bugzilla.mozilla.org/show_bug.cgi?id=1894998) - Add prefs to control chat, provider, prompts * browser.ml.chat.prompts.1 Bug [1894998](https://bugzilla.mozilla.org/show_bug.cgi?id=1894998) - Add prefs to control chat, provider, prompts * browser.ml.chat.prompts.2 Bug [1894998](https://bugzilla.mozilla.org/show_bug.cgi?id=1894998) - Add prefs to control chat, provider, prompts * browser.ml.chat.provider Bug [1894998](https://bugzilla.mozilla.org/show_bug.cgi?id=1894998) - Add prefs to control chat, provider, prompts * browser.newtabpage.activity-stream.newtabWallpapers.highlightContentText Bug [1899788](https://bugzilla.mozilla.org/show_bug.cgi?id=1899788) - Home and newtab adding some Nimbus values to wallpaper feature highlight. * browser.newtabpage.activity-stream.newtabWallpapers.highlightCtaText Bug [1899788](https://bugzilla.mozilla.org/show_bug.cgi?id=1899788) - Home and newtab adding some Nimbus values to wallpaper feature highlight. * browser.newtabpage.activity-stream.newtabWallpapers.highlightDismissed Bug [1897233](https://bugzilla.mozilla.org/show_bug.cgi?id=1897233) - Add feature highlight for Wallpapers * browser.newtabpage.activity-stream.newtabWallpapers.highlightEnabled Bug [1899788](https://bugzilla.mozilla.org/show_bug.cgi?id=1899788) - Home and newtab adding some Nimbus values to wallpaper feature highlight. Bug [1897233](https://bugzilla.mozilla.org/show_bug.cgi?id=1897233) - Add feature highlight for Wallpapers * browser.newtabpage.activity-stream.newtabWallpapers.highlightHeaderText Bug [1899788](https://bugzilla.mozilla.org/show_bug.cgi?id=1899788) - Home and newtab adding some Nimbus values to wallpaper feature highlight. * browser.newtabpage.activity-stream.newtabWallpapers.highlightSeenCounter Bug [1897233](https://bugzilla.mozilla.org/show_bug.cgi?id=1897233) - Add feature highlight for Wallpapers * browser.newtabpage.activity-stream.newtabWallpapers.v2.enabled Bug [1898818](https://bugzilla.mozilla.org/show_bug.cgi?id=1898818) - Home and newtab fixes so newtab with a wallpaper looks good in both light and dark mode * browser.newtabpage.activity-stream.newtabWallpapers.wallpaper Bug [1901134](https://bugzilla.mozilla.org/show_bug.cgi?id=1901134) - Home and newtab wallpaper solid color selector a=RyanVM Bug [1900651](https://bugzilla.mozilla.org/show_bug.cgi?id=1900651) - Home and newtab create solid colour wallpaper pref Bug [1893311](https://bugzilla.mozilla.org/show_bug.cgi?id=1893311) - Add two prefs for light/dark newtab wallpapers. Bug [1881585](https://bugzilla.mozilla.org/show_bug.cgi?id=1881585) - Create new tab page background image user pref. * browser.privateWindowSeparation.enabled Bug [1901840](https://bugzilla.mozilla.org/show_bug.cgi?id=1901840) - restore browser.privateWindowSeparation.enabled pref a=RyanVM Bug [1901840](https://bugzilla.mozilla.org/show_bug.cgi?id=1901840) - restore browser.privateWindowSeparation.enabled pref a=pascalc Bug [1883673](https://bugzilla.mozilla.org/show_bug.cgi?id=1883673) - Remove majorRelease2022 Nimbus feature * browser.search.newSearchConfig.enabled Bug [1900638](https://bugzilla.mozilla.org/show_bug.cgi?id=1900638) - Permanently enable the new search config. Bug [1889752](https://bugzilla.mozilla.org/show_bug.cgi?id=1889752) - Enable the new search configuration globally on nightly builds. Bug [1855084](https://bugzilla.mozilla.org/show_bug.cgi?id=1855084) - Set up SearchService to be able to switch to a new configuration and schema. Bug [1885002](https://bugzilla.mozilla.org/show_bug.cgi?id=1885002) - Turn on PREF for search-config-v2 in Nightly. * browser.shell.setDefaultBrowserUserChoice.regRename Bug [1899601](https://bugzilla.mozilla.org/show_bug.cgi?id=1899601) - Part 3: Lock 1-click set-to-default fix behind Nimbus configurable pref. * browser.shell.setDefaultGuidanceNotifications Bug [1903416](https://bugzilla.mozilla.org/show_bug.cgi?id=1903416) - Add a pref to control the display of set default guidance notification a=dmeehan * browser.spin_cursor_while_busy Bug [1858801](https://bugzilla.mozilla.org/show_bug.cgi?id=1858801) - Add ability to spin the cursor while the page is loading * browser.tabs.allow_transparent_browser Bug [28354](https://bugzilla.mozilla.org/show_bug.cgi?id=28354) - Added option "browser.tabs.allow_transparent_browser" to "about:config" to stop forcing opaque backgrounds. * browser.tabs.cardPreview.enabled Bug [1893676](https://bugzilla.mozilla.org/show_bug.cgi?id=1893676) - enable tab previews by default in Nightly builds. * browser.tabs.cardPreview.showThumbnails Bug [1893676](https://bugzilla.mozilla.org/show_bug.cgi?id=1893676) - enable tab previews by default in Nightly builds. * browser.tabs.hoverPreview.enabled Bug [1893676](https://bugzilla.mozilla.org/show_bug.cgi?id=1893676) - enable tab previews by default in Nightly builds. * browser.tabs.hoverPreview.showThumbnails Bug [1893676](https://bugzilla.mozilla.org/show_bug.cgi?id=1893676) - enable tab previews by default in Nightly builds. * browser.topsites.component.enabled Bug [1892000](https://bugzilla.mozilla.org/show_bug.cgi?id=1892000) - Create feature gating Top Sites component preference - * browser.translations.select.enable Bug [1868679](https://bugzilla.mozilla.org/show_bug.cgi?id=1868679) - Add pref for browser.translations.select.enable Bug [1870366](https://bugzilla.mozilla.org/show_bug.cgi?id=1870366) - Enable Select Translations pref for release Bug [1890299](https://bugzilla.mozilla.org/show_bug.cgi?id=1890299) - Enable Select Translations for Nightly and Early Beta * browser.urlbar.contextualSearch.enabled Bug [1893069](https://bugzilla.mozilla.org/show_bug.cgi?id=1893069) - Add 'browser.urlbar.scotchBonnet.enableOverride' pref. * browser.urlbar.recentsearches.featureGate Bug [1900900](https://bugzilla.mozilla.org/show_bug.cgi?id=1900900) - Enable trending suggestions and recent searches for release. * browser.urlbar.scotchBonnet.enableOverride Bug [1893069](https://bugzilla.mozilla.org/show_bug.cgi?id=1893069) - Add 'browser.urlbar.scotchBonnet.enableOverride' pref. * browser.urlbar.secondaryActions.featureGate Bug [1893069](https://bugzilla.mozilla.org/show_bug.cgi?id=1893069) - Add 'browser.urlbar.scotchBonnet.enableOverride' pref. Bug [1871206](https://bugzilla.mozilla.org/show_bug.cgi?id=1871206) - Implement secondary actions for the urlbar. * browser.urlbar.trending.enabledLocales Bug [1906192](https://bugzilla.mozilla.org/show_bug.cgi?id=1906192) - Only enable trending suggestions on 128 for en-US / en-CA users. * browser.urlbar.trending.featureGate Bug [1900900](https://bugzilla.mozilla.org/show_bug.cgi?id=1900900) - Enable trending suggestions and recent searches for release. * browser.urlbar.trending.requireSearchMode Bug [1900900](https://bugzilla.mozilla.org/show_bug.cgi?id=1900900) - Enable trending suggestions and recent searches for release. * browser.urlbar.update2.emptySearchBehavior Bug [1885897](https://bugzilla.mozilla.org/show_bug.cgi?id=1885897) - Remove browser.urlbar.update2.emptySearchBehavior pref, and test cases where it is set to non-default value. * dom.animations-api.compositing.enabled Bug [1880782](https://bugzilla.mozilla.org/show_bug.cgi?id=1880782) - Remove dom.animations-api.compositing.enabled and dom.animations-api.timelines.enabled prefs * dom.animations-api.timelines.enabled Bug [1880782](https://bugzilla.mozilla.org/show_bug.cgi?id=1880782) - Remove dom.animations-api.compositing.enabled and dom.animations-api.timelines.enabled prefs * dom.document.exec_command.nested_calls_allowed Bug [1848966](https://bugzilla.mozilla.org/show_bug.cgi?id=1848966) - Remove dom.document.exec_command.nested_calls_allowed pref * dom.document_priority.incremental Bug [1784496](https://bugzilla.mozilla.org/show_bug.cgi?id=1784496) - The necko consumers should use the priority's incremental flag * dom.forms.number.hide_spin_buttons_when_no_hover_or_focus Bug [1899401](https://bugzilla.mozilla.org/show_bug.cgi?id=1899401) - Remove dom.forms.number.hide_spin_buttons_when_no_hover_or_focus pref * dom.fullscreen.force_exit_on_multiple_escape_interval Bug [1883396](https://bugzilla.mozilla.org/show_bug.cgi?id=1883396) - Exit fullscreen when two Escape keyup events occur in a short time; * dom.mutation-events.cssom.disabled Bug [1842549](https://bugzilla.mozilla.org/show_bug.cgi?id=1842549) - Remove dom.mutation-events.cssom.disabled pref * dom.no_unknown_protocol_error.enabled Bug [1853548](https://bugzilla.mozilla.org/show_bug.cgi?id=1853548) - Remove dom.no_unknown_protocol_error.enabled pref * dom.origin-trials.private-attribution.state Bug [1901060](https://bugzilla.mozilla.org/show_bug.cgi?id=1901060) - Privacy Preserving Attribution origin trial and API. * dom.private-attribution.submission.enabled Bug [1901068](https://bugzilla.mozilla.org/show_bug.cgi?id=1901068) - Setting for privacy-preserving attribution. * dom.security.credentialmanagement.identity.heavyweight.enabled Bug [1892010](https://bugzilla.mozilla.org/show_bug.cgi?id=1892010) - Redefine the IdentityCredential to support the lightweight version, * dom.security.credentialmanagement.identity.lightweight.enabled Bug [1892010](https://bugzilla.mozilla.org/show_bug.cgi?id=1892010) - Redefine the IdentityCredential to support the lightweight version, * dom.security.https_first_add_exception_on_failiure Bug [1884921](https://bugzilla.mozilla.org/show_bug.cgi?id=1884921) - HTTPS-First should add a temporary exception for sites that it is not able to upgrade * dom.security.https_only_check_path_upgrade_downgrade_endless_loop Bug [1747230](https://bugzilla.mozilla.org/show_bug.cgi?id=1747230) - Fix IsUpgradeDowngradeEndlessLoop blocking legitimate redirects when redirecting to different query parameters a=dmeehan * dom.window.event.enabled Bug [1842458](https://bugzilla.mozilla.org/show_bug.cgi?id=1842458) - Remove dom.window.event.enabled pref * extensions.abuseReport.amoFormURL Bug [1900443](https://bugzilla.mozilla.org/show_bug.cgi?id=1900443) - Prefs that link to AMO shouldn't use %APP%. Bug [1859791](https://bugzilla.mozilla.org/show_bug.cgi?id=1859791) - Replace in-product abuse report flow with AMO web form. * extensions.addonAbuseReport.url Bug [1898446](https://bugzilla.mozilla.org/show_bug.cgi?id=1898446) - Introduce a new sendAbuseReport() method on the AddonManager web API (mozAddonManager). * extensions.blocklist.addonItemURL Bug [1900443](https://bugzilla.mozilla.org/show_bug.cgi?id=1900443) - Prefs that link to AMO shouldn't use %APP%. * extensions.formautofill.heuristics.interactivityCheckMode Bug [1896878](https://bugzilla.mozilla.org/show_bug.cgi?id=1896878) - Removed unused code snippets in FormAutoFill. Bug [1874661](https://bugzilla.mozilla.org/show_bug.cgi?id=1874661) - Turn on formautofill page navigation and form removal after fetch heuristics Bug [1855498](https://bugzilla.mozilla.org/show_bug.cgi?id=1855498) - Remove isFieldVisible logic in formautofill Bug [1847687](https://bugzilla.mozilla.org/show_bug.cgi?id=1847687) - Enable checking a credit card or address field's focusability by calling Services.focus.elementIsFocusable before autofilling - * extensions.script_blob_without_match_origin_as_fallback Bug [1897113](https://bugzilla.mozilla.org/show_bug.cgi?id=1897113) - Require match_origin_as_fallback for blob:-URLs * gfx.canvas.remote.recycle-used-data-surface Bug [1900677](https://bugzilla.mozilla.org/show_bug.cgi?id=1900677) - Add a capability to recycle DataSourceSurface allocated in CanvasTranslator::LookupSourceSurfaceFromSurfaceDescriptor() if possible * gfx.remote-texture.wait-owner-at-image-host Bug [1898650](https://bugzilla.mozilla.org/show_bug.cgi?id=1898650) - Re-remove sync wait in compositor thread of main thread canvas on Nightly Bug [1897821](https://bugzilla.mozilla.org/show_bug.cgi?id=1897821) - Re-enable wait of remote texture owner in WebRenderImageHost::UseRemoteTexture() * identity.fxaccounts.toolbar.pxiToolbarEnabled Bug [1898580](https://bugzilla.mozilla.org/show_bug.cgi?id=1898580): Flip the FxA CTA panel pref to be default on Bug [1880556](https://bugzilla.mozilla.org/show_bug.cgi?id=1880556): Add toggles for FxA products Bug [1880556](https://bugzilla.mozilla.org/show_bug.cgi?id=1880556): Add toggles for FxA products a=diannaS * image.priority.incremental Bug [1784496](https://bugzilla.mozilla.org/show_bug.cgi?id=1784496) - The necko consumers should use the priority's incremental flag * io.activity.enabled Bug [1842682](https://bugzilla.mozilla.org/show_bug.cgi?id=1842682) - Remove unused ChromeUtils.requestIOActivity and IOActivityMonitor, * javascript.options.experimental.arraybuffer_resizable Bug [1884150](https://bugzilla.mozilla.org/show_bug.cgi?id=1884150) - Ship growable and resizeable ArrayBuffers; * javascript.options.experimental.sharedarraybuffer_growable Bug [1884150](https://bugzilla.mozilla.org/show_bug.cgi?id=1884150) - Ship growable and resizeable ArrayBuffers; * javascript.options.mem.gc_incremental_slice_ms Bug [1899615](https://bugzilla.mozilla.org/show_bug.cgi?id=1899615) - Make the slice budget pref and parameter mean the actual budget, rather than half of it * layout.css.anchor-positioning.enabled Bug [1897405](https://bugzilla.mozilla.org/show_bug.cgi?id=1897405) p1. Implement parsing of CSS 'anchor-name'. * layout.css.computed-style.shorthands Bug [1851085](https://bugzilla.mozilla.org/show_bug.cgi?id=1851085) - Remove layout.css.computed-style.shorthands pref * layout.css.container-queries.enabled Bug [1861958](https://bugzilla.mozilla.org/show_bug.cgi?id=1861958) - Remove layout.css.container-queries.enabled pref * layout.css.content.alt-text.enabled Bug [1899723](https://bugzilla.mozilla.org/show_bug.cgi?id=1899723) - Enable content property alt text by default. Bug [1281158](https://bugzilla.mozilla.org/show_bug.cgi?id=1281158) - Parse alternative text for the content property. * layout.css.individual-transform.enabled Bug [1842478](https://bugzilla.mozilla.org/show_bug.cgi?id=1842478) - Remove layout.css.individual-transform.enabled pref * layout.css.properties-and-values.enabled Bug [1864818](https://bugzilla.mozilla.org/show_bug.cgi?id=1864818) - Let properties and values ride the trains. * layout.css.relative-color-syntax.enabled Bug [1900251](https://bugzilla.mozilla.org/show_bug.cgi?id=1900251) - Enable relative colors on stable. Bug [1893965](https://bugzilla.mozilla.org/show_bug.cgi?id=1893965) - Enable relative color syntax on nightly by default * layout.forms.textarea-sizing-excludes-auto-scrollbar.enabled Bug [1830576](https://bugzilla.mozilla.org/show_bug.cgi?id=1830576) - Update textarea intrinsic height calculations * layout.overflow-underflow.content.enabled Bug [1898445](https://bugzilla.mozilla.org/show_bug.cgi?id=1898445) - Add new pref for presence of overflow/underflow events in extension documents Bug [1888737](https://bugzilla.mozilla.org/show_bug.cgi?id=1888737) - Disable overflow/underflow events in early beta * layout.overflow-underflow.content.enabled_in_addons Bug [1898445](https://bugzilla.mozilla.org/show_bug.cgi?id=1898445) - Add new pref for presence of overflow/underflow events in extension documents * logging.config.modules Bug [1894703](https://bugzilla.mozilla.org/show_bug.cgi?id=1894703) - Add the new preference to the static preference list * media.eme.encrypted-media-encryption-scheme.enabled Bug [1899182](https://bugzilla.mozilla.org/show_bug.cgi?id=1899182) - flip the pref 'media.eme.encrypted-media-encryption-scheme.enabled' to true. * media.eme.hdcp-policy-check.enabled Bug [1878714](https://bugzilla.mozilla.org/show_bug.cgi?id=1878714) - enable hdcp policy check by default. * media.gmp.encoder.enabled Bug [1896758](https://bugzilla.mozilla.org/show_bug.cgi?id=1896758) - Part 7. Plumb GMP video encoding into the PlatformEncoderModule framework. * media.gmp.encoder.multithreaded Bug [1896758](https://bugzilla.mozilla.org/show_bug.cgi?id=1896758) - Part 6. Implement GMPVideoEncoder as a subclass of MediaDataEncoder. * media.gmp.encoder.preferred Bug [1896758](https://bugzilla.mozilla.org/show_bug.cgi?id=1896758) - Part 7. Plumb GMP video encoding into the PlatformEncoderModule framework. * media.navigator.video.disable_h264_baseline Bug [1905125](https://bugzilla.mozilla.org/show_bug.cgi?id=1905125) - Disabling signaling of H264 Baseline outside of Nightly. Bug [1900114](https://bugzilla.mozilla.org/show_bug.cgi?id=1900114) - Add signaling for Baseline H264.;r=bwc * media.seekToNextFrame.enabled Bug [1336404](https://bugzilla.mozilla.org/show_bug.cgi?id=1336404) - Unship HTMLMediaElement.seekToNextFrame. * media.webrtc.encoder_creation_strategy Bug [1892747](https://bugzilla.mozilla.org/show_bug.cgi?id=1892747) - Add a pref to prefer builtin encoder for WebRTC except on Android. * media.webrtc.platformencoder Bug [1892747](https://bugzilla.mozilla.org/show_bug.cgi?id=1892747) - Add a pref to prefer builtin encoder for WebRTC except on Android. * media.webrtc.platformencoder.sw_only Bug [1892747](https://bugzilla.mozilla.org/show_bug.cgi?id=1892747) - Add a pref to prefer builtin encoder for WebRTC except on Android. * media.webrtc.software_encoder.fallback Bug [1892747](https://bugzilla.mozilla.org/show_bug.cgi?id=1892747) - Add a pref to prefer builtin encoder for WebRTC except on Android. * memory.phc.avg_delay.content.first Bug [1896551](https://bugzilla.mozilla.org/show_bug.cgi?id=1896551) - Decrease the PHC allocation delay for content processes Bug [1896551](https://bugzilla.mozilla.org/show_bug.cgi?id=1896551) - Add new PHC prefs for content processes * memory.phc.avg_delay.content.normal Bug [1896551](https://bugzilla.mozilla.org/show_bug.cgi?id=1896551) - Decrease the PHC allocation delay for content processes Bug [1896551](https://bugzilla.mozilla.org/show_bug.cgi?id=1896551) - Add new PHC prefs for content processes * memory.phc.avg_delay.content.page_reuse Bug [1896551](https://bugzilla.mozilla.org/show_bug.cgi?id=1896551) - Add new PHC prefs for content processes * network.auth.choose_most_secure_challenge Bug [1853831](https://bugzilla.mozilla.org/show_bug.cgi?id=1853831) - Remove network.auth.choose_most_secure_challenge pref * network.auth.sort_challenge_in_progress Bug [1805666](https://bugzilla.mozilla.org/show_bug.cgi?id=1805666) - Do not sort challenges if authentication is already in progress * network.auth.use_redirect_for_retries Bug [1896350](https://bugzilla.mozilla.org/show_bug.cgi?id=1896350) - enable network.auth.use_redirect_for_retries by default. * network.cache.persist_permanent_redirects_http Bug [968273](https://bugzilla.mozilla.org/show_bug.cgi?id=968273) - Only persist permanent redirects for HTTPS, * network.cookie.CHIPS.enabled Bug [1898253](https://bugzilla.mozilla.org/show_bug.cgi?id=1898253) - Enable CHIPS in Nighlty. Bug [1886133](https://bugzilla.mozilla.org/show_bug.cgi?id=1886133) - Part 1: Introduce a new pref `network.cookie.CHIPS.enabled` to control CHIPS. * network.cookie.cookieBehavior.optInPartitioning.pbmode Bug [1898253](https://bugzilla.mozilla.org/show_bug.cgi?id=1898253) - Enable CHIPS in Nighlty. Bug [1886133](https://bugzilla.mozilla.org/show_bug.cgi?id=1886133) - Part 3: Add the pref network.cookie.cookieBehavior.optInPartitioning.pbmode to control opt-in partitioning for the private browsing mode. * network.cookie.sameSite.crossSiteIframeSetCheck Bug [1844827](https://bugzilla.mozilla.org/show_bug.cgi?id=1844827) - Added checks for sub-document navigations from cross-site to same-site in third-party checks when setting a cookie. * network.cors_preflight.block_userpass_uri Bug [1898659](https://bugzilla.mozilla.org/show_bug.cgi?id=1898659) - Remove network.cors_preflight.block_userpass_uri pref * network.decompression_off_mainthread Bug [1899112](https://bugzilla.mozilla.org/show_bug.cgi?id=1899112): Fix issues with disabling OMT decompression Bug [1899233](https://bugzilla.mozilla.org/show_bug.cgi?id=1899233) - Update Nimbus feature manifest for controlling network.decompression_off_mainthread pref. * network.decompression_off_mainthread2 Bug [1899112](https://bugzilla.mozilla.org/show_bug.cgi?id=1899112): Fix issues with disabling OMT decompression * network.dns.force_waiting_https_rr Bug [1898191](https://bugzilla.mozilla.org/show_bug.cgi?id=1898191) - Don't wait for HTTPS RR when DoH is disabled, * network.fetch.redirect.stripAuthHeader Bug [1894288](https://bugzilla.mozilla.org/show_bug.cgi?id=1894288) - Remove network.fetch.redirect.stripAuthHeader and network.http.redirect.stripAuthHeader prefs * network.fetchpriority.adjust_urgency Bug [1864392](https://bugzilla.mozilla.org/show_bug.cgi?id=1864392) - Adjust HTTP urgency based on fetchpriority/nsISupportsPriority value * network.http.http2.enabled.deps Bug [1865040](https://bugzilla.mozilla.org/show_bug.cgi?id=1865040) - Set network.http.http2.enabled.deps to false * network.http.http3.enable_kyber Bug [1892528](https://bugzilla.mozilla.org/show_bug.cgi?id=1892528) - part 2: enable Xyber768 in Http/3 under a pref. * network.http.originextension Bug [1895005](https://bugzilla.mozilla.org/show_bug.cgi?id=1895005) - Remove network.http.originextension pref * network.http.redirect.stripAuthHeader Bug [1894288](https://bugzilla.mozilla.org/show_bug.cgi?id=1894288) - Remove network.fetch.redirect.stripAuthHeader and network.http.redirect.stripAuthHeader prefs * network.proxy.socks5_remote_dns Bug [1741375](https://bugzilla.mozilla.org/show_bug.cgi?id=1741375) - Proxy DNS by default when using SOCKS v5 * network.trr.fetch_off_main_thread Bug [1895084](https://bugzilla.mozilla.org/show_bug.cgi?id=1895084) - Remove network.trr.fetch_off_main_thread pref * network.url.strip-data-url-whitespace Bug [1797846](https://bugzilla.mozilla.org/show_bug.cgi?id=1797846) - Remove network.url.strip-data-url-whitespace pref * privacy.bounceTrackingProtection.enabled Bug [1899130](https://bugzilla.mozilla.org/show_bug.cgi?id=1899130) - Enable Bounce Tracking Protection in release in dry-run mode. Bug [1895222](https://bugzilla.mozilla.org/show_bug.cgi?id=1895222) - Enable Bounce Tracking Protection tracker purging in Nightly. Bug [1877432](https://bugzilla.mozilla.org/show_bug.cgi?id=1877432) - Enable BounceTrackingProtection in Nightly in dry-run mode. Bug [1888504](https://bugzilla.mozilla.org/show_bug.cgi?id=1888504) - Add a dry-run mode for Bounce Tracking Protection. * privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs Bug [1895612](https://bugzilla.mozilla.org/show_bug.cgi?id=1895612) - Add new prefs to run the clear history pref migration again for all users for the new clear history dialog. Bug [1878111](https://bugzilla.mozilla.org/show_bug.cgi?id=1878111) - Migrate prefs for clear history dialog in both clearHistory and clearOnShutdown contexts. * privacy.sanitize.clearOnShutdown.hasMigratedToNewPrefs2 Bug [1895612](https://bugzilla.mozilla.org/show_bug.cgi?id=1895612) - Add new prefs to run the clear history pref migration again for all users for the new clear history dialog. * privacy.sanitize.cpd.hasMigratedToNewPrefs Bug [1895612](https://bugzilla.mozilla.org/show_bug.cgi?id=1895612) - Add new prefs to run the clear history pref migration again for all users for the new clear history dialog. Bug [1878111](https://bugzilla.mozilla.org/show_bug.cgi?id=1878111) - Migrate prefs for clear history dialog in both clearHistory and clearOnShutdown contexts. * privacy.sanitize.cpd.hasMigratedToNewPrefs2 Bug [1895612](https://bugzilla.mozilla.org/show_bug.cgi?id=1895612) - Add new prefs to run the clear history pref migration again for all users for the new clear history dialog. * privacy.sanitize.useOldClearHistoryDialog Bug [1895978](https://bugzilla.mozilla.org/show_bug.cgi?id=1895978) - Add the new clear on shutdown cache pref to the cache purging task code. Bug [1896949](https://bugzilla.mozilla.org/show_bug.cgi?id=1896949) - Re-enable the new clear history dialog. Bug [1894933](https://bugzilla.mozilla.org/show_bug.cgi?id=1894933) - Disable new clear history dialog due to breakage with clear on shutdown. Bug [1883764](https://bugzilla.mozilla.org/show_bug.cgi?id=1883764) - Enable new clear history dialog by default on all fx versions. Bug [1854680](https://bugzilla.mozilla.org/show_bug.cgi?id=1854680) - Enable the new clear history dialog in nightly only. * reader.character_spacing Bug [1880656](https://bugzilla.mozilla.org/show_bug.cgi?id=1880656) - Add font weight and font type controls in Reader menu. Bug [1880654](https://bugzilla.mozilla.org/show_bug.cgi?id=1880654) - Created slider reusable component for Reader menu. * reader.font_type.values Bug [1880656](https://bugzilla.mozilla.org/show_bug.cgi?id=1880656) - Add font weight and font type controls in Reader menu. * reader.font_weight Bug [1880656](https://bugzilla.mozilla.org/show_bug.cgi?id=1880656) - Add font weight and font type controls in Reader menu. * reader.font_weight.values Bug [1880656](https://bugzilla.mozilla.org/show_bug.cgi?id=1880656) - Add font weight and font type controls in Reader menu. * reader.word_spacing Bug [1880656](https://bugzilla.mozilla.org/show_bug.cgi?id=1880656) - Add font weight and font type controls in Reader menu. Bug [1880654](https://bugzilla.mozilla.org/show_bug.cgi?id=1880654) - Created slider reusable component for Reader menu. * screenshots.browser.component.preventContentEvents Bug [1890721](https://bugzilla.mozilla.org/show_bug.cgi?id=1890721) - Prevent events from reaching the content page. * security.allow_disjointed_external_uri_loads Bug [1895530](https://bugzilla.mozilla.org/show_bug.cgi?id=1895530) - Remove security.allow_disjointed_external_uri_loads pref * security.sandbox.content.level Bug [1831036](https://bugzilla.mozilla.org/show_bug.cgi?id=1831036) p2: Ship untrusted integrity on Windows content process sandbox. Bug [1889932](https://bugzilla.mozilla.org/show_bug.cgi?id=1889932) p3: Enable untrusted integrity for content process sandbox on Nightly. Bug [1877957](https://bugzilla.mozilla.org/show_bug.cgi?id=1877957) p4: Enable untrusted integrity for content process sandbox on Nightly. * security.tls.enable_certificate_compression_brotli Bug [1885138](https://bugzilla.mozilla.org/show_bug.cgi?id=1885138) - Enabling Brotli Certificate Encoding for Nightly * security.tls.enable_certificate_compression_zlib Bug [1881027](https://bugzilla.mozilla.org/show_bug.cgi?id=1881027) - Enabling Zlib Certificate Encoding for Nightly * security.webauthn.webauthn_enable_android_fido2.residentkey Bug [1831137](https://bugzilla.mozilla.org/show_bug.cgi?id=1831137) - Enable creation of Passkeys on Android. * startup.homepage_override_nimbus_minVersion Bug [1897321](https://bugzilla.mozilla.org/show_bug.cgi?id=1897321) - Add minVersion variable to whatsNewPage Nimbus feature * toolkit.contentRelevancy.log Bug [1897242](https://bugzilla.mozilla.org/show_bug.cgi?id=1897242) - Make it easy to run and log a single relevancy classification. * toolkit.telemetry.dap_leader Bug [1900714](https://bugzilla.mozilla.org/show_bug.cgi?id=1900714) - Update DAP Leader URL to 09 Bug [1898047](https://bugzilla.mozilla.org/show_bug.cgi?id=1898047) - Update DAP Leader URL to 09 Bug [1824913](https://bugzilla.mozilla.org/show_bug.cgi?id=1824913): URL counting, * toolkit.telemetry.geckoview.streaming Bug [1900986](https://bugzilla.mozilla.org/show_bug.cgi?id=1900986) - Remove unused toolkit.telemetry.geckoview.streaming pref * toolkit.telemetry.translations.logLevel Bug [1870368](https://bugzilla.mozilla.org/show_bug.cgi?id=1870368) - Rework Translations Telemetry Logging * webgl.glsl.max_private_var_size_in_bytes Bug [1888340](https://bugzilla.mozilla.org/show_bug.cgi?id=1888340) - Add prefs and platform limits for MaxPrivateVariableSizeInBytes. a=dmeehan * webgl.glsl.max_var_size_in_kibytes Bug [1888340](https://bugzilla.mozilla.org/show_bug.cgi?id=1888340) - Add prefs and platform limits for MaxPrivateVariableSizeInBytes. a=dmeehan * widget.non-native-theme.solid-outline-style Bug [1895391](https://bugzilla.mozilla.org/show_bug.cgi?id=1895391) - Remove widget.non-native-theme.solid-outline-style pref

[mik0l]

privacy.bounceTrackingProtection.enabled - shits in your profile about the sites you visit.

[g-2-s]

privacy.bounceTrackingProtection.enabled - shits in your profile about the sites you visit.

I literally just googled for like 3 minutes and this seems like the good kind of protection?

[Vinfall]

pref("dom.private-attribution.submission.enabled", true);, in about:preferences#privacy -> Website Advertising Preferences. Turned on without user consent when upgrading to 128 (even ESR).😒

[Thorin-Oakenpants]

couple of items for those reading along at home

• https://bugzilla.mozilla.org/show_bug.cgi?id=1907783 Browsing data loss when using the new clear history dialog if Firefox is not closed gracefully
• https://bugzilla.mozilla.org/show_bug.cgi?id=1907732 clearing recent history loses extension's unlimitedStorage permission

[Maryse47]

privacy.bounceTrackingProtection.enabled - shits in your profile about the sites you visit.

I literally just googled for like 3 minutes and this seems like the good kind of protection?

is good privacy protection that leaks browsing history even when user choose to clear it?

[g-2-s]

privacy.bounceTrackingProtection.enabled - shits in your profile about the sites you visit.

I literally just googled for like 3 minutes and this seems like the good kind of protection?

is good privacy protection that leaks browsing history even when user choose to clear it?

Interesting, I haven't read anything related to browsing history leaks but I'll admit I can navigate bugzillas like a cat can swim in the ocean, can you expand more on this issue if you don't mind?

[Maryse47]

Close the browser and open bounce-tracking-protection.sqlite file under your firefox profile with some sqlite explorer - it will contain lists of hosts you were connecting to (with a timestamp).

pref("dom.private-attribution.submission.enabled", true);, in about:preferences#privacy -> Website Advertising Preferences. Turned on without user consent when upgrading to 128 (even ESR).😒

I wonder if disabling this would be another fingerprint point.

[sertonix]

I wonder if disabling this would be another fingerprint point.

Yes it is. I wrote a proof of concept here https://github.com/arkenfox/TZP/issues/319

I hope that this can be fixed though.

[sertonix]

It seems like disabling toolkit.telemetry.enabled effectively disables dom.private-attribution.submission.enabled. Can somebody verify this?

https://searchfox.org/mozilla-central/rev/f3e4b33a6122ce63bf81ae8c30cc5ac37458864b/dom/privateattribution/PrivateAttributionService.sys.mjs#267

[Vinfall]

It seems like disabling toolkit.telemetry.enabled effectively disables dom.private-attribution.submission.enabled.

Nope, this is incorrect.

I disabled this in user.js and even locked toolkit.telemetry.enabled to false in autoconfig (aka. pref.js), yet upgrading to FF128 still turned on dom.private-attribution.submission.enabled w/o my approval.

I have to explicitly disable dom.private-attribution.submission.enabled in either user-overrides.js or pref.js to turn it off.

Also, it should be locked to false even w/o user.js if it's a stable release according to https://github.com/arkenfox/user.js/blob/ff5c959cb9b5a65ede9aab82b00cbb283b160e14/user.js#L144-L148

[abceleung]

Hi, I just read the news about Privacy-Preserving Attribution in Hackernews. How do I disable it in user.js? Is setting dom.private-attribution.submission.enabled to false sufficient?

[Vinfall]

(kind of #off-topic I guess)

Yes, if you are using this repo, you can also add it to user-overrides.js so it would not be reverted in user.js update (but it's fingerprintable as suggested above):

// not available in user.js v116 yet
user_pref("dom.private-attribution.submission.enabled", false);

If you are not sure about profile location, check about:profiles.

[sertonix]

It seems like disabling toolkit.telemetry.enabled effectively disables dom.private-attribution.submission.enabled.

Nope, this is incorrect.

I disabled this in user.js and even locked toolkit.telemetry.enabled to false in autoconfig (aka. pref.js), yet upgrading to FF128 still turned on dom.private-attribution.submission.enabled w/o my approval.

I mean that disabling toolkit.telemetry.enabled disables the private attribution functionality like a master switch. So when toolkit.telemetry.enabled is disabled dom.private-attribution.submission.enabled has no effect besides adding a fingerprint.

I checked the saved data in the browser and it only changed if both dom.private-attribution.submission.enabled and toolkit.telemetry.enabled are enabled.

[Vinfall]

I mean that disabling toolkit.telemetry.enabled disables the private attribution functionality like a master switch. So when toolkit.telemetry.enabled is disabled dom.private-attribution.submission.enabled has no effect besides adding a fingerprint.

I get the point now. Originally I thought it was a bug in the code you linked since it does not work like that (judging from UI) 😢. So regarding

It seems like disabling toolkit.telemetry.enabled effectively disables dom.private-attribution.submission.enabled.

In this case, probably. It's just a bit confusing to me since disabling toolkit.telemetry.enabled alone would still leave that option in about:preferences#privacy on while technically it does no harm besides fingerprint.

[Thorin-Oakenpants]

@sertonix please stop saying this

The pref privacy.resistFingerprinting.randomDataOnCanvasExtract only reverts RFP canvas to the old pre FF78 result where it will return an all white canvas - so still unusable

here is TZP showing the results. If you click rerun again and again even the random per run tests for getImageData are static

[sertonix]

Oh, sorry. What is the correct way to do this?

[Thorin-Oakenpants]

What is the correct way to do this?

add a site exception for canvas - https://github.com/arkenfox/user.js/wiki/3.3-Overrides-[To-RFP-or-Not]#-rfp

[Thorin-Oakenpants]

https://github.com/arkenfox/user.js/issues/1872#issuecomment-2229091997

• Browsing data loss when using the new clear history dialog if Firefox is not closed gracefully backported for ESR128.1

[Thorin-Oakenpants]

Oh, sorry. What is the correct way to do this?

so here we go, I updated TZP, because it's not really FPP green... once again ... privacy.resistFingerprinting.randomDataOnCanvasExtract = false = RFP white canvas (if RFP is enabled)

[maestropss]

Hi guys. Has anyone made user.js for 128 version considering all the changes discussed above? 128ESR will last for almost a year, so making/having user.js for this version is rather useful and valuable.

[rusty-snake]

Is this issue open or closed? Is there an open pull request?

[Thorin-Oakenpants]

I will do a 128 for ESR users before I do a 129 or higher. TBH I'm almost losing total interest - edit, but I'll make an effort if y'all nice to me

[soi1uhtgnei2urtonwe4u]

I will do a 128 for ESR users before I do a 129 or higher. TBH I'm almost losing total interest - edit, but I'll make an effort if y'all nice to me

When Firefox started contacting URLs, which one can't disable through the user.js, it then became a questionable basis for a private browser for this user.js settings file based Arkenfox project.

You have among these options, excluding giving up (not necessarily exhaustive) -- Just opinions:

1. Staying with MOZILLA (company names in all big letters) ✅❔❌ 1.1 Provide a patch set which disables things which a user.js can't, and users have to apply the patches and compile their own Firefox version, but this means that with every Firefox release the changes have still to be analyzed and this takes (quite) some time, as you confirm with almost every new Firefox release. In theory this is a solid option, but only if you like compiling Firefox, finding all the home calling options, analyzing the user.js for anti-privacy things and all this with every Firefox release. MOZILLA may brand Firefox as a privacy browser, but is it really private when it contacts dozen of URLs which can't be blocked using a user.js? Personally I have no problems applying patches and compiling Firefox for myself (especially if the compile time is below 10min), but I really don't like seeing people "fighting" and wasting their time in trying to analyze/search for MOZILLA's home calling stuff, unless it doesn't take much time. Only you, @Thorin-Oakenpants, know how much time it takes to release a new user.js, analyzing the actual code would come on top. So maybe it's a ❌. ❔ 1.2 If this is a viable option: Switch to the Tor Browser and make a tutorial on how to disable its TB network routing and use it as a normal, non-anonymous, Firefox browser (it then shows a red, not a purple start screen, last I tested it) (there in TB, many things new to its Firefox base are already analyzed and taken care of (as you know) by the Tor Browser developers, and you, @Thorin-Oakenpants, are already participating and helping, last I saw it). Of course idk how the TB devs would like this idea. ❔ 1.3 Maybe there is a raw-ish MOZILLA web engine/browser, without all the MOZILLA services and so it doesn't need any patching, only user.js. But also maybe it doesn't exist because other projects rename/rebase off of Firefox, as far as i have noticed it. ❌ 1.4 Base on ESR releases. Issues mentioned in 1.1 remain. ❌ 1.5 Recommend Firefox based [open source, that goes without saying] alternatives. They may or may not need to be compiled by oneself. Due to same engine, users should be less unique, but is this even an issue? Yeah, I don't know if I would trust someone else's binary, which isn't used by 100ks of people. In that case I'd rather see universal patches for Firefox and compile Firefox myself (finally my modern 7800X3D CPU would get utilized). ❌ (1.6 Go all RFP-only again so things are more private? Issues mentioned in 1.1 remain, so don't do it.)
2. Switch to non-MOZILLA browser bases ❔ 2.1 Use/find another open source, non-MOZILLA private-by-default browser (base) and may participate in their project. I'm not informed well enough about them (I learned randomly about one (never tested it) and it has 9.5k stars here on GitHub, just saying that it's not super small) and whether they can replace Firefox (if at least one of such browser bases can replace Firefox >99.9% of the time, that would be something). These projects are much smaller (I think) and the users more unique. Also, one would need to trust their binary, or compile one oneself.

✅ 3. Mention all/parts of the upper options and other options you have in mind at the top of this projects' README.md, be done with this project and make it read-only.

It's maybe also time consuming for everyone else in keeping up with all the new/changed settings with every Firefox release (most time consumed is just analyzing/disabling and making sure that MOZILLA hasn't introduced a sneaky anti-privacy thing). A non-MOZILLA thing may be so refreshing.

You have done a lot and maybe it's just time to post some options/alternatives and move on. Personally I would do so because, as mentioned, the user.js can't disable MOZILLA connecting to various URLs (this alone is reason enough). It either should be private or not, nothing in between. Maybe making things private/non-trackable and convenient at the same time is just not happening (from MOZILLA)? Disabling privacy.resistFingerprinting and enabling WebGL gives us a lesson in that.

PS: I disabled privacy.resistFingerprinting in my user.js ~1.5 years ago, because it caused too many inconveniences (the 60 Hz alone) and now you disable it too (I still have WebGL disabled though - allowing webgl on asking-popup would be a nice feature).

Hm, this is like 10-15 times more text than I wanted it to be duh!

What are your reasons for almost losing total interest or were u joking?

[g-2-s]

When Firefox started contacting URLs, which one can't disable through the user.js, it then became a questionable basis for a private browser for this user.js settings file based Arkenfox project.

You have among these options, excluding giving up (not necessarily exhaustive) -- Just opinions:

1. Staying with MOZILLA (company names in all big letters) ✅❔❌ 1.1 Provide a patch set which disables things which a user.js can't, and users have to apply the patches and compile their own Firefox version, but this means that with every Firefox release the changes have still to be analyzed and this takes (quite) some time, as you confirm with almost every new Firefox release. In theory this is a solid option, but only if you like compiling Firefox, finding all the home calling options, analyzing the user.js for anti-privacy things and all this with every Firefox release. MOZILLA may brand Firefox as a privacy browser, but is it really private when it contacts dozen of URLs which can't be blocked using a user.js? Personally I have no problems applying patches and compiling Firefox for myself (especially if the compile time is below 10min), but I really don't like seeing people "fighting" and wasting their time in trying to analyze/search for MOZILLA's home calling stuff, unless it doesn't take much time. Only you, @Thorin-Oakenpants, know how much time it takes to release a new user.js, analyzing the actual code would come on top. So maybe it's a ❌. ❔ 1.2 If this is a viable option: Switch to the Tor Browser and make a tutorial on how to disable its TB network routing and use it as a normal, non-anonymous, Firefox browser (it then shows a red, not a purple start screen, last I tested it) (there in TB, many things new to its Firefox base are already analyzed and taken care of (as you know) by the Tor Browser developers, and you, @Thorin-Oakenpants, are already participating and helping, last I saw it). Of course idk how the TB devs would like this idea. ❔ 1.3 Maybe there is a raw-ish MOZILLA web engine/browser, without all the MOZILLA services and so it doesn't need any patching, only user.js. But also maybe it doesn't exist because other projects rename/rebase off of Firefox, as far as i have noticed it. ❌ 1.4 Base on ESR releases. Issues mentioned in 1.1 remain. ❌ 1.5 Recommend Firefox based [open source, that goes without saying] alternatives. They may or may not need to be compiled by oneself. Due to same engine, users should be less unique, but is this even an issue? Yeah, I don't know if I would trust someone else's binary, which isn't used by 100ks of people. In that case I'd rather see universal patches for Firefox and compile Firefox myself (finally my modern 7800X3D CPU would get utilized). ❌ (1.6 Go all RFP-only again so things are more private? Issues mentioned in 1.1 remain, so don't do it.)
2. Switch to non-MOZILLA browser bases ❔ 2.1 Use/find another open source, non-MOZILLA private-by-default browser (base) and may participate in their project. I'm not informed well enough about them (I learned randomly about one (never tested it) and it has 9.5k stars here on GitHub, just saying that it's not super small) and whether they can replace Firefox (if at least one of such browser bases can replace Firefox >99.9% of the time, that would be something). These projects are much smaller (I think) and the users more unique. Also, one would need to trust their binary, or compile one oneself.

✅ 3. Mention all/parts of the upper options and other options you have in mind at the top of this projects' README.md, be done with this project and make it read-only.

It's maybe also time consuming for everyone else in keeping up with all the new/changed settings with every Firefox release (most time consumed is just analyzing/disabling and making sure that MOZILLA hasn't introduced a sneaky anti-privacy thing). A non-MOZILLA thing may be so refreshing.

You have done a lot and maybe it's just time to post some options/alternatives and move on. Personally I would do so because, as mentioned, the user.js can't disable MOZILLA connecting to various URLs (this alone is reason enough). It either should be private or not, nothing in between. Maybe making things private/non-trackable and convenient at the same time is just not happening (from MOZILLA)? Disabling privacy.resistFingerprinting and enabling WebGL gives us a lesson in that.

PS: I disabled privacy.resistFingerprinting in my user.js ~1.5 years ago, because it caused too many inconveniences (the 60 Hz alone) and now you disable it too (I still have WebGL disabled though - allowing webgl on asking-popup would be a nice feature).

Hm, this is like 10-15 times more text than I wanted it to be duh!

What are your reasons for almost losing total interest or were u joking?

[Demon12377]

In fact, many are waiting for the arkenfox update to the new version