ToDo: diffs FF64-FF65

[earthlng]

FF65 is scheduled for release 29th Jan

FF65 release notes [when ready] FF65 for developers FF65 compatibility FF65 security advisories

154 diffs ( 84 new, 45 gone, 25 different )

other

• [x] 2516 disable PointerEvents -> RFP ALT - https://github.com/ghacksuserjs/ghacks-user.js/commit/ec0e58099f0669683d109b1d847fe73db18a450e

new in v65.0:

• [x] pref("browser.discovery.enabled", true); - 1499470 - https://github.com/ghacksuserjs/ghacks-user.js/commit/f1b892bc1c8cacdbfc1a32ba87ad1a241a52e922
• [x] pref("dom.storage_access.enabled", true); - MDN - https://github.com/ghacksuserjs/ghacks-user.js/commit/24f2e1d9829212077cbc5a4df92b877fcbfde8ea - https://github.com/ghacksuserjs/ghacks-user.js/commit/e6eb4730719bca426c73595cf5e07646baa543fa
  • :hatching_chick: just to be clear, I WAS (see below) only disabling this because it is ABUSING the permissions.sqlite, and it is a new API that no other browser has yet (except experimental Safari). Otherwise, you already have mechanisms to control 3rd parties, JS, storage, etc. The actual API itself is fine, solves issues with breakage (read the MDN link) and is a request on a site by site basis. This pref has been added to the watchlist sticky to revisit when they stop ABUSING permissions.sqlite
  • :hatched_chick: update: this pref has no affect on the permissions.sqlite file being abused, so it will not be disabled
• [x] pref("dom.targetBlankNoOpener.enabled", false); - 1503681 - to be enabled by default in FF67 - https://github.com/ghacksuserjs/ghacks-user.js/commit/3847f97f4166f2a5f5080d13c92165e702ae9a22
• [x] pref("network.connectivity-service.enabled", true); - https://github.com/ghacksuserjs/ghacks-user.js/commit/649699ad22123bf5ae88e1b57d3a552e69946c6c
• [x] pref("network.http.spdy.websockets", true); 1434137 - https://github.com/ghacksuserjs/ghacks-user.js/commit/2f351fa5ce23edeed569b7ad7004cd9ac0afc382
• FYI
  • pref("browser.security.newcerterrorpage.mitm.enabled", false); - 1450784
  • pref("dom.block_multiple_popups", true); - 675574, Compat
  • pref("dom.reporting.enabled", false); - 1492036 - w3c
  • pref("network.trr.custom_uri", ""); - added to the watchlist sticky to maybe get addressed down the track
  • MDN Feature-Policy header
  • FF63+: dom.security.featurePolicy.enabled (still default false)
  • FF65+: pref("dom.security.featurePolicy.header.enabled", false);
  • FF65+: pref("dom.security.featurePolicy.webidl.enabled", false);
  • pref("security.strict_security_checks.enabled", false); - 1498526 - needs testing

removed, renamed or hidden in v65.0:

DONE - https://github.com/ghacksuserjs/ghacks-user.js/commit/d9a87b3ac4b7b794ff4fad7a9d1aed4a704566af

• [x] FYI: pref("app.update.auto", true); - only removed in Windows, the UI setting still works
• [x] pref("browser.contentblocking.enabled", true); - 1501978
  • removed from the user.js: it was added in FF63 and was default true anyway
• [x] pref("browser.fixup.hide_user_pass", true); - 1510580
• [x] pref("browser.urlbar.autocomplete.enabled", true); - 1502392
  • https://support.mozilla.org/en-US/questions/1248199#answer-1192146 - if you want to stop the dropdown you can use CSS
  • still used in Android

changed in v65.0:

• [x] pref("geo.provider.ms-windows-location", true); // prev: false - 1512161 - https://github.com/ghacksuserjs/ghacks-user.js/commit/3847f97f4166f2a5f5080d13c92165e702ae9a22
• pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{\"id\":\"snippets\",\"enabled\":true,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000}"); // prev: "{\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000}" - 0105b

---

ignore

click me for details

==NEW ```js pref("apz.relative-update.enabled", true); pref("browser.contentblocking.control-center.ui.showAllowedLabels", false); pref("browser.contentblocking.control-center.ui.showBlockedLabels", true); pref("browser.discovery.containers.enabled", true); pref("browser.discovery.sites", "addons.mozilla.org"); pref("browser.engagement.recent_visited_origins.expiry", 86400); pref("browser.sessionstore.warnOnQuit", false); pref("devtools.aboutdebugging.network", false); pref("devtools.aboutdebugging.wifi", false); pref("devtools.console.stdout.chrome", false); pref("devtools.console.stdout.content", false); pref("devtools.debugger.end-panel-size", 300); pref("devtools.debugger.features.origial-blackbox", false); pref("devtools.debugger.features.xhr-breakpoints", true); pref("devtools.debugger.logging", false); pref("devtools.debugger.start-panel-size", 300); pref("devtools.debugger.xhr-breakpoints-visible", true); pref("devtools.inspector.showUserAgentShadowRoots", false); pref("devtools.performance.profiler.sample-frequency-hz", 1000); pref("devtools.recordreplay.allowRepaintFailures", true); pref("devtools.recordreplay.includeSystemScripts", false); pref("devtools.recordreplay.timeline.enabled", false); pref("dom.compositionevent.text.dispatch_only_system_group_in_content", true); pref("dom.ipc.tabs.createKillHardCrashReports", false); pref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys", ""); pref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode", ""); pref("dom.payments.request.supportedRegions", "US,CA"); pref("dom.performance.time_to_contentful_paint.enabled", false); pref("dom.reporting.cleanup.timeout", 3600); pref("dom.reporting.delivering.maxFailures", 3); pref("dom.reporting.delivering.maxReports", 100); pref("dom.reporting.delivering.timeout", 5); pref("dom.reporting.featurePolicy.enabled", false); pref("dom.reporting.header.enabled", false); pref("dom.reporting.testing.enabled", false); pref("dom.sidebar.enabled", true); pref("dom.storage.next_gen", false); pref("dom.storage.shadow_writes", true); pref("dom.storage.snapshot_prefill", 16384); pref("dom.storage.snapshot_reusing", true); pref("dom.storage_access.auto_grants", true); pref("dom.storage_access.max_concurrent_auto_grants", 5); pref("extensions.formautofill.reauth.enabled", false); pref("gfx.omta.background-color", false); pref("gfx.webrender.dcomp-win-triple-buffering.enabled", true); pref("gfx.webrender.debug.slow-frame-indicator", false); pref("gfx.webrender.debug.texture-cache.clear-evicted", true); pref("gfx.webrender.picture-caching", false); pref("image.animated.decode-on-demand.recycle", true); pref("image.webp.enabled", true); pref("javascript.options.bigint", false); pref("layout.css.step-position-jump.enabled", true); pref("media.av1.use-dav1d", false); pref("media.getusermedia.use_aec_mobile", false); pref("media.navigator.mediadatadecoder_vpx_enabled", false); pref("media.rdd-process.enabled", true); pref("media.rdd-process.startup_timeout_ms", 5000); pref("media.test.video-suspend", false); pref("network.connectivity-service.DNSv4.domain", "mozilla.org"); pref("network.connectivity-service.DNSv6.domain", "mozilla.org"); pref("network.connectivity-service.IPv4.url", "http://detectportal.firefox.com/success.txt?ipv4"); pref("network.connectivity-service.IPv6.url", "http://detectportal.firefox.com/success.txt?ipv6"); pref("network.http.spdy.enable-hpack-dump", false); pref("network.IDN.extra_allowed_chars", ""); pref("network.IDN.extra_blocked_chars", ""); pref("privacy.popups.maxReported", 100); pref("privacy.restrict3rdpartystorage.partitionedHosts", "accounts.google.com/o/oauth2/"); pref("privacy.restrict3rdpartystorage.userInteractionRequiredForHosts", ""); pref("services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus", false); pref("services.sync.prefs.sync.privacy.fuzzyfox.enabled", false); pref("toolkit.tabbox.switchByScrolling", false); pref("urlclassifier.trackingAnnotationSkipURLs", "google.com/recaptcha/,*.google.com/recaptcha/"); ``` ==REMOVED or HIDDEN ```js pref("browser.contentblocking.cookies-site-data.ui.reject-trackers.enabled", true); pref("browser.contentblocking.cookies-site-data.ui.reject-trackers.recommended", true); pref("browser.contentblocking.fastblock.control-center.ui.enabled", false); pref("browser.contentblocking.fastblock.ui.enabled", false); pref("browser.contentblocking.global-toggle.enabled", false); pref("browser.contentblocking.rejecttrackers.ui.enabled", true); pref("browser.contentblocking.rejecttrackers.ui.recommended", true); pref("browser.contentblocking.trackingprotection.ui.enabled", true); pref("browser.contentblocking.ui.enabled", true); pref("browser.fastblock.enabled", false); pref("browser.fastblock.limit", 20000); pref("browser.fastblock.timeout", 5000); pref("browser.schedulePressure.defaultCount", 3); pref("browser.schedulePressure.enabled", true); pref("browser.schedulePressure.timeoutMs", 300); pref("browser.tabs.20FpsThrobber", false); pref("browser.tabs.30FpsThrobber", false); pref("browser.urlbar.matchBehavior", 1); pref("browser.urlbar.suggest.history.onlyTyped", false); pref("canvas.customfocusring.enabled", false); pref("canvas.imagebitmap_extensions.enabled", false); pref("devtools.debugger.features.event-listeners", false); pref("devtools.debugger.forbid-certified-apps", true); pref("devtools.debugger.new-debugger-frontend", true); pref("devtools.inspector.fonteditor.enabled", true); pref("devtools.performance.profiler.sample-frequency-khz", 1); pref("dom.browserElement.maxScreenshotDelayMS", 2000); pref("dom.webcomponents.customelements.enabled", true); pref("dom.webcomponents.shadowdom.enabled", true); pref("io.activity.intervalMilliseconds", 0); pref("layout.css.frames-timing.enabled", false); pref("layout.css.overflow-break.intrinsic-size", false); pref("layout.css.shape-outside.enabled", true); pref("layout.css.text-align-unsafe-value.enabled", false); pref("media.navigator.mediadatadecoder_enabled", false); pref("network.IDN.blacklist_chars", "\u0020\u00A0\u00BC\u00BD\u00BE\u01C3\u02D0\u0337\u0338\u0589\u058A\u05C3\u05F4\u0609\u060A\u066A\u06D4\u0701\u0702\u0703\u0704\u115F\u1160\u1735\u2000\u2001\u2002\u2003\u2004\u2005\u2006\u2007\u2008\u2009\u200A\u200B\u200E\u200F\u2010\u2019\u2024\u2027\u2028\u2029\u202A\u202B\u202C\u202D\u202E\u202F\u2039\u203A\u2041\u2044\u2052\u205F\u2153\u2154\u2155\u2156\u2157\u2158\u2159\u215A\u215B\u215C\u215D\u215E\u215F\u2215\u2236\u23AE\u2571\u29F6\u29F8\u2AFB\u2AFD\u2FF0\u2FF1\u2FF2\u2FF3\u2FF4\u2FF5\u2FF6\u2FF7\u2FF8\u2FF9\u2FFA\u2FFB\u3000\u3002\u3014\u3015\u3033\u30A0\u3164\u321D\u321E\u33AE\u33AF\u33C6\u33DF\uA789\uFE14\uFE15\uFE3F\uFE5D\uFE5E\uFEFF\uFF0E\uFF0F\uFF61\uFFA0\uFFF9\uFFFA\uFFFB\uFFFC\uFFFD"); pref("pdfium.enabled", false); pref("privacy.trackingprotection.introCount", 0); pref("services.sync.prefs.sync.browser.contentblocking.enabled", true); pref("services.sync.prefs.sync.browser.urlbar.autocomplete.enabled", true); pref("services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped", true); ``` ==CHANGED ```js pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}"); // prev: "{\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}" pref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", "{\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true,\"exclude\":[\"RETURN_TO_AMO_1\"]}"); // prev: "{\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true}" pref("browser.safebrowsing.provider.mozilla.lists", "base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,except-flashinfobar-digest256,ads-track-digest256,social-track-digest256,analytics-track-digest256"); // prev: "base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,except-flashinfobar-digest256,ads-track-digest256,social-track-digest256,analytics-track-digest256,fastblock1-track-digest256,fastblock1-trackwhite-digest256,fastblock2-track-digest256,fastblock2-trackwhite-digest256,fastblock3-track-digest256" pref("devtools.flexboxinspector.enabled", true); // prev: false pref("devtools.inspector.changes.enabled", true); // prev: false pref("devtools.inspector.flexboxHighlighter.enabled", true); // prev: false pref("devtools.netmonitor.visibleColumns", "[\"status\",\"method\",\"domain\",\"file\",\"cause\",\"type\",\"transferred\",\"contentSize\",\"waterfall\"]"); // prev: "[\"status\",\"method\",\"file\",\"domain\",\"cause\",\"type\",\"transferred\",\"contentSize\",\"waterfall\"]" pref("devtools.webconsole.jsterm.reverse-search", true); // prev: false pref("dom.keyboardevent.dispatch_during_composition", true); // prev: false pref("dom.keyboardevent.keypress.dispatch_non_printable_keys_only_system_group_in_content", true); // prev: false pref("dom.ua_widget.enabled", true); // prev: false pref("font.name-list.sans-serif.zh-TW", "Arial, PMingLiU, MingLiU, MingLiU-ExtB, Microsoft JhengHei"); // prev: "Arial, Microsoft JhengHei, PMingLiU, MingLiU, MingLiU-ExtB" pref("image.animated.generate-full-frames", true); // prev: false pref("image.http.accept", "image/webp,*/*"); // prev: "*/*" pref("intl.multilingual.enabled", true); // prev: false pref("javascript.options.streams", true); // prev: false pref("media.av1.enabled", true); // prev: false pref("media.getusermedia.agc", 1); // prev: 3 pref("media.navigator.mediadatadecoder_h264_enabled", true); // prev: false pref("network.http.accept.default", "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"); // prev: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" pref("network.http.send_window_size", 0); // prev: 1024 pref("privacy.trackingprotection.introURL", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/content-blocking/start/"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tracking-protection/start/" pref("urlclassifier.disallow_completions", "test-malware-simple,test-harmful-simple,test-phish-simple,test-unwanted-simple,test-track-simple,test-trackwhite-simple,test-block-simple,goog-downloadwhite-digest256,base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,except-flashinfobar-digest256,goog-passwordwhite-proto,ads-track-digest256,social-track-digest256,analytics-track-digest256"); // prev: "test-malware-simple,test-harmful-simple,test-phish-simple,test-unwanted-simple,test-track-simple,test-trackwhite-simple,test-block-simple,goog-downloadwhite-digest256,base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,except-flashinfobar-digest256,goog-passwordwhite-proto,ads-track-digest256,social-track-digest256,analytics-track-digest256,fastblock1-track-digest256,fastblock1-trackwhite-digest256,fastblock2-track-digest256,fastblock2-trackwhite-digest256,fastblock3-track-digest256" ```

[earthlng]

some bugzilla tickets

* apz.relative-update.enabled Bug [1453425](https://bugzilla.mozilla.org/show_bug.cgi?id=1453425) - Add relative scroll offset updates using nsGkAtoms::relative. * browser.contentblocking.control-center.ui.showAllowedLabels Bug [1511954](https://bugzilla.mozilla.org/show_bug.cgi?id=1511954) - Remove the "Allowed" label of content blocking categories and put it behind a pref. * browser.contentblocking.control-center.ui.showBlockedLabels Bug [1512166](https://bugzilla.mozilla.org/show_bug.cgi?id=1512166) - Show blocked labels by default, hide when there's an exception. Bug [1511751](https://bugzilla.mozilla.org/show_bug.cgi?id=1511751) - Part 1 - Remove the "Blocked" labels of content blocking categories and put them behind a pref. * browser.contentblocking.cookies-site-data.ui.reject-trackers.enabled Bug [1502237](https://bugzilla.mozilla.org/show_bug.cgi?id=1502237) - Remove the pref for controlling whether the tracker cookie blocking setting would appear in the Cookies and Site Data drop-down Bug [1487178](https://bugzilla.mozilla.org/show_bug.cgi?id=1487178) - Ensure that the Firefox configuration is up to date for the Content Blocking project; Bug [1483378](https://bugzilla.mozilla.org/show_bug.cgi?id=1483378) - Part 5: Remove the old Cookies & Site Data UI; Bug [1483378](https://bugzilla.mozilla.org/show_bug.cgi?id=1483378) - Part 4: Enable hiding the "reject trackers" menu item based on a preference; * browser.contentblocking.cookies-site-data.ui.reject-trackers.recommended Bug [1502221](https://bugzilla.mozilla.org/show_bug.cgi?id=1502221) - Remove the prefs for controlling whether a '(recommended)' suffix would be appended to tracker cookie blocking settings Bug [1487178](https://bugzilla.mozilla.org/show_bug.cgi?id=1487178) - Ensure that the Firefox configuration is up to date for the Content Blocking project; Bug [1483378](https://bugzilla.mozilla.org/show_bug.cgi?id=1483378) - Part 1: Update the Cookies and Site Data UI in the Preferences window; * browser.contentblocking.enabled Bug [1502757](https://bugzilla.mozilla.org/show_bug.cgi?id=1502757) - Stop syncing the browser.contentblocking.enabled pref Bug [1486092](https://bugzilla.mozilla.org/show_bug.cgi?id=1486092) - Part 1: Move the browser.contentblocking.enabled pref to StaticPrefs; Bug [1482281](https://bugzilla.mozilla.org/show_bug.cgi?id=1482281) - Sync contentblocking pref. Bug [1476217](https://bugzilla.mozilla.org/show_bug.cgi?id=1476217) - Part 1 - Update Tracking Protection preferences for Content Blocking. Bug [1501978](https://bugzilla.mozilla.org/show_bug.cgi?id=1501978) - Part 1: Stop honouring the browser.contentblocking.enabled pref in Gecko * browser.contentblocking.fastblock.control-center.ui.enabled Bug [1500208](https://bugzilla.mozilla.org/show_bug.cgi?id=1500208) - Disable FastBlock, hide FastBlock UI everywhere. Bug [1502076](https://bugzilla.mozilla.org/show_bug.cgi?id=1502076) - Part 2: Remove the fastblock UI from the Control Centre Bug [1496671](https://bugzilla.mozilla.org/show_bug.cgi?id=1496671) - Final pref changes for Content Blocking in Firefox 63. Bug [1487178](https://bugzilla.mozilla.org/show_bug.cgi?id=1487178) - Ensure that the Firefox configuration is up to date for the Content Blocking project; Bug [1485199](https://bugzilla.mozilla.org/show_bug.cgi?id=1485199) - Add prefs for hiding the other two categories in the Content Blocking section of the Control Centre; * browser.contentblocking.fastblock.ui.enabled Bug [1500208](https://bugzilla.mozilla.org/show_bug.cgi?id=1500208) - Disable FastBlock, hide FastBlock UI everywhere. Bug [1502076](https://bugzilla.mozilla.org/show_bug.cgi?id=1502076) - Part 1: Remove the fastblock UI from Preferences Bug [1496671](https://bugzilla.mozilla.org/show_bug.cgi?id=1496671) - Final pref changes for Content Blocking in Firefox 63. Bug [1487178](https://bugzilla.mozilla.org/show_bug.cgi?id=1487178) - Ensure that the Firefox configuration is up to date for the Content Blocking project; Bug [1486414](https://bugzilla.mozilla.org/show_bug.cgi?id=1486414) - Add prefs to hide the Trackers and FastBlock categories in the Content Blocking preferences; * browser.contentblocking.global-toggle.enabled Bug [1501977](https://bugzilla.mozilla.org/show_bug.cgi?id=1501977) - Remove global Content Blocking toggle in the main menu. Bug [1496671](https://bugzilla.mozilla.org/show_bug.cgi?id=1496671) - Final pref changes for Content Blocking in Firefox 63. Bug [1492175](https://bugzilla.mozilla.org/show_bug.cgi?id=1492175) - Add a pref for hiding the global content blocking toggle. * browser.contentblocking.rejecttrackers.ui.enabled Bug [1509411](https://bugzilla.mozilla.org/show_bug.cgi?id=1509411) - Remove the browser.contentblocking.(trackingprotection|rejecttrackers).ui.enabled prefs Bug [1493682](https://bugzilla.mozilla.org/show_bug.cgi?id=1493682) - Part 1: Introduce two new prefs for controlling whether the content blocking allow list would be honoured Bug [1491061](https://bugzilla.mozilla.org/show_bug.cgi?id=1491061) - Part 4: Synchronize the default values of the essential prefs that content blocking depends on for all platforms; Bug [1487178](https://bugzilla.mozilla.org/show_bug.cgi?id=1487178) - Ensure that the Firefox configuration is up to date for the Content Blocking project; Bug [1484769](https://bugzilla.mozilla.org/show_bug.cgi?id=1484769) - Part 1: Update the Content Blocking section of the Preferences UI to add Third-Party Cookies options; * browser.contentblocking.rejecttrackers.ui.recommended Bug [1502221](https://bugzilla.mozilla.org/show_bug.cgi?id=1502221) - Remove the prefs for controlling whether a '(recommended)' suffix would be appended to tracker cookie blocking settings Bug [1487178](https://bugzilla.mozilla.org/show_bug.cgi?id=1487178) - Ensure that the Firefox configuration is up to date for the Content Blocking project; Bug [1484769](https://bugzilla.mozilla.org/show_bug.cgi?id=1484769) - Part 1: Update the Content Blocking section of the Preferences UI to add Third-Party Cookies options; * browser.contentblocking.trackingprotection.ui.enabled Bug [1509411](https://bugzilla.mozilla.org/show_bug.cgi?id=1509411) - Remove the browser.contentblocking.(trackingprotection|rejecttrackers).ui.enabled prefs Bug [1487178](https://bugzilla.mozilla.org/show_bug.cgi?id=1487178) - Ensure that the Firefox configuration is up to date for the Content Blocking project Bug [1486414](https://bugzilla.mozilla.org/show_bug.cgi?id=1486414) - Add prefs to hide the Trackers and FastBlock categories in the Content Blocking preferences * browser.contentblocking.ui.enabled Bug [1491061](https://bugzilla.mozilla.org/show_bug.cgi?id=1491061) - Part 1: Make Disable Protection honour both the Content Blocking UI pref and the pref controlling whether Third-Party Cookies section appears under Content Blocking UI; Bug [1476217](https://bugzilla.mozilla.org/show_bug.cgi?id=1476217) - Part 1 - Update Tracking Protection preferences for Content Blocking. Bug [1501286](https://bugzilla.mozilla.org/show_bug.cgi?id=1501286) - Part 5: Remove the browser.contentblocking.ui.enabled pref * browser.discovery.containers.enabled Bug [1489531](https://bugzilla.mozilla.org/show_bug.cgi?id=1489531) Expose telemetry client_id hash to about:addons via cookie * browser.discovery.enabled Bug [1499470](https://bugzilla.mozilla.org/show_bug.cgi?id=1499470) - Provide option to opt-out of add-on recommendations Bug [1489531](https://bugzilla.mozilla.org/show_bug.cgi?id=1489531) Expose telemetry client_id hash to about:addons via cookie * browser.discovery.sites Bug [1489531](https://bugzilla.mozilla.org/show_bug.cgi?id=1489531) Expose telemetry client_id hash to about:addons via cookie * browser.engagement.recent_visited_origins.expiry Bug [1509047](https://bugzilla.mozilla.org/show_bug.cgi?id=1509047) - Part 2: Add an API for measuring the number of unique origins visited in the past 24 hours * browser.fastblock.enabled Bug [1500208](https://bugzilla.mozilla.org/show_bug.cgi?id=1500208) - Disable FastBlock, hide FastBlock UI everywhere Bug [1489252](https://bugzilla.mozilla.org/show_bug.cgi?id=1489252) - Part 1: Move browser.fastblock.enabled to StaticPrefList.h Bug [1502076](https://bugzilla.mozilla.org/show_bug.cgi?id=1502076) - Part 1: Remove the fastblock UI from Preferences Bug [1480443](https://bugzilla.mozilla.org/show_bug.cgi?id=1480443) - Enable FastBlock by default on Nightly * browser.fastblock.limit Bug [1509555](https://bugzilla.mozilla.org/show_bug.cgi?id=1509555) - Part 2: Remove the core fastblock code Bug [1500208](https://bugzilla.mozilla.org/show_bug.cgi?id=1500208) - Disable FastBlock, hide FastBlock UI everywhere * browser.fastblock.timeout Bug [1509555](https://bugzilla.mozilla.org/show_bug.cgi?id=1509555) - Part 2: Remove the core fastblock code * browser.fixup.hide_user_pass Bug [1510580](https://bugzilla.mozilla.org/show_bug.cgi?id=1510580) - Remove browser.fixup.hide_user_pass pref * browser.safebrowsing.provider.mozilla.lists Bug [1509555](https://bugzilla.mozilla.org/show_bug.cgi?id=1509555) - Part 2: Remove the core fastblock code * browser.schedulePressure.defaultCount Bug [1511095](https://bugzilla.mozilla.org/show_bug.cgi?id=1511095) - Remove SchedulePressure.jsm and the fallback loading throbber in the tabstrip. * browser.schedulePressure.enabled Bug [1511095](https://bugzilla.mozilla.org/show_bug.cgi?id=1511095) - Remove SchedulePressure.jsm and the fallback loading throbber in the tabstrip. * browser.schedulePressure.timeoutMs Bug [1511095](https://bugzilla.mozilla.org/show_bug.cgi?id=1511095) - Remove SchedulePressure.jsm and the fallback loading throbber in the tabstrip. * browser.security.newcerterrorpage.mitm.enabled Bug [1450784](https://bugzilla.mozilla.org/show_bug.cgi?id=1450784) - Add a new error page for MOZILLA_PKIX_ERROR_MITM_DETECTED. * browser.sessionstore.warnOnQuit Bug [1506173](https://bugzilla.mozilla.org/show_bug.cgi?id=1506173) - use separate pref for warning on quit with sessionstore enabled, * browser.tabs.20FpsThrobber Bug [1511095](https://bugzilla.mozilla.org/show_bug.cgi?id=1511095) - Remove support for 20fps throbber. * browser.tabs.30FpsThrobber Bug [1511095](https://bugzilla.mozilla.org/show_bug.cgi?id=1511095) - Remove support for the 30fps pref, and replace the loading.svg with the 30fps variant. * browser.urlbar.autocomplete.enabled Bug [1502392](https://bugzilla.mozilla.org/show_bug.cgi?id=1502392) - Remove support for browser.urlbar.autocomplete.enabled. * browser.urlbar.matchBehavior Bug [1502728](https://bugzilla.mozilla.org/show_bug.cgi?id=1502728) - Actually remove matchBehavior from firefox.js. * browser.urlbar.suggest.history.onlyTyped Bug [1500108](https://bugzilla.mozilla.org/show_bug.cgi?id=1500108) - Remove the history.onlyTyped preference and behavior from the Address Bar. * canvas.customfocusring.enabled Bug [1120371](https://bugzilla.mozilla.org/show_bug.cgi?id=1120371) - remove obsolete drawCustomFocusRing from Canvas2D. r=jrmuizel, * canvas.imagebitmap_extensions.enabled Bug [1500733](https://bugzilla.mozilla.org/show_bug.cgi?id=1500733) - Remove canvas.imagebitmap_extensions.enabled preference, Bug [1489844](https://bugzilla.mozilla.org/show_bug.cgi?id=1489844) - Port DOMPrefs to StaticPrefs - part 1 - canvas_imagebitmap_extensions_enabled, * devtools.aboutdebugging.network Bug [1507708](https://bugzilla.mozilla.org/show_bug.cgi?id=1507708) - Add default values for aboutdebugging wifi and network features;r=ladybenko Bug [1482054](https://bugzilla.mozilla.org/show_bug.cgi?id=1482054) - Create module to manage network locations;r=daisuke * devtools.aboutdebugging.wifi Bug [1507708](https://bugzilla.mozilla.org/show_bug.cgi?id=1507708) - Add default values for aboutdebugging wifi and network features;r=ladybenko * devtools.console.stdout.chrome Bug [1480544](https://bugzilla.mozilla.org/show_bug.cgi?id=1480544) - Allow Console API to log messages on stdout, * devtools.console.stdout.content Bug [1480544](https://bugzilla.mozilla.org/show_bug.cgi?id=1480544) - Allow Console API to log messages on stdout, * devtools.flexboxinspector.enabled Bug [1509908](https://bugzilla.mozilla.org/show_bug.cgi?id=1509908) - Enabling the flexbox tools on all channels; Bug [1492026](https://bugzilla.mozilla.org/show_bug.cgi?id=1492026) - Enable the flexbox panel in Nightly. Bug [1470380](https://bugzilla.mozilla.org/show_bug.cgi?id=1470380) - Enable the first simple version of the flexbox highlighter (M0) in nightly only. * devtools.inspector.changes.enabled Bug [1491887](https://bugzilla.mozilla.org/show_bug.cgi?id=1491887) - Enable tracking CSS changes and the Changes panel for all release channels; Bug [1508353](https://bugzilla.mozilla.org/show_bug.cgi?id=1508353) - [Track Changes] Enable track changes for nightly. Bug [1478448](https://bugzilla.mozilla.org/show_bug.cgi?id=1478448) - (Part 1) Add pref for Track Changes feature. * devtools.inspector.flexboxHighlighter.enabled Bug [1509908](https://bugzilla.mozilla.org/show_bug.cgi?id=1509908) - Enabling the flexbox tools on all channels; Bug [1470380](https://bugzilla.mozilla.org/show_bug.cgi?id=1470380) - Enable the first simple version of the flexbox highlighter (M0) in nightly only. * devtools.inspector.fonteditor.enabled Bug [1485324](https://bugzilla.mozilla.org/show_bug.cgi?id=1485324) - (Part 1) Remove pref for Font Editor and obsolete conditionals; Bug [1485326](https://bugzilla.mozilla.org/show_bug.cgi?id=1485326) - Set the Font Editor pref to true for all channels. Bug [1470375](https://bugzilla.mozilla.org/show_bug.cgi?id=1470375) - Set the font editor pref to true in Nightly builds. * devtools.inspector.showUserAgentShadowRoots Bug [1483660](https://bugzilla.mozilla.org/show_bug.cgi?id=1483660) - Hide UA Widget shadow root in inspector by default;r=ladybenko * devtools.performance.profiler.sample-frequency-hz Bug [1489745](https://bugzilla.mozilla.org/show_bug.cgi?id=1489745) - Convert the preference sample-frequency-khz to hz * devtools.performance.profiler.sample-frequency-khz Bug [1489745](https://bugzilla.mozilla.org/show_bug.cgi?id=1489745) - Convert the preference sample-frequency-khz to hz * devtools.recordreplay.allowRepaintFailures Bug [1503750](https://bugzilla.mozilla.org/show_bug.cgi?id=1503750) - Add preference to allow crashing on repaint failures, * devtools.recordreplay.includeSystemScripts Bug [1505935](https://bugzilla.mozilla.org/show_bug.cgi?id=1505935) Part 3 - Add pref allowing system scripts to be exposed to the debugger, * devtools.recordreplay.timeline.enabled Bug [1503703](https://bugzilla.mozilla.org/show_bug.cgi?id=1503703) - Style progress overlay. * devtools.webconsole.jsterm.reverse-search Bug [1512257](https://bugzilla.mozilla.org/show_bug.cgi?id=1512257) - Enable reverse search on every channel; Bug [1024913](https://bugzilla.mozilla.org/show_bug.cgi?id=1024913) - Add a preference to enable the reverse search UI; * dom.block_multiple_popups Bug [675574](https://bugzilla.mozilla.org/show_bug.cgi?id=675574) - Allow just 1 window.open() per event, * dom.browserElement.maxScreenshotDelayMS Bug [1503070](https://bugzilla.mozilla.org/show_bug.cgi?id=1503070) part 4. Remove getScreenshot() method from BrowserElement. * dom.compositionevent.text.dispatch_only_system_group_in_content Bug [1288640](https://bugzilla.mozilla.org/show_bug.cgi?id=1288640) - Make TextComposition not dispatch eCompositionChange events (DOM "text" event) in the default group of web content * dom.event.returnValue.enabled Bug [1510985](https://bugzilla.mozilla.org/show_bug.cgi?id=1510985) - Remove Event.returnValue temporarily in 64. * dom.ipc.tabs.createKillHardCrashReports Bug [1499465](https://bugzilla.mozilla.org/show_bug.cgi?id=1499465) - Don't collect KillHard crashes on Beta or Release. * dom.keyboardevent.dispatch_during_composition Bug [1496288](https://bugzilla.mozilla.org/show_bug.cgi?id=1496288) - part 2: Stop dispatching non-printable "keypress" events, set keyCode or charCode value to the other value when it's zero, start to dispatch "keydown" and "keyup" events during composition, and enable window.event by default * dom.keyboardevent.keypress.dispatch_non_printable_keys_only_system_group_in_content Bug [1496288](https://bugzilla.mozilla.org/show_bug.cgi?id=1496288) - part 2: Stop dispatching non-printable "keypress" events, set keyCode or charCode value to the other value when it's zero, start to dispatch "keydown" and "keyup" events during composition, and enable window.event by default Bug [1496288](https://bugzilla.mozilla.org/show_bug.cgi?id=1496288) - part 1: Make blacklist prefs for keypress event behavior changes ride the train * dom.keyboardevent.keypress.hack.dispatch_non_printable_keys Bug [1508503](https://bugzilla.mozilla.org/show_bug.cgi?id=1508503) - Remove medium.com from "dom.keyboardevent.keypress.hack.dispatch_non_printable_keys" * dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode Bug [1510111](https://bugzilla.mozilla.org/show_bug.cgi?id=1510111) - Remove www.rememberthemilk.com from the blacklist of keyCode/charCode mirroring of keypress events Bug [1502795](https://bugzilla.mozilla.org/show_bug.cgi?id=1502795) - Set keyCode or charCode of keypress event whose value is zero to the other's non-zero value by default again unless dispatched on known broken web apps * dom.keyboardevent.keypress.set_keycode_and_charcode_to_same_value Bug [1479964](https://bugzilla.mozilla.org/show_bug.cgi?id=1479964) - Set KeyboardEvent.keyCode and KeyboardEvent.charCode to same value if the event is "keypress" event * dom.payments.request.supportedRegions Bug [1501102](https://bugzilla.mozilla.org/show_bug.cgi?id=1501102) - Move hard-coded 'supportedRegions' array to a pref to allow developers outside US/CA to test PaymentRequest. * dom.performance.time_to_contentful_paint.enabled Bug [1298381](https://bugzilla.mozilla.org/show_bug.cgi?id=1298381): Implement TimeToFirstContentfulPaint behind a pref * dom.reporting.cleanup.timeout Bug [1508310](https://bugzilla.mozilla.org/show_bug.cgi?id=1508310) - Implement Report-to header support - part 12 - Cleanup out-of-date endpoints, * dom.reporting.delivering.maxFailures Bug [1508310](https://bugzilla.mozilla.org/show_bug.cgi?id=1508310) - Implement Report-to header support - part 5 - Report delivering, * dom.reporting.delivering.maxReports Bug [1508310](https://bugzilla.mozilla.org/show_bug.cgi?id=1508310) - Implement Report-to header support - part 11 - Limit the number of reports, * dom.reporting.delivering.timeout Bug [1508310](https://bugzilla.mozilla.org/show_bug.cgi?id=1508310) - Implement Report-to header support - part 5 - Report delivering, * dom.reporting.enabled Bug [1492036](https://bugzilla.mozilla.org/show_bug.cgi?id=1492036) - Reporting API - part 1 - WebIDL, * dom.reporting.featurePolicy.enabled Bug [1492036](https://bugzilla.mozilla.org/show_bug.cgi?id=1492036) - Reporting API - part 6 - FeaturePolicy, * dom.reporting.header.enabled Bug [1508310](https://bugzilla.mozilla.org/show_bug.cgi?id=1508310) - Implement Report-to header support - part 1 - Header parser, * dom.reporting.testing.enabled Bug [1492036](https://bugzilla.mozilla.org/show_bug.cgi?id=1492036) - Reporting API - part 5 - tests, * dom.security.featurePolicy.header.enabled Bug [1507230](https://bugzilla.mozilla.org/show_bug.cgi?id=1507230) - dom.security.featurePolicy.header.enabled pref controls the using of FeaturePolicy header, * dom.security.featurePolicy.webidl.enabled Bug [1507230](https://bugzilla.mozilla.org/show_bug.cgi?id=1507230) - dom.security.featurePolicy.webidl.enabled pref controls the exposing of document.policy and HTMLIFrameElement.policy attributes, * dom.sidebar.enabled Bug [1503551](https://bugzilla.mozilla.org/show_bug.cgi?id=1503551) - Make window.external.AddSearchProvider a dummy function, * dom.storage.next_gen Bug [1286798](https://bugzilla.mozilla.org/show_bug.cgi?id=1286798) - Part 54: Disable LSNG by default; Bug [1286798](https://bugzilla.mozilla.org/show_bug.cgi?id=1286798) - Part 3: New basic (memory only) implementation of LocalStorage; * dom.storage.shadow_writes Bug [1286798](https://bugzilla.mozilla.org/show_bug.cgi?id=1286798) - Part 46: Add a pref for database shadowing; * dom.storage.snapshot_prefill Bug [1286798](https://bugzilla.mozilla.org/show_bug.cgi?id=1286798) - Part 40: Increase initial snapshot prefill to 16KB; Bug [1286798](https://bugzilla.mozilla.org/show_bug.cgi?id=1286798) - Part 31: Support for lazy loading of items; * dom.storage.snapshot_reusing Bug [1286798](https://bugzilla.mozilla.org/show_bug.cgi?id=1286798) - Part 42: Implement snapshot reusing; * dom.storage_access.auto_grants Bug [1509047](https://bugzilla.mozilla.org/show_bug.cgi?id=1509047) - Part 5: Add heuristics to the storage access API for automatically granting temporary session-scoped storage access without displaying a doorhanger prompt; * dom.storage_access.enabled Bug [1498251](https://bugzilla.mozilla.org/show_bug.cgi?id=1498251) - Enable the Storage Access API in Nightly; Bug [1515693](https://bugzilla.mozilla.org/show_bug.cgi?id=1515693) - Check allow-storage-access-by-user-activation sandbox flag only if StorageAccess API is enabled. * dom.storage_access.max_concurrent_auto_grants Bug [1509047](https://bugzilla.mozilla.org/show_bug.cgi?id=1509047) - Part 5: Add heuristics to the storage access API for automatically granting temporary session-scoped storage access without displaying a doorhanger prompt; * dom.targetBlankNoOpener.enabled Bug [1503681](https://bugzilla.mozilla.org/show_bug.cgi?id=1503681) - rel=noopener implicit for target=_blank in anchor and area elements when no rel attribute is set, * dom.ua_widget.enabled Bug [1507894](https://bugzilla.mozilla.org/show_bug.cgi?id=1507894) - Enable UA Widget in beta/release Bug [1484048](https://bugzilla.mozilla.org/show_bug.cgi?id=1484048) - Part V, Re-enable UA Widget on Desktop Nightly * dom.webcomponents.customelements.enabled Bug [1503019](https://bugzilla.mozilla.org/show_bug.cgi?id=1503019) - Part II, Remove dom.webcomponents.customelements.enabled pref * dom.webcomponents.shadowdom.enabled Bug [1503019](https://bugzilla.mozilla.org/show_bug.cgi?id=1503019) - Part I, Remove dom.webcomponents.shadowdom.enabled Bug [1493869](https://bugzilla.mozilla.org/show_bug.cgi?id=1493869) - Put window.event behind a pref and disable it by default for release versions. Bug [1471814](https://bugzilla.mozilla.org/show_bug.cgi?id=1471814) - Add a preference for {Document,Element}.getAnimations(); * dom.window.event.enabled Bug [1496288](https://bugzilla.mozilla.org/show_bug.cgi?id=1496288) - part 2: Stop dispatching non-printable "keypress" events, set keyCode or charCode value to the other value when it's zero, start to dispatch "keydown" and "keyup" events during composition, and enable window.event by default Bug [1503019](https://bugzilla.mozilla.org/show_bug.cgi?id=1503019) - Part I, Remove dom.webcomponents.shadowdom.enabled Bug [1493869](https://bugzilla.mozilla.org/show_bug.cgi?id=1493869) - Put window.event behind a pref and disable it by default for release versions. * extensions.formautofill.reauth.enabled Bug [1510470](https://bugzilla.mozilla.org/show_bug.cgi?id=1510470) - Disable OS re-auth for credit cards by default. * geo.provider.ms-windows-location Bug [1512161](https://bugzilla.mozilla.org/show_bug.cgi?id=1512161) - Use Windows & Mac system API for geolocation * gfx.omta.background-color Bug [1504065](https://bugzilla.mozilla.org/show_bug.cgi?id=1504065) - Run background-color animations on the compositor. * gfx.webrender.dcomp-win-triple-buffering.enabled Bug [1500017](https://bugzilla.mozilla.org/show_bug.cgi?id=1500017) - Use triple buffer with DXGI_SWAP_EFFECT_FLIP_SEQUENTIAL SwapChain * gfx.webrender.debug.slow-frame-indicator Bug [1503730](https://bugzilla.mozilla.org/show_bug.cgi?id=1503730) - Add visual indicator for when WebRender frames record a CONTENT_FRAME_TIME of >200. * gfx.webrender.debug.texture-cache.clear-evicted Bug [1507333](https://bugzilla.mozilla.org/show_bug.cgi?id=1507333) - Clear evicted cache entries when using the debug display. * gfx.webrender.picture-caching Bug [1510725](https://bugzilla.mozilla.org/show_bug.cgi?id=1510725) - Add a pref to enable picture caching in WebRender. * image.animated.decode-on-demand.recycle Bug [1465619](https://bugzilla.mozilla.org/show_bug.cgi?id=1465619) - Part 11. Add support for recycling animated image frames. * image.animated.generate-full-frames Bug [1508393](https://bugzilla.mozilla.org/show_bug.cgi?id=1508393) - Enable animated images producing full frames by default. Bug [1337111](https://bugzilla.mozilla.org/show_bug.cgi?id=1337111) - Part 5. Add pref to force decoding of full frames, disabled by default. * image.http.accept Bug [1503653](https://bugzilla.mozilla.org/show_bug.cgi?id=1503653) - Part 2. Enable WebP by default. Bug [1294490](https://bugzilla.mozilla.org/show_bug.cgi?id=1294490) - Part 7. Enable WebP by default. * image.webp.enabled Bug [1503653](https://bugzilla.mozilla.org/show_bug.cgi?id=1503653) - Part 2. Enable WebP by default. Bug [1294490](https://bugzilla.mozilla.org/show_bug.cgi?id=1294490) - Part 3. Implement WebP decoder. Bug [1294490](https://bugzilla.mozilla.org/show_bug.cgi?id=1294490) - Part 7. Enable WebP by default. * io.activity.intervalMilliseconds Bug [1508257](https://bugzilla.mozilla.org/show_bug.cgi?id=1508257) - Remove io.activity.intervalMilliseconds - * javascript.options.bigint Bug [1506542](https://bugzilla.mozilla.org/show_bug.cgi?id=1506542) - Add run-time flag to enable bigint support * javascript.options.streams Bug [1505122](https://bugzilla.mozilla.org/show_bug.cgi?id=1505122) - Enable ReadableStream for beta and release. Bug [1389628](https://bugzilla.mozilla.org/show_bug.cgi?id=1389628) - Part 2: Enable Streams API by default. Bug [1491939](https://bugzilla.mozilla.org/show_bug.cgi?id=1491939) - Part 4: Enable streams on a per-realm basis. Drop dom.streams.enabled and dom.workers.options.streams; use only javascript.options.streams. * layout.css.frames-timing.enabled Bug [1496619](https://bugzilla.mozilla.org/show_bug.cgi?id=1496619) - Part 1: Drop frames() timing function * layout.css.overflow-break.intrinsic-size Bug [1505786](https://bugzilla.mozilla.org/show_bug.cgi?id=1505786) - Implement overflow-wrap: anywhere. Bug [1484587](https://bugzilla.mozilla.org/show_bug.cgi?id=1484587) - Put the behavior that overflow-wrap: break-word affecting intrinsic size behind a pref and disable it by default. * layout.css.shape-outside.enabled Bug [1504387](https://bugzilla.mozilla.org/show_bug.cgi?id=1504387) - Remove preference "layout.css.shape-outside.enabled". * layout.css.step-position-jump.enabled Bug [1496619](https://bugzilla.mozilla.org/show_bug.cgi?id=1496619) - part 7: Implement steps(jump-*) functions * layout.css.text-align-unsafe-value.enabled Bug [1500885](https://bugzilla.mozilla.org/show_bug.cgi?id=1500885) - Remove tests and other similar bits. * media.av1.enabled Bug [1452146](https://bugzilla.mozilla.org/show_bug.cgi?id=1452146) - flip av1 and rdd on for Win. Bug [1452146](https://bugzilla.mozilla.org/show_bug.cgi?id=1452146) - flip av1 and rdd on for OSX and Win. * media.av1.use-dav1d Bug [1493400](https://bugzilla.mozilla.org/show_bug.cgi?id=1493400) - Implement platform decoder for dav1d. * media.getusermedia.agc Bug [1509842](https://bugzilla.mozilla.org/show_bug.cgi?id=1509842) - Re-enable AGC by default. Bug [1376873](https://bugzilla.mozilla.org/show_bug.cgi?id=1376873) - Updates to dom/media/, dom/media/systemservices and dom/media/webrtc; Bug [1496714](https://bugzilla.mozilla.org/show_bug.cgi?id=1496714) - Enable AGC by default for getUserMedia. * media.getusermedia.use_aec_mobile Bug [1376873](https://bugzilla.mozilla.org/show_bug.cgi?id=1376873) - Updates to dom/media/, dom/media/systemservices and dom/media/webrtc; * media.navigator.mediadatadecoder_enabled Bug [1376873](https://bugzilla.mozilla.org/show_bug.cgi?id=1376873) - Updates to dom/media/, dom/media/systemservices and dom/media/webrtc; Bug [1496529](https://bugzilla.mozilla.org/show_bug.cgi?id=1496529) - P8. Add media.navigator.mediadatadecoder_h264_enabled preference. Bug [1505284](https://bugzilla.mozilla.org/show_bug.cgi?id=1505284) - P4. Split preferences to enable WebRTC with MediaDataDecoder. * media.navigator.mediadatadecoder_h264_enabled Bug [1505284](https://bugzilla.mozilla.org/show_bug.cgi?id=1505284) - P2. Use system's h264 decoder for webrtc call. Bug [1376873](https://bugzilla.mozilla.org/show_bug.cgi?id=1376873) - Updates to dom/media/, dom/media/systemservices and dom/media/webrtc; Bug [1496529](https://bugzilla.mozilla.org/show_bug.cgi?id=1496529) - P8. Add media.navigator.mediadatadecoder_h264_enabled preference. * media.navigator.mediadatadecoder_vpx_enabled Bug [1508677](https://bugzilla.mozilla.org/show_bug.cgi?id=1508677) - Use playback's VP8/VP9 decoder for webrtc call on Nightly. Bug [1505284](https://bugzilla.mozilla.org/show_bug.cgi?id=1505284) - P4. Split preferences to enable WebRTC with MediaDataDecoder. * media.rdd-process.enabled Bug [1471535](https://bugzilla.mozilla.org/show_bug.cgi?id=1471535) - pt5 - Add prefs media.rdd-process.enabled and media.rdd-process.startup_timeout_ms. * media.rdd-process.startup_timeout_ms Bug [1471535](https://bugzilla.mozilla.org/show_bug.cgi?id=1471535) - pt5 - Add prefs media.rdd-process.enabled and media.rdd-process.startup_timeout_ms. * media.test.video-suspend Bug [1511235](https://bugzilla.mozilla.org/show_bug.cgi?id=1511235) - Part 3: Ensure video is visible before starting test. * network.connectivity-service.DNSv4.domain Bug [1460537](https://bugzilla.mozilla.org/show_bug.cgi?id=1460537) - Connectivity Service - Add DNSv4 and DNSv6 checks * network.connectivity-service.DNSv6.domain Bug [1460537](https://bugzilla.mozilla.org/show_bug.cgi?id=1460537) - Connectivity Service - Add DNSv4 and DNSv6 checks * network.connectivity-service.enabled Bug [1460537](https://bugzilla.mozilla.org/show_bug.cgi?id=1460537) - Connectivity Service - Add DNSv4 and DNSv6 checks * network.connectivity-service.IPv4.url Bug [1502025](https://bugzilla.mozilla.org/show_bug.cgi?id=1502025) - Use captive portal endpoints for connectivity checks * network.connectivity-service.IPv6.url Bug [1502025](https://bugzilla.mozilla.org/show_bug.cgi?id=1502025) - Use captive portal endpoints for connectivity checks * network.http.accept.default Bug [1507691](https://bugzilla.mozilla.org/show_bug.cgi?id=1507691) - Add image/webp to default HTTP Accept header. * network.http.send_window_size Bug [1513135](https://bugzilla.mozilla.org/show_bug.cgi?id=1513135) - disable flow control of HTTP e10s back pressure * network.http.spdy.enable-hpack-dump Bug [1505867](https://bugzilla.mozilla.org/show_bug.cgi?id=1505867) - Add pref for hpack table dumps. * network.http.spdy.websockets Bug [1434137](https://bugzilla.mozilla.org/show_bug.cgi?id=1434137) - Implement websockets over http/2 - RFC 8441 * network.IDN.blacklist_chars Bug [1502097](https://bugzilla.mozilla.org/show_bug.cgi?id=1502097) - (Part 1) Move pref network.IDN.blacklist_chars to separate hardcoded file IDNCharacterBlocklist.inc * network.IDN.extra_allowed_chars Bug [1502097](https://bugzilla.mozilla.org/show_bug.cgi?id=1502097) - (Part 1) Move pref network.IDN.blacklist_chars to separate hardcoded file IDNCharacterBlocklist.inc * network.IDN.extra_blocked_chars Bug [1502097](https://bugzilla.mozilla.org/show_bug.cgi?id=1502097) - (Part 1) Move pref network.IDN.blacklist_chars to separate hardcoded file IDNCharacterBlocklist.inc * network.trr.custom_uri Bug [1495583](https://bugzilla.mozilla.org/show_bug.cgi?id=1495583) - Add a button to restore the default value for network.trr.uri preference. * pdfium.enabled Bug [1503537](https://bugzilla.mozilla.org/show_bug.cgi?id=1503537) - Get rid of the pdfium & mortar code * privacy.popups.maxReported Bug [685828](https://bugzilla.mozilla.org/show_bug.cgi?id=685828) - Limit displaying blocked popups in the front-end. * privacy.restrict3rdpartystorage.partitionedHosts Bug [1505212](https://bugzilla.mozilla.org/show_bug.cgi?id=1505212) - Partitioned localStorage for 3rd party tracker pages, r=ehsan, * privacy.restrict3rdpartystorage.userInteractionRequiredForHosts Bug [1507769](https://bugzilla.mozilla.org/show_bug.cgi?id=1507769) - User-interaction required before granting storage access for some 3rd party trackers, * privacy.trackingprotection.introCount Bug [1501286](https://bugzilla.mozilla.org/show_bug.cgi?id=1501286) - Part 2: Remove support for tracking protection UI from Control Centre * security.strict_security_checks.enabled Bug [1498526](https://bugzilla.mozilla.org/show_bug.cgi?id=1498526) - add in user pref to prevent loading implied triggeringPrincipal loads for dev and nightly builds. * services.sync.prefs.sync.browser.contentblocking.enabled Bug [1502757](https://bugzilla.mozilla.org/show_bug.cgi?id=1502757) - Stop syncing the browser.contentblocking.enabled pref Bug [1482281](https://bugzilla.mozilla.org/show_bug.cgi?id=1482281) - Sync contentblocking pref. * services.sync.prefs.sync.browser.urlbar.autocomplete.enabled Bug [1502392](https://bugzilla.mozilla.org/show_bug.cgi?id=1502392) - Remove support for browser.urlbar.autocomplete.enabled. * services.sync.prefs.sync.browser.urlbar.suggest.history.onlyTyped Bug [1500108](https://bugzilla.mozilla.org/show_bug.cgi?id=1500108) - Remove the history.onlyTyped preference and behavior from the Address Bar. * services.sync.prefs.sync.privacy.fuzzyfox.clockgrainus Bug [1505109](https://bugzilla.mozilla.org/show_bug.cgi?id=1505109) - Disable fuzzyfox pref syncing by default Bug [1432429](https://bugzilla.mozilla.org/show_bug.cgi?id=1432429) - Add FuzzyFox class and prefs. * services.sync.prefs.sync.privacy.fuzzyfox.enabled Bug [1505109](https://bugzilla.mozilla.org/show_bug.cgi?id=1505109) - Disable fuzzyfox pref syncing by default Bug [1432429](https://bugzilla.mozilla.org/show_bug.cgi?id=1432429) - Add FuzzyFox class and prefs. * urlclassifier.disallow_completions Bug [1509555](https://bugzilla.mozilla.org/show_bug.cgi?id=1509555) - Part 2: Remove the core fastblock code * urlclassifier.trackingAnnotationSkipURLs Bug [1507013](https://bugzilla.mozilla.org/show_bug.cgi?id=1507013) - Add a site-specific workaround for Google Recaptcha to improve the user experience of using it with the new cookie policy;

[Atavic]

network.connectivity-service.* is really a bloated feature. All those checks should be done outside of a browser.

[Atavic]

dom.payments.request.supportedRegions Web Payments:

https://firefox-source-docs.mozilla.org/browser/components/payments/docs/index.html https://wiki.mozilla.org/Firefox/Features/Web_Payments

[Atavic]

dom.reporting.*

The Reporting API defines a new HTTP header Report-To that gives web developers a way to specify server endpoints for the browser to send warnings and errors to.

See: https://developers.google.com/web/updates/2018/09/reportingapi

[Thorin-Oakenpants]

am on 65b12 .. was waiting for a newer update before I move shit round in OP. Should I just start anyway? @earthlng

[earthlng]

65.0b12 changes since 65.0b8

new

pref("toolkit.tabbox.switchByScrolling", false);

removed, renamed or hidden

pref("dom.event.returnValue.enabled", false);

changed

pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}"); // prev: "{\"id\":\"cfr\",\"enabled\":false,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}" pref("browser.newtabpage.activity-stream.asrouter.providers.onboarding", "{\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true,\"exclude\":[\"RETURN_TO_AMO_1\"]}"); // prev: "{\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true}" pref("browser.newtabpage.activity-stream.asrouter.providers.snippets", "{\"id\":\"snippets\",\"enabled\":true,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000}"); // prev: "{\"id\":\"snippets\",\"enabled\":false,\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000}" pref("dom.keyboardevent.keypress.set_keycode_and_charcode_to_same_value", true); // prev: false pref("dom.window.event.enabled", true); // prev: false pref("intl.multilingual.enabled", true); // prev: false pref("privacy.trackingprotection.introURL", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/content-blocking/start/"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tracking-protection/start/"

EDIT: updated 1st post

[Thorin-Oakenpants]

moved a heap of items from new to ignore: if anything in ignore looks like it should be revisited, sing out

[Thorin-Oakenpants]

OT: interesting way to hide a malicious URL so it's not exposed / detected until both the js is run and the image is present - https://arstechnica.com/information-technology/2019/01/malvertisers-target-mac-uses-with-stenographic-code-stashed-in-images/

[Atavic]

pref("dom.payments.request.supportedRegions", "US,CA");

Users have to add country codes to make it eventually work (geo info given):https://github.com/mdn/browser-compat-data/issues/3164

[Thorin-Oakenpants]

oooh .. it's almost here .. is anyone in a hurry? Or can I leave this for a few days

[bogachenko]

@Thorin-Oakenpants It seems someone is lazy? 😯

[Thorin-Oakenpants]

I have shit to do .. like drink beer .. and as usual .. it's always me and earthlng ... or nothing happens

[bogachenko]

@Thorin-Oakenpants

I have shit to do .. like drink beer

okay 🙂

---

in fact, there is not much to add. 1-2 hours of work. but I not insist

[earthlng]

65.0 changes since 65.0b12

changed

pref("app.update.channel", "beta"); // prev: "release" pref("app.update.url.details", "https://www.mozilla.org/%LOCALE%/firefox/beta/notes"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/notes" pref("app.update.url.manual", "https://www.mozilla.org/firefox/beta"); // prev: "https://www.mozilla.org/firefox/" pref("extensions.webcompat-reporter.enabled", true); // prev: false pref("font.name-list.sans-serif.zh-TW", "Arial, PMingLiU, MingLiU, MingLiU-ExtB, Microsoft JhengHei"); // prev: "Arial, Microsoft JhengHei, PMingLiU, MingLiU, MingLiU-ExtB" pref("toolkit.telemetry.enabled", true); // prev: false

EDIT: updated 1st post

[bogachenko]

@earthlng

pref("dom.push.alwaysConnect", true); // prev: false

changed? I have so and remained "false." firefox 65

[earthlng]

Oops, you're right. I forgot to block its internet access and it must have installed some shield studies or whatnot which affected the pref defaults. I did the diff kind of in the background while doing something else - my bad, sorry. browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.searchEngines was also changed by something like that and the default (with internet access blocked) is still empty string. I'll update the list. Thanks @bogachenko

[Thorin-Oakenpants]

@overdodactyl and others, see bug https://bugzilla.mozilla.org/show_bug.cgi?id=1504766 - basically in windows 10 the OS takes over title bar colors (so everything on the top except the current tab ends up with your windows theme)

The solution was to go to Windows settings > personalization > colors. and then in “show accent color on the following surfaces” untick the option “title bars”. But of course that's not a proper solution - maybe you want that *except for firefox.

Anyway: here is the answer: from comment 24 on the linked bugzilla

stick in 5000 under appearance?

   // user_pref("ui.-moz-win-accentcolor", "#202340"); // [FF65+] [HIDDEN PREF]
   // user_pref("ui.-moz-win-accentcolortext, "#f9f9fa"); // [FF65+]  [HIDDEN PREF]
      // ^ override Windows 10 accent color on Firefox's title bar
      // ^ default: #202340, #f9f9fa | light: #e3e4e6, #18191a | dark: #0c0c0d, #f9f9fa

[bogachenko]

@Thorin-Oakenpants So what about the update userjs? Tomorrow already has come. ~I've had a night. Crappy time zone. uh~

[earthlng]

• network.connectivity-service.enabled - disable under Quiet Fox? just the master switch should be enough
• network.http.spdy.websockets - maybe disable this together with the other spdy stuff, just in case
• security.strict_security_checks.enabled - currently being tested in Nightly "for one cycle" (until they land it in Release?). Something to do with triggering principals. I think we can just wait until it lands in Release. Shouldn't be much of a risk in enabling it already either though but IDK how much potential breakage it could cause. I'll enable it in my main FF and see how it goes

[earthlng]

I think we could also force-disable all the Reporting API shit even though it's still default false in Release atm

[ghost]

For the time being I've set,

// Network Connectivity Services -- unneeded entries unless you use Sync account and maybe Push notifcations
// These FF 65 entries go against the security principle of a reduced attack surface, as there's a DNS Hijack opportunity.
pref("network.connectivity-service.enabled", false);
pref("network.connectivity-service.DNSv4.domain", "");
pref("network.connectivity-service.DNSv6.domain", "");
pref("network.connectivity-service.IPv4.url", "http://0.0.0.0");
pref("network.connectivity-service.IPv6.url", "http://0.0.0.0");

// Add-on recommendations
pref("browser.discovery.enabled", false);
pref("browser.discovery.containers.enabled", false);
pref("browser.discovery.sites", "");

// Storage Access API
pref("dom.storage_access.enabled", false); 

// More
pref("network.http.spdy.websockets", false);

// Unknown
// pref("privacy.restrict3rdpartystorage.partitionedHosts", "accounts.google.com/o/oauth2/");
// pref("privacy.restrict3rdpartystorage.userInteractionRequiredForHosts", "");

The Srorage Access API in particular disturbs me, I can't understand its pertinence.

[Thorin-Oakenpants]

Network Connectivity Services -- unneeded entries unless you use Sync account and maybe Push notifcations

Sorry, I haven't even had time to look up what this is. Are you saying it's only if you use Sync (and maybe push notification FROM sync). If that's the case then we don't need to add them at all, because sync is an end user choice to set up an account etc, and we already don't mess with sync

[ghost]

I confess having borrowed the comments related to Network Connectivity Services at https://github.com/intika/Librefox/issues/102, I only chose the values accordingly.

All this is temporary, just trying to advance, need experts' views.

Dom Reporting API : quoting @Atavic

dom.reporting.*

The Reporting API defines a new HTTP header Report-To that gives web developers a way to specify server endpoints for the browser to send warnings and errors to.

See: https://developers.google.com/web/updates/2018/09/reportingapi

No idea about this one, new kid in town?

[Thorin-Oakenpants]

^^ no worries. We'll scope it out. I always check the source rather than rely on 3rd parties (unless they have a proven record like gorhill, earthlng

edit: yeah, OK .. that librefox issue simply points to two more librefox issues and none of them address the new prefs

[ghost]

I always check the source rather than rely on 3rd parties (unless they have a proven record like gorhill, earthlng

That's also what's most appreciated here. You guys wouldn't be here, referring to roots rather than to leaves, I'd (we'd) have to compare many settings with often different values/advice and most often no explanations. Objectivity is the word, here. Great work, I'd like to be able to bring more substantial comments.

[Atavic]

Network Connectivity Services start a DNS query and an HTTP query to check if browser is online. Who's in need to such checks? The user or mozilla? I'll skip this 100%

HTTP query is not secured.

[earthlng]

network.connectivity-service.enabled - I've checked the source code and with this set to false, the other 4 prefs are never used. I'll move this one to the todo list and the other 4 to "ignore".

[earthlng]

browser.discovery.enabled is tied to datareporting.healthreport.uploadEnabled and both need to be enabled for Discovery to work. There's also a new UI setting for this under about:preferences#privacy "Firefox Data Collection and Use" titled "Allow Firefox to make personalized extension recommendations" but IDK if that setting already exists in FF65 (I'm on 66 dev edition). Can somebody on FF65 confirm please?

The "container" pref (browser.discovery.containers.enabled) just makes sure that the cookie is set in the correct container if you visit AMO in a container tab so I'd say we can safely ignore that pref.

[ghost]

network.connectivity-service.enabled - I've checked the source code and with this set to false, the other 4 prefs are never used. I'll move this one to the todo list and the other 4 to "ignore".

OK.

browser.discovery.enabled is tied to datareporting.healthreport.uploadEnabled and both need to be enabled for Discovery to work.

OK

"Firefox Data Collection and Use" : available here on FF65 Extension Recommendations, “(Contextual Feature Recommendation) CFR is a system that proactively delivers personalized Firefox feature and extension recommendations to users based on their behavior.”

Preference value : browser.newtabpage.activity-stream.asrouterExperimentEnabled

I had it already set to false (as a lockPref) so it's grayed out here.

[earthlng]

That's not the same. One is CFR and the other one is called Discovery. Do you have "Allow Firefox to make personalized extension recommendations" under "Firefox Data Collection and Use" in FF65?

[earthlng]

FYI: the CFR UI setting is "Recommend extensions as you browse" under about:preferences#general

[earthlng]

FYI number2: browser.newtabpage.activity-stream.asrouterExperimentEnabled is long gone :)

[crssi]

Do you have "Allow Firefox to make personalized extension recommendations" under "Firefox Data Collection and Use" in FF65?

Yes and none is ticked. I will check again about ticks on a vanilla, later today... and report back.

[ghost]

Do you have "Allow Firefox to make personalized extension recommendations" under "Firefox Data Collection and Use" in FF65?

Yes, "Allow Firefox to make personalized extension recommendations" but under about:preferences#Privacy & Security and it's grayed out here.

FYI number2: browser.newtabpage.activity-stream.asrouterExperimentEnabled is long gone :)

I've just commented it and above remained grayed out, so I just don't know which of my settings disables it :=)

[ghost]

i'm learning the hard way... there are indeed two Firefox 65 different options when I was aware only of the second:

about:preferences / General / Browsing Recommend extensions as you browse

about:preferences / Privacy & security / Firefox Data Collection and Use Allow Firefox to make personalized extension recommendations

Both here are grayed out and blocked (I use config.js with lockPrefs) and I cannot manage to find out which setting blocks them...

Good Heavens, this is confusing.

[earthlng]

I just don't know which of my settings disables it

you can search https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js for "Recommend extensions as you browse" ;)

@crssi

Yes and none is ticked

did you already disable the new discovery pref maybe? Or did it change to false automatically because the telemetry pref is disabled?

[ghost]

you can search https://raw.githubusercontent.com/ghacksuserjs/ghacks-user.js/master/user.js for "Recommend extensions as you browse" ;)

OK, that's pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr", false);

Remains the latter, confusing, grayed/blocked here for a setting I ignore. I know it's disabled by default but here it's disbled and grayed out which means I have a lockpref enforcing it to off:

about:preferences / Privacy & security / Firefox Data Collection and Use Allow Firefox to make personalized extension recommendations

Thanks for the smiles, I'm walking on myself as we say in French.

[Thorin-Oakenpants]

There's a bit of UI "trickery" going on here similar to the solution in https://bugzilla.mozilla.org/show_bug.cgi?id=1447226

That new UI option is controlled by browser.discovery.enabled. Go ahead and reset it to true in about:config, reload about:preferences#privacy and it will make no difference .. if the top checkbox is not ticked, the two sub checkboxes will also be not ticked, regardless of what the pref says

As earthlng points out, that parent option is datareporting.healthreport.uploadEnabled. I don't know if it was always the case, but shield studies are now a sub-option. So too is this new one. The UI is one thing, the code is another. They're getting better at this, trust me. Earthlng just checked the new option code and confirmed nothing happens unless healhreport is renabled

If you use the UI to check healthreport, it auto checks the personalized extensions. If you set healthreport via about:config (or user.js), then it doesn't auto check change the personalized extensions (you have to close and reopen the options page for the changes to show)

Anyway, it is entirely possible to get a confusing state of values.

I still think we should include this and clean up shield studies info, that both have no effect of healthreport is disabled

Edit: this is the LearnMore link: https://support.mozilla.org/kb/personalized-extension-recommendations

[ghost]

A real bag of bones.

nothing happens unless healhreport [datareporting.healthreport.uploadEnabled] is renabled

Good, we certainly won't re-enable it

The UI is one thing, the code is another.

Bag of bones.

Which means, if I understand correctly, that to be able to choose the value of

about:preferences / Privacy & security / Firefox Data Collection and Use / Allow Firefox to make personalized extension recommendations

we need to have datareporting.healthreport.uploadEnabled = true AND browser.discovery.enabled = true

Well, things are getting clearer. Light amid the darkness.

[Thorin-Oakenpants]

See: https://old.reddit.com/r/firefox/comments/alnn3f/storageaccessapi_permissions/effg5tp/ and the subsequent original thread

So storage access api is (for now) going to fill up and keep filling up with every site you visit

I actually closed Firefox, deleted my permissions.sqlite, restarted Firefox, and added back in 12 cookie permissions .. e.g I would just visit github, change the setting via the icon panel doropdown, reload the page and I was logged back in. I don't think I had any other permission exceptions TBH other than cookie ones.

My permissions.sqlite was 4.5mb (had a shitload of sites listed to block popup, image, install etc? NFI where they came from - maybe spybot search and destroy) .. now it's a super speedy 96kb

[ghost]

I've disabled this Storage Access API: pref("dom.storage_access.enabled", false);

My permissions.sqlite is now 160KB, I use SpywareBlaster but not its Mozilla Firefox protection which basically adds sites to have their cookies blocked, many sites which make finding my exceptions a hard work (another thing Mozilla could do is adding a search in the exceptions list...). Many exceptions here because I block cookies by default and add session only cookie permissions when site won't load without, and cookies allowed for three sites only. I read the #622 post on the power of cookie permissions, stunning.

Internet is nice but it certainly isn't as calm and relaxing as a Sunday in the countryside. Infernal machine it is.

[Thorin-Oakenpants]

All my software is portable (including SpywareBlaster : it's not hard to make it portable), and I do use it on client machines when applicable - e.g have to fix issues due to malware. I updated Spybot a couple of months ago, and did a one off yearly immunization with it on my own machine. I guess I was busy/tired and didn't register that FF would get bloated.

[crssi]

@earthlng

Allow Firefox to send technical and interaction data to Mozilla
datareporting.healthreport.uploadEnabled

  Allow Firefox to install and run studies
  app.shield.optoutstudies.enabled

  Allow Firefox to install and run studies
  browser.discovery.enabled

Allow Firefox to send backlogged crash reports on your behalf
browser.crashReports.unsubmittedCheck.autoSubmit2

True= ticked

On Nilla first 3 are True= ticked and the last is False= unticked

If the first is False= unticked then the next two are also unticked

Cheers

[ghost]

I've used Spybot S&D for years but abandoned it when it seemed to me it was getting bloated. I think its free edition is now rather limited compared to paid plans. Too heavy for me, even the free version. Moreover I recall its hosts entries problematic to deal with when one's hosts are managed by an integration tool such as Hostsman.

[Thorin-Oakenpants]

I read the #622 post on the power of cookie permissions, stunning.

I don't think it was always the case. The thing is they want everything to go thru an urlClassifier (or something) and thru content blocking first, and this then controls all persistent tracking data - so basically it's now all in place, that a cookie permission controls all data. And the next step is turning on NGLS (next gen local storage) and better quota management.

This is why you're seeing what cookies to accept are now under "Content Blocking" followed by a "Cookies & Site Data" section. All the cookie stuff used to be under "History".

[ghost]

As far as i'm concerned my cookie policy became radical (blocked by default) when cookies actually became the passport so to say of content blocking as mentioned above by you. The number of sites which take advantage of cookie permission to lay data in the user's localStorage and/or in his IndexedDB is relevant of the power given to websites, intentionally or not. In the older days I wouldn't even have imagined blocking cookies systematically.

My opinion is that laying data on a user's disk has always been an aim. Officially to make things quicker (quicker, when broadband is rising everywhere?) but in reality aimed at tracking. I'm a Firefox user and defender so to say but I really believe integrating cookies permissions in a global Content Blocking scheme was and remains more than a mistake: a fault.

Fortunately Firefox (still) includes the means to react, even if it's getting more and more complex if not complicated, not to mention technically unskilled Firefox users (is it legitimate to use a browser which is out of the box optimized for privacy without having to enter an Operations Center such as here in order to surf quietly?).

Anyway, for those of us, even partially (un) qualified as myself and others of course, given we have the time (I do, not everyone does), determination and the acceptation of a minimum of effort, we manage, thanks to places and people as here, to keep the best, improve the improvable and shut the worst of a browser's features.

[Thorin-Oakenpants]

I've been default deny cookies for probably at least 5 years. Excluding sites I need to log into (e.g bank, here) .. I've only ever come across a handful that actually really needed cookie permissions to work.

The problem is IDB (which is also used by service workers) cannot be cleared by host or time range (except time range: all). So it really comes down to clearing that on close, and realizing that you can have a session persistent storage in those areas. This is why I think cookie extensions are useless - what's the point in allowing all cookies all the time and cleaning up all the time, and leaving orphaned data ... sheeshus .. just think of the hundreds on thousands .. or rather millions . of cookie related shit I never had to deal with - read, writes, and OMG the tracking

Here's my decentraleyes for comparison: 300k of a small set of cdn files - that's over 4 to 5 years I guess since I installed it

Here's uBO : 2.2million requests- thats' since around FF54/55 (I started a clean counter etc when I set it up, on the way to moving from legacy extensions to web extensions)

So imagine what I saved in the last 4 or 5 years by denying cookies by default.

---

I actually like the approach of going thru cookies (all they did was extend it to also control some workers - i.e cookies have always AFAIK controlled local storage and IDB). The problem here is that you can't allow cookies but selectively deny IDB - in PB Mode it's auto denied. But the others are all fine. You can block service workers (e.g pref or in uMatrix), and you can clear local Storage by host.

Mozilla are close. We'll see how NGLS goes

[Thorin-Oakenpants]

• network.connectivity-service.enabled - disable under Quiet Fox? just the master switch should be enough

I searched and searched, checked out DXR, scoped out mercurial, used my google-fu ,, and I cannot find the ticket this was introduced. Did special Core>Networking searches on bugzilla, and MOAR. The best I can come up with is this

• https://bugzilla.mozilla.org/show_bug.cgi?id=1460537

  • We want a service similar to the captive portal check that will provide information about the network path to a fixed endpoint.

    This will let us know if we can use features such as TLS 1.3, IPv6, etc - that might not be supported by the network or they might be blocked by middleboxes.

• https://bugzilla.mozilla.org/show_bug.cgi?id=1502025

  • use captive portal service to perform connectivity

I'm still not sure exactly what this is trying to do. Not the IPv6/IPv6 bits, but the actual Connectivity Service.

[Thorin-Oakenpants]

geo.provider.ms-windows-location was added in FF38 - https://bugzilla.mozilla.org/show_bug.cgi?id=512407

This is the bugzilla linked to (2nd post): https://bugzilla.mozilla.org/show_bug.cgi?id=1512161 but I don't see this pref getting flipped in there. In https://bugzilla.mozilla.org/show_bug.cgi?id=1513186 - they refer to it as MLS. I'm guessing that means Mozilla Location Service. But all those zillas are not about this pref, right?

What am I missing here? The pref is "ms-windows"

Edit: just to add some info: https://bugzilla.mozilla.org/show_bug.cgi?id=1322477#c5

The geolocation provider can be Google, Apple, Windows, or Mozilla; it is the service we query for location. It is different depending on the OS. It looks like on windows we are using Mozilla Location Service (since if ms-windows-location is false, we use Mozilla's):

also note in the same comment

Can you try set about:config geo.provider.ms-windows-location=true and report if that fixed the problem? (btw, on windows older than 8 this setting is ignored).

[earthlng]

^^ https://bugzilla.mozilla.org/show_bug.cgi?id=1512161 is definitely the one. It got changed/activated by them removing and changing the if blocks around these prefs (and the prefs within): https://hg.mozilla.org/mozilla-central/rev/6de1ea2f0c0f#l1.16 ifndef EARLY_BETA_OR_EARLIER means if **not** early beta or earlier ie nightly which effectively made that block apply to Release+later betas. Now they removed that and also changed #if defined(XP_WIN) && defined(NIGHTLY_BUILD) to #ifdef XP_WIN ie it's no longer just active in Nightly on Windows.

geo.provider.use_gpsd seems to be equivalent to ms-location but on GTK systems (linux?) and geo.provider.use_corelocation is for Macs

on windows older than 8 this setting is ignored

good to know, thanks! :+1: