Open intika opened 5 years ago
There was a lot more, but I stopped. It'll be up to you guys to sort it out. And I agree with most of what Moonchild says. I've been over most of these several times before, including rejecting many of them or proposed values when suggested (the prefs as well as some of moonchlld's observations).
But also Moonchild is coming from a perspective that things shouldn't break. The ghacks user.js he probably thinks as well is an "insane configuration". But this is a niche product (and you better TELL people that and WARN them and provide a CHECKLIST etc because IMO some of these prefs and settings are insane). Ours is also a niche, but more gentle, product - with tags built in to flip things, an updater, a full on wiki, recommended and tested extensions, and four plus years of knowledge and testing and code digging etc. You're welcome to drawn on that and keep in contact.
That's it really. Decide your target market, make it clear to users who that is, warn them of all the dangers and breakage - every single one (e.g extensions are not updated), and provide the support for users to make changes and understand wtf just happened
Good luck :)
That's it really. Decide your target market, make it clear to users who that is.
it's important to know what the audience is and what audience the browser is targeted at. and it is important to communicate the priorities. something like whether it is: security>privacy>usability>maintainability or maintainability>privacy>security>usability this makes the project consistent and avoids confusion what later seeds conflicts in larger projects. this all said, it should also be avoided to artificially constrain the project by the prime objective but only if a compromise is unavoidable.
@Thorin-Oakenpants I actually only lifted out the ones that are severely breaking - I didn't comment on any that would be a good choice for this product with some breakage, but as you said yourself it breaks left right and center, as well as a number of things that aren't directly exposed to the user but do break under the hood (e.g. OCSP and blocklisting). I don't think most of what is done is insane, but some things that are done are clearly wrong either out of ignorance or because things haven't really been thought through before changing the settings. Some things should simply not be forced differently because all they do is break stuff with no benefit.
@intika : I understand you want to prevent calling home as much as possible, so from my own experience and the same desire for Pale Moon, here are some things to consider to improve without adding more exposure to mozilla:
Other things are entirely at your discretion and a balance between functionality and privacy. It'll be up to you to determine where you want Librefox to stand in that case.
@wolfbeast
I understand you want to prevent calling home as much as possible
since the post was @ me, I just want to clarify that this is not what I or the ghacks user.js aims for. If it doesn't impact security or privacy then I leave it alone (but may provide options). Some people don't understand what privacy actually means
Enable Windows jumplists
you (librefox) need to distinguish between different threat levels. There's shoulder surfers vs persistent local storage (you would need to be compromised locally) vs external etc
I actually only lifted out the ones that are severely breaking
I know. There's way more. One of my initial quick checks revealed a load of deprecated prefs (this is FF60+base) and overall, as intika has said to me elsewhere, it was more of a personal project with his settings .. but enough on that .. I think everyone can agree that the ship needs a little steering :)
an example
Enable IPv6
After 3.5 years of NOT disabling ip6 .. I did (in the ghacks user.js). I did this after user feedback. I also including setup tags, etc ... and we weighed up the pros and cons - it doesn't break anything AFAIK, and most people worldwide can;t even use it ... and it something that should be handled on a network level ...
but it is a privacy/tracking risk, and it can compromise VPNs (when not set up correctly), etyc .. but that information is in our single point of reference .. the user.js itself .. knowledge is power
so we flipped it, after *really** thinking about it, after consulting users, and built in fallbacks for end users
^^ this is what the llibrefox project faces. Its not easy throwing 200 or 300 changes to prefs (a lot are enforcing defaults) ... I have about 90 odd (out of 450+ in FF60+) that break something - whether that be UI behavior or web sites or performance ... and the permutations of 90 items is astronomical .. which is why its so important to outlay expectations, provide info and an easy way to get to it and decipher it, etc
I'll stop now .. time for something else
@Thorin-Oakenpants Apologies for not being clear. only the first paragraph was directed at you, the rest was directed at the Librefox project maintainer(s).
so one question that has to be answered is "what priority does local privacy have?" imo it's on a whole other level. once an intruder already has control over the system he can do basically anything. there are endless threat models and every counter measure can theoretically be reversed by an adversary. once an attacker is in the system there is no such thing as real scurity. al you can do is make low hanging fruits less low hanging. protecting against this is a sisyphus task. so i personally think it should have lower priority and it's mostly other softwares job anyway.
Following https://github.com/intika/Librefox/issues/34 many settings have to be defaulted to a different value while leaving the choice for the user... Here are some pro developer feedback for Librefox
Eloston
"Success" is a pretty broad term. I will assume you define "success" based on the number of users, what users say about the project, and the kinds of bug reports this project receives. In that case, there are several points I can note (in no particular order of importance):
Continual desire to improve the project and oneself. I think this is the most important point. I mainly gather ideas based on feedback, experiences from this and past software projects, and experimenting with software in general. I also gather ideas by reading code and docs from Google, reading technical blog posts about software, and reading about new developments in software engineering.
Dedicating a lot of time to the project. Especially in the following areas:
Consistent attention to overall quality of documentation, code, and user experience (building the browser, using the browser, downloading pre-built binaries, reading documentation, etc.)
This project is not widely known, and people aren't confusing it with the trademarked Chrome and Chromium. If it becomes an issue, then I'll be fine with changing it.
I don't know much about Firefox, so I can't give you any specific advice. Hopefully my comments on what made this project successful will help you too. Regardless, I am glad that my project has inspired you to create Librefox. I wish you luck with it!
Moonchild
Pants
Also, already looked at, but need to re review for new version