Closed hdatma closed 7 years ago
I'm not sure what the patch is? Can you send a PR and describe what it's doing? Thanks!
Since you are in Mozilla's security lab, would you please ask your supervisor to please ask their own supervisor to please put someone in charge of writing a comprehensive configuration script for the ESR source code?
You see, one thing is to say that you care about user's privacy and security, and another is to inject FF-ESR with half-baked and privacy-eroding code. The configuration script ought to opt-out (avoid compiling and be clear of) technologies like the following:
browser.pocket browser.safebrowsing browser.tabs.crashReporting browser.chrome.favicons browser.chrome.site_icons browser.newtabpage browser.snippets browser.search.geoSpecificDefaults browser.search.geoip camera.control.face_detection.enabled datareporting device.sensors dom.battery dom.gamepad dom.vibrator (on desktop!) dom.vr experiments geo.enabled geo.wifi gfx.font_rendering.graphite gfx.downloadable_fonts identity.fxaccounts loop media.webspeech media.webaudio media.peerconnection network.allow-experiments network.prefetch-next pdfjs services.sync social toolkit.telemetry toolkit.crashreporter webGL webRTC window.name
Thank you.
http-observatory/httpobs/scanner/analyzer/misc.py
http-observatory/httpobs/scanner/grader/grade.py