search

schomery / privacy-settings

Alter Firefox's built-in privacy settings easily with a toolbar panel
http://firefox.add0n.com/privacy-settings.html
166 stars 24 forks source link

Possible addition to quick-configure buttons #6

Closed Gitoffthelawn closed 9 years ago

Gitoffthelawn commented 9 years ago

Privacy Settings currently has quick-configure buttons for 'Full Privacy', 'Protect Privacy & Security', and 'Reset to Defaults'.

Perhaps a worthwhile addition would be another quick-configure button to protect privacy and security while breaking as few sites as possible. Changing a few of the toggles may break some sites or limit functionality on others.

I have mixed thoughts about this idea, but I thought I would throw it out there to see if you or others like it.

schomery commented 9 years ago

Can you provide some example websites with a comment on which mode breaks the websites

Gitoffthelawn commented 9 years ago

I wonder if network.http.sendSecureXSiteReferrer will prevent some affiliate programs from working. I'm thinking of sites in which the user logs in to a site, and then clicks on a link that loads another site, on which the user makes a purchase. The user then receives a rebate or cash back for the purchase on the second site.

I wonder if setting that option to 'false' will prevent those types of systems from working.

In general, most well-designed sites don't need the referrer to be set, but quite a few sites are not well-designed.

For example, I wonder if sites that rely on keycaptcha.com will work if that setting is disabled. From what I've tested, keycaptcha.com requires a valid referrer and they often use https.

The settings security.tls.unrestricted_rc4_fallback and security.tls.insecure_fallback_hosts.use_static_list, when disabled, should prevent all RC4 encrypted sites from loading. This isn't necessarily a bad thing, since RC4 is not secure, but it will likely break those sites. There is a list of some of the sites here: https://bug1124039.bmoattachments.org/attachment.cgi?id=8575374

The odd thing about disabling security.tls.unrestricted_rc4_fallback and security.tls.insecure_fallback_hosts.use_static_list is that items on the list still seem to load without error. They should not load at all. It's either a Firefox bug, a Privacy Settings bug, or an "I'm not understanding something at the moment because I'm too tired" bug.

schomery commented 9 years ago

@Gitoffthelawn I added a new button. There is certainly a trade off between keep user privacy and being compatible. So I am just doing the minimum damage in this mode. Give it a try and let me know what you think

https://github.com/schomery/privacy-settings/blob/master/src/executables/extension.xpi?raw=true

Gitoffthelawn commented 9 years ago

I will take a look! Thanks!