New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC] misc. prefs #27
Comments
Hello @atomGit !
You're absolutely right, this is a big oversight on my behalf.... I actually didn't notice the "links" between these preferences when I purged the unimplemented ones.
I agree, if we assume that calendar timezone cannot "leak" through email client/Web usages.
From a privacy PoV, preventing preview/subject/sender from appearing in notifications may be required on setups where you have eyes behind your screen (e.g. at work if you are showing another window, or in case of an intimate relationship threat).
I agree that RFP can be boring, but I'm not keen about disabling it. If a Web remote content is loaded from an email and/or a Web page ends up loaded in TB built-in browser, RFP helps mitigate many (most of ?) fingerprinting techniques widely used. Thanks again, bye 👋 |
i would vote for dumping the as for RFP, i understand |
Let's leave new email alert preferences to their default values, but note that they may be appreciated in some environments. > See #27
In #24, we wrongly assumed that ETP Strict Mode was available in TB 102 (as it was for FF 102). This patch aims to workaround this (security) issue by : * Re-enabling FPI ; * Re-enabling DNT header ; * Restoring `network.cookie.cookieBehavior` tweak ; * Re-enabling ETP with custom settings (including query parameter stripping) ; * Re-dealing with persistent storage-related preferences (`2700`). This increases divergence with Arkenfox upstream template. > see #27
Hey back @atomGit After some diggings, see below my points :
Are we all good here ? Thanks again ! Bye 👋 |
In #24, we wrongly assumed that ETP Strict Mode was available in TB 102 (as it was for FF 102). This patch aims to workaround this (security) issue by : * Re-enabling FPI ; * Re-enabling DNT header ; * Restoring `network.cookie.cookieBehavior` tweak ; * Re-enabling ETP with custom settings (including query parameter stripping) ; * Re-dealing with persistent storage-related preferences (`2700`). This increases divergence with Arkenfox upstream template. > see #27
In #24, we wrongly assumed that ETP Strict Mode was available in TB 102 (as it was for FF 102). This patch aims to workaround this (security) issue by : * Re-enabling FPI ; * Re-enabling DNT header ; * Restoring `network.cookie.cookieBehavior` tweak ; * Re-enabling ETP with custom settings (including query parameter stripping) ; * Re-dealing with persistent storage-related preferences (`2700`). This increases divergence with Arkenfox upstream template. > see #27
it all seems good to me
yes, sorry, i messed up - i meant email timestamps - and just to reaffirm, i agree that RFP should be left enabled |
In #24, we wrongly assumed that ETP Strict Mode was available in TB 102 (as it was for FF 102). This patch aims to workaround this (security) issue by : * Re-enabling FPI ; * Re-enabling DNT header ; * Restoring `network.cookie.cookieBehavior` tweak ; * Re-enabling ETP with custom settings (including query parameter stripping) ; * Re-dealing with persistent storage-related preferences (`2700`). This increases divergence with Arkenfox upstream template. > see #27
hello again :)
i have some comments/questions regarding various prefs...
sec. 2701 (ETP) is currently missing from user.js, however it seems there are several prefs that are set as if ETP were present
network.cookie.cookieBehavior
- should this be uncomented and set to '2'? do other prefs in section 7016 need to be revisited also?privacy.firstparty.isolate
- same as above - shouldn't this be true until ETP arrives?calendar.timezone.local
- given the calendar is now integrated and essentially useless without a correct time, and guessing that a lot of people do/will use it, i think this should be set to default"mail.biff.alert.*
- is there a reason (privacy-wise) to override user choice with these prefs?"privacy.resistFingerprinting", true
- this messes up dates/times and a few other things - given that TB is primarily a mail client, and ought to be used only for mail, and given calendar integration, i think this should be set to falseThe text was updated successfully, but these errors were encountered: