Check Librefox-Firefox this or that option could interest you...

[intika]

Hi,

First of all thank you a lot for your amazing work !
I just published my personal gathered tuned settings for firefox...

https://github.com/intika/privafox-firefox
Thorin Edit: https://github.com/intika/Librefox-Firefox

Privafox-Firefox : Tuning firefox settings (about:config) for a better security, privacy and performances. Firefox does not need to be rebuilt to be cleaned from privacy/security issues; as all settings can be changed in the about:config This project aim to fix security/privacy issues related to firefox and also tune it to gain some speed performances.
It uses mozilla.cfg and policies.json to have the changes applied to firefox...

This could be useful to may be pick-up some stuff from it. for ghacks-user.js project :)

;)

[earthlng]

wow! and I thought we are excessive :)

[intika]

Thank you for taking time to write this cool long answer :)

At first i thought of recompiling and patching firefox, and maintaining patches like the ungoogled-chromium project, but for firefox its a whole other story... it's a huge work for a single person and as 98% of the modifications can be done over about:config, i started there gathering all the reported settings, and as you said it does not hurt if outdated settings are present, but i know i have to do some cleaning because of PKs list i already did some and will do for sure take the time to clean it completely later.

I was very active regarding firefox in the past before the whole web-extensions thing, and left the boat because of that, and still i am one feet in one out lol... i recently tested v60xx... and was amazed by the work mozilla did even if i don't really agree about xul left behind like many but this is an other topic... (life is about evolving).

I posted here because the score of my project is a little different and i think i can bring a plus to ghacks-user.js as you bring us all a plus without doubt with your amazing work and follow up.

I use firefox/chromium as second main browser other than (pm) because it could be very fast some time... and as ffox v60x... is growing in speed amazingly i decided to use it and thus that generated the project...

The project goal is not just to change privacy setting, but more importantly to measure the impact on the performances when those settings are applied to find the perfect equilibrium between performances and privacy... sometimes settings that are not that important lead to huge performance impact. and some times just little tiny changes make a huge difference.

In short am trying to make a modified-bundled firefox with the maximum privacy possible without loosing performances and eventually gaining some.

Bundling the whole thing in firefox directly is also one of the scopes most users just want to use it without digging deep like we geek do... and some are yelling about this or that settings without really understanding what that setting do exactly.

Any way i am sharing my result here i think informations about performances impact would be useful as well here.

And also sometime mitigating issues with a custom extension have less impact other than disabling a whole api. i also often saw things disabled just for prevention while the real issue have been solved.

Now days a browser without js is just not an option.

I don't know where i am going exactly because i fear a little bit mozilla with the road they are taking, and i would not be surprised to see privacy issues growing exponentially to a an unmanageable size. it's already somehow the case it's why we need to keep our forces joined :)

Potential practical impact on your project :

• Disclosing performances impact in the comment
• Adapting this or that setting to avoid performance loss
• May be also disclosing in comment the used work around like i did some...

Applying the whole privacy thing without testing is something like 40/50% speed decrease. (i am not saying that you do... but a lot of user do, me included)

[intika]

Also not everything is bad about mozilla... like the new setting privacy.resistFingerprinting it's a amazing one with a great potential, we then need to stop editing useragent etc. because this feature already take care of it. (i eventually recommend in my project just change the os in the useragent) the impact is not yet visible because we are not a lot using that. and every settings that we make set our config to a unique one thus make it finger-printable

[intika]

We are on the same page :) (i am not willing to sacrifice security either just looking for alternatives and LEAVE ALWAYS the choice :))

[claustromaniac]

changed all lockPref to user_pref

Was that necessary? The script should be able to read pref(), user_pref(), lockPref() and sticky_pref(). If that is not the case then something is wrong.

[intika]

@Thorin-Oakenpants thanks a lot for taking time doing that it actually was help full... i am cleaning the whole thing for the new version... and as my project is tied to yours don't worry about difference i will post important one my self here, you don't have to check ;)
thanks again 👍

[intika]

The project was renamed to Librefox... i still did not released v2 but it's coming.

I do experienced some idle communication to mozilla (with default user.js), i am adding a section in v2 to block those connections... i will let you know here the result after the release ;) this may be useful... (i know that those connection are legit, i just don't want them)

Keep the good fight 👍 :)

Thanks

[intika]

One last thing i am reorganizing the project sections to make it easily reviewable
with section like "not present in ghacks" "deprecated" etc
and adding comment on why this or that settings differ from user.js
(i did not upload it yet)

[intika]

Do you really want to do that? It's a bit of overhead for you

Indeed it's a little bit fucked up this whole thing i don't remember who said here i would love to have a master switch but he is 1000% right in the other hand it's amazing to have all those stuff accessible easily

It would be better to leave that out

Okay i will then just add userJS_diff.log and explain the differences

Do you mean ours or yours?

Both... trying to make a firefox version with zero automated request ^^ thanks for the infos by the way

[claustromaniac]

I don't mind being mentioned there, but I reckon listing Contributors that don't appear as contributors here without mentioning how they contributed is very ambiguous. @intika, if your intent is simply to give everyone in that list credit because our work helped you in one way or another, I suggest you to either be more descriptive, or to reword it to something like Acknowledgments (thank you's) or something of the sort. My 2 cents 🐱

[intika]

@Thorin-Oakenpants thank you for the feedback no problem i will remove that :)
@claustromaniac i will update that to something more clear like Thanks/Acknowledgments @Thorin-Oakenpants do you also want not being listed on a "thank you" section ?

[intika]

i updated the about section https://github.com/intika/Librefox#about let me know if i can keep https://github.com/intika/Librefox#comparing-changes-and-updates or if you want any modification to what is written there

Also no donation where made (just to let you know) and the donation link was just there as additional info like i do on all my projects and it was there from the get go. (i was not asking explicitly for donation).

i am sorry if i hurt the feeling of anyone.

for the section https://github.com/intika/Librefox#librefox-browse-with-freedom- i just removed this '(gHacks and additional options)' to avoid confusion let me know its okay that way.

Any way let me know if its okay the way it is right now and if you want me to do any modification.

[intika]

... Going back to the main purpose of this... While working on Librefox i found some differences with gHacks that are worth a discussion:

// Pref : 2803: set what history items to clear on shutdown
// [SETTING] Privacy & Security>History>Custom Settings>Clear history when Firefox closes>Settings
// [NOTE] If 'history' is true, downloads will also be cleared regardless of the value
// but if 'history' is false, downloads can still be cleared independently
// However, this may not always be the case. The interface combines and syncs these
// prefs when set from there, and the sanitize code may change at any time 
//defaultPref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences
defaultPref("privacy.clearOnShutdown.cache", true);
defaultPref("privacy.clearOnShutdown.cookies", true);
defaultPref("privacy.clearOnShutdown.downloads", true); // see note above
defaultPref("privacy.clearOnShutdown.formdata", true); // Form & Search History
defaultPref("privacy.clearOnShutdown.history", true); // Browsing & Download History
defaultPref("privacy.clearOnShutdown.offlineApps", true); // Offline Website Data
defaultPref("privacy.clearOnShutdown.sessions", true); // Active Logins

This could be simplified with
defaultPref("privacy.sanitize.sanitizeOnShutdown", true); and defaultPref("privacy.cpd...

This is not present in gHack

// Pref : Preferred language for displaying websites... 
// The first settings overflow the second one
defaultPref("privacy.spoof_english", 2);
//defaultPref("intl.accept_languages", "en-US, en");

This one should be set to false ?

/* 0906: disable websites' autocomplete="off" (FF30+)
 * Don't let sites dictate use of saved logins and passwords. Increase security through
 * stronger password use. The trade-off is the convenience. Some sites should never be
 * saved (such as banking sites). Set at true, informed users can make their own choice. ***/
user_pref("signon.storeWhenAutocompleteOff", true); // default: true

Not present in gHacks

// Pref : Allow extensions access to list of sites
// https://github.com/mozilla/gecko/blob/central/toolkit/mozapps/extensions/AddonManagerWebAPI.cpp
lockPref("extensions.webapi.testing", false); // hidden prefs // default false

Not present in gHacks

// Pref : Disabling performance addon url [FF64+]
lockPref("devtools.performance.recording.ui-base-url", "");
// Default Value : https://perf-html.io

[intika]

Yes true i know many settings are controversial... moonchild from palemoon came with an analyze about those... https://forum.palemoon.org/viewtopic.php?f=4&t=21123&#p158437...

The project is very young, it was intended at first to be an alternative hardened Firefox (mixing settings and addons) for my personal needs and sharing it for those who would be interested... and to be honest i did not expect at all that much interest in the project... i did post 2 reddit to get some feedback about my work, but it kind a went viral... now it's normal that this or that setting would not match everyone's need... i have to come with a flexible release (settings page or so) to let every user configure the settings as he wish.

[intika]

@Thorin-Oakenpants thank you for your feedback, you don't need to waste your time to analyze it but if you want to, it will be appreciated :) 👍 and your comments will be added to intika/Librefox#53

[intika]

Thank you for you feedback i am adding important notice to intika/Librefox#53 ...

You have a lot of work in front of you

Yes indeed i know :D but it's worth it right ?

that this will suck the life out of you

Hhahahaha Yes i noticed that looool fully true !

PPS: don't listen to some of the rabid commentators on your repo. Just because that's how they like it, doesn't mean it's a good default (I have read some ludicrous ideas from some of them already)

I know, those users make a lot of noise ^^ indeed

decided now to drop recommending extensions

Yes but not in the current state of the project this is for next release, the "dangerous" thing will be first solved and the browser will have a default state much more acceptable compared to the current one and the idea is to provide a settings page for advanced users to let them switch whatever they want easily without going through a 3000 line file... and also this will fix the "locked" setting critique

[intika]

then they aren't advanced users. You need to define and clarify for users what your target market is

Yes of course, i noticed a lot and lot of newbie users just grabbing Librefox without any questioning and you are right i should treat all users as newbie... it's why i am willing to change a lot of default settings... but advanced technical users are a must for the project to survive (my self included) so an advanced settings page would be the thing that would make the project differ from Firefox... it's all about giving the choice right ? so the choice will be given in an easy interface

[intika]

Also one important thing

And I kind of feel you're just reinventing the wheel, our wheel. It's like you've come along, slurped up 4 years of labor

It's been almost 2 months now that i am working on this almost full time... what can i do regarding regarding your comment ?

Also as i already said i am planning to change the cfg/user.js integration into a gui. it will be different when it will be done.

[intika]

I think that it draw attention because it's kind a accessible for anyone (binaries) even if i did not meant that when i created the project (not for beginners). and because of its name too; also the extensions... and also may be kind a saying yes to any request...

Where gHacks is kind a meant for advanced user, and getting the hands dirty... (even if i know it could be applied easily) may be building a binary for gHacks would attract more users, kind a patcher that would apply the ghacks settings. like the one used in https://github.com/overdodactyl/ShadowFox.

But to be 100% honest i think it's about posting the right thing at the right moment in the right place (https://www.reddit.com/r/linux/comments/a8ru20/librefox_mainstream_firefox_with_a_better_privacy/) other users did posted an equivalent post before i came with the binaries without success. i did so just after releasing the version i thought good enough to be published.

and i never did ask anyone to post anything. i just posted twice on reddit... and people did the rest, it's all about communication ;)

Any way just to summarize (and this is just my opinion)

1. Develop a patching binary multi-platform x32/x64 - Win/Linux/Mac (6 versions)
2. Post a reddit under r/linux and an other one under whatever you think it's good. (after releasing the binary)
3. Drop the ego, and use the critiques to enforce the project.

Note : i need you to survive, keep going and get more attention for my project looool :p ... it's why i gave you as much credit in the first place in my readme page (not that i needed that to attract users but truly to give you credit !)

PPS : an extension as updater could be helpful as well and also you could improve the main readme (make it nicer... with links to the binaries if you decide to... )

[intika]

Just as example, https://github.com/intika/Linux-Application-Firewall this is a very interesting project but because there where 0 communication the project have 0 stars

[crssi]

I kind of like the @intika idea and his drive for Librefox.
For sure the project is young and there are many wrong directions/choices/decision (as always at start and missing mileage).
With a, for example, wisdom of @Thorin-Oakenpants , @earthlng , @claustromaniac and others... and if @intika will take those seriously then Librefox might become a great browser.
Don't you think so?

[intika]

@crssi yes indeed and i am listening to every one :) but ghacks deserve more attention in the current state of the project (ghacks) the attention will continue to grow continuously but a little/big push wont hurt. i don't know what @Thorin-Oakenpants is deciding about that