An idea for a wiki page for users who already use another user.js to get them started using this user.js:

1. open Firefox (to update all the timestamp prefs and shit) and close Firefox
2. copy the profile, rename to *.temp and add it to profiles.ini or in case of Portable, just create a complete copy of the whole folder
3. replace the existing user.js with the unchanged user.js Master in the temp folder, start Firefox, close Firefox
4. side-by-side compare the 2 prefs.js files to see all the additional changes that this user.js did
   (because the prefs.js files are sorted by pref name it makes comparing very easy)
5. based on (4) make changes as you see fit in the user.js, backup the previous user.js and then move the edited ghacks-user.js into the main profile
6. delete the temp profile / temp portable folder and enjoy the latest and greatest user.js
7. once someone uses a copy of our user.js it's very easy to compare their version with the latest release/master and merge changes they want

for the References: https://github.com/mozilla/one-off-system-add-ons/

Alternative to @earthlng is Wiki's Multiple Profiles.

83 updated.

EDIT: Here's a new repo by Mozilla, focused on the server side.

Collaborators can't edit, while members can.

There's gist also.

Can confirm, forks don't keep wiki from original repositories.

Welcome to the GeckoPrefsExporter wiki!

Looks like gecko.readthedocs.io has moved to firefox-source-docs.mozilla.org (d2r03xnqvbcxrv.cloudfront.net). There are two references in the user.js that should probably be updated. Other pages continue to exist at *.readthedocs.io, including but not limited to:

autopush.readthedocs.io
bedrock.readthedocs.io
bleach.readthedocs.io
cornice.readthedocs.io
firefox-puppeteer.readthedocs.io
fxa.readthedocs.io
kinto.readthedocs.io
marionette-client.readthedocs.io
minion.readthedocs.io
moz-services-docs.readthedocs.io
mozdef.readthedocs.io
mozilla-balrog.readthedocs.io
mozilla-django-oidc.readthedocs.io
mozilla-push-service.readthedocs.io
mozilla-services.readthedocs.io
mozilla-version-control-tools.readthedocs.io
moztrap.readthedocs.io

Perhaps https://firefox-source-docs.mozilla.org/ should be in the Wiki references section?

• done - Thorin

FIY Recommended Legacy Extension NoScript has update version-5.1.8.3

Hey @overdodactyl .. me again .. can you point this poor fellow to the wiki

• https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.2-Multiple-Profiles-%5BFirefox-Portable%5D - which he is doing anyway, running two unpacked FF pafs
• https://github.com/ghacksuserjs/ghacks-user.js/wiki/2.3-Concurrent-Profiles

I haven't checked this still works lately. But he does NOT need the -no remote (besides, he is running the FirefoxPortable.exe, not Firefox.exe), he needs the AllowMultipleInstances=true in both his portables

I'll just nip off and re-test it with a FF59 portable and a FF60 portable

@overdodactyl - yeah, it still works .. post this pic if you like as proof

Edit: Also about:profiles does exactly jack-shit in portable FF

Just did, thanks!

@Thorin-Oakenpants using the search bar for private searches is not safe.

Please explain why Atavic. I'm not a mind reader.

Edit: Note: follow on search is disabled (xpi removed), search engines are all sanitized custom ones, and search suggestions are off etc - zero leaks at my end unless you discovered something new

Just kidding about the searched words on FF Quantum on the right: https://github.com/ghacksuserjs/ghacks-user.js/issues/65#issuecomment-377691103

I put those little easter eggs in for you guys to spot, not the first time I've done it :)

In Appendix A, JonDonym is misspelled as JoDonym.

^^ Thanks. Fixed :)

FYI: added @media window size leak PoC to the tests and clarified instruction to disable JS and to also resize the browser whilst the tests are open

In Appendix A, 5who - server not found

^^ thanks, fixed

I think it would be nice to add a link or two next to the entry for Detect Cloudflare in the newly added Extensions [Tools] section, with information. Maybe a link to #310 or to some article? It's ok not to wage war against Cloudflare, but I see an opportunity there for spreading information. I guess I really should have opened a new issue to talk about it back when I first mentioned Detect Cloudflare here.

Hm... alternatively, I could just try to to summarise the point of using the extension in the readme in my fork. Or we could do both.

Anyway, it's just something that crossed my mind.

Add something to your repo, and I can link to it in the wiki (no point duplicating work). I have faith in you :cat2: that you can write an awesome summary of the facts, pros, cons, life, the universe, and everything

This should be OK for a start. I will likely reword it later, though...

Not sure how to word the link. And it's kinda missing the other elephants in the room :elephant: (OMG, they have an elephant emoji ) which is that CF is effectively a MitM actor and can also collect browsing data <- edit: so its not just that you can't entrust the encryption, you also can't trust the content and you can't expect any privacy

edit: added link on wiki

I amended it. I'm sure there's still room for improvements but it should be fine for a summary.

updated 4.2.1-User-Scripts with infos about CanvasBlocker

FF alternatives

if we're interested in privacy, then should we mention viable FF alts in the wiki? i say this since, imo, Mozilla does not respect user privacy to a satisfactory degree (telemetry, system add-ons, partnerships with ethics-absent companies, "features" depending on 3rd parties, etc.)

• Pale Moon - can load legacy add-ons, but not WE - dated - security?
• Basilisk - supports legacy/WE add-ons - apparently keeps up with patches? - beta - by the devs of PM, but based on newer FF code base
• Waterfox - based of FF ESR currently, though it seems it might diverge further - supports legacy/WE add-ons - more privacy-centric than FF - stable imo
• what else?

also worth noting...

Why You Shouldn’t Use Firefox Forks Like Waterfox, Pale Moon, or Basilisk

Mozilla does not respect user privacy to a satisfactory degree

I call BS

• Large corporations make mistakes, and sure PR could always be better with incidents. Cliqz, Mr Robot etc are rare blips. As long as they learn from them
• Pocket: get over it. You can disable it with one config change
• Telemetry: you can disable 99% of it with a single click. And everything else can be mitigated as well (pings on close etc or whatever). Telemetry data is anonymized (AFAIK) and its all available and open for anyone to see. They're not collecting your history etc. Its performance data (to better the product) or feature data (eg TLS versions on sites etc) to measure when to flip or remove said features etc
• Activity Stream: some stuff like recommended/sponsored/pocket tiles etc can be disabled, and AFAIK its locally analysed or whatever- i.e no history etc is actually sent out. Personally I can't stand AS, but as long as Mozilla provide options to flip off parts of it, and to even stop using it by using a different start page, then it's not a big deal.
• Mozilla is a different beast. I am not an expert, but this is not some giant corporation with deep pockets (apple, google, MS), and they have to derive income from somewhere. Default/region search engine deals and FollowOn (which is just a count) - big deal (although I personally do not like FollowOn). As long as we can change engines and remove system addons, so what.
• Default settings: If FF is to be used, by default it needs to work with websites (although I think some things could be tightened up in general (eg beacons) or in PB mode where there may be a slight acceptance in some minor breakage). Not worried about this, as long as we have prefs.

Of all major browsers, Firefox is the only one that truly fights for and respects privacy, and offers a massive amount of customization. And its 100% open source. Shit like Vivaldi and Brave don't even come close, they're not even anywhere near mature products. Waterfox and other forks are inherently dangerous. PM is a piece of antique shit. Safari I'm not familiar with really - but hey, they decided to build in FP'ing protection - which Mozilla planned and started to do years ago.

then should we mention viable FF alts

There are no viable FF alts

This repo will not recommend forks other than TBB (I would consider that totally irresponsible from a security standpoint alone). FF can do everything any fork can (regards security/privacy/etc) so there is no need to recommend anything else anyway.

Maybe Mozilla comes under scrutiny more, because everyone has just accepted EvilCorp etc for being the privacy invading corporate money-making machines that they are, so they just shrug. But Mozilla does the slightest, tiniest thing and the knives come out. And due to the loss of more powerful legacy extensions, there are a tiny but vocal haters out there (those who put up with the vitriol in ghacks comments for a few years until well after Quantum was released will know what I'm talking about).

I honestly believe that if Mozilla found a cure for cancer and gave it to the world patent free, there would still be those who bitch and complain about it.

I'll stop here. I don't want a discussion. This repo is about FF and nothing else

I hesitate to comment, because I know you don't want this thread derailed, which is why I didn't reply earlier. Maybe these comments should be moved to a separate issue. But I do want to reply to a couple things you said. First, I disagree that Waterfox is inherently dangerous. It's 99.99% identical to Firefox, with all the updates, and the only difference being that it has the telemetry and other stuff ripped out. I won't disagree that this adds a _very_ slight chance of something being done wrong and exposing it to threats, but I consider it to be so miniscule as to not be a concern. I personally use it for two reasons: it still supports legacy add-ons, and it's more up-to-date than ESR. So it's a happy medium. Once Mozilla gets their ducks in a row regarding the API so WE add-ons can accomplish the same things their legacy counterparts can, I'm all for moving to Quantum. But IMO, they really dropped the ball, hard, on that. They should have had that _much_ more mature before dropping legacy support.

That's just one reason why I don't care for Mozilla. Another is the stuff you mentioned, and another is the fact they're dumbing down the browser and removing much of the customization you praise them for. Sure, they're still better than other browsers, but for how long? They're going the wrong way, trying to appeal to the masses of basic users and largely ignoring the power users that made them what they are. That's a BIG part of why many don't like Mozilla, not just the stuff you mentioned.

As for the other stuff, I have mixed feelings about it. As you said, Mozilla does do a _lot_ for user privacy and security. But they also do quite a bit to act against it, either actively, such as removing add-ons that enhance it, or passively, by ignoring or refusing to fix issues that affect privacy and/or security (as well as usability) for years. I commend them for their anti-fingerprinting, anti-tracking, and other quests, but to say that stuff makes them some wonderful entity is like saying a doctor that works really hard to treat some patients while ignoring others that lie in their beds moaning in pain as they die a slow death is a terrific doctor (ok, that analogy may be a bit extreme, but you get the point). I see much of the same behavior in Mozilla with regards to this as I do with Google, a company that also does a lot of good for security and even sometimes privacy, yet I doubt many here would claim they're a great company.

I do agree, however, about Pale Moon. I used it for years and finally switched back (sort of). It's just so far behind, and I have my doubts about its security considering how vastly different it is. Basilisk is similar, though perhaps not as bad due to being based on newer Firefox versions, but it's still quite a bit different, and it's not even their primary project, so it's unlikely it's getting enough attention.

So I guess what I'm trying to say is, let's all just agree that Edge is the biggest POS and should be avoided at all costs (sorry, I couldn't resist).

Mozilla does not respect user privacy to a satisfactory degree

I call BS

you can call it what you want, but it's not your place to judge what i think a satisfactory degree of privacy is

if partnering with privacy hating mega-corporations like Google, Yahoo, Amdocs, Comcast, Verizon, etc., etc., etc.. meets your definition of a company that respects the privacy of its users, then we hold _very_ different opinions

that said, it's your repo and i'm not at all bothered that you don't wish to mention FF alts

but it's not your place to judge what i think

That's not what I meant, you've misread my intentions. You're entitled to your opinion. And no, I do not think our opinions are very different. I'm just taking a pragmatic approach, or looking at it from a different angle. Almost ALL companies are privacy hating, especially all those mega ones IMO. Mozilla need revenue (and we need Mozilla and diversity in the browser space), and that has to come from a search engine deal. So of course it always going to be objectionable. Would I like FF to partner with DDG or whatever - fuckyeah, but it ain't going to happen.

Anyway, enough of this

@Thorin-Oakenpants, @earthlng:

The two files from the wiki that contain colons in their names (Appendix A: Test Sites.md and Appendix B: References.md) can't be pulled with Git on Windows because colons are not allowed in filenames on that platform.

The easiest way to fix this is to replace the colons with another character (fe this unicode character works ꞉), but this has the drawback that any links pointing to either of those sections will break.

There might be other more complicated ways to go about solving this, but I'd prefer to just rename those files (I don't care what we use as a replacement).

Whatcha think? :+1: :-1: ?

4.2.2 uBlock Origin

re: Startpage tracking pixels and the uBO filters for them - i think this was discussed before so sorry if i'm being redundant, but Startpage rep says they don't use tracking images - can read their emails here

4.1 Extensions > Extensions [Tools]

suggest to add Extension source viewer

closing - in future just open a new issue