User.js: ToDo: diffs FF63-FF64

LOL another glitch in the parser.

pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"hidden\":true,\"provider_icon\":\"pocket\",\"provider_name\":\"Pocket\",\"read_more_endpoint\":\"https://getpocket.com/explore/trending?src=fx_new_tab\",\"stories_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant=default_spocs_off\",\"stories_referrer\":\"https://getpocket.com/recommendations\",\"topics_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lang=en-US\",\"model_keys\":[\"nmf_model_animals\",\"nmf_model_business\",\"nmf_model_career\",\"nmf_model_datascience\",\"nmf_model_design\",\"nmf_model_education\",\"nmf_model_entertainment\",\"nmf_model_environment\",\"nmf_model_fashion\",\"nmf_model_finance\",\"nmf_model_food\",\"nmf_model_health\",\"nmf_model_home\",\"nmf_model_life\",\"nmf_model_marketing\",\"nmf_model_politics\",\"nmf_model_programming\",\"nmf_model_science\",\"nmf_model_shopping\",\"nmf_model_sports\",\"nmf_model_tech\",\"nmf_model_travel\",\"nb_model_animals\",\"nb_model_books\",\"nb_model_business\",\"nb_model_career\",\"nb_model_datascience\",\"nb_model_design\",\"nb_model_economics\",\"nb_model_education\",\"nb_model_entertainment\",\"nb_model_environment\",\"nb_model_fashion\",\"nb_model_finance\",\"nb_model_food\",\"nb_model_game\",\"nb_model_health\",\"nb_model_history\",\"nb_model_home\",\"nb_model_life\",\"nb_model_marketing\",\"nb_model_military\",\"nb_model_philosophy\",\"nb_model_photography\",\"nb_model_politics\",\"nb_model_productivity\",\"nb_model_programming\",\"nb_model_psychology\",\"nb_model_science\",\"nb_model_shopping\",\"nb_model_society\",\"nb_model_space\",\"nb_model_sports\",\"nb_model_tech\",\"nb_model_travel\",\"nb_model_writing\"],\"show_spocs\":false,\"personalized\":true,\"version\":1}"); // prev: "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"hidden\":true,\"provider_icon\":\"pocket\",\"provider_name\":\"Pocket\",\"read_more_endpoint\":\"https://getpocket.com/explore/trending?src=fx_new_tab\",\"stories_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant=default_spocs_off\",\"stories_referrer\":\"https://getpocket.com/recommendations\",\"topics_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lang=en-US\",\"show_spocs\":false,\"personalized\":true}"

It's the length of the line. It breaks at 1024+ chars. One learns something new every day.

pref("devtools.remote.adb.extensionURL",
pref("devtools.webide.autoinstallADBExtension",
pref("devtools.webide.adbAddonID",
pref("devtools.webide.adbAddonURL",
pref("devtools.webide.autoinstallADBHelper",

...are all about remote debugging: https://github.com/mozilla/devtools-adb-extension

pref("security.identitypopup.recordEventElemetry", true);

That's a Typo.

@claustromaniac you noob :smile_cat:
just kidding! programming is always a work-in-progress. My own script(s) had similar birth pains

@Atavic
thanks for the link. We already have at least one of those prefs in the user.js and will update it with the renamed pref and perhaps add 1 or 2 more.
Yes that's a typo by mozilla

@earthlng I wasn't talking about my parser, though. Mine keeps becoming harder to break :sunglasses: I meant the GitHub parser:

changed in v64.0b9:

pref("alerts.useSystemBackend", false); // prev: true
pref("browser.fastblock.limit", 20000); // prev: 0
pref("browser.newtabpage.activity-stream.asrouter.messageProviders", "[{\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":true},{\"id\":\"snippets\",\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/\",\"updateCycleInMs\":14400000,\"enabled\":false},{\"id\":\"cfr\",\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"enabled\":false,\"cohort\":\"\"}]"); // prev: "[{\"id\":\"onboarding\",\"type\":\"local\",\"localProvider\":\"OnboardingMessageProvider\",\"enabled\":false,\"cohort\":0},{\"id\":\"snippets\",\"type\":\"remote\",\"url\":\"https://snippets.cdn.mozilla.net/us-west/bundles/bundle_d6d90fb9098ce8b45e60acf601bcb91b68322309.json\",\"updateCycleInMs\":14400000,\"enabled\":false},{\"id\":\"cfr\",\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"enabled\":false,\"cohort\":\"\"}]"
pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"hidden\":true,\"provider_icon\":\"pocket\",\"provider_name\":\"Pocket\",\"read_more_endpoint\":\"https://getpocket.com/explore/trending?src=fx_new_tab\",\"stories_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant=default_spocs_off\",\"stories_referrer\":\"https://getpocket.com/recommendations\",\"topics_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lang=en-US\",\"model_keys\":[\"nmf_model_animals\",\"nmf_model_business\",\"nmf_model_career\",\"nmf_model_datascience\",\"nmf_model_design\",\"nmf_model_education\",\"nmf_model_entertainment\",\"nmf_model_environment\",\"nmf_model_fashion\",\"nmf_model_finance\",\"nmf_model_food\",\"nmf_model_health\",\"nmf_model_home\",\"nmf_model_life\",\"nmf_model_marketing\",\"nmf_model_politics\",\"nmf_model_programming\",\"nmf_model_science\",\"nmf_model_shopping\",\"nmf_model_sports\",\"nmf_model_tech\",\"nmf_model_travel\",\"nb_model_animals\",\"nb_model_books\",\"nb_model_business\",\"nb_model_career\",\"nb_model_datascience\",\"nb_model_design\",\"nb_model_economics\",\"nb_model_education\",\"nb_model_entertainment\",\"nb_model_environment\",\"nb_model_fashion\",\"nb_model_finance\",\"nb_model_food\",\"nb_model_game\",\"nb_model_health\",\"nb_model_history\",\"nb_model_home\",\"nb_model_life\",\"nb_model_marketing\",\"nb_model_military\",\"nb_model_philosophy\",\"nb_model_photography\",\"nb_model_politics\",\"nb_model_productivity\",\"nb_model_programming\",\"nb_model_psychology\",\"nb_model_science\",\"nb_model_shopping\",\"nb_model_society\",\"nb_model_space\",\"nb_model_sports\",\"nb_model_tech\",\"nb_model_travel\",\"nb_model_writing\"],\"show_spocs\":false,\"personalized\":true,\"version\":1}"); // prev: "{\"api_key_pref\":\"extensions.pocket.oAuthConsumerKey\",\"hidden\":true,\"provider_icon\":\"pocket\",\"provider_name\":\"Pocket\",\"read_more_endpoint\":\"https://getpocket.com/explore/trending?src=fx_new_tab\",\"stories_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=en-US&feed_variant=default_spocs_off\",\"stories_referrer\":\"https://getpocket.com/recommendations\",\"topics_endpoint\":\"https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lang=en-US\",\"show_spocs\":false,\"personalized\":true}"
pref("browser.safebrowsing.downloads.remote.timeout_ms", 15000); // prev: 10000

Am I the only one who sees the line for browser.newtabpage.activity-stream.feeds.section.topstories.options without syntax highlighting?

oh damn, I wasn't exactly sure what you meant, I'm sorry mate :kissing_cat:
no I see the line without syntax highlighting too. I noticed it before in other diffs too but never gave it much of a thought about what the reason may be. @claustromaniac to the rescue ;)

Thanks guys for taking time for that :+1:

Time people learnt (browser.urlbar.ctrlCanonizesURLs) that the urlbar did not die and is not a saint

Canonize vs Canonicalize

@fmarier Please inform your co-workers :grin:

These are just timing prefs, new features at default off, or unrelated to privacy/etc. Pipe up if you think something is important

pref("browser.contentblocking.originlog.length", 32);
pref("browser.fission.simulate", false);
pref("browser.urlbar.ctrlCanonizesURLs", true);
pref("browser.urlbar.quantumbar", false);
pref("devtools.gridinspector.maxHighlighters", 3);
pref("devtools.inspector.changes.enabled", false);
pref("devtools.recordreplay.mvp.enabled", false);
pref("devtools.webconsole.jsterm.reverse-search", false);
pref("dom.caches.testing.enabled", false);
pref("dom.fetchObserver.enabled", false);
pref("dom.payments.request.user_interaction_required", true);
pref("dom.performance.children_results_ipc_timeout", 1000);
pref("dom.performance.time_to_first_interactive.enabled", false);
pref("dom.serviceWorkers.testing.enabled", false);
pref("dom.testing.structuredclonetester.enabled", false);
pref("dom.vr.external.notdetected.timeout", 60000);
pref("dom.vr.external.quit.timeout", 10000);
pref("dom.worker.canceling.timeoutMilliseconds", 30000);
pref("extensions.webextensions.performanceCountersMaxAge", 1000);
pref("gfx.font_ahem_antialias_none", false);
pref("gfx.webrender.blob.paint-flashing", false);
pref("identity.fxaccounts.commands.missed.fetch_interval", 86400);
pref("image.animated.generate-full-frames", false);
pref("image.cache.max-rasterized-svg-threshold-kb", 92160);
pref("image.mem.debug-reporting", false);
pref("intl.multilingual.downloadEnabled", true);
pref("javascript.options.baselinejit.threshold", 10);
pref("javascript.options.ion.frequent_bailout_threshold", 10);
pref("javascript.options.ion.threshold", 1000);
pref("layout.css.clip-path-path.enabled", false);
pref("layout.css.scrollbar-color.enabled", true);
pref("layout.css.supports-selector.enabled", false);
pref("media.navigator.mediadatadecoder_h264_enabled", false);
pref("media.wmf.force.allow-p010-format", false);
pref("pdfjs.eventBusDispatchToDOM", false);
pref("privacy.userInteraction.document.interval", 1800);
pref("privacy.userInteraction.expiration", 2592000);
pref("security.sandbox.plugin.tempDirSuffix", "");
pref("toolkit.aboutPerformance.showInternals", false);

pref("dom.keyboardevent.keypress.set_keycode_and_charcode_to_same_value", false);
I'm not sure but it sounds like this breaks keyboard spoofing, perhaps regardless of the value:

https://bugzilla.mozilla.org/show_bug.cgi?id=1479964#c25

And also note that this patch changes the behavior of KeyboardEvent::KeyCode()
when spoofing is enabled and the instance is initialized by initKeyEvent() or
initKeyboardEvent(). That was changed by bug 1222285 unexpectedly and keeping
the behavior makes patched code really ugly. Therefore, this takes back the
old behavior even if spoofing is enabled.

maybe you can ask Ethan?

Ahh .. OK, onto it (will move it back up) .. I took the name and value to mean no change to current status quo. But I did mean to mention it to Arthur because it would no doubt be flipped to true. I guess I should have read the ticket.

Update: email sent

Time people learnt (browser.urlbar.ctrlCanonizesURLs) that the urlbar did not die and is not a saint.

Lol! My new favourite typo.

@fmarier .. a tad OT: https://webtransparency.cs.princeton.edu/webcensus/data-release/ .. is any of that useful to you guys - eg "Firefox set to block all third-party cookies" and "DoNotTrack header is turned on" and all that cookie stuff

https://webtransparency.cs.princeton.edu/webcensus/data-release/

Yes, in fact the researcher behind that project (Steven) now works at Mozilla.

Same as the last lot. If anything sticks out as being worthy of putting back for more investigation, sing out

PS: interesting scroll-bar width ticket (can this be used via a script (no need for XUL) so scrollbar width is not unique per OS? - just food for thought - note OS is already leaked in many other ways, so I'm not saying to do this, it's just interesting)

pref("browser.contentblocking.originlog.length", 32);
pref("browser.fission.simulate", false);
pref("browser.urlbar.ctrlCanonizesURLs", true);
pref("browser.urlbar.quantumbar", false);
pref("devtools.gridinspector.maxHighlighters", 3);
pref("devtools.inspector.changes.enabled", false);
pref("devtools.recordreplay.mvp.enabled", false);
pref("devtools.webconsole.jsterm.reverse-search", false);
pref("dom.caches.testing.enabled", false);
pref("dom.fetchObserver.enabled", false);
pref("dom.payments.request.user_interaction_required", true);
pref("dom.performance.children_results_ipc_timeout", 1000);
pref("dom.performance.time_to_first_interactive.enabled", false);
pref("dom.serviceWorkers.testing.enabled", false);
pref("dom.testing.structuredclonetester.enabled", false);
pref("dom.vr.external.notdetected.timeout", 60000);
pref("dom.vr.external.quit.timeout", 10000);
pref("dom.worker.canceling.timeoutMilliseconds", 30000);
pref("extensions.webextensions.performanceCountersMaxAge", 1000);
pref("gfx.font_ahem_antialias_none", false);
pref("gfx.webrender.blob.paint-flashing", false);
pref("identity.fxaccounts.commands.missed.fetch_interval", 86400);
pref("image.animated.generate-full-frames", false);
pref("image.cache.max-rasterized-svg-threshold-kb", 92160);
pref("image.mem.debug-reporting", false);
pref("intl.multilingual.downloadEnabled", true);
pref("javascript.options.baselinejit.threshold", 10);
pref("javascript.options.ion.frequent_bailout_threshold", 10);
pref("javascript.options.ion.threshold", 1000);
pref("layout.css.clip-path-path.enabled", false);
pref("layout.css.scrollbar-color.enabled", true);
pref("layout.css.supports-selector.enabled", false);
pref("media.navigator.mediadatadecoder_h264_enabled", false);
pref("media.wmf.force.allow-p010-format", false);
pref("pdfjs.eventBusDispatchToDOM", false);
pref("privacy.userInteraction.document.interval", 1800);
pref("privacy.userInteraction.expiration", 2592000);
pref("security.sandbox.plugin.tempDirSuffix", "");
pref("toolkit.aboutPerformance.showInternals", false);

Speak up if you spot anything that needs MOAR investigation

pref("devtools.performance.recording.ui-base-url", "https://perf-html.io");
 // ^ 1480593: is/was hardcoded, this is just a pref to change it: eg for testing
pref("dom.security.featurePolicy.enabled", false);
 // ^ https://bugzilla.mozilla.org/show_bug.cgi?id=1390801
 // https://bugzilla.mozilla.org/attachment.cgi?id=9013973&action=diff
 // lets ignore this for now, it's not ready for be flipped IMO
pref("dom.xhr.standard_content_type_normalization", false);
 // ^ https://bugzilla.mozilla.org/show_bug.cgi?id=1454325
 // disabled due to issues: https://bugzilla.mozilla.org/show_bug.cgi?id=1499136
pref("extensions.webextensions.userScripts.enabled", false);
 // ^ wait til they flip it: https://bugzilla.mozilla.org/show_bug.cgi?id=1491272
 // META: https://bugzilla.mozilla.org/show_bug.cgi?id=1437098
pref("network.security.esni.enabled", false); // NECKO part of ESNI
 // ^ Disabling telemetry is the opt-out for this (and pref is currently false)
 // Am confused. Is this to enable ESNI or the telemetry?
pref("security.certerrors.recordEventTelemetry", true);
 // ^ https://bugzilla.mozilla.org/show_bug.cgi?id=1484255#c3
 // covered by telemetry master switch
pref("security.identitypopup.recordEventElemetry", true);
 // ^ https://bugzilla.mozilla.org/show_bug.cgi?id=1484251#c10
 // covered by telemetry master switch
pref("security.tls.hello_downgrade_check", false);
 // ^ https://bugzilla.mozilla.org/show_bug.cgi?id=1487279
 // let FF handle breakage. Pref is currently off anyway

pref("devtools.remote.adb.extensionURL", "https://ftp.mozilla.org/pub/mozilla.org/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi");
pref("devtools.webide.autoinstallADBExtension", true);

I assume the zilla would also cover the removal of devtools.webide.autoinstallADBHelper. I haven't looked at anything yet. Getting tired. I would assume the URL is covered by the other pref. Do we need this stuff? Someone do something :feel-free-to-help-guys:

pref("toolkit.coverage.enabled", false);
pref("toolkit.coverage.endpoint.base", "https://coverage.mozilla.org");

Wots this all about: https://bugzilla.mozilla.org/show_bug.cgi?id=1492656#c8 (what's that access denied zilla?). I don't like the word "ping". Look the pref is false, but does that mean the old way is used instead. Someone do some digging please :needs-jesus:

re: "coverage"
https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/docs/data/coverage-ping.rst

This ping is not enabled by default. When enabled, a ping is generated a total of once per profile, as a diagnostic tool to determine whether Telemetry is working for users.

This ping contains no client id and no environment data.

You can find more background information in this blog post.

Expected behaviours
-------------------
The following is a list of expected behaviours for the ``coverage`` ping:

- The ping will only be sent once per ping version, per profile.
- If sending the ping fails, it will be retried on startup.
- A totally arbitrary UUID is generated on first run on a new profile, to use for filtering duplicates.
- The ping is sent to a different endpoint not using existing Telemetry.
- The ping does not honor the Telemetry enabled preference, but provides its own opt-out preference: `toolkit.coverage.opt-out`.
- The ping is disabled by default. It is intended to be enabled for users on an experimental basis using the preference `toolkit.coverage.enabled`.

Booo! :-1:

user_pref("toolkit.coverage.enabled", false);
user_pref("toolkit.coverage.opt-out", true);

is all we need IMO.

However, an unknown portion of our users do not report telemetry for a variety of reasons. This means we may not have data that is representative of our entire population. For example, some enterprise builds are preconfigured to not send telemetry and some users manually opt-out of telemetry collection. We believe the large majority of clients do send telemetry but currently have no way of measuring this.

So, they already know that "an unknown portion of our users do not report telemetry" but they "currently have no way of measuring this." How the fuck will "sample a portion of all Firefox clients" give them more "representative (data) of our entire population" ?

ignore pref("dom.xhr.lowercase_header.enabled", true); // prev: false

:jeans: DONE - moved from changed to ignore

Can they not extrapolate from ~500 million users and X million of telemetry reports based on telemetry client-id? IDK, it makes no sense to me

todo: move 0370 to 0105b

:jeans: DONE - added to OP

FF65: https://bugzilla.mozilla.org/show_bug.cgi?id=1503681 .. something for earthlng to test, probably makes our script and E's extension's redundant. We can deal with it when we get 65 diffs

they only address common, non-malicious use of it. LowerCaseEqualsLiteral("_blank")
There are other targets you can use instead of "_blank" and all those will still allow access to the opener

^^ if it's not showing up in the diffs then it's always either a runtime-set or a hidden pref

browser.newtabpage.activity-stream.asrouter.messageProviders was removed in the meantime and replaced with 3 new prefs. I will update the diff when 64 final lands. But I don't think we need to tamper with those because Onboarding and CFR are all local and you won't ever see onboarding if you don't use Activity Stream AFAIK. The 3rd part of "ASrouter" is snippets and that's covered already by 0105b.
We could add browser.newtabpage.activity-stream.feeds.asrouterfeed=false since that's the master switch for all ASrouter things but IDK if we really need/want to do that.

We also don't need to mess with
browser.newtabpage.activity-stream.feeds.section.topstories.options because that's covered by browser.newtabpage.activity-stream.feeds.section.topstories=false in 0105c

do we want to do something with 4702 general.buildID.override? move to 9999?

Pocket no longer a system addon

Where do we move 0510 Pocket to? (0510 is also used in deprecated so we should update that bit as well)

do we want to do something with 4702 general.buildID.override? move to 9999?

Sure. Is it just obsolete code now, or actually removed?

It's here.

I was being lazy, I can kinda remember the code snippet when we talked about why they changed the value...`. Anyway, without looking at the code on DXR, is this going to be like the battery pref, and it gets moved back?

The non-hardcoded real value for buildID is actually still returned on privileged domains. The question would be (and I haven't looked) is, does this pref get applied for those privileged domains. In other words, is the pref still used (as compared to just still being in code).

If we're going to be consistent then

• battery pref is still used -> not in 9999 (note: has some merit in being able to turn this off from extensions which have access to the API)
• buildId pref -> ?

https://github.com/ghacksuserjs/ghacks-user.js/search?q=20181001000000&type=Issues

Where do we move 0510 Pocket to?

IDK, what do you suggest?

I went back to v54 and it used to live at 0373: the old 0370s were Snippets, Pocket, Flyweb, Social API.
current 0370s are all deprecated: 0372 Hello 0374 social. I guess 300s fits, but pocket (outside AS) doesn't do anything AFAIK unless you have an account? If it did any background connections to eg, pull in some recommendations (outside of AS), then 300s is it for sure. But regardless, it doesn't fit anywhere else .. so 0370 = :+1: AFAIConcerned

that's fine.
We can ignore buildID because it can still be used to spoof on privileged mozilla pages for those who don't use RFP.
We can add the CRF one inactive under Misc or Personal and the VR to the other VR if you want.
No need for the distrust_ca_policy, returnValue or the 3 asrouter providers IMO.
That leaves the keyboard one but IDK what to do with that.

by "ignore buildID" I mean keep it where it is

I thought we removed all those 0105* // comments about having a setting. We did have two, now I see four. I mapped all the UI settings to their prefs previously, and there were only two. It's why I have an issue open on cleaning up all the AS shit, because the UI is only for showing/hiding sections and does nothing to stop anything.

Pretty sure some of those four do not have a UI setting. In the meantime I have removed em all. We can deal with them again when we look at adding in and blanking all the other crap that isn't based on recent history. This is just a quick note, I'll get into it later

OT: https://bugzilla.mozilla.org/show_bug.cgi?id=167475 .. OK, I think have found a winner .. 17 years to patch

topstories definitely has a setting. the other 2 are only visible if Pocket is enabled I believe. You'll see it if you use a vanilla profile

Yeah, I did it all in a nilla 63 in #528 and I don't remember any items getting hidden/shown based on other checkboxes. Anyway, if we want to put em back, I can remap them all later (in 64)

Pocket doesn't have a checkbox. Don't need to put em back

Sorry mate, I misread what you meant .. I took when pocket is enabled to mean the pocket option in AS, not the hidden pref. It's gong to get too messy if we try and add individual UI info for these. You'll have to excuse me, I'm in a bit of trouble here and having a super hard time doing anything (and medical is at least a day away, if not longer). I'm not dying, so chill out :) .. but I am in sooooo much pain

^^ :cry: I wish you best :heart:

we can ignore dom.vr.service.enabled 1473399, as long as we cover devices (which RFP does) .. IANAExpert but any changes they do to VR is probably for the better (e.g giving it it's own thread, sandboxing it, etc)

dom.event.returnValue.enabledis false anyway, moving from new to ignore
Also see https://developer.mozilla.org/en-US/docs/Web/API/Event/returnValue

I'm all done. If you're happy, close this, change the date & version, do a pre-release

PS: Thanks for your hard work and input over the last few days :kiss: I love you more than :cat2:

Great. Thank you too :kiss:

can you do the release thingy please?

done

Didn't catch right... is browser.newtabpage.activity-stream.asrouter.userprefs.cfr acting as false with some master switch?
If not, what is your opinion about CFRs?

Cheers and thank you for everything

There's nothing master switchey about the pref. It enables/disables whether or not you get recommendations as you browse. There are other prefs that control endpoints for getting data throughout Activity Stream. When or if we blank those, it's usually as a fallback or future proofing. And to be honest, with AS I think I want to do provide this (effectively kill all outbound connections) as AS only provides a UI for showing/hiding sections - and they would want to all data already locally available for when you make sections visible. i.e. I fully expect with all AS UI options unchecked, that it will still retrieve and update local storage of snippets, recommended, cfr, and so on But we'll deal with all that in #528

As for my opinion, personally I do not want it. Currently it's US users only and recommends extensions. The release says "relevant Firefox features, services, and extensions", so expect it to expand in future. However, if you read the Big E's detective work, there are no issues here - data is prepared based for the endpoints based on research or something (who knows) and all your browser does is go grab a copy to store locally (expect this to diverge with regional, language versions).

I'm all for FF encouraging users to add extensions (60% have none?), but what is the vetting process here. I'm sure there is one, but sheesh, I look at some of the extensions of the month BS and cringe. I hope it doesn't become spam-like, or recommend a compromised extension - eg like here's a cool screenshot extension, and then a few months later it's revealed the extension has been auto-opt_in to hover up and sell all your data. The AMO vetting process, while faster than manual, is letting shit creep thru (don't get me wrong, its better than the cesspit that chrome provides).

It would be nice if, in order to make a CFR list, a protocol is signed off on. First the Extension must be fully vetted, secondly the extension developer must agree, and thirdly, the extension developer must sign off on liability and damages etc and pinky swear under oath (and penalty) that bad shit will not happen, and than any change of ownership must notify Mozilla. IDK.

It looks to me that the users will end with a numerous extensions in their profile, slowing down FF as a result and from security/privacy point of view they will get an extensions which could leak to many stuff uncontrolled.

"FACEBOOK_CONTAINER",
"GOOGLE_TRANSLATE",
"YOUTUBE_ENHANCE",
"WIKIPEDIA_CONTEXT_MENU_SEARCH",
"REDDIT_ENHANCEMENT",

source

That's just a test

resource://activity-stream/lib/CFRMessageProvider.jsm

WIKIPEDIA_CONTEXT_MENU_SEARCH + REDDIT_ENHANCEMENT are excluded at the moment (exclude: true)

Re: dom.keyboardevent.keypress.set_keycode_and_charcode_to_same_value

So I asked Tom Ritter and Arthur Edelstein about this. Tom wasn't sure, and checked with Tim Huang who got back to us (the below is from an email)

Hi Guys,

Sorry for the late response. I've checked the change around that. The change affects two things inside KeyCode() function.

First, it won't spoof the keyCode if the event is from initKeyEvent() or initKeyboardEvent(). This doesn't pose more threats in terms of fingerprinting protection since we don't spoof the keyCode if the event is from the script.

Second, it will directly return charCode for KeyCode() function when it is a 'keypress' event with printable keys[1], which ignores spoofing entirely. I think the char code is platform independent. So, there should be no fingerprinting issue around that.

Therefore, I think we are good here.

[1] https://searchfox.org/mozilla-central/rev/fd32b3a6fa3eff1468311f6fcf32b45c117136df/dom/events/KeyboardEvent.cpp#201-209

devtools.performance.recording.ui-base-url was brought up in https://github.com/ghacksuserjs/ghacks-user.js/pull/597 @earthlng FYI if you think we should do anything. I haven't looked at anything about this so have zero idea of the ramifications - I assume about:performance would break? IDK

Some info and links here.

It appeared with FF 64.