User.js: ToDo: diffs FF67-FF68

I wonder, is it not risky to evaluate preferences one month before they reach the Release channel ? Feels like it forces to duplicate some work in order to check that the decisions made are still correct one month later.

Anyway, I went over the last 20 prefs of the "New" list.

pref("privacy.storagePrincipal.enabledForTrackers", false);
pref("privacy.trackingprotection.origin_telemetry.enabled", false);
pref("remote.enabled", false);
pref("remote.force-local", true);
pref("remote.log.level", "Info");
pref("security.tls.enable_post_handshake_auth", false);
pref("services.settings.security.onecrl.bucket", "security-state");
pref("services.settings.security.onecrl.checked", 0);
pref("services.settings.security.onecrl.collection", "onecrl");
pref("services.settings.security.onecrl.signer", "onecrl.content-signature.mozilla.org");
pref("services.sync.prefs.sync.browser.contentblocking.features.strict", true);
pref("signon.management.page.enabled", false);
pref("signon.showAutoCompleteOrigins", false);
pref("telemetry.origin_telemetry_test_mode.enabled", false);
pref("toolkit.content-background-hang-monitor.disabled", false);
pref("toolkit.legacyUserProfileCustomizations.stylesheets", false);
pref("toolkit.telemetry.ecosystemtelemetry.enabled", false);
pref("ui.android.mouse_as_touch", 1);
pref("view_source.tab", true);
pref("xul.panel-animations.enabled", true);

It appears that all 20 of them can be ignored.

Some of them are worth knowing about. toolkit.legacyUserProfileCustomizations.stylesheets may be worth adding to the user.js, commented out.

pref("remote.enabled", false);
pref("remote.force-local", true);
pref("remote.log.level", "Info");

pref("privacy.storagePrincipal.enabledForTrackers", false);

pref("privacy.trackingprotection.origin_telemetry.enabled", false);
pref("telemetry.origin_telemetry_test_mode.enabled", false);

pref("toolkit.telemetry.ecosystemtelemetry.enabled", false);

pref("toolkit.legacyUserProfileCustomizations.stylesheets", false);

This one must be set to true so that userChrome.css and userContent.css customisations can still work in Firefox 68.

Wow, thanks @Okamoi, now that's some quality contribution right there! 👍
The format you used is also great and especially that you listed the 20 prefs you looked at so that we'll still know what you were referring to after we start moving more stuff to the ignore list.

I wonder, is it not risky to evaluate preferences one month before they reach the Release channel ? Feels like it forces to duplicate some work in order to check that the decisions made are still correct one month later.

For a while now I've always waited with creating the diffs issue until a Beta is no longer in its early-beta stage. That reduces the amount of changes quite a bit and as you can see in the older diff issues there's usually not a lot that changes between the 1st non-early beta and the final release.
Posting the diffs early also gives us plenty of time to go over it so that we can have the next user.js version ready soon after a new FF release. As for "decisions", we usually wait with those and any actual commits until the final release diff is out.

pref("network.protocol-handler.external.ie.http", false);
pref("network.protocol-handler.external.iehistory", false);
pref("network.protocol-handler.external.ierss", false);

these 3 new prefs seem to be security related (1552627 = ACCESS DENIED) but they also landed these in 67.0.2 so I moved them to the ignore list.

^^ yes, I noted gk backported them in TB, there's also another one (1549833), but i have no idea what it is exactly: https://trac.torproject.org/projects/tor/ticket/30849

1549833 is about network.protocol-handler.external.res and that landed in 67.0

WTF is an auxclick (in dom.popup_allowed_events changed value)? Asking for a friend!

MDN is your friend.

• app.update.BITS.enabled defaults to true for 1/2 of the Windows userbase. Bug 1542100
  
  
  
  • https://dxr.mozilla.org/mozilla-central/source/toolkit/mozapps/update/UpdateService.jsm#582-593
  
  
  • Confirmed: one of my local clients is in that half.
  
  
• The default value of this pref is set at runtime (see the code). To prevent Firefox from setting it to true, app.update.BITS.inTrialGroup must be set to false beforehand.
• BITS is a Windows service for downloading files in the background using idle bandwidth.

Edit: they set the default to true for everyone now. Bug 1553977

Wow, thanks @Okamoi, now that's some quality contribution right there! +1
The format you used is also great and especially that you listed the 20 prefs you looked at so that we'll still know what you were referring to after we start moving more stuff to the ignore list.

Thanks! I wanted to reduce visual clutter while leaving relevant information searchable with a CTRL+F based on pref names. (Since collapsed = unsearchable. I wonder what search engines think of collapsed text now though...) This comment now is still a bit too lengthy with all the <hr /> but oh well, at least the eye knows where to look at.

By the way your bug list is really useful, are you getting them by searching for the pref name here ?

For a while now I've always waited with creating the diffs issue until a Beta is no longer in its early-beta stage. That reduces the amount of changes quite a bit and as you can see in the older diff issues there's usually not a lot that changes between the 1st non-early beta and the final release.

Okay then, fair enough! I didn't know there was such a thing as an early-beta stage and a more consolidated one.

So I went over 20 more prefs from the bottom of the "New" list.

pref("media.audiograph.single_thread.enabled", false);
pref("media.cache_readahead_limit.cellular", 30);
pref("media.cache_resume_threshold.cellular", 10);
pref("media.cache_size.cellular", 32768);
pref("media.devices.insecure.enabled", true);
pref("media.getusermedia.insecure.enabled", false);
pref("media.videocontrols.picture-in-picture.enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms", 5000);
pref("network.cookie.staleThreshold", 60);
pref("network.delay.tracking.load", 0);
pref("network.dns.resolver_shutdown_timeout_ms", 2000);
pref("network.http.enforce-framing.strict_chunked_encoding", true);
pref("network.ssl_tokens_cache_capacity", 2048);
pref("network.ssl_tokens_cache_enabled", false);
pref("network.traffic_analyzer.enabled", true);
pref("network.trr.excluded-domains", "localhost,local");
pref("network.trr.resolvers", "[{ \"name\": \"Cloudflare\", \"url\": \"https://mozilla.cloudflare-dns.com/dns-query\" }]");
pref("privacy.annotate_channels.strict_list.enabled", false);

It appears that 16 of them can be ignored, 1 should probably be changed, 1 depends on RFP specifics, 1 depends on your policy for this user.js, and 1 should IMO be ignored.

A couple more are worth knowing about, but not changing.

pref("media.audiograph.single_thread.enabled", false);
pref("media.cache_readahead_limit.cellular", 30);
pref("media.cache_resume_threshold.cellular", 10);
pref("media.cache_size.cellular", 32768);
pref("media.getusermedia.insecure.enabled", false);
pref("media.videocontrols.picture-in-picture.enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms", 5000);
pref("network.cookie.staleThreshold", 60);
pref("network.delay.tracking.load", 0);
pref("network.dns.resolver_shutdown_timeout_ms", 2000);
pref("network.http.enforce-framing.strict_chunked_encoding", true);
pref("network.ssl_tokens_cache_capacity", 2048);
pref("network.ssl_tokens_cache_enabled", false);
pref("network.trr.excluded-domains", "localhost,local");

4 preferences to consider for change:

pref("network.traffic_analyzer.enabled", true);

pref("media.devices.insecure.enabled", true);

pref("privacy.annotate_channels.strict_list.enabled", false);

pref("network.trr.resolvers", "[{ \"name\": \"Cloudflare\", \"url\": \"https://mozilla.cloudflare-dns.com/dns-query\" }]");

Ignored prefs worth knowing about:

Well, the next next 20 16 from the bottom are pretty straightforward. I would rank a few as ignore but worth knowing about, but I'll know about them in another life. Here:

pref("extensions.htmlaboutaddons.inline-options.enabled", true);
pref("fission.preserve_browsing_contexts", false);
pref("fission.rebuild_frameloaders_on_remoteness_change", false);
pref("gfx.direct3d11.use-double-buffering", false);
pref("gfx.logging.slow-frames.enabled", false);
pref("gfx.webrender.split-render-roots", false);
pref("intl.hyphenate-capitalized.de-1901", true);
pref("intl.hyphenate-capitalized.de-1996", true);
pref("intl.hyphenate-capitalized.de-CH", true);
pref("javascript.options.experimental.await_fix", false);
pref("javascript.options.mem.nursery.min_kb", 256);
pref("layout.css.line-height-moz-block-height.content.enabled", false);
pref("layout.css.resizeobserver.enabled", false);
pref("layout.css.shared-memory-ua-sheets.enabled", false);
pref("layout.css.simple-moz-gradient.enabled", true);
pref("layout.css.webkit-line-clamp.enabled", true);

Thanks @Okamoi / @WellOrientedLlama .... only 2 weeks to go. Are you guys going to get this done on time, or do I need to help out? Asking for a friend!

Sorry! I pledged to do 20 prefs and ended up doing 56, but I probably won't do much more before release. I always review all preferences on my own, but the context is different here; there's more work, so I need to fine tune over several Firefox releases and figure out where to cut corners. Perfectionism is a fucking curse to guard against, it's not a virtue.

So I think I'll keep the pledge approach for now, even if I increase the amount from 20. IMHO we need more people to pledge to take work off your shoulders; even a 10 prefs pledge would be great. Plus if we had 10 people doing 10 prefs each, they could even do it at maximum perfectionist snail-speed and still not feel burdened. And we would get more and better information. We can teach people how to look for data, it's not hard, it just gets tedious beyond the first few.

The second issue I have is that if I cover too many preferences, this repository's findings will not be independent from mine any more. The more prefs I cover, the less I will be able to continue using this repository to cross-check my decisions. So it is in my interest to do less, but it is also in my interest that you don't get tired of maintaining this repo. So... basically recruiting is the best solution from this viewpoint as well!

From a quick look that should not be blindly relied on, these are the remaining interesting prefs:

pref("app.update.BITS.enabled", false);    // https://github.com/ghacksuserjs/ghacks-user.js/issues/743#issuecomment-501676756
pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior4,cm,fp");
pref("browser.contentblocking.maxIntroCount", 5);
pref("browser.in-content.dark-mode", false);
pref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "{\"id\":\"cfr-fxa\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr-fxa\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}");
pref("corroborator.enabled", false);
pref("devtools.aboutdebugging.showHiddenAddons", false);
pref("devtools.browserconsole.contentMessages", false);
pref("devtools.browserconsole.filterContentMessages", false);
pref("dom.link.disabled_attribute.enabled", true);
pref("dom.metaElement.setCookie.allowed", false);
pref("dom.presentation.testing.simulate-receiver", false);
pref("dom.vr.process.enabled", true);
pref("dom.window.open.noreferrer.enabled", true);
pref("extensions.abuseReport.enabled", false);
pref("extensions.cookiesBehavior.overrideOnTopLevel", false);
pref("extensions.htmlaboutaddons.discover.enabled", false);

pref("devtools.aboutdebugging.showSystemAddons", false);    // Migrated to devtools.aboutdebugging.showHiddenAddons ?
pref("network.cookie.same-site.enabled", true);         // Why ?
pref("prio.enabled", false);                    // Why ?

pref("browser.newtabpage.activity-stream.asrouter.providers.cfr", "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]},\"categories\":[\"cfrAddons\",\"cfrFeatures\"],\"updateCycleInMs\":3600000}"); // prev: "{\"id\":\"cfr\",\"enabled\":true,\"type\":\"local\",\"localProvider\":\"CFRMessageProvider\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]},\"categories\":[\"cfrAddons\",\"cfrFeatures\"]}"
pref("browser.newtabpage.activity-stream.telemetry.structuredIngestion", true); // prev: false
pref("browser.urlbar.quantumbar", true); // prev: false
pref("dom.storage.next_gen", true);  // prev: false
pref("dom.vr.external.enabled", true); // prev: false
pref("dom.vr.openvr.action_input", true); // prev: false
pref("extensions.webcompat-reporter.enabled", true); // prev: false
pref("privacy.trackingprotection.cryptomining.annotate.enabled", true); // prev: false
pref("privacy.trackingprotection.fingerprinting.annotate.enabled", true); // prev: false
pref("security.certerrors.mitm.auto_enable_enterprise_roots", true); // prev: false
pref("webchannel.allowObject.urlWhitelist", "https://content.cdn.mozilla.net https://support.mozilla.org https://install.mozilla.org"); // prev: "https://content.cdn.mozilla.net https://input.mozilla.org https://support.mozilla.org https://install.mozilla.org"

relax :camel: ... i'm just messing with you (all) ... I took this on (i.e moving to github, with earthlng), so I'll make sure we get there. Any help is appreciated and is a bonus, not an expectation

Thanks for providing links and context etc :1st_place_medal:

i'm just messing with you

That didn't work. :feelsgood:

relax :camel:

As long as I'm not spitting right in your face, I'm always well-oriented, whatever that means. But I'm really ready to help organise a pledge system to get more people to participate, including writing up a fishing tutorial if necessary.

If you're reading this and would agree to *trying* to engage in such a promise-based participation, could you add the eyes smiley to this comment ? With 3 of those it might be worth it already, excluding Pants, Earthlng and whoever already has larger commitments to this repo.

I'm not entirely sure what "a pledge system" means or entails, and given my dedication (yeah, I make not-so-subtle remarks alluding to being over-worked all the time), it will always be done. So that's not the problem IMO.

The problem is I'm not an expert, at least not in all areas. I don't think any of us are. So the more eyes and brains working on it, the better the end result. As you said, "if I cover too many preferences, this repository's findings will not be independent from mine any more". <-- this

Can you enlighten me as to what form a pledge system would take? By fishing tutorial, do you mean a guide on how to investigate changes (searchfox, dxr, bugzilla search parameters, etc)?

PS: I'm not well-oriented at all: I'm isolated and not grounded to anything, I think. Not even sure what that means.

@earthlng IDFK .. am I doing something wrong? Never had this issue before, but I don't see anything in the related bugzillas to show me the prefs were removed. I normally do all this ahead of time in the deprecated sticky

pref("browser.aboutHomeSnippets.updateUrl", "https://snippets.cdn.mozilla.net/..."); 0105b
https://bugzilla.mozilla.org/show_bug.cgi?id=1540939 <-- where?

pref("browser.newtabpage.activity-stream.disableSnippets", false); 0105b
<-- can't find this?

pref("lightweightThemes.update.enabled", true); 0307
https://bugzilla.mozilla.org/show_bug.cgi?id=1525762 Part 3b <-- where?

pref("security.csp.experimentalEnabled", false); 2682
https://bugzilla.mozilla.org/show_bug.cgi?id=1517546 <-- where?
https://bugzilla.mozilla.org/show_bug.cgi?id=1386214 <-- where?

changes (if anyone wants to spot check them)

• deprecated -> ignore: after checking they weren't in the user.js
• changed -> bulleted/check-boxed: 4 items from the list and brought back one from deprecated
• changed -> ignore: almost all that was left was added to the 5 already in ignore
• new -> ignore: see below: of these
  
  
  
  • picture-in-picture is an unknown: it needs investigation by e.g Tor Project if it leaks anything
  
  
  • resizeobserver shouldn't be an issue: it's an additional/companion API to intersectionobserver which I looked at a few weeks ago. AFAIK it just makes it easier to detect things that could already be done via other means (albeit not elegant or always reliable) - feel free to follow up on it
  
  

pref("apz.fixed-margin-override.bottom", 0);
pref("apz.fixed-margin-override.enabled", false);
pref("apz.fixed-margin-override.top", 0);
pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior4,cm,fp");
pref("browser.contentblocking.maxIntroCount", 5);
pref("browser.in-content.dark-mode", false);
pref("browser.newtabpage.activity-stream.asrouter.providers.cfr-fxa", "{\"id\":\"cfr-fxa\",\"enabled\":true,\"type\":\"remote-settings\",\"bucket\":\"cfr-fxa\",\"frequency\":{\"custom\":[{\"period\":\"daily\",\"cap\":1}]}}");
pref("browser.safebrowsing.prefixset_max_array_size", 524288);
pref("corroborator.enabled", false);
pref("devtools.aboutdebugging.local-tab-debugging", false);
pref("devtools.aboutdebugging.process-debugging", true);
pref("devtools.aboutdebugging.showHiddenAddons", false);
pref("devtools.browserconsole.contentMessages", false);
pref("devtools.browserconsole.filterContentMessages", false);
pref("devtools.debugger.log-actions", false);
pref("devtools.inspector.inactive.css.enabled", false);
pref("devtools.netmonitor.requestBodyLimit", 1048576);
pref("devtools.webconsole.input.autocomplete", true);
pref("dom.window.open.noreferrer.enabled", true);
  // ^^ no need to enforce: nice it landed for ESR68
pref("fission.preserve_browsing_contexts", false);
pref("fission.rebuild_frameloaders_on_remoteness_change", false);
pref("gfx.direct3d11.use-double-buffering", false);
pref("gfx.logging.slow-frames.enabled", false);
pref("gfx.webrender.split-render-roots", false);
pref("intl.hyphenate-capitalized.de-1901", true);
pref("intl.hyphenate-capitalized.de-1996", true);
pref("intl.hyphenate-capitalized.de-CH", true);
pref("javascript.options.experimental.await_fix", false);
pref("javascript.options.mem.nursery.min_kb", 256);
pref("layout.css.line-height-moz-block-height.content.enabled", false);
pref("layout.css.resizeobserver.enabled", false);
pref("layout.css.shared-memory-ua-sheets.enabled", false);
pref("layout.css.simple-moz-gradient.enabled", true);
pref("layout.css.webkit-line-clamp.enabled", true);
pref("media.audiograph.single_thread.enabled", false);
pref("media.cache_readahead_limit.cellular", 30);
pref("media.cache_resume_threshold.cellular", 10);
pref("media.cache_size.cellular", 32768);
pref("media.getusermedia.insecure.enabled", false);
pref("media.videocontrols.picture-in-picture.enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.flyout-enabled", false);
pref("media.videocontrols.picture-in-picture.video-toggle.flyout-wait-ms", 5000);

@Thorin-Oakenpants Looked up two of the four prefs from your previous post:

For the pledge thing, I'll get back to it later :)

OK, I must be fucking tired or something, because that's exactly what I was already looking at: https://phabricator.services.mozilla.com/D27252 and couldn't see it

https://bugzilla.mozilla.org/show_bug.cgi?id=1525762 : yes, I was looking at that and E said it was Part 3b but I can;t see it's removal.Maybe I need a break

@Okamoi / @WellOrientedLlama

By the way your bug list is really useful, are you getting them by searching for the pref name here ?

1st of all, sorry for the late reply.
I'm not doing the bug list lookup manually (I'm not that crazy ;). I wrote a script that collects them for me and yes it works kind of like that but not exactly. It doesn't "search" for the pref name but instead looks at the changelogs for some of the most commonly used files where prefs are stored and goes over every commit to those files, looking at all the changed lines and within those, looking for lines with a certain format used for prefs. Then it extracts the prefname and checks if it's in the list of prefs I gave it as an input (ie the "diff" file) and if it matches, adds that bug id to the list of tickets for that pref for later output.
It doesn't work 100% reliably because it sometimes misses something or reports a false positive but for the most part it gets the job done.

@Thorin-Oakenpants

security.csp.experimentalEnabled:
https://bugzilla.mozilla.org/show_bug.cgi?id=1517546 is unrelated and one of those cases where my script kinda misfired (because of this line: https://hg.mozilla.org/mozilla-central/rev/6ce854f480d6#l2.5)

https://bugzilla.mozilla.org/show_bug.cgi?id=1386214 is the one where they removed it:

• this line is where they used to check that pref (outside of tests): https://hg.mozilla.org/mozilla-central/rev/3d66d37e72c3#l5.96
• and this is the removal of the pref itself: https://hg.mozilla.org/mozilla-central/rev/3d66d37e72c3#l29.13

browser.newtabpage.activity-stream.disableSnippets is another case where my script failed because AS is a fucking piece of shit! They set and access prefs in all kinds of different ways which makes automatic detection pretty much impossible and even if you look it up manually, they never explain why they do something and even the titles they use aren't very descriptive and often times the commits do a lot more than what's mentioned in the title.
Anyhow, the ticket where they removed this pref is https://bugzilla.mozilla.org/1546190

yes, I was looking at that and E said it was Part 3b but I can;t see it's removal

another case of when searching for the whole prefname doesn't work.

• removal of the default pref:
  https://hg.mozilla.org/integration/mozilla-inbound/rev/eb90dbf5abc88a452434245a0a1b2fae0ed835d6#l1.12
• this is where they access the lightweightThemes. pref branch and store it in _prefs:
  https://hg.mozilla.org/integration/mozilla-inbound/rev/eb90dbf5abc88a452434245a0a1b2fae0ed835d6#l2.36
• this is where they used _prefs to read lightweightThemes.update.enabled:
  https://hg.mozilla.org/integration/mozilla-inbound/rev/eb90dbf5abc88a452434245a0a1b2fae0ed835d6#l2.150

/* 0321: disable recommendations in about:addons' Extensions and Themes panes [FF68+] ***/
user_pref("extensions.getAddons.discovery.api_url", "");
user_pref("extensions.htmlaboutaddons.discover.enabled", false);

The boolean is default true in the latest dev (and E will update it with the final diff). I have to say this pref has no effect. Only blanking the URL works

pref("security.certerrors.mitm.auto_enable_enterprise_roots", true);

Bug 1547013 and 1529643

Beginning with Firefox 68, whenever a MITM error is detected, Firefox will automatically turn on the “enterprise roots” preference and retry the connection.

https://blog.mozilla.org/security/2019/07/01/fixing-antivirus-errors/

68.0 changes since 68.0b9

new

pref("app.update.BITS.enabled", true); // "new" with value false in 68.0b9
pref("extensions.abuseReport.enabled", true); // "new" with value false in 68.0b9
pref("extensions.htmlaboutaddons.discover.enabled", true); // "new" with value false in 68.0b9
pref("extensions.htmlaboutaddons.recommendations.enabled", true);
pref("extensions.recommendations.privacyPolicyUrl", "https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=privacy-policy-link#addons");
pref("extensions.recommendations.themeRecommendationUrl", "https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-footer-link");
pref("fission.autostart", false);
pref("privacy.file_unique_origin", true);
pref("services.sync.prefs.dangerously_allow_arbitrary", false);

removed, renamed or hidden

pref("services.sync.prefs.sync.browser.safebrowsing.downloads.enabled", true);
pref("services.sync.prefs.sync.browser.safebrowsing.malware.enabled", true);
pref("services.sync.prefs.sync.browser.safebrowsing.passwords.enabled", true);
pref("services.sync.prefs.sync.browser.safebrowsing.phishing.enabled", true);
pref("services.sync.prefs.sync.extensions.personas.current", true);
pref("services.sync.prefs.sync.pref.advanced.images.disable_button.view_image", true);
pref("services.sync.prefs.sync.pref.advanced.javascript.disable_button.advanced", true);
pref("services.sync.prefs.sync.security.OCSP.enabled", true);
pref("services.sync.prefs.sync.security.OCSP.require", true);
pref("services.sync.prefs.sync.security.tls.version.max", true);
pref("services.sync.prefs.sync.security.tls.version.min", true);
pref("services.sync.prefs.sync.xpinstall.whitelist.required", true);

changed

pref("app.releaseNotesURL", "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%beta/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=whatsnew"
pref("app.update.channel", "beta"); // prev: "release"
pref("app.update.url.details", "https://www.mozilla.org/%LOCALE%/firefox/beta/notes"); // prev: "https://www.mozilla.org/%LOCALE%/firefox/notes"
pref("app.update.url.manual", "https://www.mozilla.org/firefox/beta"); // prev: "https://www.mozilla.org/firefox/"
pref("browser.tabs.unloadOnLowMemory", false); // prev: true
pref("dom.storage.next_gen", true); // prev: false
pref("extensions.htmlaboutaddons.enabled", true); // prev: false
pref("extensions.webcompat-reporter.enabled", true); // prev: false
pref("toolkit.telemetry.enabled", true); // prev: false
pref("trailhead.firstrun.branches", "join-privacy"); // prev: "control"

EDIT : updated 1st post

OT: it only took a shade over 2 days .. fixed with an approval-mozilla-esr68 flag. I guess if you want something fixed get gk onto it

Weird how this doesn't even affect Tor Browser, but he upstreams a ticket. The examples given are uBO and uM. And yet the CSP header modification bugzilla he doesn't want to wade into (I probably don't blame him) - and the CSP issue examples includes uBO which does affect TB on Tails (and would affect TB if they include an adblocker at some stage: which they might in order to improve latency, stability, capacity etc in the Tor network)

:head-scratcher:

Also: For earthlng's amusement: https://trac.torproject.org/projects/tor/ticket/31134

Heads up

FPI in 68 gets applied has a regression with extension storage. Under profile/storage/default/ you will have a bunch of moz-extension folders. Some extensions will have two folders: one for settings (i think) and one for storing shit (I guess). The ones for storing shit are affected

• uBO settings (does not change): moz-extension+++UUID^userContextId=a_number
• uBO filter lists (non-FPI, old pre FF68): moz-extension+++UUID
• uBO filters lists (FPI, new): moz-extension+++UUID^firstPartyDomain=UUID

The same happens if you update with FPI off (and override it in the user.js), and then in FF68 you turn FPI back on (and un-override it) and restart. i.e in other words, as soon as you have FPI on, Firefox wants to use the new folder structure. And it does this just like a new extension install - it recreates it. And it will be empty or have default data in it.

You cannot rename your old folders, as the data is not the same

I had three extensions affected: uBO, uMatrix, and Group Speed Dial.

• uBO: you lose nothing, just update your filter lists
• uMatrix: you lose nothing, just update your assets
• Group Speed Dial - I lost all my thumbnails (customs ones, about 200+, super simple pngs at very small file sizes) - I did not lose any of the dials. I simply exported all settings and thumbnails before updating to 68 and removed the extension. Once in FF68 I installed the extension and imported everything.

Anyway, you will be left with some old folders, e.g the uBO and uMatrix non-FPI-marked folders. I deleted mine, since I never disable FPI. I have no idea what happens when you disable FPI and restart: my guess is the reverse happens and if the non-FPI-marked folder doesn't exist it will create one.

Edit

• this also affects Greasemonkey - see https://bugzilla.mozilla.org/show_bug.cgi?id=1564593
• I wouldn't be surprised if it affected more extensions
• also see https://bugzilla.mozilla.org/show_bug.cgi?id=1556212#c20

OT: it only took a shade over 2 days .. fixed with an approval-mozilla-esr68 flag.

NICE!! Maybe add a note to 2610 that it no longer breaks SVGs in extensions in FF70 + ESR68.1 (or whatever version of ESR they'll land this) ?

Just on that extension FPI thing in 68. I'm not a web ext dev or anything, but it doesn't affect all extensions: for example I have Stylus and ViolentMonkey and they both have "storage" folders as well: but they didn't change. They are both super tiny at around 50kb

The difference is the type I believe: uBO (9mb), uM (9mb), and my Group Speed Dial (2mb for custom tiny thumbs, so you can image how big it can get if they are auto-generated) use a large storage. I don't know if that's a flag for "unlimited" in the manifest or what

I have no idea why VM and Stylus don't trigger adding a ^FPD - even when editing scripts and saving them - maybe they use storage.sync - IDK

Thanks for all the work! The most "important" remark I have for now is about features.normandy-remote-settings.enabled, one of the preferences that get removed.

I see that it is now being taken care of by the new Feature Gates system. It's currently the only preference using this system, it seems, according to the source. Notice though how this enables the normandy-remote-settings by default.

So, assuming the Feature Gates does still take into account a custom set value in about:config, which I haven't been able to confirm but I'm kind of thinking it would, shouldn't we force set normandy-remote-settings to false in the user.js, as defence in depth ?

@earthlng Additionally, isn't that a warning to monitor the list of feature gates for change in your tools ? It seems that they will all be akin to features.*.enabled about:config preferences, and a potential source of hidden prefs like media.gmp-*.autoupdate in the past.

Yeah I noticed that as well. I don't mind adding that pref to 0503 because why download something that we'll never use anyway.

Additionally, isn't that a warning to monitor the list of feature gates for change in your tools ?

my tool doesn't "monitor" any files, it only searches for the bugzillas where a certain change was implemented. But the input for that script are my diffs and they don't contain hidden prefs.

I meant to include the Features.toml file in the list of files considered when building the pref differential. In this case, if I understand the Feature Gates system correctly the part between brackets (say X) should end up being used as a features.X.enabled pref that could be not otherwise displayed with a default value in about:config, slipping under our radars. (Though I haven't been able to confirm for sure that a custom value will be picked up by the Feature Gates system yet)

Let me know if you don't intend to use it, I can always keep a bookmark on my end to check manually on each update :)

The Trailhead system is annoying. I shouldn't be surprised since it's part of ASRouter which is part of goddamned ActivityStream.

The trailhead.firstrun.branches pref changed to join-privacy from control. I have a hard time figuring out which value ensures no experiment is going to pass through. I assume there are switches above this one that, turned off, already disable Trailhead, but for experiments I'd rather trust defence in depth rather than make assumptions.

Basically there are three values, experiment, interrupt and triplet. By default the second one gets set to join and the third one to privacy. The first one is an empty string that could get set through other means I didn't dig.

I don't like the join default, it sounds suspicious.

I'm a new breed of llama now. (Github's forced-2FA on trash mail had my trash game evolve)
Still well-intentioned but now much more legit, I aim to survive Microsoft's selection.

So I answered my own questions and here they are, to keep records around.

Trailhead

I had too much of a hard time asserting which value was the quiet one, but it appears that the Trailhead system can only be setup upon visiting about:welcome. When that happens, hidden pref trailhead.firstrun.didSeeAboutWelcome is set to true. Should it be set and locked by the user to false, I believe Trailhead will never be initialized. It has to be locked. The alternative is to never visit about:welcome and thus set startup.homepage_welcome_url to something else before first startup of a new profile. (Or set policy OverrideFirstRunPage, same difference) Sadly, uMatrix can't block access to about:welcome.

Feature Gate

This one does in fact work as expected, as far as I can tell. It picks data from resource://featuregates/feature_definitions.json and the preference value of each item (currently only one) is our (potentially hidden) pref. User-setting it will be enough as it gets read from, not written to. So creating and setting a Feature Gate preference in about:config will work, e.g. features.normandy-remote-settings.enabled to false.

This can be double checked by looking at FeatureGate.jsm, FeatureGateImplementation.jsm and the call spot at RecipeRunner.jsm for the Normandy feature.

EDIT: Learned to use permalinks when pointing to specific lines in Firefox source, since line numbers change all the time. Okamoi and WellOrientedLlama links can't be fixed and are doomed to become useless.

I gotta say, this has been one of the whackiest updates in a long time, with some miscellaneous non-related BS'ery

• 95% of emoticons on github broke
  
  
  
  • fixed by adding EmojiOne Mozilla to my font whitelist: never needed it before
  
  
• portable: 68 was fine, but 68.0.1 brought on the no drag n drop
  
  
  
  • fixed by adding AdditionalParameters=-no-deelevate to FirefoxPortable.ini
  
  
• FPI being applied to (some?) extension storage
  
  
  
  • see above post
  
  
• uMatrix went kinda haywire during all of this
  
  
  
  • I'm not sure what it was: example: it couldn't block images and other things
  
  
  • I have a pretty hard setup, including behind the scenes
  
  
  • I exported my rules, reset the fucker (by wiping all rules/whitelists and adding in the default ones), changed my global rules to only allow first party css and images, cleaned up my exported rules, and then painstakingly added them in manually as copypasta in bunches until I weeded out a few weird ones: changed how I did them per site)
  
  
  • it still took me several hours to get things right, including allowing uMatrix assets to update
  
  
• cookies are behaving weird: I'm not sure if it's a left-over from site permissions (backed out) and other FPI or Origin Attribute changes. I read a fair bit a month or two ago about keeping the old non OA data as a fallback .. I should find that ticket
  
  
  
  • here's an example
  
  
  • site A: I allow a persistent cookie, I do not delete it, it contains a preference for the color text I use when I post, I often change the color from red to blue to green etc, and the cookie remembers it. If there is no preference set, e.g no cookie: you get default white on black (or black on white: depending on the site theme)
  
  
  • now, even if I delete all cookies, all persistent storage, even site permissions: I keep getting reset to the last color I used before I updated
  
  
  • I'm thinking I might nuke everything I can find: sqlites etc to make sure zero data is floating around
  
  

also .. just quietly

• GoogleMonkeyR shat itself after a solid stable 3 years
  
  
  
  • this one is about the only one being maintained
  
  
  • seems its happening to everyone, but the timing just made me super suspicious
  
  
  • still waiting for a fix .. I miss my two column autopaginating (all the rest is fine)
  
  
• imdb now has a shitty blank white bar across the top
  
  
  
  • coincidence: it happens on a nilla profile as well, any browser .. WTF?
  
  

I'm starting to feel as if something is broken, and I think I've forgotten a few other issues as well: been so many little things. Shoot me now.

Odd, I didn't notice anything with uMatrix, beyond the fact that it and uBO needed a list update. Imbd has no shitty blank white bar either. I can't check the rest of your issues as they wouldn't apply to me, but the cookie one is raising eyebrows.

Maybe something went wrong during your update ? Just in case I'll kill my profile(s) and make (a) new one(s). If you do so on your end as well, can you update us on whether or not you still have issues with uMatrix or cookies ?

@earthlng

[it] looks at the changelogs for some of the most commonly used files where prefs are stored and goes over every commit to those files

Would you mind sharing what those files are ? I have gathered a number of them but would like to be as thorough as possible.

My intent is to have a list of in-Firefox resources (e.g. omni.ja / resource:///) for pure pref differentials, like this one though I'm not sure it is complete enough, and an equivalent list of online source files for both differentials and doing things like your post. My main requirement is thoroughness so that eventually I can build a tool that secures us in knowing that no preference goes under our radar by e.g. checking that all about:config prefs exist in both lists. (Securing hidden pref coverage sounds less likely to be realistic but oh well)

But I have some trouble linking both lists. For example all.js doesn't appear to be in resource://gre/modules or resource:///modules, which are respectively content from FirefoxInstallDirectory\omni.ja and FirefoxInstallDirectory\browser\omni.ja (can be opened with e.g. WinRaR).

I think you might actually have both quite thorough lists ready on your end, I'd love a share of both if you don't mind but even just one is good.

EDIT: It seems that greprefs.js contains the content of all.js, so that part seems covered. I'll still do a diff to make sure.

Edit: I just gave up and allowed images from fl-na.amazon - I'm already connecting to ssl-images-amazon anyway

It's like something is wrong with uBO, uMatrix (not speed dial which I did a clean install of)

OT: I've narrowed it down .. again with extensions... If I use the panel dropdown and disable cosmetic filters, it goes away. But it's not a cosmetic filter: if I instead disable all cosmetic filters from the dashboard filters lists, the problem is still there. [edit: uBO]

I think this is some sort of background image, and it's getting replaced with a placeholder (and uBO placeholders are disabled), which is creating an element height .. IDK .. this doesn't happen in Opera.

Starting to get really fucked off with this release ... dozens, hundreds of little breakages .. why is everything fucking breaking :suicide: :smashhead: :get-wrecked: :cocaine: :beerbeerbeer:

I think I'll just see if I can change display from inline to none for body#styleguide-v2.fixed img in a user style

@LegitLlama

build a tool that secures us in knowing that no preference goes under our radar by e.g. checking that all about:config prefs exist in both lists.

• the script that I use for the diffs, extracts the prefs directly from about:config which more or less means that no non-hidden pref goes under our radar. To be precise, I only extract the prefs with default values but that's good enough IMO because the rest (=runtime-set prefs without default values) are mostly timestamp prefs and shit like that. (** more details below)

• my script for the bugzilla tickets list only checks a few of the most commonly used pref files ...

Would you mind sharing what those files are ? I have gathered a number of them but would like to be as thorough as possible.

• modules/libpref/init/all.js
• browser/app/profile/firefox.js
• security/manager/ssl/security-prefs.js
• devtools/client/preferences/devtools-client.js
• modules/libpref/init/StaticPrefList.h <<-- this will be split into a number of smaller files and goes away soonish, see this meta bug: https://bugzilla.mozilla.org/1563139

**: this is the tool I use to extract the prefs from about:config: http://pasted.co/44159c46
You can compare it to the original script from here to see the settings I use and the couple of fixes and changes I made.
You can play with it, with different settings and whatnot, and compare the outputs to check if I'm missing something important due to not extracting prefs without default values. Please let me know if you do, thanks.

In case this might be helpful, here's the list of prefs I extracted from FF68.0: http://pasted.co/71c0d34f

Wow, this is the best approach right from the get go. I had no idea something like GeckoPrefsExporter existed. I thought your methodology was more similar to cat-in-136.github.io.

I had planned to compare the final merge of all files with about:config manually like once a year, to validate that this approach builds a complete list. Using a list of prefs obtained through scrapping about:config with an external tool seemed like too much work, and "internal scrapping" like GeckoPrefsExporter I did not know how to do.

There's little need to do what I intended to now, so I'll be trying out your tool instead :)

Prefs without default values but that get auto-set at runtime are a type of semi-hidden pref which I agree is mostly useless to us, except for the rare bird like trailhead.firstrun.didSeeAboutWelcome. (Which is only useful for defence in depth and if you think there's a chance to visit about:welcome on accident... so quite useless)

I don't see a good way to cover all hidden prefs, honestly, except when there are easy nests of them in the source code like with GMP and Feature Gate. These nests are worth monitoring separately IMO, but that's really not a lot of prefs so far.

Thanks for sharing such nice work! It also gives hope that a thorough diff can be made for Android without an unreasonable amount of work.

From afar it looks like a web bug gone wrong

When I upgraded to 68, I ended up entirely removing uMatrix and remnants, and re-installing. Seems I forgot to tick hide placeholders. I had only copypasta'ed my rules out beforehand to a text file: since the settings are only a few ticks (and I wanted to clean up rules anyway)

About the only thing still iffy is some sticky cookie preferences: I swear there's like a fallback duplicate OA set somewhere due to recent changes: but I might be getting mixed up with FPI -> site permissions in 69

But I have an idea

• I will disable my three extensions (uBO, uM, speed dial)
• I will clear everything manually and on close in two states: FPI, and non-FPI with restarts in between
• and I will delete all the relevant storage files
• and I will blow away startup cache
• and then in FPI mode, re-enable my three extensions

Maybe this weekend

I thought your methodology was more similar to cat-in-136.github.io.

That's how I did it originally but then somewhere around FF61 my script falsely reported a bunch of prefs as removed and I noticed that they started moving prefs to StaticPrefList.h and removed them from the default pref files. So I had to change my approach and getting the prefs in the same way that about:config retrieves them, seemed to be the best way to go.

IMO ...

• network.trr.excluded-domains + network.trr.resolvers - no need to change these
• privacy.file_unique_origin - fix (or part of the fix) for CVE-2019-11730 - no need to enforce
• privacy.trackingprotection.origin_telemetry.enabled + telemetry.origin_telemetry_test_mode.enabled + toolkit.telemetry.ecosystemtelemetry.enabled - all default false atm - no need to enforce
• ui.android.mouse_as_touch - android? who cares?! ignore
• xul.panel-animations.enabled - the code suggests that this is some animation for the arrow-menus in bookmark-popups but I'm unable to find the difference in animation or the panel that this is supposed to animate. Maybe I'm not seeing an animation because of toolkit.cosmeticAnimations.enabled or it's too subtle to notice or I'm looking at the wrong panel(s), IDK.

from "changed":

• browser.tabs.unloadOnLowMemory - there has to be a good reason for them to disable this again. best to ignore
• extensions.htmlaboutaddons.enabled - some people might not like the new about:addons very much but it's only a matter of time before it will be the only about:addons page and they'll remove this pref again. Maybe a candidate for the personal section or just move it to an FYI bullet point in this diff; I'd prefer the latter
• extensions.webextensions.userScripts.enabled - enables the new userScripts WE API. No reason to disable this
• network.trr.wait-for-portal - wait-for-portal=false sounds good to me. safe to ignore
• trailhead.firstrun.branches - as the Llama already perfectly outlined and explained, there are several ways that we could deal with this:
  
  
  
  • ignore it because it only runs on first startup
  
  
  • set this pref to "nofirstrun" and/or set trailhead.firstrun.didSeeAboutWelcome to true
  
  
  • move startup.homepage_welcome_url from 5000 into a section where we can activate it again by default, to prevent this and any future shenanigans like it. This is my preferred option
  
  

Sorry, I should have gotten back to this earlier, but you know, it's interesting watching it and seeing what happens. Hadn't gotten around to re-cleaning up the changed stuff

• Fuck cosmetic shit
  
  
  
  • xul.panel-animations.enabled is a Linux only thing from memory
  
  
  • extensions.htmlaboutaddons.enabled: crybabies gonna cry: how long do they spend in there, idiots
  
  
• browser.tabs.unloadOnLowMemory: I stay away from system things
• DoH / trr: that's what the UI is for. I don't wan to even care about this
• ... yada

ui.android.mouse_as_touch : I left that there as a reminder for TB for Android (TBA) and RFP. Personally, I agree with you that Android is a bit of a nightmare: but TBA still has a purpose and can provide anonymity: its better than nothing.

Trailhead: I never saw any trailhead about welcome.

I'll do some more first post manipulations to see what's left: edit - DONE - also moved toolkit.content-background-hang-monitor.disabled from new to ignore

• pref("extensions.cookiesBehavior.overrideOnTopLevel", false);
• https://bugzilla.mozilla.org/show_bug.cgi?id=1525917
• this was StanGets' ticket - https://github.com/ghacksuserjs/ghacks-user.js/issues/492#issuecomment-461449288
• I think we should add it if only for the info

WTF&^#@!&T#!: 1428901 - are they seriously considering persisting SSL session ticket IDs across sessions? Is it April 1st?

^^ LOL! comment 26:

What meaning does this have as a security bug? It's not a vulnerability in current products, and this bug isn't about a vulnerability but rather a feature request that might introduce one. Not sure who we're protecting by hiding the bug ...

priceless

comment 1, first two paragraphs. WTF are they thinking: speeding up people's first loads back to Fuckbook in a new session (see comment 2)? Gimme a break!

• media.devices.insecure.enabled - IMO we can ignore this because navigator.mediaDevices is already covered by 2505 and it will be set to false by default in FF69.
  Also see @Okamoi's comment about this pref here

^^ indeed. It's just a pref in case they need to roll it back due to breakage

Disable getUserMedia on non-secure origins

• https://bugzilla.mozilla.org/show_bug.cgi?id=1335740
  
  
  
  • media.devices.insecure.enabled = true
  
  
• https://bugzilla.mozilla.org/show_bug.cgi?id=1528031
  
  
  
  • media.devices.insecure.enabled = false
  
  

What do you think we should do about security.certerrors.mitm.auto_enable_enterprise_roots

• https://blog.mozilla.org/security/2019/07/01/fixing-antivirus-errors/

Beginning with Firefox 68, whenever a MITM error is detected, Firefox will automatically turn on the “enterprise roots” preference and retry the connection. If it fixes the problem, then the “enterprise roots” preference will remain enabled (unless the user manually sets the “security.enterprise_roots.enabled” preference to false).

To save looking at E's list

• Bug 1547013 - Enable automatically fixing MitM errors by default.
• Bug 1529643 - Implement MitM priming on certificate error pages.

I haven't looked into this, so not entirely sure of the diff between

• security.enterprise_roots.enabled
• security.certerrors.mitm.auto_enable_enterprise_roots

I for one do not want anything auto-turned on (disclosure: i have no AV to test with), but then I also do not want to break the web for end users who have AV monitoring HTTPS traffic (Enterprise, I don't care: they can handle it on their own).

Source: https://www.soeren-hentzschel.at/firefox/firefox-esr-68-faq/ (:de:)
Translted with https://www.deepl.com.

security.enterprise_roots.enabled

Default values

• ESR 68: true
• release 68: false

By default, Firefox uses its own certificate store, offering increased security over other browsers. In the corporate environment, however, it is often desired that certificates from the certificate store of the operating system are used. This is why this is activated by default in Firefox ESR 68.

security.certerrors.mitm.auto_enable_enterprise_roots

Default values

• ESR 68: false
• release 68: true

Not only malware, but also so-called "security" software repeatedly interrupts encrypted connections (i.e. connections via https://) in order to read the content before it reaches the browser, and then sells it as a feature. This is referred to as man-in-the-middle ("MITM"). The consequence for Firefox users is that in some cases Firefox can no longer establish connections via https:// due to the often poor implementation. Firefox 68 can detect connection problems due to MITM. Firefox sets the option security.enterprise_roots.enabled to true and tries the connection again. If this works, Firefox leaves the option on true, otherwise the option is reset to false.

Since Firefox ESR 68 allows the import of system certificates by default, the MITM detection in Firefox ESR 68 is disabled by default.

In enterprise environment most probably on-premise PKI is in place, so the client need to have on-premise Root CA Cert (public) installed/deployed.
When security.enterprise_roots.enabled = false, then FF has troubles to open on-premise sites/services.
That is why I have always security.enterprise_roots.enabled = true

IHMO, security.certerrors.mitm.auto_enable_enterprise_roots should stay default.

Cheers

Tested with Firefox 68 under Fedora: security.enterprise_roots.enabled = false.

^^ AFAIK its default false on all platforms, and only gets (permanently?) flipped to true when FF detects a MitM error (and the mitigation fixed the problem)

I'm leaning towards just ignoring these two prefs. those who don't use an AV, or don't let AV meddle with HTTPS traffic: then it's a non-issue (I think). Otherwise the end-user probably needs to allow it (and if they want an AV snooping on all their traffic: that's their problem)

PS: one last time: I do not care about enterprise: enterprise users can get their Enterprise IT people to sort it out if we break anything

I disable it for myself and would perhaps add it commented out in the user.js, if that's a thing. It's part of my policy to not let other programs interfere with Firefox; adding extra root certificates is a pretty big interference. But that's not something easy to debug* for a person who just picked up a huge file full of pref changes, so keeping this one to default by default makes sense.

* Depends on what certificate error pages display in such cases. With security.certerrors.mitm.priming.enabled, they've proven to be able to give more useful information regarding the cause of failure, in some cases at least.

IMO we should add security.enterprise_roots.enabled=true inactive and security.certerrors.mitm.priming.enabled=false as active.

People who have a broken AV or other SW that MITMs their connections would have radical breakage anyway on pretty much every HTTPS request presumably. security.certerrors.mitm.auto_enable_enterprise_roots is a helper for those few people but the real solution is to either import the missing AV cert manually or set security.enterprise_roots.enabled to true.

For everyone who has setup their MITM software correctly and everyone without any MITM SW, security.certerrors.mitm.priming.enabled=false disables a mostly useless feature that makes connections to a mozilla server whenever you encounter a SEC_ERROR_UNKNOWN_ISSUER error.
You can test that here: https://mitm-software.badssl.com/
... to see the request, open the browser console and enable XHR logging.

If we do that, we can ignore security.certerrors.mitm.auto_enable_enterprise_roots because it's never used when the MITM priming thing is disabled.

Even without this priming feature, FF still has a separate MITM detection that works without making additional requests and runs on every update request and blocklist update.

^^ https://trac.torproject.org/projects/tor/ticket/30681

OK, I have some time free ... lets get this finished

trailhead: ignore it because it only runs on first startup. I have to admit I did not follow (read) this, and as I already mentioned earlier ("Trailhead: I never saw any trailhead about welcome"), what exactly is the threat here?

super-early draft

/* 1224: fuck enterprise/AV certs and stop Firefox automatically enabling them
 * [1] https://blog.mozilla.org/security/2019/07/01/fixing-antivirus-errors/ ***/
user_pref("security.enterprise_roots.enabled", false);
user_pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);

"have I got this the right way round?"
/* 2705: make extensions respect cookie settings
 * [1] https://bugzilla.mozilla.org/1525917 ***/
   // user_pref("extensions.cookiesBehavior.overrideOnTopLevel", false); // [DEFAULT: false]

side-note: https://bugzilla.mozilla.org/show_bug.cgi?id=1525917#c9

The reason for this behavior is that customizing the cookieBehavior was resulting in broken extension behaviors (in particular by breaking the access to the storage webAPIs, like IndexedDB and localStorage).

Hmmm, I wonder if this has any bearing on my extensions kinda going a bit mental: seeing as I block all cookies by default. Not sure it does, as filters, rules, assets were still working, getting updated. IDK. Am so over this release. Can't wait for site permissions to be OA'ed (fun times!) - wonder how that works with temp containers

what exactly is the threat here?

I don't remember the details but let's try. To sum up, IIRC it might be a similar threat to the various telemetry pings, and be governed by a super telemetry switch, i.e. disabling it might come under the defence-in-depth philosophy.

There are Google documents about Trailhead but I can't read them because Google has walled the place and they do not want to let me have an account without my phone number. Obviously, fuck them. And 👎 to Mozilla developers for using Google docs rather than one of the zillion tools they or other companies have.

Quoted from here:

Trailhead experiment enrollment ping

This reports an enrollment ping when a user gets enrolled in a Trailhead experiment. Note that this ping is only collected through the Mozilla Events telemetry pipeline.

{
  "category": "activity_stream",
  "method": "enroll",
  "object": "preference_study"
  "value": "activity-stream-firstup-trailhead-interrupts",
  "extra_keys": {
    "experimentType": "as-firstrun",
    "branch": ["supercharge" | "join" | "sync" | "privacy" ...]
  }
}

I disable all pings regardless of the main telemetry switches, so I looked into disabling Trailhead too. It will not be initialized if the user never visits about:welcome, which happens on first profile use. The disable value is unclear, because ActivityStream is an alien in the codebase, so I went for non-initialization. The two trustworthy approaches to that are to either lock trailhead.firstrun.didSeeAboutWelcome to false, but I don't lock prefs. So I went with banning about:welcome from popping up on new profiles by changing startup.homepage_welcome_url through group policy. Sadly, uMatrix can't enforce the ban so Trailhead will initialize if I visit the page directly. Wouldn't happen with the lock solution.

I noticed that this repository does disable all pings by default regardless of bigger telemetry prefs.

Downside: People may want to see about:welcome, according to titbits around Bugzilla there should be changes coming in with Firefox 70.

@Thorin-Oakenpants

"Trailhead: I never saw any trailhead about welcome"

probably because you activated some or all of the WELCOME & WHAT's NEW NOTICES prefs in 5000?

@LegitLlama

The disable value is unclear, because ActivityStream is an alien in the codebase

FYI the disable value is trailhead.firstrun.branches="nofirstrun"

I went with banning about:welcome from popping up on new profiles by changing startup.homepage_welcome_url through group policy

You could instead set browser.startup.homepage_override.mstone="ignore" which effectively disables startup.homepage_welcome_url + startup.homepage_welcome_url.additional + startup.homepage_override_url

@Thorin-Oakenpants

I think we can ignore extensions.cookiesBehavior.overrideOnTopLevel because it's just a temporary pref and they already have 1537753 to remove it again:

[the pref] allows to restore the old behavior (intended to be used only in case we notice a regression that we have to fix before we can allow the changes from Bug 1525917 to reach a release version).

The goal of this issue is to remove the above preference as soon as we have released the new behavior and we don't need to restore the old behavior anymore.

I think we can ignore extensions.cookiesBehavior.overrideOnTopLevel because....

Cool. Will amend OP

probably because you activated some...

The opposite in fact. I do not override any of those whats new/welcome/url things in section 5000, I also don't have any AS (isn't that what triggers it?) ... (my start/home page is an extension)... I guess it just never gets to trigger in my setup (for now)

I still do not understand the threat here. So a one off about page loads? Is that it?

Is it worth spending time to determine exactly what kind of ping it is, especially when we know with which other pings it is classified in source docs ? Is there a policy not to deep disable some pings to ensure they're not triggered on bugs, unexpected code paths or future updates ?

Well either way, more info on this. Since you can read the Google docs and not me, you should have more information than me on it by now. Don't feel forced to disable it just because some guy made a few posts on it though, I'm not a user.js user so I have no stake in this beyond sharing info and am fine with whatever decision :)

FYI the disable value is trailhead.firstrun.branches="nofirstrun"

Thanks ! I might end up setting it that way. And yeah, ignore milestone should work as well.

https://arstechnica.com/information-technology/2019/08/kaspersky-av-injected-unique-id-into-webpages-even-in-incognito-mode/

No one has commented on my super early draft

/* 1224: fuck enterprise/AV certs and stop Firefox automatically enabling them
 * [1] https://blog.mozilla.org/security/2019/07/01/fixing-antivirus-errors/ ***/
user_pref("security.enterprise_roots.enabled", false);
user_pref("security.certerrors.mitm.auto_enable_enterprise_roots", false);

Trailhead - no-one has shown me that there is an actual threat, and only hinted at possible future vagueness. AFAIK, it's a one-off page. I'm not keen on adding this for that reason. If you don't trust Mozilla by now, then go use some other browser. They're not monetizing you, they're not collecting your PII, etc. Your browser connects to Mozilla to check for updates, revoked certs, update extensions - hell, just looking at your extensions will contact AMO and I'd rather stop that, than worry about a one-off.

That said, I do get that some users want a "quiet" FF. I just don't see a one-off fitting this. I'd rather have less stuff in the user.js (and I also do not want to feed assholes like spyware.neocities.org any data to feed their BS machine and look all mighty)

So AFAIConcerned, there are two options

• don't do anything with it - which is my preference
• move one of the 5000 prefs into general population: which one?

Speak now, or never mention it again (unless how trailhead is used changes). If i got something wrong about this, then let me know: because I'm just going to ignore it, despite asking numerous times what the actual threat is (to privacy, security, tracking, FP'ing, anonymity: I can't see any threat TBH).

Also: give me the heads up on the enterprise_roots. I don't really care if we do nothing TBH.

If I don't get any replies, then I'll just ignore the whole lot and close this issue. Thanks