schomery / privacy-settings Goto Github PK

"Privacy & Security" should be "Privacy (compatible) & Security" since that would be most advisable to less experienced users.
At the moment you have those options:

• "Full Privacy" which breaks sites (which e.g. use unsafe negotiation).
• "Privacy & Security" which breaks sites (which e.g. use unsafe negotiation).
• "Privacy (compatible)" which is currently the best option for less experienced users but disables Google Safe browsing which might not be a good thing for those people.

What do you think?

There are three status indicators for each setting and it's not very intuitive.
At the first look I was quite confused about what they are indicating.

It took a while until I realized the check/cross marks indicate if a feature is enabled while the switch and text indicate if a setting is enabled.

The cause of this confusion is actually bad (if any?) naming conventions for settings in Firefox, i.e. using foo.enabled = true/false and bar.disabled = true/false.

However, I feel the redundant text next to the switch is adding more confusion. You might want to consider removing one of the two.

I don't want your extension to become bloated, but I was thinking about an idea...

Have the extension remember all its settings, and then the next time the user brings up its panel, highlight any settings that have changed since the previous time the panel was displayed.

This way, the user can see if something is changing the settings, including updates to Firefox itself.

What do you think?

In my opinion will be great change the color (like red) for any custom modification string state.
For example I have set the Privacy (compatible) setting but then I have changed the network.dns.disablePrefetch from true to false (Off).
The user after a while may forget what he did, for that will be very useful with a different color highlight any changes.
Thanks.

I have noticed that _too many_ sites are not working properly in Firefox 47.0.1.

After hours of work, I discovered that the culprit is setting media.peerconnection.enabled to false. Doing this disables WebRTC, which is generally a good idea for both privacy and security reasons.

Interestingly, none of the failing sites actually use WebRTC.

This issue seems to be the result of incredibly poorly coded libraries that a number of popular sites use.

Just as an example, take a close look at Airbnb. When media.peerconnection.enabled is set to false, it becomes impossible to set the dates for reservations on their main page.

When WebRTC is disabled, one of the JavaScript libraries used by that popular site throws an error, and it does not handle the error condition gracefully. The result is a website that fails.

Although diagnosing the problem took a fair amount of effort, finding a solution may require even more effort. Globally enabling WebRTC is a bad idea for many reasons, but disabling it is breaking popular sites.

Looking forward to a good discussion regarding this issue.

From the Security/Tracking proteciton wiki:

Tracking Protection is a new platform-level technology that blocks HTTP loads at the network level. It is based on the Safe Browsing technology that powers our phishing and malware protection.

The difference is that:

Firefox fetches the tracking protection list mozpub-track-digest256 from a Mozilla Safe Browsing server, and the existing phishing list from the Google Safe Browsing server

Using the Privacy option in this plugin disables Safe Browsing and Stats Collection, while privacy.trackingprotection.enabled option is true in any case.
It does make some sense, as it blocks third party trackers, but it still connects to Mozilla servers, similar to the stats collection.

I think this should at least be noted in the flag's description.

I wish I could have a whitelist of sites or for selective blocking certain websites.

For example: To use Mapillary.com correctly, you need to have activated WebGL, or to use Facebook, you need to disable security.ssl.require_safe_negotiation

I wish I could turn on/off only on certain pages. I do not know if this is too complicated to program, so only I discuss the idea.

There’s a feature on HTML5, the standard web programming language, that enables websites to know information about the battery in your laptop or smartphone, security researchers claim in a new paper that was first reported by The Guardian.

http://uk.businessinsider.com/smartphone-battery-data-for-tracking-2015-8?op=1?r=US&IR=T

https://developer.mozilla.org/en-US/docs/Web/API/Navigator/battery

Summary: If security.OCSP.require affects OCSP stapling and stapling is enabled (It is by default.), the setting would increase security and possibly increase privacy if it doesn't fall back to old, non-stapled OCSP. If the setting does not affect stapling, it would increase security but decrease privacy. I don't know if the setting affects stapling.

OCSP queries a server to check for certificate revocation. Thus, it enhances security. Since Firefox 3, it has been enabled by default (security.OCSP.enabled = 1), but a 'good' OCSP response is not required by default (security.OCSP.require = false).

OCSP has some vulnerabilities, notably shown by Moxie Marlinspike's sslstrip and sslsniff in 2009. Among them are that basic OCSP threatens privacy by contacting a Certificate Authority's OCSP server for each secure website the user visits, thus giving the OCSP server a log of websites the user has visited.

The new standard, OCSP stapling, is enabled by default (security.ssl.enable_ocsp_stapling = true and security.ssl.enable_ocsp_must_staple = true), but must_staple may not mean a 'good' response is required. According to that source, it means the site, not the browser, may choose to require stapling, not simply offer it. It also means the site owners, not a CA, respond to the OCSP queries, so stapled OCSP favors privacy and security.

I do not know if the OCSP stapling settings are dependent on the old OCSP settings. Knowing this is important because it changes the fallback behavior when stapling or old OCSP is not resolved. If the browser falls back, security and privacy are affected, but if either of them is required, the browser ideally should close the connection if a 'good' response is not returned.

Before stapling was added to Firefox, the TOR Project recommended that Mozilla require OCSP by default. Chrome had checking enabled but disabled it in 2012. Firefox is OCSP-capable, but neither browser requires by default a 'good' OCSP response (in terms of old OCSP; not sure in terms of stapled OCSP).

Stapled OCSP should be required as it is the most secure and most private configuration. By default, stapling is enabled but unknown if required (enable_ocsp_must_staple). I am not certain if security.OCSP.require makes stapling required in Firefox or if the setting falls back to old OCSP if a stapled response is not found and then decides to close connections at the old OCSP fallback. However, we can be sure that the setting does at least decide whether to close connections when it checks old OCSP.

In addition to dom.enable_user_timing, are toggles for dom.enable_resource_timing and/or dom.performance.enable_user_timing_logging needed?

http://www.hackcave.net/2015/08/firefox-stealthily-loads-webpages.html

Hello,

this a report about a browser like Cyberfox (PaleMoon etc). With the latest version (Cyberfox v43), these settings don't exist :
camera.control.autofocus_moving_callback.enabled
datareporting.healthreport.service.enabled
datareporting.healthreport.uploadEnabled
network.websocket.enabled

And those settings are already disable (false by default):
loop.enabled
media.eme.enabled
media.gmp-eme-adobe.enabled
toolkit.telemetry.enabled

You should take care of that because it can cause some trouble (error login etc). I assume, it was the websocket to blame.

Firefox 46.0.1
GNU/Debian Linux sid amd64.

Hello,
I mean the small icons inside "Privacy Settings". The eye, lock, or on/off icons.

How to produce:
Set Firefox setting "gfx.downloadable_fonts.enabled" to false. Probably also effected by entirely clear Firefox Caches. Restart Firefox. The mentioned icons will only shown in Unknown Glyph.
From your package, it seem Privacy Settings" supposed to fetch font icons from fontello-5.woff?.

Thank you.

Currently, this extension will allow the user to toggle browser.safebrowsing.downloads.enabled, and recommends that it be set to false (off).

If I'm understanding the Mozilla documentation (https://wiki.mozilla.org/Security/Application_Reputation) correctly, setting this pref to false will decrease security with no benefit to privacy. From what I can tell (and please correct me if I'm mistaken), setting this pref to false will prevent Firefox from comparing downloads to the internal malware database.

On the other hand, setting browser.safebrowsing.downloads.remote.enabled to false will decrease security while increasing privacy (when it is set to true, Firefox uploads a hash of some of your downloaded files to Google servers to see if they are included in their online database).

If the above understanding is correct, I would recommend encouraging browser.safebrowsing.downloads.enabled to be enabled (the opposite of the current behavior), and add the ability to toggle browser.safebrowsing.downloads.remote.enabled with indicators that a false (off setting) increases security and decreases privacy.

More info for dom.event.contextmenu.enabled/dom.disable_open_during_load is linking to wrong website info

I'm not about to change a privacy setting without understanding its impact. Other users may be less cautious, and get themselves into trouble! Surely each setting needs either a clear explanation, or a permanent and stable link to such a thing? Edit: Tagging dev @schomery.

Need a scrollbar.

For example, if I select "full privacy" and then I change some settings, those settings will not change for the rest of the browser session. But if I quit and reopen my browser, all of the settings will be set to "full privacy" without any of the changes I made.

Please merge the settings from "Disable Hello, Pocket & Reader+" - https://addons.mozilla.org/en-US/firefox/addon/disable-hello-pocket-reader/

The new beacons can be disabled by setting
user_pref("beacon.enabled", false);

Note that these are not the old "image" beacons. Same word, completely different technology.

Here's a thread about them: http://www.wilderssecurity.com/threads/hyperlink-auditing-aka-a-ping-and-beacon-aka-navigator-sendbeacon.364904/

Version 0.1.3 partially fixed the bug in the menu panel in which the wrong text was displayed under the icon.

There is still a small bug: on some systems, the text under the icon displays as:

     Privacy Set-
     tings

Instead of:

    Privacy Settings

or

    Privacy
    Settings

http://www.ghacks.net/2016/07/03/comprehensive-firefox-user-js/

Consider to add this settings to the addon

New attack can reveal full address of HTTPS pages:
https://www.blackhat.com/us-16/briefings.html#crippling-https-with-unholy-pac

Hi

First thank you for your amazing addon!

Question: Does uBlock with its different malware filters replace the Google "protection" your addon disables (in your opinion)?

Hi.. can you add enable / disable java script? Its important for me

Yesterday published "How to disable the Firefox Saved Telemetry Pings and archive folder" .

In this article, Martin suggests to stop the generation of telemetry pings and archived pings change this options:

• toolkit.telemetry.archive.enabled=false
• toolkit.telemetry.enabled=false
• toolkit.telemetry.unified=false

The preference toolkit.telemetry.unified finally controls unified behavior. Do we add these other options or we moved to this new option?

Privacy Settings currently has quick-configure buttons for 'Full Privacy', 'Protect Privacy & Security', and 'Reset to Defaults'.

Perhaps a worthwhile addition would be another quick-configure button to protect privacy and security while breaking as few sites as possible. Changing a few of the toggles may break some sites or limit functionality on others.

I have mixed thoughts about this idea, but I thought I would throw it out there to see if you or others like it.

Please list all the preferences we need to have in the advanced page in the following format:
pref.name default-value recommended-value-privacy recommended-value-security

first, thank you for your job!

I want to suggest you a new tag (a group in which setting belongs) called performance (or what else name... i.e. low latency) that gather together setting which can enhance speed of page loading or what else related to speed.

e.g.
enable DNT feature will improve page loading time since many connections (do third site) are cut off

security.ssl.treat_unsafe_negotiation_as_broken

From the Security:Renegotiation wiki:

This preference can be used to achieve visual feedback …

As far as I understand, this does not affect the connection and only serves as an indicator that

raises awareness of servers that still need to be upgraded […] by displaying a red/broken padlock

Only the security.ssl.require_safe_negotiation option rejects connection attempts.

It would be great if there was a visual cue for each setting that differs from the default.

Perhaps bold each 'on' and 'off' text string (adjacent to each toggle) that does not match the default, similar to how about:config bolds every setting that is not a default value.

Is there a way to have Firefox collect HealthReport data without transmitting any of it?

After researching this issue, I tried 8 different combinations of settings, but about:healthreport never has more than 1 session of raw data.

Before I try 2^8 combinations of different settings, I thought I would ask here! ;)

The welcome page that is loaded and the AMO page need to be updated to reflect all the settings.

The new version 0.1.7.1 released today breaks the Reddit Enhancement Suite when full privacy is enabled.

I'd like to see your page pointing to this source https://wiki.mozilla.org/Media/EME
I think it is useful because underline that EME is platform/os dependant

You may find this to be a worthwhile read: https://wiki.mozilla.org/Media/WebRTC/Privacy

In particular, notice media.peerconnection.ice.default_address_only

It could be all that is needed (instead of setting media.peerconnection.enabled to false).

I have not fully tested it at this time.

What do others think?

CSS Mix-Blend-Mode Feature Can Reveal Your Browsing History

Hi,

It would be nice if your plugin proposed a way to save and restore the existing settings. Better yet, this could occur when plugin is deactivated.

Regards,

Runs OK on my Ubuntu Linux 16.04 and MS Windows 10, but on FreeBSD it's widget didn't show up, console log says "window is undefined".
$ firefox

(firefox:3972): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.vfs.HalVolumeMonitor is not supported
console.error: ipsettings:
Message: TypeError: window is undefined
Stack:
id<@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/android.js:47:3
@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/android.js:46:11
@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/main.js:16:46
run@resource://gre/modules/commonjs/sdk/addon/runner.js:147:19
startup/</<@resource://gre/modules/commonjs/sdk/addon/runner.js:87:9
Handler.prototype.process@resource://gre/modules/Promise-backend.js:937:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise-backend.js:816:7
this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise-backend.js:750:11

A coding exception was thrown in a Promise resolution callback.
See https://developer.mozilla.org/Mozilla/JavaScript_code_modules/Promise.jsm/Promise

Full message: TypeError: window is undefined
Full stack: id<@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/android.js:47:3
@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/android.js:46:11
@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/main.js:16:46
run@resource://gre/modules/commonjs/sdk/addon/runner.js:147:19
startup/</<@resource://gre/modules/commonjs/sdk/addon/runner.js:87:9
Handler.prototype.process@resource://gre/modules/Promise-backend.js:937:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise-backend.js:816:7
this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise-backend.js:750:11

console.error: ipsettings:
Message: TypeError: window is undefined
Stack:
id<@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/android.js:47:3
@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/android.js:46:11
@resource://jid1-ckhysaadh4nl6q-at-jetpack/lib/main.js:16:46
run@resource://gre/modules/commonjs/sdk/addon/runner.js:147:19
startup/</<@resource://gre/modules/commonjs/sdk/addon/runner.js:87:9
Handler.prototype.process@resource://gre/modules/Promise-backend.js:937:23
this.PromiseWalker.walkerLoop@resource://gre/modules/Promise-backend.js:816:7
this.PromiseWalker.scheduleWalkerLoop/<@resource://gre/modules/Promise-backend.js:750:11

Firefox's about:performance is reporting an impact on framerate due to this extension. Except when this extension's panel is open, there should not be any performance impact.

Add an option to prevent canvas fingerprint:
https://addons.mozilla.org/firefox/addon/canvas-fingerprint-blocker/

Hi there...

Just updated Firefox to v41.0.1....... before the update I could use ebay.co.uk with full privacy enabled and images would be showing up as normal... say, from a search etc

Now... I can only use full privacy enabled with... "privacy.trackingprotection.enabled" = off ...otherwise images for me are not showing.

Any hep much appreciated.
Regards

The PrivaConf extension has somewhat similar goals as this extension.

Here is it's list of the preferences it modifies: http://fonk.wz.cz/privaconf

I downloaded the addon, but the icon doesn't appear on the top right nor the sidebar. Is there any way I can access the Panel. I tried removing and installing the addon again, but nothing is working.

Modifying toolkit.telemetry.enabled seems unnecessary since datareporting.healthreport.uploadEnabled=false will also set toolkit.telemetry.enabled=false
You can also see this in Firefoxs settings under about:preferences#advanced where health reports need to be send in order to send telemetry data.

Disabling dom.event.clipboardevents.enabled breaks copy'n'paste in many sites, such as Github inline editor, Gmail, etc.

What's the privacy rationale behind disabling dom.event.clipboardevents.enabled?

It should reduce excessive spacing that exists in the popover

There is a pref geo.wifi.logging.enabled that when disabled results in a red 'X' in Privacy Settings.

Is that backwards of how it should be?

I think your addon should stop Firefox from sending HTTP headers (referer).

network.http.sendRefererHeader;0

Regards,
amilopowers

What do you think about adding settings to Privacy Setting seen in https://addons.mozilla.org/en-US/firefox/user/ChrisAntaki/

• Disable WebRTC - https://github.com/ChrisAntaki/disable-webrtc-firefox
• Disable Speculative Pre-connections - https://github.com/ChrisAntaki/disable-speculative-pre-connections
• Disable Visited Links - https://github.com/ChrisAntaki/visited-links-firefox