This gist misleads in a few ways by being so vague and seems to be more about disabling every somewhat useful feature that sounds bad for tinfoil hat enthusiasts. Still has useful things, like disabling Pocket if you don’t want it and forcing newer TLS versions. Others are silly (disabling things that already ask for your permission, like location), dangerous (disabling Google Safe Browsing), or already exposed in the settings UI anyway (DNT, tracking protection, telemetry). To each their own, use these if you think they’re important to you, but for most people it’s fear-mongering about nothing and enabling a few things in the privacy settings page is sufficient.
"These are used by Mozilla to spy on you, and are as such a significant risk to privacy."
Wow that's a big claim. Any proofs that the data collected is not anonymous? It sounds a lot like fear-mongering
Disabled Encrypted Media Extensions (EME) Disabled Web Runtime (deprecated as of 2015) Removed Pocket Removed Telemetry Removed data collection Removed startup profiling Allow running of all 64-Bit NPAPI plugins Allow running of unsigned extensions Removal of Sponsored Tiles on New Tab Page Addition of Duplicate Tab option Locale selector in about:preferences > General
Even if they are an ugly hack on top of HTTP, they are too damn useful to be disabled.
Would have not gotten the backlash it's getting if the author was a bit modest and titled the repo:
"How to get rid of FireFox features you don't need", or something like that.
Security is an important issue, but as someone who thinks WebRTC is the only missing piece of the puzzle that could help bring true decentralization to the Web, I think bashing on WebRTC just because of its security issue is short sighted. (Not to mention a couple other features mentioned on there)
But if you're so paranoid about security that you're going to disable WebSockets, I think web browser is not the only thing you need to worry about. There are ton more attack vectors and hackers can hack in no matter how you get rid of these "FireFox bullshit" to increase security. After all, most hacking nowadays is based on social engineering.
One thing I agree though is "Pocket Integration" IS a bullshit.
Fwiw, I wasn't a fan of the original integration of pocket into Firefox, but they are now completely owned by Mozilla: https://blog.mozilla.org/blog/2017/02/27/mozilla-acquires-po...
Anybody knows if it is possible to use Pocket with a custom server? So far I found only the ticket which tracks the open sourcing process of pocket:
11 month old, not even assigned yet... looks like I should come back 2038.
Is there something like this for Chrome too?
BTW I wish I could just disable all features but those basic ones every website uses (and "data URIs" support please!!! I really want to to disable it!) and enable them manually on per-domain basis (the way I do with scripts using NoScript and uMatrix).
To this I would add:
This anti-feature means missing the target of a middle-click by a single pixel can leak the contents of your clipboard or load unexpected URLs. I don't understand why it's still on by default -- Mozilla has been willing to break peoples workflow for UI improvements many times before.
> NOTE: Unfortunately this is somewhat out of date. The comments link to some resources that may be more up-to-date. Patches welcome.
Websockets are used for nefarious purposes?
Tip for Android users:
Firefox wants to be (a less evil) Chrome, which is great for the 90% but that leaves the rest of us scrambling. No I don't need my browser to support DRM in order to watch Netflix ffs...
Why not just use TorBrowser if you are too concerned about those settings?
Very helpful. It definitely would be worth developing an addon that would apply these settings for you.
This isn't even in my about:config anymore. I'm pretty sure it was at some point. Did they remove the option to disable it for some reason?
You forgot the last step, which is to respond to every link posted on Hacker News, regardless of what it's about, with a complaint about how the site doesn't function correctly with your unique browser config.
Having a separate privacy conscious fork of FF would be a better solution. They can easily workaround such tweaks.
Interesting. Though at that point why wouldn't you just use Brave ?
bathwater.baby = false
I wrote something similar a while back, and it’s in a similar state of not-updated-ness