>>>>> Narcis Garcia <debianli...@actiu.net> writes:
> Note: trek.eu.org link provided by Trek is not working.
I’ve just checked and [1] does work for me. (Note though that
‘www’ has to be there.) An archived copy [2] is also available.
[1] http://www.trek.eu.org/text/firefox-tuning.html
[2]
https://web.archive.org/web/20170411151300/http://www.trek.eu.org/text/firefox-tuning.html
> Why a non-private browsing? User activity should be assumed as
> private by default.
Or at least there should be an easier (and more prominently
presented) way for the user to opt out.
> Proposed defaults:
> browser.newtabpage.directory.ping = ""
> browser.newtabpage.directory.source = ""
Personally, I’ve disabled all the ‘safebrowsing’, ‘update’, and
similar options I could find. Also, just to be sure, I’ve
uniformly replaced nearly every single URI in prefs.js like:
user_pref("browser.safebrowsing.provider.mozilla.updateURL",
"http://browser.safebrowsing.provider.mozilla.updateurl.unwanted.nowhere.invalid/";);
Now I can refer to my HTTP proxy logs for the possible attempts
to disclose my use of Firefox to third parties (like my ISP,
employer, and whatever the entity it tries to connect to.)
Which seem to be surprisingly few (and the last one below is due
to xul-ext-noscript, not Firefox proper):
browser.newtabpage.directory.source
browser.safebrowsing.provider.mozilla.updateurl
browser.search.geoip.url
extensions.blocklist.url
noscript.abe.wanipcheckurl
Can at least the ‘safebrowsing’ one please be fixed to respect
the whatever ‘browser.safebrowsing.*.enabled = false’ setting
applicable? Can there be also options to cleanly disable the
‘newtabpage.directory’ and ‘search.geoip’ functions as well?
TIA.
> captivedetect.canonicalURL = ""
> app.update.url = ""
> browser.safebrowsing.downloads.remote.url = ""
[…]
> browser.safebrowsing.reportPhishURL = ""
> browser.search.geoSpecificDefaults.url = ""
> browser.search.geoip.url = ""
I think it should also include browser.search.suggest.enabled =
false, which appears rather important as “search suggestions”
result in even the partial input being communicated to a remote
party. (Which may even be a genuinely sensitive information –
like one’s password – by the way of pure accident.)
It’s basically Firefox’ very own remote keyboard logger!
> browser.tabs.crashReporting.sendReport = false
> datareporting.healthreport.service.enabled = false
> datareporting.healthreport.uploadEnabled = false
> datareporting.policy.dataSubmissionEnabled = false
> security.ssl.errorReporting.enabled = false
> security.ssl.errorReporting.url = ""
> security.ssl.errorReporting.automatic = ""
> browser.startup.homepage = "https://start.duckduckgo.com/";
I believe it should rather be about:blank, file:/, or something
like that – not requiring any network access whatsoever.
> devtools.gcli.imgurUploadURL = ""
[…]
> devtools.webide.templatesURL = ""
> experiments.manifest.uri = ""
> geo.wifi.uri = ""
> identity.mobilepromo.android = ""
> identity.mobilepromo.ios = ""
> security.ssl.errorReporting.url = ""
> toolkit.telemetry.server = ""
> webextensions.storage.sync.enabled = false
--
FSF associate member #7257 http://am-1.org/~ivan/ 7D17 4A59 6A21 3D97 6DDB
