Instantly share code, notes, and snippets.

Embed
What would you like to do?
Firefox bullshit removal via about:config

Firefox bullshit removal

Updated: Just use qutebrowser (and disable javascript). The web is done for.

@alexbel

This comment has been minimized.

Show comment
Hide comment
@alexbel

alexbel Sep 13, 2015

@haasn, great list. Is there a plugin which does it automatically?

alexbel commented Sep 13, 2015

@haasn, great list. Is there a plugin which does it automatically?

@lmas

This comment has been minimized.

Show comment
Hide comment
@lmas

lmas Sep 14, 2015

Great indeed, but I'm missing links to pages with more info about each issue.

For example, could someone clarify the issue with websockets and why they can be used for "nefarious purposes and to bypass access restrictions." (that's some strong wording)? All I found on that was some IPv6 bug which apparently was fixed in firefox12...

lmas commented Sep 14, 2015

Great indeed, but I'm missing links to pages with more info about each issue.

For example, could someone clarify the issue with websockets and why they can be used for "nefarious purposes and to bypass access restrictions." (that's some strong wording)? All I found on that was some IPv6 bug which apparently was fixed in firefox12...

@nodiscc

This comment has been minimized.

Show comment
Hide comment
@wiiaboo

This comment has been minimized.

Show comment
Hide comment
@wiiaboo

wiiaboo Sep 17, 2015

Note: dom.event.clipboardevents.enabled=false breaks Google Docs.

wiiaboo commented Sep 17, 2015

Note: dom.event.clipboardevents.enabled=false breaks Google Docs.

@Najoj

This comment has been minimized.

Show comment
Hide comment
@Najoj

Najoj Dec 30, 2015

Good list. How about adding these tweaks mentioned on Ghacks which has to do with Telemetry pings?

Najoj commented Dec 30, 2015

Good list. How about adding these tweaks mentioned on Ghacks which has to do with Telemetry pings?

@calestyo

This comment has been minimized.

Show comment
Hide comment
@calestyo

calestyo Jan 3, 2016

I just found that project via a Debian bug.... it may be worth to consider joining your efforts with one of the already existing such projects, e.g. https://github.com/pyllyukko/user.js/blob/master/user.js ... there are already many such guides how to make FF suck less, and it's just an awful effort to check them all and they contain all different information.

btw: Some stuff of your list is outdated,... e.g. network.websocket.enabled doesn't exist anymore... and many others are missing ;-)

calestyo commented Jan 3, 2016

I just found that project via a Debian bug.... it may be worth to consider joining your efforts with one of the already existing such projects, e.g. https://github.com/pyllyukko/user.js/blob/master/user.js ... there are already many such guides how to make FF suck less, and it's just an awful effort to check them all and they contain all different information.

btw: Some stuff of your list is outdated,... e.g. network.websocket.enabled doesn't exist anymore... and many others are missing ;-)

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Feb 1, 2016

I just wrote a message in reply to @allo- and also mentioned you @haasn . Me @gunnersson also have a list of settings. Maybe they could be integrated all together. Any comments?

ghost commented Feb 1, 2016

I just wrote a message in reply to @allo- and also mentioned you @haasn . Me @gunnersson also have a list of settings. Maybe they could be integrated all together. Any comments?

@MrYar

This comment has been minimized.

Show comment
Hide comment
@MrYar

MrYar Jul 4, 2016

Thank you for your work. Here's some suggestions for updates

browser.beacon.enabled has been renamed to beacon.enabled

Also: this one doesn't change to false when unchecking datareporting in preferences. Suggest adding to list.
datareporting.policy.dataSubmissionEnabled.v2=false

According to this https://bugzilla.mozilla.org/show_bug.cgi?id=1195552#c4
It says the master switch for turning off the data reporting is the following (and takes precedence over the datareporting.healthreport.uploadEnabled)

Master switch for datareporting:
datareporting.policy.dataSubmissionEnabled=false

MrYar commented Jul 4, 2016

Thank you for your work. Here's some suggestions for updates

browser.beacon.enabled has been renamed to beacon.enabled

Also: this one doesn't change to false when unchecking datareporting in preferences. Suggest adding to list.
datareporting.policy.dataSubmissionEnabled.v2=false

According to this https://bugzilla.mozilla.org/show_bug.cgi?id=1195552#c4
It says the master switch for turning off the data reporting is the following (and takes precedence over the datareporting.healthreport.uploadEnabled)

Master switch for datareporting:
datareporting.policy.dataSubmissionEnabled=false

@timmc

This comment has been minimized.

Show comment
Hide comment
@timmc

timmc Jul 13, 2016

It seems a bit much saying that the telemetry allows Mozilla to "spy" on you.

timmc commented Jul 13, 2016

It seems a bit much saying that the telemetry allows Mozilla to "spy" on you.

@MrYar

This comment has been minimized.

Show comment
Hide comment
@MrYar

MrYar Sep 3, 2016

Fork created, with some minor changes for firefox 47.0.1
https://gist.github.com/MrYar/751e0e5f3f1430db7ec5a8c8aa237b72

Thanks again haasn.

MrYar commented Sep 3, 2016

Fork created, with some minor changes for firefox 47.0.1
https://gist.github.com/MrYar/751e0e5f3f1430db7ec5a8c8aa237b72

Thanks again haasn.

@MrYar

This comment has been minimized.

Show comment
Hide comment
@MrYar

MrYar Jan 8, 2017

I have made some updates to my fork. They include about twice the number of hardening changes, and the method of implementing is far easier. Just create a file called "user.js" in the mozilla user directory (given on the fork), and paste all the code. No more manually entering in each change.

MrYar commented Jan 8, 2017

I have made some updates to my fork. They include about twice the number of hardening changes, and the method of implementing is far easier. Just create a file called "user.js" in the mozilla user directory (given on the fork), and paste all the code. No more manually entering in each change.

@akoppa

This comment has been minimized.

Show comment
Hide comment
@akoppa

akoppa Jan 19, 2017

Be aware! Some suggested changes will render some pages useless. For instance if you apply all the .ssl. modifications you will not be able to sign in at IMDB. I'm paranoid too, but not to such extend.

akoppa commented Jan 19, 2017

Be aware! Some suggested changes will render some pages useless. For instance if you apply all the .ssl. modifications you will not be able to sign in at IMDB. I'm paranoid too, but not to such extend.

@urbandroid

This comment has been minimized.

Show comment
Hide comment
@urbandroid

urbandroid Mar 6, 2017

Is there a firefox minus bullshit fork ?

urbandroid commented Mar 6, 2017

Is there a firefox minus bullshit fork ?

@allo-

This comment has been minimized.

Show comment
Hide comment
@allo-

allo- Mar 8, 2017

I added some stuff from your list as issues on https://github.com/allo-/firefox-profilemaker, live instance on ffprofile.com
They will be integrated as soon as i write descriptions and check if they are already covered by other settings.
If you like to contribute, any help is welcome. See forms.py for the settings format or have a look at the profiles branch, which will bring a more modular format.

allo- commented Mar 8, 2017

I added some stuff from your list as issues on https://github.com/allo-/firefox-profilemaker, live instance on ffprofile.com
They will be integrated as soon as i write descriptions and check if they are already covered by other settings.
If you like to contribute, any help is welcome. See forms.py for the settings format or have a look at the profiles branch, which will bring a more modular format.

@DevStevo

This comment has been minimized.

Show comment
Hide comment
@DevStevo

DevStevo Mar 20, 2017

Hello everybody. Any chance to get this as an addon to switch option on/off? Would pledge if needed on Kickstarter or Indiegogo!
So what do you think?

DevStevo commented Mar 20, 2017

Hello everybody. Any chance to get this as an addon to switch option on/off? Would pledge if needed on Kickstarter or Indiegogo!
So what do you think?

@dontknowsquat

This comment has been minimized.

Show comment
Hide comment
@dontknowsquat

dontknowsquat Mar 23, 2017

hello fellow geeks well i did everything as proscribed in this and now when i run firefox ver 42 after i installed the following addons exts. from the links here
1)request policy
2) https every where
3) redirect control
4) proxy switcher

now in facebook, my email accounts, all the graphics radio buttons are all shown broken, any ideas before i change everything back ???
can i use an old profile jon file etc

dontknowsquat commented Mar 23, 2017

hello fellow geeks well i did everything as proscribed in this and now when i run firefox ver 42 after i installed the following addons exts. from the links here
1)request policy
2) https every where
3) redirect control
4) proxy switcher

now in facebook, my email accounts, all the graphics radio buttons are all shown broken, any ideas before i change everything back ???
can i use an old profile jon file etc

@dankles

This comment has been minimized.

Show comment
Hide comment
@dankles

dankles Apr 30, 2017

I now use this to enable/disable privacy about:config features. Thought you guys might find it useful.

dankles commented Apr 30, 2017

I now use this to enable/disable privacy about:config features. Thought you guys might find it useful.

@sergeevabc

This comment has been minimized.

Show comment
Hide comment
@sergeevabc

sergeevabc Jun 28, 2017

Typo to fix: browser.beacen.enabled=false -> beacon.enabled=false.

sergeevabc commented Jun 28, 2017

Typo to fix: browser.beacen.enabled=false -> beacon.enabled=false.

@vn971

This comment has been minimized.

Show comment
Hide comment
@vn971

vn971 Jul 24, 2017

@haasn @sergeevabc indeed, please fix the typo. (Feel free to delete my comment after an edit.)

vn971 commented Jul 24, 2017

@haasn @sergeevabc indeed, please fix the typo. (Feel free to delete my comment after an edit.)

@vn971

This comment has been minimized.

Show comment
Hide comment
@vn971

vn971 Jul 24, 2017

security.tls.version.min=1 -- this can be removed, it's already defaulted to 1.

vn971 commented Jul 24, 2017

security.tls.version.min=1 -- this can be removed, it's already defaulted to 1.

@kgbm3

This comment has been minimized.

Show comment
Hide comment
@kgbm3

kgbm3 Jul 28, 2017

@Najoj Ghacks does have a great user.js script, like you said.. It's at:

https://www.ghacks.net/2016/07/03/comprehensive-firefox-user-js/

"The most comprehensive Firefox user.js has been updated July 3, 2016" & there are, in fact, several URLs through which it's accessible.

^^ Similar to what @nodiscc had posted, a (custom) user.js

@calestyo it might help to mention what's missing like @MrYar has done: "Thank you for your work. Here's some suggestions for updates".
:)

I wanted to add (another) two links, just what I'd run into -recently- configuring Android 6.0 Firefox (Beta); trying to get the uBlock Origins WebExtension:

https://www.techworm.net/2016/02/12-coolest-firefox-aboutconfig-tips-and-tricks-to-protect-your-privacy.html
&
https://privacytoolsio.github.io/privacytools.io/#about_config

The last link is really (!) cool, it lists some very nice open-source apps!

kgbm3 commented Jul 28, 2017

@Najoj Ghacks does have a great user.js script, like you said.. It's at:

https://www.ghacks.net/2016/07/03/comprehensive-firefox-user-js/

"The most comprehensive Firefox user.js has been updated July 3, 2016" & there are, in fact, several URLs through which it's accessible.

^^ Similar to what @nodiscc had posted, a (custom) user.js

@calestyo it might help to mention what's missing like @MrYar has done: "Thank you for your work. Here's some suggestions for updates".
:)

I wanted to add (another) two links, just what I'd run into -recently- configuring Android 6.0 Firefox (Beta); trying to get the uBlock Origins WebExtension:

https://www.techworm.net/2016/02/12-coolest-firefox-aboutconfig-tips-and-tricks-to-protect-your-privacy.html
&
https://privacytoolsio.github.io/privacytools.io/#about_config

The last link is really (!) cool, it lists some very nice open-source apps!

@Thorin-Oakenpants

This comment has been minimized.

Show comment
Hide comment
@Thorin-Oakenpants

Thorin-Oakenpants Aug 29, 2017

@Najoj Ghacks does have a great user.js script, like you said.. It's at:

https://www.ghacks.net/2016/07/03/comprehensive-firefox-user-js/ [DO NOT USE]

https://github.com/ghacksuserjs/ghacks-user.js .. it has been at github for 6 months now. And instead of a one-man band and 6 monthly updates at ghacks, its now so much better "crowd-sourced" and massively superior to before, and always right up to date (stable) even with one character switches to flip on ESR 52.x preferences and loads more. That ghacks article should be removed

Thorin-Oakenpants commented Aug 29, 2017

@Najoj Ghacks does have a great user.js script, like you said.. It's at:

https://www.ghacks.net/2016/07/03/comprehensive-firefox-user-js/ [DO NOT USE]

https://github.com/ghacksuserjs/ghacks-user.js .. it has been at github for 6 months now. And instead of a one-man band and 6 monthly updates at ghacks, its now so much better "crowd-sourced" and massively superior to before, and always right up to date (stable) even with one character switches to flip on ESR 52.x preferences and loads more. That ghacks article should be removed

@Thorin-Oakenpants

This comment has been minimized.

Show comment
Hide comment
@Thorin-Oakenpants

Thorin-Oakenpants Aug 29, 2017

After a very quick casual glance, the above md contains quite some factual errors, such as safe browsing connecting to google, and quite a few deprecated preferences, although I fully understand it's an old unmaintained copy

Thorin-Oakenpants commented Aug 29, 2017

After a very quick casual glance, the above md contains quite some factual errors, such as safe browsing connecting to google, and quite a few deprecated preferences, although I fully understand it's an old unmaintained copy

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Sep 27, 2017

Great stuff you have! Some additional suggestions from my side...

Dear all!

Great stuff you have! Some additional suggestions from my side...

Please, have a look at https://github.com/gunnersson and, to be more precise, at https://github.com/gunnersson/my_Mozilla_settings !

That's my repo and project. There's no intention of bad rivalry, but just good competition by me. In fact, there are many users and repos at GitHub of similar idea and content.

But it would be my intention to bring them all a bit together for sharing and collecting.

Maybe, in this way Mozilla Firefox and Mozilla Thunderbird could be a real joy for many people...

Thank you and kind regards,

Gunner

ghost commented Sep 27, 2017

Great stuff you have! Some additional suggestions from my side...

Dear all!

Great stuff you have! Some additional suggestions from my side...

Please, have a look at https://github.com/gunnersson and, to be more precise, at https://github.com/gunnersson/my_Mozilla_settings !

That's my repo and project. There's no intention of bad rivalry, but just good competition by me. In fact, there are many users and repos at GitHub of similar idea and content.

But it would be my intention to bring them all a bit together for sharing and collecting.

Maybe, in this way Mozilla Firefox and Mozilla Thunderbird could be a real joy for many people...

Thank you and kind regards,

Gunner

@jawz101

This comment has been minimized.

Show comment
Hide comment
@jawz101

jawz101 Oct 4, 2017

if you want any preferences to sync across devices using Firefox Sync account, create additional config preferences with the prefix "services.sync.prefs.sync." and then set it to true.

ex:
create a new boolean for device.sensors.enabled
it would be
services.sync.prefs.sync.device.sensors.enabled
and set it to true.
then it'll sync across your devices. I don't think it will sync with mobile Firefox, though, but at least desktops. I've been doing this for a few years.

jawz101 commented Oct 4, 2017

if you want any preferences to sync across devices using Firefox Sync account, create additional config preferences with the prefix "services.sync.prefs.sync." and then set it to true.

ex:
create a new boolean for device.sensors.enabled
it would be
services.sync.prefs.sync.device.sensors.enabled
and set it to true.
then it'll sync across your devices. I don't think it will sync with mobile Firefox, though, but at least desktops. I've been doing this for a few years.

@jkollross

This comment has been minimized.

Show comment
Hide comment
@jkollross

jkollross Oct 9, 2017

network.IDN_show_punycode = true

stops IDN phishing

jkollross commented Oct 9, 2017

network.IDN_show_punycode = true

stops IDN phishing

@symbiogenesis

This comment has been minimized.

Show comment
Hide comment

symbiogenesis commented Jan 12, 2018

@popey456963

This comment has been minimized.

Show comment
Hide comment
@popey456963

popey456963 Jan 13, 2018

Waterfox is perhaps a better starting point for a secure and private Firefox.

popey456963 commented Jan 13, 2018

Waterfox is perhaps a better starting point for a secure and private Firefox.

@quantumproducer

This comment has been minimized.

Show comment
Hide comment
@quantumproducer

quantumproducer Jan 13, 2018

Hi, this sounds great. I can't use the latest Firefox (Quanutm) because of the annoying WHITE SCREEN FLASH and also, it breaks several plugins. Any recommendations for this?

quantumproducer commented Jan 13, 2018

Hi, this sounds great. I can't use the latest Firefox (Quanutm) because of the annoying WHITE SCREEN FLASH and also, it breaks several plugins. Any recommendations for this?

@hreese

This comment has been minimized.

Show comment
Hide comment
@hreese

hreese Jan 13, 2018

Source code for the pocket extension was open-sourced recently: https://github.com/Pocket

hreese commented Jan 13, 2018

Source code for the pocket extension was open-sourced recently: https://github.com/Pocket

@pharrington

This comment has been minimized.

Show comment
Hide comment
@pharrington

pharrington Jan 13, 2018

Isn't the answer to the implied question to use the Tor browser?

pharrington commented Jan 13, 2018

Isn't the answer to the implied question to use the Tor browser?

@CAFxX

This comment has been minimized.

Show comment
Hide comment
@CAFxX

CAFxX Jan 13, 2018

Funny that the stated goal of improving user privacy is undermined by the suggestions in this gist: by using non-standard configurations you are easier to track...

Also, I would advise against messing with your cryptography settings unless you know what you are doing (and, in case it wasn't clear, "I read it on a random gist" doesn't even come close to clear this bar).

CAFxX commented Jan 13, 2018

Funny that the stated goal of improving user privacy is undermined by the suggestions in this gist: by using non-standard configurations you are easier to track...

Also, I would advise against messing with your cryptography settings unless you know what you are doing (and, in case it wasn't clear, "I read it on a random gist" doesn't even come close to clear this bar).

@aaronpowered

This comment has been minimized.

Show comment
Hide comment
@aaronpowered

aaronpowered Jan 13, 2018

People please do not disable Websockets OMG

aaronpowered commented Jan 13, 2018

People please do not disable Websockets OMG

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Jan 13, 2018

Thanks for the info!

ghost commented Jan 13, 2018

Thanks for the info!

@nkkollaw

This comment has been minimized.

Show comment
Hide comment
@nkkollaw

nkkollaw Jan 13, 2018

"required to turn Firefox into a functional brower" should be "required to turn Firefox into a functional browser" ("browser", not "brower").

:-)

nkkollaw commented Jan 13, 2018

"required to turn Firefox into a functional brower" should be "required to turn Firefox into a functional browser" ("browser", not "brower").

:-)

@afontenot

This comment has been minimized.

Show comment
Hide comment
@afontenot

afontenot Jan 13, 2018

I maintain a fork with most of the important changes here, along with a PKGBUILD for Arch Linux users. I manage to get changes out within 24 hours, usually. https://github.com/afontenot/firefox-clean

@quantumproducer Hi, this sounds great. I can't use the latest Firefox (Quanutm) because of the annoying WHITE SCREEN FLASH and also, it breaks several plugins. Any recommendations for this?

You have to disable the background for tab render areas - it gets shown while the tab is in the process of rendering. Reddit thread about it here: https://www.reddit.com/r/firefox/comments/6hv7rk/how_do_you_disable_the_white_flash_on_opening_a/

afontenot commented Jan 13, 2018

I maintain a fork with most of the important changes here, along with a PKGBUILD for Arch Linux users. I manage to get changes out within 24 hours, usually. https://github.com/afontenot/firefox-clean

@quantumproducer Hi, this sounds great. I can't use the latest Firefox (Quanutm) because of the annoying WHITE SCREEN FLASH and also, it breaks several plugins. Any recommendations for this?

You have to disable the background for tab render areas - it gets shown while the tab is in the process of rendering. Reddit thread about it here: https://www.reddit.com/r/firefox/comments/6hv7rk/how_do_you_disable_the_white_flash_on_opening_a/

@guycalledfrank

This comment has been minimized.

Show comment
Hide comment
@guycalledfrank

guycalledfrank Jan 13, 2018

Hey, webgl and websockets aren't exactly bullshit. Perhaps more explanation about each option is needed, given some people can blindly copy these settings thinking they're just improving security without side effects.

guycalledfrank commented Jan 13, 2018

Hey, webgl and websockets aren't exactly bullshit. Perhaps more explanation about each option is needed, given some people can blindly copy these settings thinking they're just improving security without side effects.

@DwordPtr

This comment has been minimized.

Show comment
Hide comment
@DwordPtr

DwordPtr Jan 13, 2018

It'd be really cool to a shell script that can do all these things idempotently. It sucks switching computers.

DwordPtr commented Jan 13, 2018

It'd be really cool to a shell script that can do all these things idempotently. It sucks switching computers.

@casecoded

This comment has been minimized.

Show comment
Hide comment
@casecoded

casecoded Jan 14, 2018

It might be worth considering Brave browser. I recently switched over Firefox because it focuses on privacy. They are planning on integrating a TOR private browsing tab. Really good stuff and it's by the guy who made JavaScript.

casecoded commented Jan 14, 2018

It might be worth considering Brave browser. I recently switched over Firefox because it focuses on privacy. They are planning on integrating a TOR private browsing tab. Really good stuff and it's by the guy who made JavaScript.

@yb66

This comment has been minimized.

Show comment
Hide comment
@yb66

yb66 Jan 14, 2018

@CAFxX If you have a problem with any specific setting then say so, give your reasoning instead of dismissing settings vaguely and out of hand because it's a "random" gist, which has to be one of the worst reasons I could think of for ignoring information.

yb66 commented Jan 14, 2018

@CAFxX If you have a problem with any specific setting then say so, give your reasoning instead of dismissing settings vaguely and out of hand because it's a "random" gist, which has to be one of the worst reasons I could think of for ignoring information.

@hiragashi

This comment has been minimized.

Show comment
Hide comment
@hiragashi

hiragashi Jan 15, 2018

@casecoded .... "the guy who made JavaScript" is the man that was forcibly shamed into resigning as the CEO of Mozilla. A co-founder. Built it up and then they ejected him because at some stage in his life he legally donated his own private cash to a political party that others didn't agree with.

Isn't mob outrage and targetted smear campaigns just grand?

https://en.wikipedia.org/wiki/Brendan_Eich

also to haasn that owns this gist, you were told 2 years ago about a spelling mistake clear as day in the beacon setting and not a single thing has been done about it other than posting your links on social media platforms to spread the word on how great it is. Read your comments, think about what the person is writing and fix your shit up I guess. People are gonna come here blindly copy paste into about:config find that half the settings are missing and the other half dont show up because of blatant spelling mistakes and just look elsewhere for assistance

hiragashi commented Jan 15, 2018

@casecoded .... "the guy who made JavaScript" is the man that was forcibly shamed into resigning as the CEO of Mozilla. A co-founder. Built it up and then they ejected him because at some stage in his life he legally donated his own private cash to a political party that others didn't agree with.

Isn't mob outrage and targetted smear campaigns just grand?

https://en.wikipedia.org/wiki/Brendan_Eich

also to haasn that owns this gist, you were told 2 years ago about a spelling mistake clear as day in the beacon setting and not a single thing has been done about it other than posting your links on social media platforms to spread the word on how great it is. Read your comments, think about what the person is writing and fix your shit up I guess. People are gonna come here blindly copy paste into about:config find that half the settings are missing and the other half dont show up because of blatant spelling mistakes and just look elsewhere for assistance

@nick-andren

This comment has been minimized.

Show comment
Hide comment
@nick-andren

nick-andren Jan 20, 2018

Setting security.OCSP.require to true breaks a lot of functionality, particularly around anything related to Google, in case anyone was having trouble after applying some of these settings

nick-andren commented Jan 20, 2018

Setting security.OCSP.require to true breaks a lot of functionality, particularly around anything related to Google, in case anyone was having trouble after applying some of these settings

@CAFxX

This comment has been minimized.

Show comment
Hide comment
@CAFxX

CAFxX Jan 21, 2018

@yb66 if you re-read my comment you will find the reasoning for not using non-standard configurations is right there: because you are easier to track (and that defeats the implicit goal of most tweaks in this gist, see all the author's remarks about "avoiding fingerprinting" and "user privacy"). See e.g. https://panopticlick.eff.org/.

About my point about the random gist about cryptographic "suggestions": I'm sorry if I wasn't clear enough. Let me rephrase: you should never trust opinions about how to do or not do cryptography from sources that the cryptographic community does not consider to be respectable. I have nothing against the author of this gist but, as I stated, it does not come even close to clearing that bar. (note that a simple way for the author to clear that bar would be to provide references to respectable sources as to why he's changing cryptographic settings - something that is conspicuously missing from the gist)

I hope my comment is clearer now.

CAFxX commented Jan 21, 2018

@yb66 if you re-read my comment you will find the reasoning for not using non-standard configurations is right there: because you are easier to track (and that defeats the implicit goal of most tweaks in this gist, see all the author's remarks about "avoiding fingerprinting" and "user privacy"). See e.g. https://panopticlick.eff.org/.

About my point about the random gist about cryptographic "suggestions": I'm sorry if I wasn't clear enough. Let me rephrase: you should never trust opinions about how to do or not do cryptography from sources that the cryptographic community does not consider to be respectable. I have nothing against the author of this gist but, as I stated, it does not come even close to clearing that bar. (note that a simple way for the author to clear that bar would be to provide references to respectable sources as to why he's changing cryptographic settings - something that is conspicuously missing from the gist)

I hope my comment is clearer now.

@CounterPillow

This comment has been minimized.

Show comment
Hide comment
@CounterPillow

CounterPillow Mar 22, 2018

Webshitters are the modern-day Java corporate drones from the 00s.

Also Brendan Eich is a cunt.

CounterPillow commented Mar 22, 2018

Webshitters are the modern-day Java corporate drones from the 00s.

Also Brendan Eich is a cunt.

@Atavic

This comment has been minimized.

Show comment
Hide comment
@Atavic

Atavic Apr 16, 2018

Palemoon is the closest fork of Firefox with still some sanity in it.

Atavic commented Apr 16, 2018

Palemoon is the closest fork of Firefox with still some sanity in it.

@nukeop

This comment has been minimized.

Show comment
Hide comment
@nukeop

nukeop May 13, 2018

Palemoon developers thinks he's in a position to dictate what extensions users can or cannot install, which makes his browser automatically unfit for purpose.

nukeop commented May 13, 2018

Palemoon developers thinks he's in a position to dictate what extensions users can or cannot install, which makes his browser automatically unfit for purpose.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment