Firefox Stable gets option to show modified preferences on about:config only
Mozilla added an option to the about:config page of Firefox Stable that allows users to list only modified preferences. The organization launched the option in Firefox Nightly in February 2021 initially.
Firefox's about:config page can best be described as a treasure trove for users who want to modified browser preferences that are, for the most part, not displayed in the user interface options.
The configuration enables Firefox users to customize the browser heavily, for instance by enabling new features early or disabling unwanted features. The use of configuration files improves this further.
Modified preferences are displayed in bold on the about:config page, but there was no option until now to display only those using an option provided by Mozilla. While it is possible to use an hack using the Web Console of the Developer Tools to display only modified preferences, it is far from ideal and only a niche option.
Mozilla did launch a redesigned about:config page in Firefox 71, but it lacked some of the features of the previous version, including the ability to use deep links to preferences or sorting options.
When you open the about:config page in Firefox Stable right now, you will see an option to display only modified preferences. We tested this in Firefox 87 Stable, the latest version at the time of writing, and the option is there.
Just check the option in the upper right corner of the browser window to run a filter on all preferences. Firefox displays only those preferences that are modified in the interface.
Not all of these are user modified; in fact, the majority of returned preferences may have been modified by Firefox itself, and not by the user.
Still, for users who use about:config, it is a useful option as it enables them to go through the modified preferences quickly.
Tip: you do get a partial list on about:support as well, but the new option lists all modified preferences and most users will prefer it over the about:support option.
Closing Words
The option to display only modified preferences is a good addition that will help users of the browser that use about:config or configuration files.
Now You: Firefox users, do you use about:config?
“So much butthurt over triviality. What the fuck do you all do that requires both visiting about:config so often and the need to search pref values?”
Found the potential FF dev, LOL!
If I wanted to spend all day and night in about:config as the way it used to be, that should be my right. Making stupid changes to something that just works is beyond retarded.
> that should be my right
Entitled much? You get a free browser, you have NO RIGHTS … now STFU
> Making stupid changes to something that just works is beyond retarded
Ignorance is bliss. The changes were for a reason, and not for aesthetics. Maybe educate yourself.
> You get a free browser, you have NO RIGHTS … now STFU
There are so many wrong things with this that it was probably only stated to provoke replies, but because so many gullible people end up believing this shit after hearing it again and again, it’s not totally useless to explain how much it’s wrong.
First, the guy would probably say exactly the same thing if the malware was also paid for.
Second, it’s not free when one is the product. One would think that by 2021 people should know that. Firefox is almost exclusively funded by various private user data monetization schemes, the largest and most known one being search queries for Google.
Third, like often with people defending Mozilla’s actions, this defends implicitly the supposed “right” of Google and every other evil business to spy on people. Someone defending so vigorously the supposed “rights” of those dystopian businesses instead of the human right to privacy of their victims is either a collaborationist or a manipulated idiot.
@Anonymous
> You get a free browser, you have NO RIGHTS
Actually, they do. Have you forgotten about about:license?
@Anonymous
> You get a free browser, you have NO RIGHTS
You seem to forget that nobody is forced to use your shite. Enjoy having no market share.
Now restore about:config in browsers where you removed it, Google bitches.
Why is this page so ugly and slow now? I prefer the old look. It was fast and easy to follow.
I only use Firefox on my Ubuntu Linux desktop but honestly it feels like a relic of the 90’s sometimes. Not sure what Firefox’s priorities are anymore? They just seem obsessed more with selling privacy than anything else? If anything I would think a open source project on a open source OS would be a good thing. Well it once was, but I find myself using Chromium more and more.
Great browser,very helpful you can see only modified preferences.Too bad the upcoming Proton design change will be like a beautiful woman wearing the worst clothes imaginable.
Lol
This was a welcome improvement when it was released, and a good sign of progress by Mozilla. But, Martin, this is old news now. This functionality was released by Mozilla via the stable version of Firefox almost a month ago!
They added an option that the old interface already had (and was in a more practical form).
I always use to sort status “column” to show modified at the top. which always help to not scroll for long.
@kaskuser
It only works that way in the old implementation about:config.
The new one doesn’t have such a column, so they add this “crutch”.
Adding a somewhat useful feature instead of removing features? Finally!
Someone should tell the Firefox devs that their productivity in the eyes of the user is measured not in how many features they remove but in how many they introduce. Where are vertical tabs? Where’s the option to remove the titlebar in Windows? I can do both of these with userchrome.css and an extension.
Where’s the option to add websites as web-apps like it can be done in Chromium browsers? I know this exists but it’s not as mature as in Chromium browsers.
Maybe focus on bringing those features instead of removing compact mode.
@Pedro
> Where’s the option to add websites as web-apps like it can be done in Chromium browsers? I know this exists but it’s not as mature as in Chromium browsers.
https://old.reddit.com/r/firefox/comments/l5ylcs/firefox_stops_working_on_progressive_web_app/
Pop out the champagne, Mozilla devs had **(re-)added** a new feature to their browser!
Brave’s fingerprinting protection (like everything else it does) is complete shit
– canvas still leaks over a year after implementation
– all the randomizing can be detected so it adds nothing a static value does
– it is still highly fingerprintable – see https://yinzhicao.org/fpmeasurement/imc20.pdf for a real world study
table one
– fonts alone is 115 thousand distinct groups
– languages is 14 thousand
– pixel device ratio is another 2 thousand
– Brave does nothing for these (and leaks canvas), and doesn’t even protect numerous others like screen
– a fucking shit show
Instead Brave focused on audio (114 results) and canvas (broken) and user agent (it’s not hard to bypass additional spaces and do feature detection). Fuck, they can’t even hide they are Brave and what level the shield is on.
Fucking shit show, people! It’s a shit show! Don’t be surprised, Brave is not a browser company, they’re an advertising company. They couldn’t engineer an engine if they wanted to. They are beholden to google and chromium and their patches are already falling apart
NEWS ALERT: BRAVE LEAKS CANVAS AND IS SHITE AT FINGERPRINTING
https://github.com/brave/brave-browser/issues/12453 – fucking hell, Iron Heart doesn’t even know his own product – except he does, he’s been show this before many times, but chooses to selectively feign ignorance and attack the messenger
ALSO: Brave is shady as fuck
@Anonymous
I don’t know what you want? This is clearly unintentional and will get fixed:
https://github.com/brave/brave-browser/issues/12453#issuecomment-721324039
Rome wasn’t built in a day, Brave’s fingerprinting defenses are a WORK IN PROGRESS. I hope you only use leak-free browsers, oh wait, you don’t:
https://bugzilla.mozilla.org/show_bug.cgi?id=1405971
> ALSO: Brave is shady as fuck
At least they don’t steal user’s browsing history via spyware yet:
https://www.zdnet.com/article/firefox-tests-cliqz-engine-which-slurps-user-browsing-data/
Mozilla’s track record is clearly much worse than that of Brave and it gets recommended by its fanboys here all the time. What’s the matter?
It has now been ZERO days since Iron Heart mentioned Cliqz
Cliqz happened three years ago but Iron Heart can’t move on. It’s one of his few favorite BULLSHIT LIES he likes to spread so he can twist his narrative
According to a Brave employee who worked at Cliqz, Iron Heart is full of SHIT
https://news.ycombinator.com/item?id=26331756
> There was no tracking on Cliqz, nor it will be any in Brave. To know more about the underlying tech of Cliqz there are interesting posts at https://0x65.dev, some of them covering how signals are collected, data, but no tracking. I did work at Cliqz and now I work at Brave. I can tell for a fact, that all data was, is and will be, record-unlinkable. That means that no-one, not me, not the government, not the ad department can reconstruct a session with your activity. Again, there is no tracking, full anonymity, Brave would not do it any other way.
https://news.ycombinator.com/item?id=26333446
> Mozilla never did such a thing. The browsing history was never sent in any shape or form. As the journalistic article you quote states, Mozilla put in place the HumanWeb[1,2,3], which was a privacy preserving data collection which ensured record-unlinkability, hence no session or history. Anonymity was guaranteed and the framework was extensively tested by privacy researchers from both Cliqz and Mozilla. Disclaimer: I worked at Cliqz.
>
> [1] https://0x65.dev/blog/2019-12-02/is-data-collection-evil.html [2] https://0x65.dev/blog/2019-12-03/human-web-collecting-data-in-a-socially-responsible-manner.html [3] https://0x65.dev/blog/2019-12-04/human-web-proxy-network-hpn.html
When you mention how supposedly “shady” Brave Software is (of course without any kind of source given), I feel that it is necessary to point at past Mozilla transgressions to put your meager claims into context. Good bot.
Once their propaganda is calmly dismantled and cant deflect from hypocrisy anymore, they resort back to over emotional faux outrage, ad hominem / nebulous jibes and finally the cancel whistle (how curious). Gj staying calm and airing the embarrassments in response Iron. Hilarious and insightful.
@Anonymous
So much misinfo in one comment, wow, kudos…
> canvas still leaks over a year after implementation
Source? Even if so, don’t you think they will be fixing that? Every browser has leaks.
> all the randomizing can be detected so it adds nothing a static value does
Of course it can be detected!? What did you think? RFP in Firefox is also 100% detectable. And yes there is a value in randomization which is to destroy the otherwise static values and thus the canonical fingerprint.
> it is still highly fingerprintable – see https://yinzhicao.org/fpmeasurement/imc20.pdf for a real world study
There are in fact studies showing its effectiveness once fully flashed out:
https://dl.acm.org/doi/abs/10.1145/2736277.2741090
https://hal.inria.fr/hal-01527580/document
I could comment on the fact that you are analyzing fingerprinting defenses that are not yet complete, but I won’t, because it would be to no avail.
> Instead Brave focused on audio (114 results) and canvas (broken) and user agent (it’s not hard to bypass additional spaces and do feature detection).
Yeah, when implementing something, of course you have to start somewhere and apply some focus? The other things you mentioned are clearly on the radar:
https://github.com/brave/brave-browser/issues/11770
> Fuck, they can’t even hide they are Brave and what level the shield is on.
No browser can hide the fact that it is itself. Not even Tor Browser can hide that it is the Tor Browser and doesn’t attempt to. This is an unattainable goal.
If randomization can be detected, it follows that the degree of randomization can also be detected (or as you would put it, “what level the shield is on”). I have already explained why it is useful no matter the fact that it is detectable (no canonical fingerprint emerges).
> Brave is not a browser company, they’re an advertising company.
That is not even a contradiction. And Brave Rewards are totally unrelated to the fingerprinting defenses. In fact, it is in Brave’s best interest to make fingerprinting as hard as possible so that advertisers have to consider its more privacy-friendly internal model, because they are supposed to be unable to track Brave users. That’s the basic idea.
> They couldn’t engineer an engine if they wanted to.
Why reinvent the wheel? For what exact reason? So that nobody uses your product because it is much inferior and you as a company just die? Sorry, but this is already happening to Mozilla and there is no need to rinse and repeat.
> They are beholden to google
No. That they are using Google code in their product does not mean that Google has any influence on their business decisions. That’s like saying all the ungoogled versions of Android / custom ROMs are “beholden to Google” just because they happen to be based on Android. Totally idiotic.
If anything, the business relationship between Google and Mozilla is very strong because there is a clear financial dependency situation. Not that it matters…
> and chromium
Yep. And I’ve already told you why they (had to) pick it. No need to die alongside Firefox.
> and their patches are already falling apart
Source given: My ass.
@6:37
much emotion mate, went off like a flashbang. You arent using something financed mostly by google by any chance are you? the “advertising company”, with ads of course, oh and google connections and trackers and addon code, and advertising ids, and user ids.. the list goes on, and on. Brave is probably the least of your problems because 1) doesnt seem like you use it, 2) you probably use something much worse? So why the blinding outrage?
@ShintoPlasm
about:config is what Firefox users need to “fix” the godawful default privacy level and to feel like total pros while doing so. Once Mozilla decides that you are not supposed to do that anymore (as they did on Android), it will be hilarious.
@Iron Heart, don’t worry Firefox Beta has about:config option(it always had even before main Firefox got version 78 update), Fennec and Iceraven as well. And it will eventually make its way to main Firefox as well. For now one can install add-ons, infact even now its fingerprint is more generalised than say Brave.
@Yash
> Fennec and Iceraven as well
I was talking about “Firefox”, you know, the browser which most FF users download from the Google Play Store. The others don’t have many users and never will have many users because no visibility on the Google Play Store and because of their brand.
> And it will eventually make its way to main Firefox as well.
No. It was in Firefox on Android until version 68.x and then Mozilla specifically removed it.
> For now one can install add-ons
Not even a quarter of the available add-ons. The only browser that can run all extensions is Kiwi. Those are the facts.
> infact even now its fingerprint is more generalised than say Brave
It’s not enabled by default on Android, can’t be enabled because no about:config, and even if you can enable it in some obscure fork, you will be pretty much unique when you do. Just great.
@Iron Heart, don’t worry like I said Firefox main version will get about:config option like it had it before version 78(although I have to admit why the hell does the developers have not enabled it until now when Firefox Beta had it from day one). Also about fingerprint I suggest you to visit Browserleaks.com with no add-ons and with default settings in main Firefox and then do the same with Brave(in Brave you can even change settings in chrome://flags assuming you can change many if any alart from hiding device name) and then compare them to see which Browser reveals more. I think you will get the answer.
@Yash
I have not seen any announcement from Mozilla about restoring about:config. This is your speculation and nothing else. Mozilla has deliberately removed it. That is a fact. They haven’t extended user control for ages, so your optimism is most likely misplaced. They do not want you to touch their configuration.
You still subscribe to the idea that reducing the attack is making fingerprinting harder. This is definitely false:
“Providing the offer to disable features to reduce attack surface can be useful. Doing it to prevent fingerprinting is utter nonsense since by changing any settings that sites can detect you have made yourself far more easily fingerprinted. Disabling WebRTC and WebGL would make you far easier to fingerprint, not harder. These sites encouraging things like that is a problem.”
source: https://old.reddit.com/r/GrapheneOS/comments/ciizae/vanadium_and_bromium_privacy/ev6m2ot/
Nothing more needs to be said about this.
The “which one reveals more” discussion is utter garbage, especially if what you currently have are not the default values. These are changes you have made yourself and this is 100% detectable. This is DUMB and COUNTERPRODUCTIVE. I need to use strong wording here because you simply don’t get it.
@Iron Heart
Maybe its time for you consider your facts as well because you said Kiwi Browser has all add-ons. Haven’t you heard about Iceraven or it doesn’t qualify because its not using Chromium and is maintained by a good guy not trying to change the world but instead trying to maybe help a few other regular users(Bromite developer is also good guy trying to help few folks-I’m mentioning him because otherwise maybe you use strong language saying Oh look that guy hate Bromite).
@Yash
> Install Firefox and Brave and browse the same website in its default configuration but I suppose you misread that, I even gave you a choice to change Brave default settings if you want and then compare both results to Firefox, but then maybe you always talk on extreme levels.
And? Care to cite a value which Firefox doesn’t provide by default but which Brave provides? Good luck finding any. At least Brave’s default values are already randomized whereas Firefox just states the real static values.
> According to your reply on “Brave FLoC page†you were fine with default settings in Brave when talking about Fingerprint but then when I started talking in facts you simply stopped replying because you didn’t had anything to say.
Dude, you should interpret less and listen more. I am not your fact checker, and yes, sometimes I have better things to do than to reply to every single rambling, considering that I am already occupied dealing with people like @Anon7 who never tire in repeating their same old fake news. Has it ever entered your mind that I am just burned out at this stage?
I will be replying as a gesture of good will even though I see no reason to, just to deny you the non-argument of me supposedly “having nothing more to say”.
> By the way if you understand a little bit of fingerprinting, its mostly done to reduce certain features to not only improve privacy but also to reduce attack surface.
No, fingerprinting is about denying advertisers the real canonical values and not sticking out among other users of the same product while doing so. By altering Firefox’s config, you achieve the former but miserably fail at the latter, hence:
“Providing the offer to disable features to reduce attack surface can be useful. Doing it to prevent fingerprinting is utter nonsense since by changing any settings that sites can detect you have made yourself far more easily fingerprinted.”
You think you’ve improved your privacy by disabling various stuff? You haven’t. You have drawn attention to yourself and you are sticking out among the crowd. It’s very important that browsers do these things BY DEFAULT so that you do not stick out! Look at Tor or (to a lesser degree) Brave for more info.
PS: If you think any new browser project meaning to gain market share will choose ever declining Firefox as its base, you are delusional. If Mozilla can’t save it despite a huge head start which they managed to have as a result of the Internet Explorer era, then nobody else will. Good riddance.
@Iron Heart
“REAL static values” provided by Firefox than Brave’s random values, what are you smoking? Would you care to elaborate or mention some specific ones (assuming you know many if any, mentioned by your websites full of knowledge) in Firefox default state nevermind Hardened one?
Me being more unique after using a Hardened version of Firefox, well I am waiting for ads(personally I have no issue with ads-but their popup nature, personalized form is disgusting, hence I allow them only in certain websites and its not hard as not all websites show personalized ads) or tracking scripts to run in my browser and say to me GOTCHA, plus do you know that tracking occurs in more form than Fingerprinting which also includes CDNs and images shown on websites!
As for Firefox being a dying browser, I’m anxiously waiting for that day when Firefox will have to remove all content blocker add-ons because of newer Google API version, but in someone’s dream rather than in reality.
You’re just another typical user(possibly Twitter type which are in fashion these days) who thinks he knows everything because hey look that browser is bad but never going in detail when asked for issues and then go in defend mode when questioned about your favourite browser which is not quite that good.
@Yash
> “REAL static values†provided by Firefox than Brave’s random values, what are you smoking?
???
If you don’t enable Firefox’s fingerprinting defenses, it will report the real values and they are static in nature. When you do enable RFP, you are sticking out among Firefox users.
One of the reasons why Tor exists as a separate project, by the way. Defaults matter.
> Would you care to elaborate or mention some specific ones (assuming you know many if any, mentioned by your websites full of knowledge) in Firefox default state nevermind Hardened one?
https://browserleaks.com/
Reports the real values when the fingerprinting defenses are off in each of the tests. “Hardened Firefox” does not even exist. What does exist are some idiots playing around with Firefox’s settings, ending up highly unique, failing to understand why the browser has to do this by default (like e.g. Tor does).
> Me being more unique after using a Hardened version of Firefox, well I am waiting for ads(personally I have no issue with ads-but their popup nature, personalized form is disgusting, hence I allow them only in certain websites and its not hard as not all websites show personalized ads) or tracking scripts to run in my browser and say to me GOTCHA, plus do you know that tracking occurs in more form than Fingerprinting which also includes CDNs and images shown on websites!
You won’t see ads because you run an adblocker, and yes, several lists like EasyPrivacy also block the most popular fingerprinting scripts. You can run an adblocker in any browser, including Chrome and Edge. That doesn’t mean that your concept of “hardening” is not erroneous. It’s unrelated.
I am aware of other forms of tracking including CDNs, why do you think I recommend extensions like LocalCDN here? Just for fun?
> As for Firefox being a dying browser, I’m anxiously waiting for that day when Firefox will have to remove all content blocker add-ons because of newer Google API version, but in someone’s dream rather than in reality.
They’ll implement Manifest V3 as well, lol. Wait and see. The goal of WebExtensions was and is API parity with Chromium.
By the way, I was referring to FF’s market share here, which is, at this stage, a total irrelevancy. If web developers do not test their work for your browser, the experience can and will be shitty. It’s bound to happen because why bother for a loud minority amounting to 4% of all users. Not worth the effort. The cracks are already showing (no Microsoft online service runs in Firefox).
@Iron Heart
Its getting boring now. You said default settings are better for avoiding fingerprinting in Brave than hardened Firefox. Then I said to compare even default settings of Firefox to Brave on Browserleaks.com, then you said something that is totally wrong – Firefox reveals “REAL Static values” and then when I ask to mention some real default values or name specific ones, then you said to visit Browserleaks.com which I mentioned in the first place. Wow back to square 1.
You mention RFP is bad for fingerprinting without taking into account that it hides timezone and browser version updates(and much more values which change in every browser let alone Firefox when they get a new update), so its more effective in Dynamic Fingerprinting tools as unless Firefox changes Font numbers, one would always be able to hide some information which will otherwise be visible regardless even if someone is not using RFP or using any other browser. Also I don’t understand your concept about Fingerprinting as you said even Tor can’t hide its a Tor, well no browser not one(atleast in real world) can hide its true form, Its impossible but what possible is to limit some fingerprinting especially dynamic one.
If you don’t have something new to say(something about real values revealed by Firefox) or any fact which is valid in real world situations, don’t even bother replying, its getting boring as Brave(although better than Chrome) leaks more information than Bromite nevermind any form of Firefox-default or hardened.
@Yash
> You said default settings are better for avoiding fingerprinting in Brave than hardened Firefox.
Yeah. Because Brave slightly randomizes the values whereas Firefox reproducibly leaks the true values in its default state (without RFP) across sessions.
> then you said something that is totally wrong – Firefox reveals “REAL Static valuesâ€
This is not wrong. Firefox does not alter the output if RFP is disabled. It reports the real values in a static (reproducible) way, so no randomization or altered output.
> then when I ask to mention some real default values or name specific ones
This is a pointless exercise because Firefox does not alter the output at all, so all I do here is mentioning some identifiers:
– Screen resolution
– Window dimensions
– Interface Language
– Time Zone
– System Fonts
– The entire WebGL output
– Canvas Signature
– Plugin support
Firefox leaks the real values for all of those without RFP because RFP IS DISABLED, what do you expect?
> You mention RFP is bad for fingerprinting without taking into account that it hides timezone and browser version updates(and much more values which change in every browser let alone Firefox when they get a new update), so its more effective in Dynamic Fingerprinting tools as unless Firefox changes Font numbers, one would always be able to hide some information which will otherwise be visible regardless even if someone is not using RFP or using any other browser.
Again, I need to repeat (*boring*): It is 100% detectable that you are using RFP, it is 100% detectable that you are not using the Tor Browser Bundle, but rather a modified Firefox. How many people use a modified Firefox? Below 1% of all Firefox users would be a generous estimate. You are UNIQUE wherever you go.
Timezone hidden is useless because your IP address is still leaking and revealing your location and thus timezone. Lying about the browser version can be circumvented by doing feature detection (newer versions of FF support more features) and is thus ineffective.
And again, reducing the attack surface by hiding certain output (if at all effective, see above) is NOT making you LESS unique, in fact it is making you MORE unique. Why is this so hard to understand? You stick out with this output because hardly any other Firefox user bothers to enable RFP (it is not the default).
> Also I don’t understand your concept about Fingerprinting as you said even Tor can’t hide its a Tor, well no browser not one(atleast in real world) can hide its true form, Its impossible but what possible is to limit some fingerprinting especially dynamic one.
Tor can’t hide that it is Tor, however, all Tor users look the same thanks to RFP (unless they soften the settings in some areas, which might happen because of encountered breakage). The information that you are using the Tor browser is useless to advertisers because every other Tor user should (in theory) have the same output.
Now look at Firefox: Hardly anyone uses RFP, advertisers can tell that you are not using Tor = Shit.
It is neither possible nor desirable that e.g. Brave would try to hide that it is Brave. This is not possible for various reasons. What matters is uniform behavior, e.g. all Brave users randomizing or all Tor users producing the same type of fingerprint. This is not the case with Firefox, Firefox users doing this are few and far between. Please understand this.
> If you don’t have something new to say(something about real values revealed by Firefox) or any fact which is valid in real world situations
Dude, I am hinting at the real world implications of your setup the entire time, but you refuse to listen and you refuse to understand. Reducing the attack surface is not the same as becoming less unique! With a reduced attack surface, you are becoming MORE unique. Solution: Use a browser that takes these precautions by default(!!!), because then other browsers of the same type you use will behave in the same way.
Trying to “fix” Firefox to fight fingerprinting is a pointless exercise.
@Iron Heart
I can safely say that about Browser Fingerprinting we both along with countless others have contrasting views and that’s fine.
But first thing about RFP – say you are visiting particular website A and logging in to access some features, now as you know every website logs data about its users(nothing alarming) browsers for security purposes and whatnot. What RFP does is it hides user behaviour namely its browser updates and some common things so if that user has performed a browser update to new version, it would be hidden from that site unless that browser update has changed some things in Fonts for which disabling JS is only option. If that user was not using RFP in first place, then the browser update will be clearly visible in User Agent(first thing any website checks apart from gHacks obviously). RFP does many things to reduce DYNAMIC fingerprinting but I have only used this simple example. And so about RFP making a user more unique, well unless a particular user is not updating its browser in months to avoid things to change automatically if RFP is disabled, then browser’s old version alone makes him vulnerable to more things than fingerprinting. More often than not, by using dynamic fingerprinting techniques, user behaviour and many more things can be easily revealed. This whole thing is pointless for someone believing only in Static fingerprinting speaking of which Brave doesn’t even hide device name and happily reveals detailed browser version and submit random values which can easily be uncovered as it doesn’t hide Canvas, Timezone which are top targets for fingerprinting.
As for Firefox revealing real values in certain columns, here’s a suggestion, fingerprint of different browsers when compared to each other is different and so font fingerprint in Firefox is different to chromium browsers but standard among Firefox browser with or without RFP. Same goes for plugins, language and all things you mentioned above apart from WebGL which yep Firefox doesn’t hide but then I know I’m on which side if I have to choose between Device name or GPU and timezone, to hide timezone main Firefox for Android does not support about:config but as I said above options are there if you need that functionality but then Brave doesn’t allow changing timezone also. One more thing, WebGL is a potential security issue and so I would better turn it off which again Brave doesn’t allow, but Bromite does.
About this whole Brave vs Firefox thing, Brave is better than most browsers(and no its not made by venture capitalist to spy on users – many other browsers deserve that tag) no doubt about that, but my point is its still has to solve some common issues and a quick look at Bromite would tell you what issues I’m talking about.
@Yash
> it would be hidden from that site
I don’t think RFP shields you from feature detection, correct me if I’m wrong. Tor uses Firefox ESR and the user agent that is output by RFP (default in Tor) matches the actual browser version in their case. In Firefox, RFP spoofs an older version (last ESR) than what is actually installed and this can be detected, one of the reasons why Tor avoids the regular monthly Firefox releases.
> Brave doesn’t even hide device name
I don’t think that this is a) sensitive information that MUST be hidden and b) it is still possible to detect your device even if it is not appearing in the user agent. Some values which could still reveal your device:
– Screen resolution (especially exotic resolutions)
– Amount of installed RAM
– Hardware concurrency / CPU core count
– GPU model revealed via WebGL
– Android version (especially point releases only used by a specific manufacturer)
Given that, I think hiding the device name in the user agent is a pointless exercise unless all of these can be reliably spoofed.
> happily reveals detailed browser version
Can be easily detected via simple feature detection anyway, even if not given in the user agent. Pointless exercise to hide this.
Plus, some websites demand a specific minimum browser version given via UA and they would break if you hide this, some admins are simply too stupid to do simple feature detection. So there are also web compatibility reasons for revealing this.
> font fingerprint in Firefox is different to chromium browsers but standard among Firefox browser with or without RFP
Last time I checked only Safari on Apple systems always reveals a static set of fonts no matter which fonts are actually installed. Firefox, at least without RFP, reveals all installed fonts and those might vary across systems.
> Brave doesn’t allow changing timezone also
Why would they? Your timezone is revealed via your IP address as well, so unless you use a VPN that matches the altered timezone, this is a pointless exercise. Change the browser language and system language (and system clock) as well to make it more believable, lol.
By the way, I don’t know where you live, but if it’s not some hardly populated area in the Pacific, your timezone shouldn’t be a strong identifier even when revealed. I am sure there are many other Brave users in your timezone.
> One more thing, WebGL is a potential security issue
Yeah, and disabling it is a potential web compatibility issue. There is no optimal solution here.
> a quick look at Bromite would tell you what issues I’m talking about.
I have nothing against Bromite, it’s a fine browser. Whether you are better of with it in the end or rather end up highly unique is up for debate, though. How many users does Bromite have? I am sure it can be differentiated from Chrome (going by the things you cited, hidden device name, hidden network type etc.), so this topic is relevant. The crowd of Brave users is the bigger crowd to hide in for sure.
You still seem to subscribe to the idea that not revealing certain info is always a net positive, but it is not. When the info is usually revealed and only you hide it, this will be noticed by advertisers and you are easily re-identified (because nobody else bothers to hide this, haha). I also don’t quite understand why hiding the device type (especially with popular models) or the timezone (which is not a strong identifier in most areas of the world) is somehow important to you? Hiding for the sake of hiding might be detrimental because of the mentioned uniqueness that this generates.
I can understand this in such cases like e.g. the referrer header, it is unnerving that websites you navigate to get to know the prior website you were on, this really is personal info and none of their business. To fix this, all browsers have switched to a strict origin when cross origin policy by now, this is a non-issue these days. Just one example where I think it makes sense to hide info. Device type and timezone are definitely not worth hiding IMO because they are not exactly personal info and are also not exactly strong identifiers either considering how many people likely share your given values.
The iceraven dev may have pure intent but hes unable to remove the google connections inside android firefox, sadly making the project dead and pointless :( There is no point to gecko/fenix/whatever if its boobytrapped, not being used for anything good and google sits inside. All mozilla do is fool around, make mistakes and engage in information warfare stirring chaos (they have a specialist to do just that btw). Theyre ridiculous, puts everyone at risk.
@7:39
While I would not agree on your Mozilla pessimism(and Iceraven google connections-only connection I found was safebrowsing api but then you’re welcome to suggest what I missed) but hey everyone including me and you can have an opinion.
Iceraven developer is sadly right now alone, he has a dayjob, no problem with that and so he can only do what he can in his free time, but then that’s life.
Rather than believe in one giant monopoly which most people does forgetting all the knowledge is not just in the minds of Few unethical folks, things constantly evolve, I would rather keep an eye on other developers(to not track them lol).
@Iron Heart
If you want to live in your bubble fine then, I live in mine peacefully but I don’t have to use strong words because what I said above was simple. Install Firefox and Brave and browse the same website in its default configuration but I suppose you misread that, I even gave you a choice to change Brave default settings if you want and then compare both results to Firefox, but then maybe you always talk on extreme levels. According to your reply on “Brave FLoC page” you were fine with default settings in Brave when talking about Fingerprint but then when I started talking in facts you simply stopped replying because you didn’t had anything to say. By the way if you understand a little bit of fingerprinting, its mostly done to reduce certain features to not only improve privacy but also to reduce attack surface. Did madainwhatever website or any reddit thread told you that?
But then I suppose maybe you are all about strong words only.
*attack surface
>>> Firefox users need to “fix†the godawful default privacy level
Dear Sir
Oh … if that makes you feel superior, it may have saved the live of some little kitten in your neighborhood. That’s fine … but listen, there is also some whispering on the grapewine, that Brave will soon abandon Chromium because of the FLoC-Apocalypse.
Mozilla engineers offered them already first aid on “How to fork Firefox for Dummies”.
Sober up … be nice to the little kittens in your neighborhood and enjoy your future “default privacy level” leveled up.
Yours faithfully
>Brave will soon abandon Chromium because of the FLoC-Apocalypse
Well it would certainly be a step in the right direction if they did.
@Anon7
While I would not necessarily say Brave is bad or that it should not be based on Chromium, it would be nice to see it based on Firefox. Afterall Iceraven is one browser which doesn’t have huge team behind it. And I’m sure Brave can do the same and it wouldn’t take a hell lot of time and huge funding, but then I’m not a developer so I can’t say about hard work done in that field.
The thing is most people I know even in my personal life don’t even believe in Fingerprinting, tracking and other shady things and that’s the same for many in the world. They see personalised ads and say sowhat. And I’m sure you have seen that Mark Shitterberg clip where he says something about privacy and crowd cheered and I was thinking Wow those people are really dumb. Funny thing is those guys are majority. Those folks are normies and for them a step away from Chrome or any other giant monopoly is a boost for their privacy assuming they believe in privacy.
@Anon7
> Well it would certainly be a step in the right direction if they did.
It would be suicide. Dying alongside Firefox. Which is why they didn’t pick it in the first place. It has no future.
@Emil Brausewetter
> there is also some whispering on the grapewine, that Brave will soon abandon Chromium because of the FLoC-Apocalypse.
Source given: My ass. As always.
You would be halfway credible if Brave had not already disabled FLoC: https://github.com/brave/brave-core/pull/8468
> Mozilla engineers offered them already first aid on “How to fork Firefox for Dummiesâ€.
Basing one’s product off a dying engine = economical suicide.
As understandable as it is that you finally want to see a Gecko-based browser with actual growth, because it might save Deplatformingfox in your mind, that doesn’t mean it will ever happen.
That’s cool.
My only problem is how crappy looking about:config is since they’ve changed the display. Now I have to go to:
chrome://global/content/config.xhtml
in order to view about:config as it should be.
So much butthurt over triviality. What the fuck do you all do that requires both visiting about:config so often and the need to search pref values?
Look I also use Firefox, but we are humans right, not robots. So naturally we’re gonna be a little bit uneasy if something changes lol.
chrome://global/content/config.xhtml
Doesn’t work any more in Firefox 87…