12bytes site updates, 5-Jan-2019

user-overrides.js

My user-overrides.js for Firefox was heavily updated. If you’re new to all this, this file is intended to be appended to the ‘ghacks’ user.js which is then read by Firefox. The ‘ghacks’ file greatly enhances Firefox security and privacy, but it is not a complete solution, thus why i (and others) have written a couple of guides which cover a much wider scope, details below.

Firefox Configuration Guide for Privacy Freaks and Performance Buffs

The Firefox Configuration Guide for Privacy Freaks and Performance Buffs was also heavily updated. Currently the guide in a state of flux as i attempt to finalize how to make more efficient use of the Firefox ‘container’ feature and what add-on(s) offer the best options for working with containers.

Containers, if you are not aware, better isolate websites from one another which is great for privacy. Depending on how they are configured, each container can hold most of the data stored by Firefox for each website/domain in separate ‘boxes’ that are isolated from one another. This is similar to First Party Isolation (FPI) which can be toggled with the ‘privacy.firstparty.isolate’ preference (currently disabled by default up to Firefox v64). Containers become even more like FPI when you use the Temporary Containers (TC) add-on which has the ability to automatically create empty containers for every domain you visit and then trash them after you leave, something FPI doesn’t do. This solves the problem which every storage/cookie cleaner currently faces in that none can clear all storage (IndexedDB for one) on a per-domain basis because of shortcomings with the WebExtension API.

There are problems with containers however. Since most of the stored data in each container is separated from other containers, the browser may have to re-download and store multiple copies of certain resources, such as common JavaScript libraries delivered by a CDN, though in this particular case the Decentraleyes add-on alleviates much of the problem.

Another problem — and one which is currently giving me a headache, backache and side-ache — is when you want to allow a website to store data, such as cookies, so you can save settings for that particular site. Or how about websites like addons.mozilla.org (AMO) which use a completely different domain for the log-on process? If you keep them in separate containers, the log-on fails because site (a) can’t ‘talk’ to site (b).

When using the Temporary Containers add-on and configuring it so that it opens all domains in new disposable containers, these problems become a PITA because TC apparently doesn’t offer any method by which you can assign domains to a permanent container, at least not without a hassle. Even the TC page on AMO indicates that yet another add-on, Firefox Multi-Account Containers (MAC), is required for this seemingly trivial job as described with the AMO site. And even with MAC installed, the process is still pathetically counterintuitive.

And so this is why the advanced Firefox config guide is in a state of flux until i can get all this worked out in such a way so that it’s easier for my readers to use containers. So you may want to hold off on adopting any of the new changes unless you want to have a shot at dealing with containers, but if you do, please let me know if you find more intuitive ways of dealing with them.

Visit the guide to see the full change-log.

The Firefox Privacy Guide For Dummies!

The Firefox Privacy Guide For Dummies! is a new guide aimed at the ‘not so technically inclined’ audience for increasing Firefox security and privacy. It uses a subset of techniques from the advanced guide, as well as some originals, and is written in such a way as to be less boring.

Most of the tech lingo and detailed explanations are absent and the whole container mess is avoided, for now, and, instead, website isolation is accomplished using Firefox’s built-in First Party Isolation.

Since the ‘dummy’ guide was just published, there’s likely going to be some/many mistakes corrected and oversights addressed in the following weeks, after which it will become more solidified. Again i welcome any feedback you may have.

RAM it!

Just a reminder…

Left to their own devices, web browsers are happy to beat the hell out of your storage media by constantly writing and erasing data for the various storage methods they employ. I believe this issue is further amplified with containers which, i suspect, are going to be permanently featured in one or both of my Firefox config guides.

Regardless of whether you use containers or not, i would recommend considering storing your Firefox profile in RAM and creating automatic backups. There are more advantages to doing so than just speed. You’ll find some info in the advanced guide, though it benefits Linux users primarily. With Windows you’re kind of on your own since i don’t use it, but i do remember finding a very good freeware ‘RAM disk’ program that did the job and kept backups.

12bytes Site updates, 26-Dec-2018

The Firefox Configuration Guide for Privacy Freaks and Performance Buffs guide has been updated and more updates are coming. My user-overrides.js was overhauled as well (you’ll find a link to it in the guide).

A ‘for dummies’ version of the guide is nearly complete. It’s titled The Firefox Privacy Guide For Dummies! and i had some fun writing it. A new relaxed_user-overrides.js has been created to mesh with the new guide. You can preview that on my GitLab repo.

In a rather important shift, i am no longer disabling First Party Isolation (FPI) in the ‘ghacks’ user.js, but then i started researching more about FPI and i bumped into this. I have been avoiding the Temporary Containers add-on for some time thinking it really didn’t offer much that couldn’t be accomplished with Firefox prefs and add-ons i was already using, however reading that thread on GitHub convinced me to install it and i’m testing it now.

Another change to the (advanced) guide is that i dropped Cookie AutoDelete as it is no longer necessary given other changes that were made. With the temp containers add-on, it becomes even less necessary and i’m not sure FPI is making a lot of sense either so i may again disable it. You may want to stay tuned for the next update before incorporating these recent changes.

Here’s the full change log for the advanced guide:

26-Dec-2018

  • add notice about newsletter subscribing
  • corrected advice regarding spoofing the referrer which was suggested for both POOP and uM (now it’s enabled in uM only)
  • dumped Cookie AutoDelete add-on – not needed when using uM and First Party Isolation, nor are any of these storage cleaning add-ons able to delete IndexedDB storage due to a shortcoming in the WebExt API, which is another reason to enable FPI
  • removed privacy.firstparty.isolate = false in user-overrides.js in order to enable First Party Isolation
  • added Restrict to Domain add-on to toggle privacy.firstparty.isolate (FPI) via toolbar button
  • removed the list of optional add-ons (NoScript and Smart Referrer)
  • minor edits
  • coming up: looks like i may be recommending to disable FPI in the very near future and use the Temporary Containers add-on instead – i’m playing with it now

Article update: Firefox Tweaks and Fixes and Styles and Things

I updated Firefox Tweaks and Fixes and Styles and Things with a section on how to enlarge the Firefox user interface (UI) on small displays. In my case i use a laptop with a 17 in., 1080p display and by default everything is way too small. Making the Firefox UI and web pages look bigger can be a little tricky and cause unwanted side effects however. In the article i offer a tip which seems to be the best way to accomplish this with the least amount of problems. The tip also includes information for making the UI for Firefox’s developer tools bigger.

Thunderbird, IMAP and a global inbox?

One of the things that nags me with Thunderbird is that there is no easy way to achieve a proper global inbox if you have multiple IMAP accounts. If you use the POP protocol, no problem, but IMAP is another story. One common “solution” is View -> Folders -> Unified and i think the result sucks because it just makes more of a mess of how mail folders are displayed, especially when you have multiple IMAP accounts.

While i think a true unified inbox for IMAP accounts may be in the Thunderbird pipeline, you can achieve something reasonably close with a simple message filter in the interim. Why i didn’t realize this sooner, i don’t know, because i’ve been fighting with this for quite a while.

Go to ‘Tools’ -> ‘Message Filters’ and select your first IMAP account. Create a new filter and give it a name, then select to run it when getting new mail and after junk filtering. Make sure to select the ‘Match all messages’ option and then in the actions area, set it up to ‘Move message to’ and ‘Inbox on Local Folders’. Done. Do the same with the rest of your accounts.

Now when you collapse the IMAP accounts in the folder view pane, Thunderbird will just display the names of the accounts followed by the normal Local Folders tree without all the extra garbage.

Thunderbird unified IMAP

Anything else you want to move to the Local Folders tree, such as Drafts, etc., you can do from the account settings.

Manjaro takes 1st place on Distrowatch

Yeah yeah, i’m late to the party, but i just now figured out that Manjaro Linux has captured the number one spot on Distrowatch, displacing Linux Mint. This happened some time within the last few months apparently.

If you’re new to Linux, or want to remove the Windows virus, read on, else this could be about as interesting watching ice melt.

I find Manjaro’s move to top dog status interesting considering it’s based on Arch Linux which is notorious for being one of the more difficult flavors of Linux to install, configure and use. Manjaro however is specifically designed to be an easy-to-use Arch, complete with a capable graphical installer, package manager and software.

I started with Linux Mint a few years ago and i recommend it to anyone wanting to free themselves from the death grip of Microsoft. It’s simple to install, feature rich and is probably one of the most polished and easiest to use distributions for newcomers. I became a bit frustrated with it because it’s a ‘point’ release, meaning you have to re-install it when a new version hits the streets which, as i recall, was about every six months. Plus it’s based on the LTS (long term support) version of Ubuntu which, in turn, is based on Debian. What that means is that the software in the Mint repository is often kinda old, forcing many to seek out lots of ‘untrusted’ PPAs, or figure out how to compile packages from source code.

Manjaro, on the other hand, is a rolling release, same as Arch, meaning you install it once and keep applying updates for ever more, in theory. Manjaro has it’s own repository of considerable size, but one can also enable the AUR (Arch User Repository) which is also quite large (and can also get you in quite a bit of trouble).

Arch is pretty cutting edge and updates come fast and hard and can sometimes break the system. Manjaro receives a lot of updates too, many of which are quite large and affect somewhere around 100 packages at a shot, but the nice folks that work on the project alleviate some of the scariness by kicking the tires before turning packages loose.

I don’t know that Manjaro is suitable for beginners, but it is definitely an attractive distribution. I’ve been using it for a few months and so far haven’t had any major problems. If you’re new to Linux and want to try it, just be sure to keep your data safe and learn first how to recover a busted system in the event something does explode, as has happened in the past.