28 thoughts on “Content update: user-overrides.js for Firefox”

  1. Hi,
    Is there anything wrong in allowing these two settings together:
    user_pref(“privacy.firstparty.isolate”, true);
    user_pref(“privacy.userContext.enabled”, true);
    Thank you.

    1. hi Damien – as far as i know it’s fine to enable both and while there are likely use cases for doing so, i think it’s unnecessary in other cases

      some of this stuff is pretty complex and things are changing all the time, however my understanding at this point is that enabling FPI (first-party isolation) is essentially the same as enabling containers and opening each domain/website in a separate container, so for me, given the kind of browsing i do, it’s pointless to enable (and hassle with) containers (FPI is enough)

      however if you really wanted to use containers fr some reason and wanted to, for instance, open all social media junk in one container, banking in another, and general browsing in yet another, i suppose there could be some benefit in enabling both

          1. I’m using Windows and there CAD is enabling both “privacy.userContext.enabled” and “privacy.userContext.ui.enabled”. I don’t know anymore which addon to use for deleting cookies:(

                1. …are you loading twitter in a container? read this
                  -I’m not loading twitter in a container. I’m not using containers at all, but probably will use them in future, see below…

                  ….if that isn’t the problem, please open an issue in the repo
                  -the fact that CAD doesn’t clean storage is well known a long time and an issue is opened in repo also a long time ago.
                  look here:
                  https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/851
                  and here:
                  https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/920

                  my question is which addon for mozilla firefox do you recommend for cleaning cookies and other local saved stuff which one does really work?

                  1. the first issue you linked to is for Google Chrome and the second issue you linked to is for Brave

                    CAD works fine for me with Firefox – other alternatives are Forget Me Not and Site Bleacher

                    1. thanks for your anwer
                      the author says https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/851 it’s about Firefox too:
                      kennethtran93 commented on Aug 22 •
                      …Unfortunately in the Firefox MDN (https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/browsingData/RemovalOptions), it cannot remove protectedWeb yet (which also means it cannot remove that specific one by hostname), thus browsingData can only remove unprotected ones,……

                    2. thanks for the update – with FPI enabled i imagine this is less of a concern, but it would be nice to see a solution – i see this API is apparently available in Chrome and Opera and sine Moz is just dying to be a Chrome Clone, maybe this will get fixed

                    3. ps: i don’t why your comments are not being auto-approved – sorry about that – so if you don’t see your comment right of way, don’t worry – i’ll approve it shortly

                    4. not sure what you’re getting at, but i assume it’s CAD and the comments on storage cleaners

                      3 of the bugs linked to are fixed and CAD gets around bug 1340511 by setting a temporary, non-trackable cookie

                      FPI is still enabled in addition to CAD so, in theory (assuming no Firefox bugs), the only thing that could leak is data set by the same host

                      ‘pants’ uses a ‘default deny’ policy which is why he doesn’t use a storage cleaner – he denies cookies, iDB, LS, etc. by default and makes exceptions where need be – the (huge) problem with this, and the reason i don’t recommend it for the average users, is that this policy will break a lot of websites and it requires extra fiddling that isn’t necessary with a ‘default allow’ (and then nuke) policy

                      also without CAD you lose granular control over storage which FF provides for in its API – you cannot elect to keep cookies, but delete iDB, workers, etc. – it’s all or nothing

                      there are other caveats as well – this assumes default settings in ‘arkenfox’ cfg…

                      * storage won’t get dumped until browser close (not necessarily a big deal with FPI)
                      * tabs won’t get restored on startup because all history is dumped on close
                      * shared and service workers break (but not workers)
                      * all storage is dumped on browser close – you can’t keep cookies only for the sites you want, so you can’t auto-log on when running a new session – setting an exception sticks across sessions, but the data for the exception does not

                      i recommend the ‘default allow’ policy because i think it’s much simpler and results in less breakage while still protecting privacy (FPI), however to each their own – i’m not saying my way is ‘right’, only that i think its better suited to the average user, or people like me that want to surf rather than fiddle

                      if you want to read what ‘pants’ and i discussed regarding storage cleaning, see this

        1. yes they do and i don’t know why – maybe something to do with an API that isn’t available unless containers are enabled

          containers are also enabled in the ‘arkenfox’ user.js, but i disable them again in my user-overrides.js, however CAD re-enables them

          1. would the shortcut: crtl+shift+delete do the job? of course with all settings enabled for clearing history in the UI.
            I used this way to delete stored data for so many years but chose CAD recently to make things easier( I dont use containers. only FPI ).
            I use the cleaning tool BleachBit ( linux ) as well when I close down

            1. if you dump all history (ctrl+shift+del) and select ‘everything’ with all options enabled, yes, that cleans essentially everything, but you don’t really need to do that with FPI and CAD

              as for BleachBit, i don’t know that there’s any reason to use it with Firefox, especially since you’re running a Linux OS (Windows is another story perhaps) – i had a discussion with someone else regarding BleachBit – you can read it here

              did you switch to Linux recently Jane? i thought it was you that recently mentioned about dropping Windows

              1. thank you for linking to the bleachbit discussion.lots of interesting reading including the zoomissue.
                I’ve been a linux user for about 4 years, so it must be someone else. whoever that someone might be:
                I never regretted my change of OS. so much better than windows

  2. Hello,
    I did the update, thank you, and when doing the “INTEGRITY CHECK 1” I can see this (screenshot):
    https://i.imgur.com/IelEstr.png

    Security Error: Content at https://codeberg.org/12bytes.org/Firefox-user.js-supplement/raw/branch/master/user-overrides.js may not load or link to resource://content-accessible/plaintext.css.
    Security Error: Content at https://codeberg.org/12bytes.org/Firefox-user.js-supplement/raw/branch/master/user-overrides.js may not load or link to resource://content-accessible/plaintext.css.

    What does it mean?

        1. yes, just ignore that – the error has something to do with the Codeberg website, not the user.js – when you do the console check, just enter ‘user.js’ or ‘pref’ in the console filter (the Ctrl+Shift+J window) and all you need to look for are errors that point to the user.js file … don’t forget to do the other check too (about:config) because that’s important also

Leave a Reply to Jane Cancel reply

Your email address will not be published. Required fields are marked *