I’m not seeing any such issue with Nightly on my Fedora system.

Indeed. Also, the auto-open PiP is super nice feature I’ve been using a lot.

I don’t think Firefox Color can do that. At best you could test and set colors using Color, and then export the settings for both as a theme .zip or .xpi files, and then combine the two to a single manifest.json file. Inside the manifest, a "theme" key would be color properties for “normal” theme and "dark_theme" would be for dark-theme. After that you would submit the theme package to get it signed after which it can be installed as a real theme.

You can modify prefs at runtime and have them persist - except those prefs that are also declared in user.js. The problem arises when folks apply whole list of prefs via user.js from one repository or another, which could be hundreds, without acknowledging what prefs they set and without checking what those prefs do. If they then have some reason to change any one of those prefs - their change won’t persist if that particular pref is in user.js

A thing you could do is to just start Firefox once with a user.js file, and then remove that file. On that single startup Firefox sets prefs according to user.js, and all those changes persist to prefs.js when Firefox is shutdown. You are then able to also persist changes to all prefs because by removing user.js Firefox won’t try to override the your session saved prefs with user.js at startup.

Yes. Firefox doesn’t create user.js file itself - if you want one then you need to create it yourself either manually or with some tool. Also, I’ve seen some “security” software create user.js file without notifying the user about it…

What I’m trying to point out here, is that prefs declared in user.js (whether they are put there using scripting or otherwise) cannot be persistently modified at runtime from within Firefox. That may or may not be a huge problem, but something to be aware of.

Sure. For simplified example have only the following in your user.js file:

user_pref("browser.tabs.warnOnClose",true);

1. Start Firefox
2. Observe that the pref is indeed true
3. Go to Setting > General, observe that Confirm before closing multiple tabs is checked
4. Uncheck the option
5. In about:config observe that browser.tabs.warnOnClose is now false
6. Restart Firefox
7. Observe that the pref is again set to true

The reason is also very simple. Firefox will never write anything to user.js - thus any changes you do at runtime will only be stored to prefs.js. However, user.js always overrides prefs.js at startup.

Yes, but that is not what I’m talking about. What I mean is that when Firefox is running and you go to change some setting in say, Settings page, then the new value for that preference is stored into prefs.js (at latest on Firefox shutdown, it might remain only in-memory for some time I’m not sure). Anyway, the new value persists only for that browser session, because on next startup whatever value was set by user.js will override it.

I don’t think that could work. Not unless we are talking about different things, or unless you run their updater script everytime before starting Firefox.

In addition, if you use user.js then you essentially cannot change those settings at runtime (via about:config or otherwise), because your user.js will override the settings on next startup. Maybe that’s desired for some, but good to keep in mind nonetheless.

Yeah… It’s a bit hard to balance things like this though, I’ve seen lot’s of folks complain about how their Firefox is apparently “broken” because it now suddenly has this empty margin around web-content seemingly wasting space for no reason - and then it turns out that they have deliberately turned this very feature on. And that is even if the feature is completely hidden - I wonder how many more complaints there would be if options like this are made more accessible.

The letterboxing feature has been in Firefox since 2019 - starting from Firefox 67 I think. The preference for it might have been hidden though so maybe it’s just relatively unknown feature - I don’t know if or how visible LibreWolf makes makes it for the user. But regardless, any modern Firefox variant probably has that capability.

Sounds like you are talking about Firefox’s letterboxing feature which you can enable/disable independently from full fingerprinting resistance.

I’m not sure if resistFingerprinting does anything to stop websites from uploading whatever data they can get though, I don’t think it does that. And I don’t think it could really do that in the first place since the website could just obfuscate the data and browser wouldn’t know what is sent.

That’s not necessarily a good solution either, because a service could figure out that the source of random fingerprint data likely comes from the same user. Especially if your ip is not changing. It might perhaps be effective if a substantial amount of people were doing it though.

But to generate such random fingerprint is difficult because it consists of many parts and services don’t all build fingerprints the aame way. You could easily randomize e.g. canvas data, but the issue is that if you only randomize one data point then that one random data point pretty uniquely identifies you if your other datapoints are stable. So to be effective you would really need to randomize several different datapoints and that may not be such an easy task since websites could build them in all sorts of ways.

Yeah, regular http cache is indeed a thing. However it’s more complicated because the web server can tell the browser how the returned content should be cached - if at all. So if, say, reddit servers ask the browser to not cache particular resource (for whatever reason) then it won’t be cached. I mean, the browser is free to do as it pleases, but I think in general browsers would do as the server asked and indeed not cache it.

Well the feature development is certainly progressing - here is the tracking bug for it.

You can nowadays just test it in normal nightly without special build - it’s extremely incomplete, but you can test it if you wish. It’s tied to revorked sidebar which you need to enable in about:config.

Absolutely not. If anything, public officials would be the one group whose messaging I would understand being scanned so that the people can sort of keep them on check. But again, implementing such possibility that would still weaken security of everyone else as well so of course it should not actually be done.

Yup, YT has only shown me a nice “Sign in to confirm you’re not a bot” message for the past week or so. Not because of Firefox or adblockers though, because the same happens on all other browsers and clients as well.

Maybe because of VPN, or who knows what, maybe they are just idiots.

Indeed. I mean, I’m blocking ads as much the next guy and that’s not going to change in any foreseeable future, but I cannot see how introduction of privacy preserving advertising platform could possibly be seen as anything other than an improvement over the current, completely perverse, situation. It would be better for people who don’t block ads, so if this acquisition would advance uses of privacy-respecting advertising systems and simultaneously get some revenue to Mozilla then this sounds quite like a win-win to me.