Closed Bug 1494684 Opened Last year Closed Last year

privacy.resistFingerprinting should NOT override general.*.override values

Categories

(Core :: DOM: Security, defect)

63 Branch
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1489903

People

(Reporter: aros, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Build ID: 20180920131237

Steps to reproduce:

When privacy.resistFingerprinting is set to true, the following values in prefs.js no longer work:

general.appversion.override
general.oscpu.override
general.platform.override
general.useragent.override

Please, honor these values because the defaults for this option are quite debatable and extremely unusual - most Firefox users are on Windows 10 64 on the current version of Firefox, while this option changes

userAgent	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
appVersion	5.0 (X11)
platform	Linux x86_64
oscpu	Linux x86_64
Status: UNCONFIRMED → RESOLVED
Closed: Last year
Component: Untriaged → DOM: Security
Product: Firefox → Core
Resolution: --- → DUPLICATE
Duplicate of bug: 1489903

Again, this is a wrong decision, and smacks of Google/Microsoft-esque 'we know better than the user' thinking.

If I set an override, I expect my decision to be honoured. If I was happy to use the default, I wouldn't have set the override.

What rationale has been given, to disallow the user having the ability to override resist fingerprinting defaults? What use case that causes harm, is this policy attempting to rectify? What is wrong with giving sensible defaults to RFP, but allowing a user to make a conscious informed choice to override them, when they don't work for them?

What percentage do you imagine would override RFP defaults, that you're attempting to stop by this decision? 1%? 5%?

Are you seriously claiming that you're not satisfied with a general pool of 95 or 99% having an identical fingerprint, that you NEED a full 100% and to do so, you consider it justifiable to remove users ability to opt-out from this pool?

Wrong. Completely wrong.

You need to log in before you can comment on or make changes to this bug.