Open Bug 1666160 Opened 7 months ago Updated 2 days ago

Users enable `privacy.resistFingerprinting` and then are surprised when it causes problems

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

REOPENED

People

(Reporter: metasieben, Unassigned)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-backlog1])

Ever since privacy.resistFingerprinting was added every guide to harden Firefox
includes this pref, mostly without mentioning the consequences of enabling it has.

AFAIK this was added as part of the TOR-uplift project; while it (might) make sense for
the TOR browser, enabling this in Firefox produces lots of problems and support-request.

Maybe there should be a infobar, similar to the >Your browser is being managed by your
organisation.<, when privacy.resistFingerprinting is enabled, linking to a sumo-article
about the pref(eg. what it does) and how to disable it.

Status: UNCONFIRMED → RESOLVED
Closed: 6 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1490728

I think this is worth having this discussion here, since it's slightly different than bug 1490728.

In the past we have sometimes made the pref name scary to avoid scams that say "just set 'browser.require-cors:false' and go to this link!".
I think that would be a good preventative measure if we can find a good name that implies breakage may occur.

"privacy.resist-fingerprinting-so-hard-that-websites-break" is one possibility.

Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: DUPLICATE → ---
Summary: Add some sort of notification when `privacy.resistFingerprinting` is enabled → Users enable `privacy.resistFingerprinting` and then are surprised when it causes problems
Component: Preferences → DOM: Security
Product: Firefox → Core
Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
See Also: → 1692609
Duplicate of this bug: 1692115
Duplicate of this bug: 1703424
Duplicate of this bug: 1705140
You need to log in before you can comment on or make changes to this bug.