I'm writing the preferences for the xB Browser, and I've been thinking about the problem of users who are smart enough to be dangerous to themselves. I'm talking about those that jump into the proxy settings and think they are speeding things up by changing to a direct connection or auto-detect.
Well, yeah, they're speeding up alright, but at the cost of breaking their anonymity. So it occurs to me I can keep those settings from being persistent (nothing can stop someone who is determined to wreck their privacy). I can do this by employing the user.js, which over-rides whatever the users sets in their prefs.js files. Therefore, I am thinking about what settings should be hard-coded on browser/client startup. The goal was "The purpose of user.js is to hardcode browser settings to keep users from compromising their network anonymity beyond preferences." That means for Tor/SSH usage, the browser needs to block plugins. That means for VPN usage, the browser doesn't need to block plugins. So now we're talking about two different user.js files entirely. OK fine. But we get to a new point where we have to decide what things should and shouldn't be blocked from being persistent from one session to the next. Of the following, beyond proxy settings, I'm thinking we should keep persistent: network.dns.disableIPv6 = true ; ipv6 addresses fail through tor. network.proxy.socks_remote_dns = true network.proxy.failover_timeout = 0 ;always retry the proxy, never revert. layout.css.report_errors = false ;get rid of java console errors There are other privacy related settings such as DOM and session info that are a grey area, but I am thinking those don't meet the above goal, and thus should be left as preferences for the user. Comments and suggestions welcome, Steve
