> I agree with (was it?) Lunduke when he says Mozilla is nothing else but
business.
youtube-dl https://www.youtube.com/watch?v=qMALm1VthGY
BTW I am looking for a way to search/browse Youtube without JS. Any ideas?
Testing as you suggested:
-------------------
(Potential) issues which I see:
When Firefox starts: Show your home page (I would set it to blank)
Check spelling as you type: ON (I don't know if that includes any connections
but I would leave it of for the test)
Allow Firefox to automatically install updates (recommended): ON (I would set
it to OFF for the test)
Default search engine: Google (and all the other PRISM ones are inabled too)
Always use private browsing mode: ON (inconvenient)
Accept cookies from websites: ON (should be OFF with only exceptions allowed,
when needed)
Tracking protection block list: Disconnect.me basic (perhaps should be
'strict'?)
Send "Do Not Track": Only when using Tracking Protection (should be "Always")
Prevent accessibility services from accessing your browser: OFF
Block dangerous and deceptive content: ON (this requires connection to Google
hosts where the blacklists are hosted)
Query OCSP responder services: ON (this also requires connection to hosts)
Further in about:config:
browser.ping-centre.telemetry;true
toolkit.telemetry.archive.enabled;true
toolkit.telemetry.bhrPing.enabled;true
toolkit.telemetry.debugSlowSql;false
toolkit.telemetry.firstShutdownPing.enabled;true
toolkit.telemetry.newProfilePing.enabled;true
toolkit.telemetry.shutdownPingSender.enabled;true
toolkit.telemetry.updatePing.enabled;true
--------------
> 'safebrowsing'. Disable them all and remove every gooobles url (make it
blank)
I suppose toggling the default browser.safebrowsing.allowOverride;true would
work contrary to what you are trying to do, so I leave that one to 'true'.
---------------------
Testing with your settings applied on top of the downloaded shows indeed zero
communication with any host. Until you browse (https://fsf.org/robots.txt)
when tcpdump shows multiple connections also to:
ocsp.usertrust.com
ocsp.comodoca.com
Another thing which I notice. Even after closing the browser and waiting for
some minutes (process terminated) tcpdump shows packets related to fsf.org
hosts and also to the OCSP hosts. I don't know why this is happening and why
the computer is trying to connect to those hosts without any software asking
for it. Any ideas?
Closed Firefox and ran it again. Without opening any web pages whatsoever I
go to Preferences and immediately tcpdump shows a load of connections to
amazonaws.com, mozilla.com, phicdn.net, digicert.com...
Anyway I proceed to tighten the preferences mentioned above. While changing
them I see tcpdump shows active communcation going on in the background.
Setting "Always use private mode" to OFF asked me to restart the browser. I
did and after that some of the settings were not as I set them:
Search: I had this one set to DDG and all other search engines I deleted.
After restart it is set to Google and no other search enginse are listed.
Again: I leave DDG only.
Always use private browsing mode is again ON and Accept cookies is ON too
(although turned off before restart). Another attempt and another fail. I go
to prefs.js and remove
user_pref("browser.privatebrowsing.autostart", true);
Still no luck after many more attempts. I give up and try to at least turn
off cookies accepting: same story - after restart the "Accept cookies" is
still ON. I go and delete lines mentioning 'cookie':
user_pref("pref.privacy.disable_button.view_cookies", false);
user_pref("network.cookie.cookieBehavior", 1);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("pref.privacy.disable_button.cookie_exceptions", false);
Restart. Disable "Accept cookies". Restart - it is back ON. I give up and
proceed to next setting.
Block dangerous and deceptive content: OFF
Query OCSP: OFF
It seems my setting "Never check for updates" is disrespected too, so I go to
prefs.js and remove:
user_pref("app.update.auto", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer",
1515756610);
user_pref("app.update.lastUpdateTime.background-update-timer", 1515756370);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer",
1515756730);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails",
1515756130);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1515756490);
user_pref("app.update.lastUpdateTime.search-engine-update-timer",
1515756250);
user_pref("app.update.lastUpdateTime.xpi-signature-verification",
1515756850);
And... no, and no, and no. It reverts to "Check for updates but let me choose
to install them".
Also Block dangerous and deceptive content and Query OCSP also revert to ON.
After 42 minutes of tuning a program which refuses to respect my preferences
and which clearly does background communication as per my earlier test, all I
can do is wipe it away from my system and I am not even going to attempt fine
tuning the rest of the potential issues noticed.
