Technical Questions about Firefox 120.0 Update
Release notes for Firefox v120.0 https://www.mozilla.org/en-US/firefox/120.0/releasenotes/
Among these release notes, "Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection, thereby continuing to protect our users’ online privacy." How good or bad is the feature? There's the canvas blocker extension which might now be obsolete, then again without details this is impossible to anser. How exactly does the Canvas API enhance Fingerprinting Protection with this new update? The release notes don't explain that, where do i find details? Firefox should use this for all windows not only private ones.
Among the release notes: "Firefox has enabled URL Tracking Protection by default in private windows for all users in Germany. Firefox will remove non-essential URL query parameters that are often used to track users across the web." I don't get why this would only be active in private windows and germany. Firefox should use this for all windows not only private ones.
Among the release notes: "Firefox now imports TLS trust anchors (e.g., certificates) from the operating system root store. This will be enabled by default on Windows, macOS, and Android, and if needed, can be turned off in settings (Preferences → Privacy & Security → Certificates)." I've no idea what to think about this, is it a good or bad change and why? Don't try to fool me here, i want honest ansers no BS... is there potential for abuse? If Firefox uses CA's from the OS then what happens to firefox internal CA's, remain unchanged?
Among the release notes: "Firefox supports a new “Copy Link Without Site Tracking” feature in the context menu which ensures that copied links no longer contain tracking information." While this is a welcome change, i'd be much much more useful to replace “Copy Link Without Site Tracking” with “Open Link Without Site Tracking”... Otherwise there's the needless waste of time manually open a new tab and paste the link... This completely lacks any logic if you ask me, why didn't mozilla make it as i suggest above in the first place? Why the manually klick klick waste of time?
Lastly a question unrelated to this update, when RFP is enabled and the browser-screen-size is spoofed, if i go into fullscreenmode by accident, will this expose my true resolution or not?
All Replies (3)
Where's jscher2000 and cor-el when you need them?
The canvas randomization provided by privacy.fingerprintingProtection is the same as privacy.resistFingerprinting (RFP). If you enable Strict Tracking Protection it will be available in normal windows and not just private ones. You can recreate RFP by changing privacy.fingerprintingProtection.overrides to +AllTargets which lets you toggle it per-site.
The Cookie Banner Blocker can be enabled for all windows by changing cookiebanners.service.mode and cookiebanners.service.mode.privateBrowsing to 1 (reject-only).
"Copy Without Site Tracking" (privacy.query_stripping.strip_on_share.enabled) is intended for sharing links with others, stripping on navigation is already handled by privacy.query_stripping.enabled and privacy.query_stripping.enabled.pbmode.
You can limit fullscreen to the window size by changing full-screen-api.ignore-widgets to true. You can limit content to a smaller size than the window by creating privacy.resistFingerprinting.letterboxing (Boolean) with value true.