π£ Release Notes
As Betterfox evolves, we are becoming more modular to respond to different needs. What is βbestβ depends on the use case.
Therefore, all users should, at minimum:
- Review Common Overrides.
- If you care a bit more about privacy, review Optional Hardening as well.
Add any prefs that are needed to your overrides at the bottom of the user.js
file.
We invested effort into eliminating subjective prefs and responding to community feedback.
For new profiles applying Betterfox, we will:
- π No longer disable Firefox Sync.
- On everything from YouTube videos to Reddit to forums, this was the most common complaint among users.
- If you want to continue to force this behavior, see here in Optional Hardening.
- π No longer force disable the disk cache.
However, we will continue to:
- Disable the built-in password, credit card, and address manager.
In addition, we:
- Display your top sites when clicking on the URL bar, which is unique to Firefox.
- Adjusted cookie banner handling to reject "optional" cookies.
- Disabled new "trending" searches in the URL bar.
- Reorder some prefs and added more subcategories for easier searching.
- Modified SameSite rules so theyβre strict on non-http websites.
Click me for details on SameSite rules
The SameSite cookie attribute is a way to control when and how cookies are sent to a website.
The SameSite attribute lets websites specify whether they want to receive cookies only from requests that originate from the same website (SameSite=Strict), or also from requests that originate from other websites but are top-level navigations, such as clicking a link or typing a URL in the address bar (SameSite=Lax). Alternatively, websites can explicitly allow cookies to be sent with any request, regardless of where it comes from (SameSite=None).
However, allowing cookies to be sent with any request can be risky, especially if the website uses an insecure connection (HTTP instead of HTTPS).
If a cookie does not have a SameSite attribute specified, it behaves as if SameSite=None
is set. This means the cookie will be sent in both cross-site and same-site requests.
The network.cookie.sameSite.noneRequiresSecure
pref changes this behavior. When enabled, it requires cookies with SameSite=None
to also be marked Secure
, meaning they require HTTPS.
This prevents CSRF (cross-site request forgery) attacks on plain HTTP sites. By requiring SameSite=None
cookies to be Secure
, it prevents malicious sites from abusing these cookies that get sent cross-site.
π¦ Firefox Release
The latest Firefox brings:
- Canvas fingerprint protection with Strict ETP, with more protections in the future π
- Read more:
https://github.com/arkenfox/user.js/issues/1661
https://github.com/arkenfox/user.js/issues/1729
- Read more:
- A new entry that trims https:// from the URL bar, for those of you who like a clean aesthetic.
- Restricted font visibility to system fonts and language pack fonts in ETP strict mode to mitigate font fingerprinting.
- Partitioning of Blob URLs, mitigating a potential tracking vector that third-party agents can use to track an individual.
π Community Updates
- The Optional Hardening doc is now shown more prominently under Getting Started to accommodate more privacy-minded users.
π‘ If you think an override is common enough to belong to Common Overrides or Optional Hardening, then please make a suggestion. We obviously don't want to re-create the docs, so prefs here should be reasonable.
β¨ Also, stay tuned for exciting news! Look for an announcement before 2024. (No, itβs not a new web browser. As if we need another one of those lol.)
Thank you for supporting Betterfox! β€οΈ