reasons why
- third party cookies are NOT are not real ... they are partitioned to the first party (with dFPI)
- at the very least nonsecure is redundant
- no one in this day and age is going to want the config of keeping all secure but not insecure, it doesn't make any sense: especially since 85% (from memory) of traffic from telemetry is secure, and 70+% of the top 1M sites are secure ( https://scotthelme.co.uk/top-1-million-analysis-november-2021/ shows almost 72% of the sites in the Top 1 Million now actively **_redirecting_** traffic to use HTTPS) - in other words, the reasons for keeping secure cookies (like banks, logins) but ditching the rest in the old days are over as being secure is not a distinction, but the norm
- we previously blocked all third party cookies, so this was never really used
- we then moved to lifetime pref = 2 (which makes everything session only), so again, this isn't really adding anything
- we sanitize on close (always have)
- we will be moving off lifetime pref (because deprecation), but we still sanitize on close
- when we move off lifetime pref, I think these prefs could cause issues with dFPI / sanitizing (wouldn't surprise me: they are old and outdated as a concept), and I think we're better off making them inactive
We could also remove them. If that's not enough to convince you, then I have no more words
Changed permissions of prefsCleaner.sh from 644 to 755 to be able to run it via "./prefsCleaner.sh" with out first executing "chmod +x prefsCleaner.sh".
- FF85+ switched to using application regional locale
- go to about:support > Internationalization & Localization (almost at the very end)
- look at Application > Regional Preferences
- add test
updating (app, extensions, ext cache) is not a privacy issue
- if you're willing to use Firefox but not trust updating, then I have two bricks to sell you: users who wish to disable it (to check changes first etc) and update in a timely manner, then that is on them - including any prompt fatigue
- same goes for extensions: the end-user installed them (and arkenfox only recommends a very select few) - the onus is on the end-user
The remaining ones I will deal with later
auto-updating is not a security nor a privacy risk, by default it should be enabled and it's on end-users if they want to disable it - does not affect windows users
