People already expect sites to break, so why holding back?
There are three levels of protection:
- ETP Standard (see [0] for the latest improvements we rolled out)
- ETP Strict (we're working on things in Bugs 2036879 specifically this issue, 2037260, and more generally 2036786)
- Resist Fingerprinting (RFP)
These levels are something akin to "Wash your hands after using the subway", "Wear a mask on the subway", and "Wear a level B hazmat suit on the subway".
"people already expect sites to break, so why holding back?" - because the breakage is so severe, and people _don't_ associate that breakage with the setting they made. There are bug reports all over the internet proving it, here are some examples [01-4]. The protections we deploy in ETP Standard and Strict are calibrated to provide as much protections as possible while keeping the internet usable, and we're working fulltime on improving them.
[0] https://www.firefox.com/en-US/firefox/151.0/releasenotes/#no... [1] https://old.reddit.com/r/firefox/comments/fy6l1z/youtube_bor... [2] https://necromuralist.github.io/posts/mozilla-madness-resist... [3] https://support.mozilla.org/en-US/questions/1212634 [4] https://support.mozilla.org/en-US/questions/1322787
Standard
Strict
Custom
To me custom is something I define between Standard and Strict and not the next level after Strict. Strict already mentions that sites can break, so I'm pretty sure people associate the setting with breakage.
> Stronger protection, but may cause some sites or content to break.
Additionally Strict says :
Firefox blocks the following:
Social media trackers
Cross-site cookies in all windows
Tracking content in all windows
Cryptominers
Known and suspected fingerprinters
It's confusing if Known and suspected fingerprinters doesn't include resist fingerprinting. resist fingerprinting isn't even an option in Custom so how do ordinary users know where to set that option. You know, those users you say won't associate the Strict setting with breaking pages depite the fact that it clearly says so. Some kind of Schrödinger's user? Too dumb to understand the warning, but smart enough to know special settings?
You may avoid unnecessary bug reports that way but maybe only because users don't recognice that they are tracked per fingerprinting. It's not like websites would tell them.
Feels like Mozilla traded their time for my privacy.
second, would it be possible to make RFP appear as an extension like uBO, where it suggests sites to allow-list, or hints that the page might be broken and asks if you want to disable RFP?
I'm more tech savvy than the average user, admittedly, but I've learned this pattern for uBO.
I can point you at a few things you could do if you wanted to pursue this:
1) We have a dev extension https://github.com/mozilla-extensions/fingerprinting-protect... that lets you enable/disable individual fingerprinting protections. We use to debug why something is broken.
2) granularOverrides allows you to enable/disable individual protections for a given website.
If you wanted this, you could go read https://docs.google.com/document/d/1FywogzvkWupoUoz4PcCp9nNd... ; then made an extension that made it easy to edit granular overrides (you couldn't directly set the preference, but you could produce the json you could copy/paste into the pref). You could do stuff with lists if you want. (Somewhere there was a FF fork that had a pretty impressive granularoverride list itself...) You'll be in this awkward spot where you don't have all the permissions to do what you want to do directly, but you can get yourself about.... 40 - 60% of the way there?
I would like to find a way to support power users while not making the problem worse (In https://ritter.vg/blog-telemetry.html I describe that the 'confused users think FF is broken' problem got so bad management wanted to just disable RFP entirely, but I was able to show that these users are a very vocal minority and the problem is not as bad as it seems) while also not giving myself a maintenance burden but... maybe there a path forward where this dev extension - that can do things normal extensions can't - could potentially get more functionality...?
