Arkenfox user.js

[2br-2b]

I don't know how many of the options here are already covered by Betterfox, but Arkenfox seems to have some good default about:config preferences.

I can go over these options and help to merge them, but it may be best to wait until BetterFox's changes are finalized to avoid repetition/conflict of options.

[yokoffing]

Differences

Arkenfox seems to have some good default about:config preferences.

Arkenfox/ghacks are an amazing team. They are a cornerstone for most people's user.js file. I use them as a source for BetterFox. However, please note we have two different philosophies and audiences:

Arkenfox user.js utilizes privacy.firstparty.isolate (FPI) and privacy.resistFingerprinting (RF) to guide their decision-making for prefs. They use the philosophy behind TOR (make all users look the same) to protect against fingerprinting (both first- and third-party). You cannot enable these preferences without many annoyances/breakages in common browsing use cases. Arkenfox's user base has a high tolerance for breakage related to niche privacy concerns.

BetterFox uses Dynamic First Party Isolation (dFPI) to protect against third-party tracking. The Betterfox user.js does not offer browser-level protection against fingerprintering except enforcing the Disconnect list native to Firefox's Enhanced Tracking Protection (ETP) to block them when detected (privacy.trackingprotection.fingerprinting.enabled). This is to prevent breakage and keep your browser useable.

BetterFox is targeted for mainstream, everyday users and workflows. "Provide privacy, but not at the cost of functionality." All of this is stated in the readme. BetterFox does not protect users from fingerprinting specifically outside of what's offered with ETP and some things like disabling the Battery API, click tracking, etc.

Are extensions useful against fingerprinting?

Extensions are limited. I agree with Arkenfox here that extensions made solely for anti-fingerprinting are not worth using.

uBlock Origin (depending on what filter lists you use) can block known fingerprinters (and trackers in general) but not those unknown, as explained here.

Luckily, Ghostery is an exception to the rule. Ghostery's anti-tracking technology is not based on blocklists and is able to remove unsafe datapoints (e.g. fingerprints, third-party cookies, unique identifiers, etc.) from requests without having to block them, drastically reducing breakage. You don't have to tinker with about:config either. That's always nice.

You can look at it this way: Where Betterfox does not alter the browser's behavior in order to prevent breakage, Ghostery will still remove unique identifiers associated with that behavior. (AFAIK, the only thing exception to this rule is referers, but I need to get with the team to validate this. This may boil down to a first-party vs. third-party tracking issue.)

---

Contributing

I can go over these options and help to merge them, but it may be best to wait until BetterFox's changes are finalized to avoid repetition/conflict of options.

Thanks for wanting to contribute! I've reviewed the Arkenfox / ghacks user.js many times, and I keep abreast of their changelog. So this shouldn't be necessary.

If there's something specifically you see there that could be beneficial in BetterFox, you can open an issue on my repo.

[2br-2b]

In that case, I'll close the issue. Thanks for the in-depth response!

[Thorin-Oakenpants]

arkenfox moved to dFPI when it was stable enough - when FF96 came out: see here arkenfox/user.js#1345 in Jan 2022 - because ANY earlier and isolation was compromised. Firefox itself did not roll it out to desktop until much later that year

I find the comment that betterfox used dFPI in March 2021 (as per the edit history) implausible - it wasn't even engineered at the time