3
9
Fork
You've already forked brace
3

Firefox Push #1

Closed
opened 2024年05月04日 19:22:40 +02:00 by celenity · 4 comments

So, I notice that in Brace and Mull, dom.push.enabled is being set to false.

I agree that Push should probably be disabled, but I don't think that this is the best approach.

According to a LibreWolf maintainer, Arkenfox's maintainer has stated the following:

toggling dom.push.enabled will add/remove PushManager from window properties

I tried looking for the original source of Thorin saying this, but I haven't been able to find it.

Under the assumption that this is correct, that'd mean that disabling Push in this way is fingerprintable.

Therefore, I propose that we set dom.push.connection.enabled to false instead of dom.push.enabled, and just leave the latter pref alone. This accomplishes the same thing and still disables Push, without the added fingerprinting concern.

So, I notice that in Brace and Mull, `dom.push.enabled` is being set to false. I agree that Push should probably be disabled, but I don't think that this is the best approach. [According to a LibreWolf maintainer](https://old.reddit.com/r/LibreWolf/comments/15j09aa/should_push_notifications_be_disabled_by_default/jv4vxrk), Arkenfox's maintainer has stated the following: > toggling dom.push.enabled will add/remove PushManager from window properties I tried looking for the original source of Thorin saying this, but I haven't been able to find it. Under the assumption that this is correct, that'd mean that disabling Push in this way is fingerprintable. Therefore, I propose that we set `dom.push.connection.enabled` to false instead of `dom.push.enabled`, and just leave the latter pref alone. This accomplishes the same thing and still disables Push, without the added fingerprinting concern.

I'm aware it is a fingerprintable attribute however did not disable it for reasons as in that link:

  • Push in Fenix depends on Google Play Services, which Mull & Fennec F-Droid lack
  • Push is frequently used by malicious sites to spam users with trash, which is something I've seen this A LOT on devices of more average people
I'm aware it is a fingerprintable attribute however did not disable it for reasons as in that link: - Push in Fenix depends on Google Play Services, which Mull & Fennec F-Droid lack - Push is frequently used by malicious sites to spam users with trash, which is something I've seen this A LOT on devices of more average people

Oh no, I 100% agree with disabling Push. My proposal is to just toggle the dom.push.connection.enabled pref, instead of the dom.push.enabled one, since it shouldn't be fingerprintable that way, and it accomplishes the same goal.

Oh no, I 100% agree with disabling Push. My proposal is to just toggle the `dom.push.connection.enabled` pref, instead of the `dom.push.enabled` one, since it shouldn't be fingerprintable that way, and it accomplishes the same goal.

Just to clarify, I'm saying we should:

Leave dom.push.enabled set to true.

Instead, set dom.push.connection.enabled to false.

Unless I'm misunderstanding, this should still disable Push, just without altering the window properties like the current approach of just setting dom.push.enabled to false is doing.

I agree with your decision to disable Push, I've also similarly seen the feature abused massively, so I'm not saying we should just re-enable Push, but I think this approach would be the best of both worlds, since it'll leave Push disabled, while also not altering the fingerprint.

Just to clarify, I'm saying we should: Leave `dom.push.enabled` set to `true`. Instead, set `dom.push.connection.enabled` to `false`. Unless I'm misunderstanding, this should still disable Push, just without altering the window properties like the current approach of just setting `dom.push.enabled` to `false` is doing. I agree with your decision to disable Push, I've also similarly seen the feature abused massively, so I'm not saying we should just re-enable Push, but I think this approach would be the best of both worlds, since it'll leave Push disabled, while also not altering the fingerprint.

This is now no longer changed.

This is now no longer changed.
Sign in to join this conversation.
No Branch/Tag specified
master
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
divested/brace#1
Reference in a new issue
divested/brace
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?