librewolf/settings
10
29
Fork
You've already forked settings
31

Remove legacy prefs and add new prefs #107

Merged
any1here merged 2 commits from any1here/settings:master into master 2026年01月27日 12:45:03 +01:00
https://codeberg.org/librewolf/issues/issues/2702
First-time contributor
Copy link

although it is commented out, privacy.spoof_english is an integer now ; 0=prompt, 1=disabled, 2=enabled.

ref: https://github.com/arkenfox/user.js/blob/140.1/user.js#L839-L844

although it is commented out, `privacy.spoof_english` is an integer now ; 0=prompt, 1=disabled, 2=enabled. ref: https://github.com/arkenfox/user.js/blob/140.1/user.js#L839-L844
Author
Owner
Copy link

@degausser wrote in #107 (comment):

although it is commented out, privacy.spoof_english is an integer now ; 0=prompt, 1=disabled, 2=enabled.

ref: https://github.com/arkenfox/user.js/blob/140.1/user.js#L839-L844

javascript.use_us_english_locale got replaced by privacy.spoof_english in 119, and it's an integer now instead of a boolean.

Seems like I am not able to read anymore 😄

@degausser wrote in https://codeberg.org/librewolf/settings/pulls/107#issuecomment-9957900: > although it is commented out, `privacy.spoof_english` is an integer now ; 0=prompt, 1=disabled, 2=enabled. > > ref: https://github.com/arkenfox/user.js/blob/140.1/user.js#L839-L844 > javascript.use_us_english_locale got replaced by privacy.spoof_english in 119, and it's an integer now instead of a boolean. Seems like I am not able to read anymore 😄
First-time contributor
Copy link

i assume you'd want to do deeper changes in a separate, more involved pr, but a few quick surface level ones that could be tacked on here:

  • updated doh comment does use->doesn't use
  • browser.urlbar.suggest.mdn->true is already default, and actually disabled with the featureGate pref anyways
i assume you'd want to do deeper changes in a separate, more involved pr, but a few quick surface level ones that could be tacked on here: - updated doh comment _does use->doesn't use_ - `browser.urlbar.suggest.mdn->true` is already default, and actually disabled with the featureGate pref anyways
Author
Owner
Copy link

Why was browser.urlbar.suggest.mdn set to true anyways?

Since the featureGate prefs are gonna be removed someday, wouldn't it be better to remove them now and just use the prefs directly?

Or was there something that when the featureGate gets set to false, it also removes some UI parts?

Why was `browser.urlbar.suggest.mdn` set to `true` anyways? Since the featureGate prefs are gonna be removed someday, wouldn't it be better to remove them now and just use the prefs directly? Or was there something that when the featureGate gets set to false, it also removes some UI parts?
First-time contributor
Copy link

why

a lot of changes (or lack thereof) in librewolf.cfg later on were not well communicated, at best reactive, sometimes straight up arbitrary decisions, i'd suspect with lacking understanding too. if git blame doesn't provide answers, it's probably better to just not ask anymore. in this case, i think it was a misunderstanding of wanting the mdn suggestions (the pref used to be upstream false), but not realizing the relation to the featureGate prefs, (and to browser.urlbar.quicksuggest.enabled->false).

featureGate prefs removal

take care to at least keep those pinging home as false; otherwise imho celenity's approach in phoenix is the way to go, default/truthy featureGates, but browser.urlbar.suggest.*->false; users enable what they want via ui in about:preferences#search. but not my call.

removed UI parts?

afaik option for mdn suggestions wasn't (and still isn't?) exposed in about:preferences#search

>why a lot of changes (or lack thereof) in `librewolf.cfg` later on were not well communicated, at best reactive, sometimes straight up arbitrary decisions, i'd suspect with lacking understanding too. if `git blame` doesn't provide answers, it's probably better to just not ask anymore. in this case, _i think_ it was a misunderstanding of wanting the mdn suggestions (the pref used to be upstream false), but not realizing the relation to the featureGate prefs, (and to `browser.urlbar.quicksuggest.enabled->false`). >featureGate prefs removal take care to at least keep those pinging home as false; otherwise _imho_ celenity's [approach in phoenix](https://codeberg.org/celenity/Phoenix/src/branch/pages/build/phoenix-unified.js#L1386-L1570) is the way to go, default/truthy featureGates, but browser.urlbar.suggest.*->false; users enable what they want via ui in `about:preferences#search`. but not my call. >removed UI parts? afaik option for mdn suggestions wasn't (and still isn't?) exposed in about:preferences#search
Author
Owner
Copy link

It is probably better to use Phoenix as a base at this point and make changes from there, since it is in much better shape than what is currently being used for LibreWolf.
Investing time in finding what to change and arriving at the same result as Celenity is just a waste, and we could mutually benefit from each other.

It is probably better to use Phoenix as a base at this point and make changes from there, since it is in much better shape than what is currently being used for LibreWolf. Investing time in finding what to change and arriving at the same result as Celenity is just a waste, and we could [mutually benefit from each other.](https://codeberg.org/celenity/Phoenix/pulls/228)
First-time contributor
Copy link

Phoenix as a base and make changes from there

I fully agree, but (LibreWolf) maintainer consensus has to be reached. If successful, that would indeed also supersede this PR.

>Phoenix as a base and make changes from there **I fully agree**, but _(LibreWolf) maintainer consensus_ has to be reached. If successful, that would indeed also supersede this PR.
Author
Owner
Copy link

@degausser

Since I have no other way of messaging you, I might as well use this PR for your input.

What is your opinion on JIT? I would disable most of it like Phoenix does and keep only the necessary minimum to use WebAssembly. But I'm not sure if this is too extreme a default for the LibreWolf userbase. According to Microsoft, most users do not notice a difference when JIT is off.

Would you agree with the RFPTargets Phoenix uses?

@degausser Since I have no other way of messaging you, I might as well use this PR for your input. What is your opinion on JIT? I would disable most of it like Phoenix does and keep only the necessary minimum to use WebAssembly. But I'm not sure if this is too extreme a default for the LibreWolf userbase. [According to Microsoft](https://microsoftedge.github.io/edgevr/posts/Super-Duper-Secure-Mode/#but-what-about-performance), most users do not notice a difference when JIT is off. Would you agree with the RFPTargets Phoenix uses?
First-time contributor
Copy link

@any1here

Keep in mind I don't pretend to have qualified knowledge to voice "correct" opinions on browser behavior, just a persons' viewpoint.

JIT and wasm

The CVEs are undeniable; however JIT-less JS (without baseline, ion) is noticeably slow, at least on old(-ish) hardware (Haswell)[1]. uBO for example parses lists longer at startup, and its ui sometimes freezes. It also causes the 'not responding' banner on heavy-js web apps[2]. I keep js JIT and plain wasm enabled[3], but wasm-ion disabled.

RFPTargets

I really hate to agree with Thorin here, but the everlong granular overrides list based on user reports, is less than ideal. It's overly verbose, can cause performance problems (long prefs.js lines) and requires maintenance[4]. I don't bother with +AllTargets and overrides, and run stock FPP. It is what it is; upstream work continues, but only TB always was a reasonably safe bet re: fingerprinting.

As a sidenote, running "Mozilla replacement" infra (e.g. rehosting ETP/SafeBrowsing lists; also uBlock assets) should be discouraged. "Only user-initiated connections" people are usually dismissed as uninformed, but in terms of resilience, they do have a point.

Regardless of how you decide (in terms of major settings changes):

  • community messaging (website, reddit/mastodon propaganda) has to clearly (front and center) state the guarantees and shortcomings of the browser either way, even if alienating a part of the userbase. Anything else is unfair to next wave of people coming after the next inevitable Mozilla fsckup. You can't both please the PG crowd, and have DRM working on Spotify. Phoenixed Firefox is not a mainline Firefox drop-in replacement; Mullvad is not a clearnet TorBrowser.
  • overrides functionality should be treated as sacred (has to work no-hassle OOTB and be supported, so no opinionated non-telemetry lockPrefs).

[1] personal experience; dunno about those nice MS graphs
[2] which, coincidentally, I suspected was a possibility cause of user error with issue2810 along the lines of 'I no longer remember that I flipped it for ~privacy reasons'
[3] they say adoption is coming (...)
[4] also stuff like extensions.quarantinedDomains.list btw

@any1here Keep in mind I don't pretend to have qualified knowledge to voice "correct" opinions on browser behavior, just a persons' viewpoint. >JIT and wasm The CVEs are undeniable; however JIT-less JS (without baseline, ion) is _noticeably_ slow, at least on old(-ish) hardware (Haswell)[1]. uBO for example parses lists longer at startup, and its ui sometimes freezes. It also causes the 'not responding' banner on heavy-js web apps[2]. I keep js JIT and plain wasm enabled[3], but wasm-ion disabled. >RFPTargets I _really_ hate to agree with Thorin here, but the everlong granular overrides list based on user reports, is less than ideal. It's overly verbose, can cause performance problems (long prefs.js lines) and requires maintenance[4]. I don't bother with +AllTargets and overrides, and run stock FPP. It is what it is; upstream work continues, but only TB always was a reasonably safe bet re: fingerprinting. As a sidenote, running "Mozilla replacement" infra (e.g. rehosting ETP/SafeBrowsing lists; also uBlock assets) should be discouraged. "Only user-initiated connections" people are usually dismissed as uninformed, but in terms of resilience, they do have a point. Regardless of how you decide (in terms of major settings changes): - community messaging (website, reddit/mastodon propaganda) has to **clearly (front and center) state the guarantees and shortcomings of the browser either way, even if alienating a part of the userbase**. Anything else is unfair to next wave of people coming after the next inevitable Mozilla fsckup. You can't both please the PG crowd, and have DRM working on Spotify. Phoenixed Firefox is not a mainline Firefox drop-in replacement; Mullvad is not a clearnet TorBrowser. - overrides functionality should be **treated as sacred** (has to work no-hassle OOTB and be supported, so no opinionated non-telemetry lockPrefs). ___ [1] personal experience; dunno about those nice MS graphs [2] which, coincidentally, I suspected was a possibility cause of user error with issue2810 along the lines of _'I no longer remember that I flipped it for ~privacy reasons'_ [3] [they say adoption is coming (...)](https://www.youtube.com/watch?v=Uo3cL4nrGOk&t=44s) [4] also stuff like extensions.quarantinedDomains.list btw
Contributor
Copy link

I am wondering a bit if a JIT is as big of a problem as people describe it since the process is likely heavily sandboxed. 🤔

I am wondering a bit if a JIT is as big of a problem as people describe it since the process is likely heavily sandboxed. 🤔
First-time contributor
Copy link

@sertonix https://www.cve.org/CVERecord/SearchResults?query=Firefox+JIT


i'm just gonna ask, do you still prefer the current vaguely arkenfox-based status quo, over

Phoenix as a base and make changes from there

?

@sertonix https://www.cve.org/CVERecord/SearchResults?query=Firefox+JIT ___ i'm just gonna ask, do you still prefer the current _vaguely arkenfox-based status quo_, over >Phoenix as a base and make changes from there ?
First-time contributor
Copy link

In case this proves useful, these are my personal changes from phoenix v2025.12.23.1 (to maybe ease some of the work needed).

  1. probably should be changed,
  2. if kept unchanged, would change current LibreWolf defaults,
  3. opinionated; take what you want.

1. removed / modified

// platforms unsupported by librewolf
--[ANDROID-ONLY]
--[MAIL-ONLY]
// librewolf has its own branding
--app.support.vendor
--browser.phoenix*
--distribution.about
--librewolf.*
// celenity.dev redirects
browser.geolocation.warning.infoURL->""
extensions.webcompat-reporter.newIssueEndpoint->""
media.decoder-doctor.new-issue-endpoint->""
ui.new-webcompat-reporter.new-report-endpoint->""
// reenable native messaging and fix for proton; you can't disable the inbuilt password manager, and then not have KeepassXC, or ProtonPass work ootb
--webextensions.native-messaging
extensions.webextensions.base-content-security-policy.v3->"script-src 'self' 'wasm-unsafe-eval'; upgrade-insecure-requests;"
// cloudflare turnstile gets intermittently stuck with this
--accessibility.blockautorefresh
--network.http.prompt-temp-redirect
// breaks YouTube embeds with error 153
--network.http.referer.defaultPolicy.trackers*
// breaks urlbar bookmarks search (issue 218, not fixed in release yet)
--places.frecency.unvisitedBookmarkBonus
// broken ui on linux
--privacy.ui.status_card
// auto-deny (2), instead of default prompt (0), breaks some legitimate website functionality (filecrypt); there is also the BlockLAN uBO list
--permissions.default.localhost
// stock FPP
--privacy.fingerprintingProtection.*verrides
--layout.css.prefers-color-scheme.content-override // don't force light mode
// reenable JIT; also JIT-less hard(er) Anubis takes like 20+ seconds...
--javascript.options.baselinejit
--javascript.options.ion
// hardcoded to DuckDuckGo, doesn't really matter
--browser.urlbar.placeholderName*
// this draws a hovering hand cursor over clickable links only after the whole page has loaded (there is no "hand with spinner" cursor, at least on Windows); bad concession
--browser.spin_cursor_while_busy
// no reason to disable extended taskbar shortcut menu on Windows
--browser.taskbar.lists*
// maybe don't hardcode _any_ default state, or modify to suit LibreWolf
--browser.toolbarbuttons.introduced.sidebar-button
--browser.uiCustomization.state
--sidebar.backupState
// no quarantined domains for extensions
extensions.quarantinedDomains.enabled->false
extensions.quarantinedDomains.list->""
--extensions.quarantineIgnoredByUser.*
// default mozilla remote settings and extension update intervals; keeping stuff updated is important, but hourly pings are excessive
--update.*.interval
--services.settings.poll_interval
// reenable alt key to show menu
--ui.key.menuAccessKeyFocuses
// reenable animated webpage loading thumbnail, instead of an hourglass
--ui.prefersReducedMotion

2. preferred current librewolf prefs

// ai
browser.ml.enable->false
extensions.ui.mlmodel.hidden->true
// doh off by default
network.trr.mode->5
// browser data sanitization
--privacy.c.*cookies // LibreWolf currently wipes cookies
privacy.clearOnShutdown_v2.historyFormDataAndDownloads->false
privacy.clearOnShutdown_v2.browsingHistoryAndDownloads->false
places.history.enabled->false
// safebrowsing ; no sb > proxied sb > stock sb
browser.safebrowsing.blockedURIs.enabled->false
browser.safebrowsing.downloads.enabled->false
browser.safebrowsing.downloads.remote.block*->false
browser.safebrowsing.downloads.remote.url->""
browser.safebrowsing.malware.enabled->false
browser.safebrowsing.phishing.enabled->false
browser.safebrowsing.provider.google.*advisoryName // no IronFox branding
browser.safebrowsing.provider.google.*URL->"" // updateURL, getHashURL ; now also v5
// don't use system geo for location
geo.provider.use_corelocation->false // mac
geo.provider.use_geoclue->false // linux
// disabled firefox accounts; [!] this however also disables the new profiles manager ui, same urlbar icon
identity.fxaccounts.enabled->false
// don't update system addons; historically used for telemetry (toolkit.coverage -> now dormant); originally from arkenfox
extensions.systemAddon.update.enabled->false
extensions.systemAddon.update.url->""
// less download ui interaction, not that important
browser.download.alwaysOpenPanel->false

3. personal preference, not in either

// enabled creation of text fragment links in context menu
dom.text_fragments.create_text_fragment.enabled->true
// disabled push
dom.push.connection.enabled->false
dom.push.enabled->false
dom.push.userAgentID->""
// disabled newtabpage and stories
browser.newtabpage.activity-stream.discoverystream.enabled->false
browser.newtabpage.activity-stream.feeds.system.topsites->false
browser.newtabpage.activity-stream.feeds.topsites->false
browser.newtabpage.activity-stream.showSearch->false
browser.newtabpage.activity-stream.testing.shouldInitializeFeeds->false
browser.newtabpage.disableNewTabAsAddon->true
browser.newtabpage.enabled->false
browser.urlbar.suggest.topsites->false
// blank startup page
browser.startup.page->0
startup.homepage->"about:blank"
startup.homepage.*url->"about:blank"
// more to force english websites, than to guard against fingerprinting
privacy.spoof_english->2
intl.accept_languages->"en-US, en"
// signons are disabled so no password generation; don't fetch breach alerts / vulnerable passwords lists
signon.generation.enabled->false
signon.management.page.breach-alerts.enabled->false
signon.management.page.vulnerable-passwords.enabled->false
// hardened WebRTC; `specialized-configs/extended-unified.cfg#L73-L85` -> doesn't break for me, but probably not ready as defaults
media.peerconnection.ice.default_address_only->true
media.peerconnection.ice.no_host->true
media.peerconnection.ice.relay_only->true
// ui
browser.urlbar.autoFill->true // with phoenix, fills base urls from bookmarks, openpages only
browser.urlbar.scotchBonnet.enableOverride->false // old searchengines ui
browser.urlbar.suggest.importantDates->false
browser.translations.automaticallyPopup->false
devtools.theme->"dark"
devtools.toolbox.host->"window"
devtools.webconsole.input.editor->true // old devtools console
media.videocontrols.picture-in-picture.video-toggle.has-used->true
widget.gtk.overlay-scrollbars.enabled->false // auto-hiding scrollbars on linux suck
// misc
accessibility.typeaheadfind.flashBar->0
accessibility.typeaheadfind.prefillwithselection->false
ui.textHighlightBackground->"#0c75de" // eiffel 65
browser.bookmarks.max_backups->0 // phoenix by default dumps plaintext bookmarks.html to profile dir anyways
browser.tabs.groups.enabled->false // no tab groups
browser.tabs.loadDivertedInBackground->true // links opened in unfocused new tab by default
browser.tabs.selectOwnerOnClose->false // forced right-to-left tab closing order
dom.disable_beforeunload->true
dom.event.contextmenu.enabled->false // force context menu; or shift + righclick
In case this proves useful, these are my personal changes from phoenix v2025.12.23.1 (to maybe ease some of the work needed). 1. probably _should_ be changed, 2. if kept unchanged, would change current LibreWolf defaults, 3. opinionated; take what you want. ### 1. removed / modified ``` // platforms unsupported by librewolf --[ANDROID-ONLY] --[MAIL-ONLY] // librewolf has its own branding --app.support.vendor --browser.phoenix* --distribution.about --librewolf.* // celenity.dev redirects browser.geolocation.warning.infoURL->"" extensions.webcompat-reporter.newIssueEndpoint->"" media.decoder-doctor.new-issue-endpoint->"" ui.new-webcompat-reporter.new-report-endpoint->"" // reenable native messaging and fix for proton; you can't disable the inbuilt password manager, and then not have KeepassXC, or ProtonPass work ootb --webextensions.native-messaging extensions.webextensions.base-content-security-policy.v3->"script-src 'self' 'wasm-unsafe-eval'; upgrade-insecure-requests;" // cloudflare turnstile gets intermittently stuck with this --accessibility.blockautorefresh --network.http.prompt-temp-redirect // breaks YouTube embeds with error 153 --network.http.referer.defaultPolicy.trackers* // breaks urlbar bookmarks search (issue 218, not fixed in release yet) --places.frecency.unvisitedBookmarkBonus // broken ui on linux --privacy.ui.status_card // auto-deny (2), instead of default prompt (0), breaks some legitimate website functionality (filecrypt); there is also the BlockLAN uBO list --permissions.default.localhost // stock FPP --privacy.fingerprintingProtection.*verrides --layout.css.prefers-color-scheme.content-override // don't force light mode // reenable JIT; also JIT-less hard(er) Anubis takes like 20+ seconds... --javascript.options.baselinejit --javascript.options.ion // hardcoded to DuckDuckGo, doesn't really matter --browser.urlbar.placeholderName* // this draws a hovering hand cursor over clickable links only after the whole page has loaded (there is no "hand with spinner" cursor, at least on Windows); bad concession --browser.spin_cursor_while_busy // no reason to disable extended taskbar shortcut menu on Windows --browser.taskbar.lists* // maybe don't hardcode _any_ default state, or modify to suit LibreWolf --browser.toolbarbuttons.introduced.sidebar-button --browser.uiCustomization.state --sidebar.backupState // no quarantined domains for extensions extensions.quarantinedDomains.enabled->false extensions.quarantinedDomains.list->"" --extensions.quarantineIgnoredByUser.* // default mozilla remote settings and extension update intervals; keeping stuff updated is important, but hourly pings are excessive --update.*.interval --services.settings.poll_interval // reenable alt key to show menu --ui.key.menuAccessKeyFocuses // reenable animated webpage loading thumbnail, instead of an hourglass --ui.prefersReducedMotion ``` ### 2. preferred current librewolf prefs ``` // ai browser.ml.enable->false extensions.ui.mlmodel.hidden->true // doh off by default network.trr.mode->5 // browser data sanitization --privacy.c.*cookies // LibreWolf currently wipes cookies privacy.clearOnShutdown_v2.historyFormDataAndDownloads->false privacy.clearOnShutdown_v2.browsingHistoryAndDownloads->false places.history.enabled->false // safebrowsing ; no sb > proxied sb > stock sb browser.safebrowsing.blockedURIs.enabled->false browser.safebrowsing.downloads.enabled->false browser.safebrowsing.downloads.remote.block*->false browser.safebrowsing.downloads.remote.url->"" browser.safebrowsing.malware.enabled->false browser.safebrowsing.phishing.enabled->false browser.safebrowsing.provider.google.*advisoryName // no IronFox branding browser.safebrowsing.provider.google.*URL->"" // updateURL, getHashURL ; now also v5 // don't use system geo for location geo.provider.use_corelocation->false // mac geo.provider.use_geoclue->false // linux // disabled firefox accounts; [!] this however also disables the new profiles manager ui, same urlbar icon identity.fxaccounts.enabled->false // don't update system addons; historically used for telemetry (toolkit.coverage -> now dormant); originally from arkenfox extensions.systemAddon.update.enabled->false extensions.systemAddon.update.url->"" // less download ui interaction, not that important browser.download.alwaysOpenPanel->false ``` ### 3. personal preference, not in either ``` // enabled creation of text fragment links in context menu dom.text_fragments.create_text_fragment.enabled->true // disabled push dom.push.connection.enabled->false dom.push.enabled->false dom.push.userAgentID->"" // disabled newtabpage and stories browser.newtabpage.activity-stream.discoverystream.enabled->false browser.newtabpage.activity-stream.feeds.system.topsites->false browser.newtabpage.activity-stream.feeds.topsites->false browser.newtabpage.activity-stream.showSearch->false browser.newtabpage.activity-stream.testing.shouldInitializeFeeds->false browser.newtabpage.disableNewTabAsAddon->true browser.newtabpage.enabled->false browser.urlbar.suggest.topsites->false // blank startup page browser.startup.page->0 startup.homepage->"about:blank" startup.homepage.*url->"about:blank" // more to force english websites, than to guard against fingerprinting privacy.spoof_english->2 intl.accept_languages->"en-US, en" // signons are disabled so no password generation; don't fetch breach alerts / vulnerable passwords lists signon.generation.enabled->false signon.management.page.breach-alerts.enabled->false signon.management.page.vulnerable-passwords.enabled->false // hardened WebRTC; `specialized-configs/extended-unified.cfg#L73-L85` -> doesn't break for me, but probably not ready as defaults media.peerconnection.ice.default_address_only->true media.peerconnection.ice.no_host->true media.peerconnection.ice.relay_only->true // ui browser.urlbar.autoFill->true // with phoenix, fills base urls from bookmarks, openpages only browser.urlbar.scotchBonnet.enableOverride->false // old searchengines ui browser.urlbar.suggest.importantDates->false browser.translations.automaticallyPopup->false devtools.theme->"dark" devtools.toolbox.host->"window" devtools.webconsole.input.editor->true // old devtools console media.videocontrols.picture-in-picture.video-toggle.has-used->true widget.gtk.overlay-scrollbars.enabled->false // auto-hiding scrollbars on linux suck // misc accessibility.typeaheadfind.flashBar->0 accessibility.typeaheadfind.prefillwithselection->false ui.textHighlightBackground->"#0c75de" // eiffel 65 browser.bookmarks.max_backups->0 // phoenix by default dumps plaintext bookmarks.html to profile dir anyways browser.tabs.groups.enabled->false // no tab groups browser.tabs.loadDivertedInBackground->true // links opened in unfocused new tab by default browser.tabs.selectOwnerOnClose->false // forced right-to-left tab closing order dom.disable_beforeunload->true dom.event.contextmenu.enabled->false // force context menu; or shift + righclick ```
Author
Owner
Copy link

@degausser I removed all the defaults and other prefs that don't affect us. It ends up being about 1.2k prefs in total.

@degausser I removed all the defaults and other prefs that don't affect us. It ends up being about 1.2k prefs in total.

To comment on some of the points raised by @degausser:

// platforms unsupported by librewolf
--[ANDROID-ONLY]
--[MAIL-ONLY]

Phoenix doesn't contain any [MAIL-ONLY] prefs - prefs specific to Thunderbird are covered in Dove instead (So, if you do come across any Thunderbird-specific prefs in Phoenix, please LMK - because it isn't intended).

// breaks YouTube embeds with error 153
--network.http.referer.defaultPolicy.trackers*

Fixed for next release, per discussion at celenity/Phoenix#228.

// breaks urlbar bookmarks search (issue 218, not fixed in release yet)
--places.frecency.unvisitedBookmarkBonus

FYI: This is fixed as of the latest release (2026年01月21日.1).

// broken ui on linux
--privacy.ui.status_card

Phoenix already doesn't set privacy.ui.status_card for Linux, due to the broken UI.

// doh off by default
network.trr.mode->5

IMO, if LibreWolf really wants to disable DoH by default for whatever reason, network.trr.mode should be set to 0 instead. My understanding is that 5 disables DoH completely, while 0 will still use DoH if it's configured on the OS level.

// safebrowsing ; no sb > proxied sb > stock sb
browser.safebrowsing.blockedURIs.enabled->false
browser.safebrowsing.downloads.enabled->false
browser.safebrowsing.downloads.remote.block*->false
browser.safebrowsing.downloads.remote.url->""
browser.safebrowsing.malware.enabled->false
browser.safebrowsing.phishing.enabled->false
browser.safebrowsing.provider.google.*advisoryName // no IronFox branding
browser.safebrowsing.provider.google.*URL->"" // updateURL, getHashURL ; now also v5

IMO the only prefs that need to be set here are browser.safebrowsing.malware.enabled and browser.safebrowsing.phishing.enabled - the rest are unnecessary to disable Safe Browsing and just make it more difficult for users to re-enable it if desired.

// don't use system geo for location
geo.provider.use_corelocation->false // mac
geo.provider.use_geoclue->false // linux

Why? I'm interested to hear your rationale/thought process for these.

// disabled firefox accounts; [!] this however also disables the new profiles manager ui, same urlbar icon
identity.fxaccounts.enabled->false

I don't see a point here; Firefox Sync is E2EE, so not even Mozilla can access data synced - and it never actually syncs any data or makes network connections until the user goes out of their way to set it up.

// disabled push
dom.push.connection.enabled->false
dom.push.enabled->false

dom.push.enabled is unnecessary, and actually harms privacy by aiding fingerprinting. If you really want to disable Push for whatever reason, dom.push.connection.enabled and dom.push.userAgentID should take care of it.

// more to force english websites, than to guard against fingerprinting
privacy.spoof_english->2
intl.accept_languages->"en-US, en"

intl.accept_languages is unnecessary here (and actually caused issues when Phoenix set it in the past); privacy.spoof_english should cover it. I don't think it's a sane default though, due to the impact on usability for non-English speakers - but I do think LibreWolf should consider exposing it as a UI setting.

To comment on some of the points raised by @degausser: > // platforms unsupported by librewolf > --[ANDROID-ONLY] > --[MAIL-ONLY] Phoenix doesn't contain any `[MAIL-ONLY]` prefs - prefs specific to Thunderbird are covered in [Dove](https://codeberg.org/celenity/Dove) instead *(So, if you do come across any Thunderbird-specific prefs in Phoenix, please LMK - because it isn't intended)*. > // breaks YouTube embeds with error 153 > --network.http.referer.defaultPolicy.trackers* Fixed for next release, per discussion at https://codeberg.org/celenity/Phoenix/pulls/228. > // breaks urlbar bookmarks search (issue 218, not fixed in release yet) > --places.frecency.unvisitedBookmarkBonus FYI: This is fixed as of the latest release *(`2026年01月21日.1`)*. > // broken ui on linux > --privacy.ui.status_card Phoenix already doesn't set `privacy.ui.status_card` for Linux, due to the broken UI. > // doh off by default > network.trr.mode->5 IMO, if LibreWolf really wants to disable DoH by default for whatever reason, `network.trr.mode` should be set to `0` instead. My understanding is that `5` disables DoH completely, while `0` will still use DoH if it's configured on the OS level. > // safebrowsing ; no sb > proxied sb > stock sb > browser.safebrowsing.blockedURIs.enabled->false > browser.safebrowsing.downloads.enabled->false > browser.safebrowsing.downloads.remote.block*->false > browser.safebrowsing.downloads.remote.url->"" > browser.safebrowsing.malware.enabled->false > browser.safebrowsing.phishing.enabled->false > browser.safebrowsing.provider.google.*advisoryName // no IronFox branding > browser.safebrowsing.provider.google.*URL->"" // updateURL, getHashURL ; now also v5 IMO the only prefs that need to be set here are `browser.safebrowsing.malware.enabled` and `browser.safebrowsing.phishing.enabled` - the rest are unnecessary to disable Safe Browsing and just make it more difficult for users to re-enable it if desired. > // don't use system geo for location > geo.provider.use_corelocation->false // mac > geo.provider.use_geoclue->false // linux Why? I'm interested to hear your rationale/thought process for these. > // disabled firefox accounts; [!] this however also disables the new profiles manager ui, same urlbar icon > identity.fxaccounts.enabled->false I don't see a point here; Firefox Sync is E2EE, so not even Mozilla can access data synced - and it never actually syncs any data or makes network connections until the user goes out of their way to set it up. > // disabled push > dom.push.connection.enabled->false > dom.push.enabled->false `dom.push.enabled` is unnecessary, and actually harms privacy by aiding fingerprinting. If you really want to disable Push for whatever reason, `dom.push.connection.enabled` and `dom.push.userAgentID` should take care of it. > // more to force english websites, than to guard against fingerprinting > privacy.spoof_english->2 > intl.accept_languages->"en-US, en" `intl.accept_languages` is unnecessary here *(and actually caused issues when Phoenix set it in the past)*; `privacy.spoof_english` should cover it. I don't think it's a sane default though, due to the impact on usability for non-English speakers - but I do think LibreWolf should consider exposing it as a UI setting.
First-time contributor
Copy link

@celenity

I'd like to stress that the original comment was separated to three blocks, (2.) is a matter of backwards compatibility / breaking changes, (3.) is just a personal preference.

(also the comment was written as of Phoenix v2025.12.23.1, as stated)

Phoenix already doesn't set privacy.ui.status_card for Linux, due to the broken UI.

As it currently stands, LibreWolf ships only one unified librewolf.cfg; which means the base for it has to be unified Phoenix and broken functionality has to be removed for all platforms (platform specific prefs are shipped to non-relevant platform as well, see e.g. geo prefs). More complex build scripts, or runtime os checks are the alternative, arguably not worth the effort.

DoH

Consensus here was 5. My understanding is that without disabled doh-rollout, 0 can be turned on based on the rollout criteria. Note that e.g. Phoenix disregards system os network settings in other places, like proxy != 5 (users can reenable it). IMO the default should be either a clear on (without fallback, so 3), or a clear off.

SafeBrowsing

getHashURLs and updateURLs !="" still fetch the lists; LibreWolf disabled SafeBrowsing historically (which I assume you had issues with in its current form too, hence the IronFox proxy), and the docs already include a way to reenable it, including setting those urls back (but should be amended with v5). most others are in-depth, and/or prevent fetching lists that are not needed.
hopefully v5 local lists arrive sooner than later (likely as just another ETP bucket), so we don't have to deal with any of this.

disabled system geo usage

Included in LibreWolf since forever, taken from arkenfox; arkenfox inclusion stems from this earthlng's comment, and Thorin's take ("service used should be handled only within the application"). Seems sound.

firefox accounts

I think the perceived separation of LibreWolf and Mozilla was (is?) of user importance. this is how the current docs address sync. self-hosting still has issues (see this nice writeup, as of 11/2025 for details); default is still the Mozilla server. From the article:

- Mozilla will get your email address. It needs to be a real email address that only you control, because they send login codes to it
- Your browser will periodically fetch auth tokens from Mozilla. This means Mozilla learns on a regular basis all the IP addresses you browse from, and can tie them to your email address
- Your syncserver will periodically fetch JWKS keys from Mozilla. This means Mozilla also knows your server's IP address too

push

just took this. if omiting dom.push.enabled->false still ensures that Mozilla's push services endpoint is not pinged, that's fine by me.

en-US

privacy.spoof_english and its predecessor afaik used to apply only to RFP, so explicit intl.accept_languages is to cover FPP; either way its a personal preference, same as WebRTC hardening.

@celenity I'd like to stress that the original comment was separated to three blocks, (2.) is a matter of backwards compatibility / breaking changes, (3.) is just a personal preference. (also the comment was written as of `Phoenix v2025.12.23.1`, as stated) >Phoenix already doesn't set privacy.ui.status_card for Linux, due to the broken UI. As it currently stands, LibreWolf ships only one unified librewolf.cfg; which means the base for it has to be _unified_ Phoenix and broken functionality has to be removed for all platforms (platform specific prefs are shipped to non-relevant platform as well, see e.g. geo prefs). More complex build scripts, or runtime os checks are the alternative, arguably not worth the effort. >DoH Consensus [here](https://codeberg.org/librewolf/issues/issues/1975) was `5`. My understanding is that without disabled doh-rollout, `0` can be turned on based on the rollout criteria. Note that e.g. Phoenix disregards system os network settings in other places, like proxy != 5 (_users can reenable it_). IMO the default should be either a clear on (without fallback, so `3`), or a clear off. >SafeBrowsing getHashURLs and updateURLs !="" still fetch the lists; LibreWolf disabled SafeBrowsing historically (which I assume you had issues with in its current form too, hence the IronFox proxy), and the docs already include a way to [reenable it](https://librewolf.net/docs/settings/#enable-google-safe-browsing), including setting those urls back (but should be amended with v5). most others are in-depth, and/or prevent fetching lists that are not needed. hopefully [v5 local lists](https://www.firefox.com/en-US/firefox/147.0/releasenotes/#:~:text=is%20migrating%20from%20Safe%20Browsing%20V4%20to%20the%20local%20list%20mode%20of%20Safe%20Browsing%20V5%20protocol) arrive sooner than later (likely as just another ETP bucket), so we don't have to deal with any of this. > disabled system geo usage Included in LibreWolf since forever, taken from arkenfox; arkenfox inclusion stems from this earthlng's [comment](https://github.com/arkenfox/user.js/issues/610#issuecomment-460294604), and Thorin's [take](https://github.com/arkenfox/user.js/issues/610#issuecomment-461374359) (_"service used should be handled only within the application"_). Seems sound. > firefox accounts I think the perceived _separation of LibreWolf and Mozilla_ was (is?) of user importance. [this](https://librewolf.net/docs/faq/#can-i-use-firefox-sync-with-librewolf-is-it-safe-to-do-so) is how the current docs address sync. self-hosting still has issues (see [this nice writeup, as of 11/2025](https://www.kyzer.me.uk/syncserver/) for details); default is still the Mozilla server. From the article: ``` - Mozilla will get your email address. It needs to be a real email address that only you control, because they send login codes to it - Your browser will periodically fetch auth tokens from Mozilla. This means Mozilla learns on a regular basis all the IP addresses you browse from, and can tie them to your email address - Your syncserver will periodically fetch JWKS keys from Mozilla. This means Mozilla also knows your server's IP address too ``` > push just took [this](https://codeberg.org/librewolf/settings/pulls/75/files). if omiting `dom.push.enabled->false` still ensures that Mozilla's push services endpoint is **not pinged**, that's fine by me. > en-US `privacy.spoof_english` and its predecessor afaik used to apply only to RFP, so explicit `intl.accept_languages` is to cover FPP; either way its a personal preference, same as WebRTC hardening.

Could we pleeeeeease keep discussions unrelated to this PR out of the comments for the PR?
Who ever has to review this now has the option to either ignore the comments completely, or spend an hour to filter out what actually addresses settings in the PR, and what is just comment noise.

Could we pleeeeeease keep discussions unrelated to this PR out of the comments for the PR? Who ever has to review this now has the option to either ignore the comments completely, or spend an hour to filter out what actually addresses settings in the PR, and what is just comment noise.
Author
Owner
Copy link

@alyx161 wrote in #107 (comment):

Could we pleeeeeease keep discussions unrelated to this PR out of the comments for the PR? Who ever has to review this now has the option to either ignore the comments completely, or spend an hour to filter out what actually addresses settings in the PR, and what is just comment noise.

I take the blame because I started this with my comment of:

Since I have no other way of messaging you, I might as well use this PR for your input.

@alyx161 wrote in https://codeberg.org/librewolf/settings/pulls/107#issuecomment-10103010: > Could we pleeeeeease keep discussions unrelated to this PR out of the comments for the PR? Who ever has to review this now has the option to either ignore the comments completely, or spend an hour to filter out what actually addresses settings in the PR, and what is just comment noise. I take the blame because I started this with my comment of: > Since I have no other way of messaging you, I might as well use this PR for your input.
Author
Owner
Copy link

I made a separate issue for discussing using Phoenix as a base here librewolf/issues#2823

I made a separate issue for discussing using Phoenix as a base here https://codeberg.org/librewolf/issues/issues/2823
Sign in to join this conversation.
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
librewolf/settings!107
Reference in a new issue
librewolf/settings
No description provided.
Delete branch "any1here/settings:master"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?