"The OpenH264 codec is not distributed with Firefox but gets downloaded at the first start of Firefox. In case you want to prohibit that, you will have to preconfigure the browser and set the media.gmp-gmpopenh264.autoupdatemedia.gmp-gmpopenh264.enabled preference to false. "
I have to disable it before I START firefox?? How?
In your Firefox profile directory, there's a file called "prefs.js". Of course, that (obviously) requires you have a FF profile, so I'm not sure how much use it would be.
I guess the "easier" way would be to just disconnect your internet, and then install and start Firefox.
Preferences set in the user.js file are applied after those in
prefs.js, but are persistent - while the current prefs settings
are saved to prefs.js when Firefox exits, the prefs in user.js
are re-applied on every restart of Firefox - so you would have
to edit user.js to persistently change Firefox' behavior.
Thus user.js is handy for knowledgeable users, but could be a bit of
a trap for less capable users. ("I can't make it change!")
While I'm on about:config stuff, a handy way to search for
config variables is a shortcut:
To me this is poor design. I prefer to have everything turned off by default. Then I have to learn how to turn things on.
In the end, this teaches me much more about controlling the program's behaviour than having developers make decisions for me. But that's just my opinion.
It would be great if non-technical end-users could control their enviroment and disable these things; this page, while a great step forward, still is much too long and complex - it's too long for me to read the whole thing.
Firefox needs a button in preferences that says 'enable only connections specifically initiated by the user' - worded better and with appropriate warnings of functionality loss. Or an add-on would be great.
I disagree, there is a lot of functionality aimed to keep users safe, if "non-technical end-users" can't understand and go through them; they may be better leaving them alone.
On the other hand also prevents those users from changing something and find non expected behavior.
> if "non-technical end-users" can't understand and go through them; they may be better leaving them alone.
I understand this reasoning, but I think the pendulum has swung too far from end-user control to a patronizing attitude where we tell users what is good for them - in fact, we decide for them without even telling them.
For example, in this case perhaps some users value confidentiality over system integrity or over performance; Mozilla doesn't empower them to make that decision; the users don't even know that a decision has been made. Mozilla could facillitate end-user control by making the options safe and by explaining them clearly.
There is a balance of course, and I'm just using this issue as a example - it's hardly the most critical.
Turning Firefox into Config Simulator 2016 would just alienate nontechnical users, not empower them.
I don't see how it's patronizing to say, "You can set this the way you want if you care, and people who don't care aren't faced with a bunch of choices they don't want."
Interesting historical context: When Firefox split off from the old Mozilla browser, the whole Firefox (then called Phoenix) project removed a lot of menus and buttons.
You'd want it to convey that "Paranoid" doesn't mean "Most secure," which is how a lot of people would read that. A typical person against typical adversaries really does want automatic updates.
Some of these options, such as disabling automatic updates, would reduce security. But some, such as DNS prefetching, impact only performance and disabling them would improve security (confidentiality is a key part of security), however marginally in some cases.
I think a distinction needs to be made for the users.
On the one hand, pulling patches automatically protects you from the nasties. On the other hand, it also leaks information off your machine which might not be what you want.
