Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

changelog: v96

See original GitHub issue

date: 23-January-2022
foreword: These are all the changes since the last changelog (v95).

FF96 release notes FF96 for developers FF96 security advisories

CHANGELOG: [all changes]

links to bugzilla tickets and default pref changes in Firefox are in our ToDo: diffs FF95-FF96 issue
for all the rest see the full list of pref changes below

⭐ your friendly reminder to run prefsCleaner

62baz6

PART ONE: normal stuff

new in user.js v96
- eme.ui - added back in - see https://github.com/arkenfox/user.js/commit/87bd8683fa384c0e9932230c8957ac0717a0b430

   // user_pref("browser.eme.ui.enabled", false);
   // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+]
   // user_pref("network.proxy.allow_bypass", false);

made inactive in user.js v96
- update prefs: moved to personal and inactive because not updating is solely on the end-user
- SWers - see https://github.com/arkenfox/user.js/commit/8860c90abf5c1fb0f87661c3327ae4e75992be13#commitcomment-61742243
- push requires opting into subscriptions and is not a privacy or tracking issue and it requires SWers (see previous point)

   // user_pref("app.update.auto", false); // [NON-WINDOWS]
   // user_pref("browser.search.update", false);
   // user_pref("dom.push.enabled", false);
   // user_pref("dom.serviceWorkers.enabled", false);

removed in user.js v96
- insecure text - see https://github.com/arkenfox/user.js/commit/09d62d2302c2306f5430a397596667ff167edce7
- the three dom prefs - see https://github.com/arkenfox/user.js/commit/0634a568efeca4d837a34dae47b1a3b14c85dccd
- note: push is not included in the user.js 6050 for prefsCleaner (nor in the scratchpad script) as it would reset users subscriptions, and if a user has no subscriptions, Firefox resets it anyway

   // user_pref("dom.caches.enabled", "");
   // user_pref("dom.storageManager.enabled", "");
   // user_pref("dom.storage_access.enabled", "");
   // user_pref("security.insecure_connection_text.enabled", "");
   // user_pref("dom.push.userAgentID", "");

moved to 9999: DEPRECATED / REMOVED in user.js v96

user_pref("app.update.background.scheduling.enabled", false); // [WINDOWS]

PART TWO: dFPI/TCP/ETP STRICT

⭐ update your cookies and site exceptions from FPI syntax - see https://github.com/arkenfox/user.js/issues/1281#issuecomment-981368056

62bag5

We have moved to ETP Strict (dFPI/ Total Cookie Protection)

you can read more at
- #1051
- #1337
do not create repo noise with questions about ETP custom
- see #1334
tl;dr: FPI sooner or later is going to cause problems and/or you will miss out on usability and protections
- FPI is not maintained upstream: mozilla do not want the extra engineering and complexity of two code paths
- FPI has already missed out on extra partitioning (such as service workers)
- FPI has already been on the cusp of missing out on extra partitioning (such as websockets) - I was lucky enough to spot this and alert sysrqb to get it into ESR91.1+. We won’t always be so lucky
- FPI will likely miss out on future partitioning in the pipeline (such as 308 redirects, pool parties, etc)
- TCP is actively worked on
- TCP works better with sanitizing
- TCP is being rolled out to all Firefox users (in ETP Standard)
- ETP Strict comes with extra benefits
- blah blah blah
- FYI: currently the only non-partitioned item in TCP is blobs - see 1686111 and privacy.partition.bloburl_per_agent_cluster

diffs in user.js v96

see 2700s: this is the ETP / Partitioning section
see 6008 - FPI enforced as false (otherwise it causes ETP Strict to change)
see 6009 - shims enforced in case people think this is to do with Smart Blocking heuristics (e.g. click FB button to login = 2702)
see 6050 - the other FPI prefs removed (they’ve always been inactive anyway)
see 7016 - some items added and with others all made inactive as they are set at runtime
⚠️ do not delete webcompat system addons: not that arkenfox endorses deleting these, but I know some of you do it anyway, so consider yourself told

// changed
user_pref("browser.contentblocking.category", "strict"); // was custom
user_pref("privacy.firstparty.isolate", false); // was true

// made inactive
   // user_pref("network.cookie.cookieBehavior", 5); // was 1
   // user_pref("privacy.trackingprotection.enabled", true);
   // user_pref("privacy.trackingprotection.socialtracking.enabled", true);

// new
user_pref("extensions.webcompat.enable_shims", true);
user_pref("privacy.partition.serviceWorkers", true);
   // user_pref("privacy.antitracking.enableWebcompat", false);
   // user_pref("privacy.partition.network_state.ocsp_cache", true);
   // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);

// removed
   // user_pref("privacy.firstparty.isolate.block_post_message", "");
   // user_pref("privacy.firstparty.isolate.restrict_opener_access", "");
   // user_pref("privacy.firstparty.isolate.use_site", "");

STATS

 STATS v96: up to and including section 4500, minus the parrots
 =========
    total: 212
 inactive:  42
           ---
   active: 170
  default:  21 (at least)
      n/a:   2 (of the three prefs in 0204, only one will apply)
           ---
  flipped: 147 (at most)