In Settings > Language and Appearances, there are [$browser Theme, System theme, Light, Dark].
The whole section should be hidden as it's actually a setting intended to give the theme preference for websites and not only the browser internal pages.
However, RFP makes this useless, and the customization applies only to about pages.
Yep I’m happy to follow suit for Tor Browser too. As discussed on IRC, I think “ theme” should be retained as the hidden default while we’re on the ESR 102 train as it seems to provide for the best interaction between the browser and system themes.
As discussed on IRC, I think “ theme” should be retained as the hidden default while we’re on the ESR 102 train as it seems to provide for the best interaction between the browser and system themes.
I don't remember the discussion exactly .
However, the theme can be still changed in the about:addons page.
So, users that customized the theme will be able to change/revert any customization there.
Therefore, as a final decision, I'm suggesting we don't force any change, to prevent users from finding a (possibly unpleasant) "surprise".
As mentioned in chat, I think we will want to reset the preference layout.css.prefers-color-scheme.content-override specifically since we would be removing the UI for this particular preference.
However, the theme can be still changed in the about:addons page.
about:addons>Themes only shows and implies that the chrome is changing, e.g .look at the images. The section we should hide explicitly says website appearance, so I don't see how users can find a (possibly unpleasant) "surprise" should we hide it
With the UI removed, that means only those that fiddle in about:config can change it, and they deserve a "surprise" for fiddling and RFP to the rescue - or just lock the pref(s)
unless I'm missing something ... sorry for not being on IRC, didn't get the invite
@thorin just to be clear, I don't think there is a known figerprinting that derives from setting layout.css.prefers-color-scheme.content-override, because this gets further overridden by Resist Fingerprinting.
The only effect it has, with RFP, is to change the content pages not under RFP's scope. So essentially, it just allows the user to change the "about:" page's theme to be different from the chrome theme.
So we don't need to lock the pref as a threat-prevention measure.
@henry yup, totally get all that but I see my syntax was confusing, I know RFP protects :). The lock comment was a solution to prevent "surprises" - i.e users complaining that they changed the pref and it didn't work