bug 40656: remove fingerprintable preferences

Merge Info

• Related Issues

  • #40656

• Backport Timeline

  • Immediate - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build)
  • Next Minor Stable Release - patchset that needs to be verified in nightly before backport
  • Eventually - patchset that needs to be verified in alpha before backport
  • No Backport - patchset for the next major stable

• Upstream Merging

  • Merge to base-browser - typically for !fixups to patches in the base-browser branch, though sometimes new patches as well
    • NOTE: if your changeset includes patches to both base-browser and tor-browser please please make separate merge requests for each part

• Issue Tracking

  • 12.0.4

Change Description

Removed fingerprintable preferences from about:preferences

• browser.download.useDownloadDir
• signon.rememberSignons
• browser.formfill.enable
• [already] signon.autofillForms
• browser.search.suggest.enabled
  • urlBarSuggestion
  • browser.urlbar.showSearchSuggestionsFirst
  • showSearchSuggestionsPrivateWindows
• network.http.windows-sso.enabled 🔥

"In addition to that, we need to make sure sync.inc.xhtml is not visible."

• it is, it's default hidden, and the show function doesn't get called unless entity.fxaccounts.enabled is true - is set to fasle in base profile

"Then, from #40899, we should review: "

• [already] Picture in picture
  • media.videocontrols.picture-in-picture.enabled
    • hides pref and master disable of feature
• Media keys controls
  • per IRC - should be fine to leave
• Extension recommendations
• Phishing and malware protection (in the privacy panel)
• [TODO seperate TB only MR] Default browser (only Tor Browser, not S131)
• Saved passwords and similar amenities
  • "My decision: discuss about keeping these features, and possibly add a manual page about the risks of having them"