discussion: move 2025 media types to personal section about user.js HOT 5 CLOSED

IMO we can leave these prefs as FF52's default, all true.

from user.js.

If there is no other issues, I am voting for default also.

from user.js.

[...] setting the lot to true, commenting them all out, and moving to the personal section

I agree. Moreover that besides personal considerations untied to privacy and security (as far as I know) I see no reason for disabling these settings, so left as default (true) and commented out seems pertinent, leaving the information raw for a user who might have his reasons to disable one or another.

Generally speaking, and this is my very personal approach, a work such as this one, that is to summarize and detail all available settings (hidden included) in Firefox's about:config, could point to only privacy and security settings. Going ahead of those means an increased amount of work for the developers, possible confusion for the user (commented out is understood as referring to either a problematic pro/con setting either to a cosmetic/practical setting not related to privacy/security) but nevertheless valuable information for "diggers" who have then an "encyclopedia" of settings, be they security/privacy related or not. IMO, privacy/security settings only is the best approach. Hence, in this example, simply removing the above from the user.js list would be far better. Otherwise we may lead to a bloated user.js ...

from user.js.

it makes more sense to set them all to FALSE and comment them out. Otherwise we might as well remove them all together.

re: security - there have been exploitable flaws in the past in some media formats fe. see here. But they are probably way too hard to find and exploit for most "attackers". On linux (and mac?) there's maybe more of a risk because flaws in FFmpeg are likely easier to find.
I'm not aware that the CIA's Vault7 leaks made any mention of media format exploits but we'll only know for sure once those exploits are made public, if ever. So I'd agree the risk is atm slim to none with keeping FF's default values.
I personally will probably never need the raw and wave formats for example, so I'll keep those disabled.

re: FP - the fact that the youtube HTML5 page can detect which formats you support without even loading a video is a pretty clear indicator that it can be fingerprinted.

Does it really matter?

probably not - we're already easily fingerprinted and I'm okay with whatever you guys want to do with it

from user.js.

re: FP - the fact that the youtube HTML5 page can detect which formats you support without even loading a video is a pretty clear indicator that it can be fingerprinted.

In that case should be set to default or even better, as @earthlng proposed to comment them out, since it will lower entropy, as far as FP is concerned.
I don't have a personal opinion on security part, yet.
I know FP resistance is a bit futile, but I don't have government grade FP in mind... just want to make a "noise" to commercial ADV databases.

from user.js.