add: browser.privatebrowsing.autostart

[Thorin-Oakenpants]

Based on pyllyukko's user.js, something like

// Start in private browsing mode
// https://wiki.mozilla.org/Private_Browsing
// user_pref("browser.privatebrowsing.autostart", true);
// user_pref("extensions.ghostery.privateBrowsing", true);

• Should I add an explanation that PB means no retained session data such as history, cookies etc? Part of this js' appeal is the descriptions and notes.
• And where to put it. I would like to put it in startup 0100, as it doesn't singularly fit in another section, eg 0800 (forms, history) and 2700 (cookies/dom)

[earthlng]

re: explanation: No, the link to the mozilla wiki is good enough IMO, and most users should already know what PB is/does anyway. (and FF even says what it does on a PB newtab)
I kinda don't like the ghostery part though. That's a very shitty choice of an addon and we shouldn't encourage anyone to use it. Also I'm not sure how I feel about adding 'extensions.' prefs in general. NoScript f.e. would have quite a few that would be worth including then, but imo that's best left to the users of those addons.
As for the number, it doesn't really fit with the other ones under 0100, and since it makes a lot of other prefs obsolete, maybe it deserves something like 0001. (?)

[crssi]

I am avoiding private browsing for several reasons:

1. I cant control cookies at all, and cookies are not destroyed properly when tab is closed.
   I am using Self-Destructing Cookies (SDC). Haven't find better solution till now.
   Unfortunately SDC doesn't destroy LSO na HSTS.
   I believe LSO is not a problem is you don't use Flash (and I don't)... am I true here???
   Haven't found a good solution for HSTS, but haven't got time yet. And will be hard.
2. Same as you, I like some cookies to keep and I do also use auto-login/pass-manager.

I am in a investigation of the diff from your and mine user.js. Have quite a few and need some time. :)
I also don't try to make my browser full "government grade" tracking prof, since its futile.

Cheers

[Atavic]

Regarding 1602 (DNT) I quote a paper called Dusting the Web for Fingerprinters:

We set the DNT header to 1 in the PhantomJS browser and visited the websites identified as performing fingerprinting in our previous experiments. For all of these pages, we obtained the same results with respect to the number of fonts probed and other browser properties accessed, suggesting that DNT preferences are ignored by fingerprinters.

Available on the fpdetective page.

[crssi]

Statistically, which one we have more, users with DNT=1 or users with DNT=0 or users with no DNT?
Tried to find some statistics about DNT usage, but have failed. :(

[Atavic]

I suppose it's one of the most popular changes, as it appears in the options GUI.
Users with no DNT are using very old browsers.

[crssi]

I guess so too... I am using DNT=1 with the latest stable, which is also having more marketshare than other versions.

[crssi]

When you mention 50/50 on Am I Unique or panoptics, which suggest that more than 50% users have DNT=1.
Why is that? The most latest version browsers defaults to DNT=1 and you need to opt-out.
Only paranoid tinhatters turns it off then, and those are making 50/50 on sites like AmIunique or panoptics. But in a real world it makes DNT=1 much more than 50% of marketshare,.

I am not saying that I am true, but I am guessing so. Thats why I have switched to DNT=1 a while ago.
By a wild guess, I would recommend to use DNT=1 to lower FP usability.

Cheers

[crssi]

I guess I was wrong. ;)
Thanks you for response.

[ghost]

@Thorin-Oakenpants

Just on DNT - if you use NoScript MAKE SURE to set your noscript.doNotTrack.enabled to match.

Are you sure about this? Majority of NoScript users probably leave noscript.doNotTrack.enabled on true, wouldn't setting it to false raise entropy?

[ghost]

@Thorin-Oakenpants I agree with your points on DNT. Unfortunately, not many sites respect the DNT header.

Also .. what % of NS users make up the FF base: NS users on AMO currently shows 1.7+ million. That's like 1 or 2% of FF users

That's why I asked, I guess sites can detect you are a NoScript user? I may be very wrong but since the browser with NoScript sends the Do Not Track header by default, are you more unique with noscript.doNotTrack.enabled on false?

Is this preference set to false in Tor Browser?