firefox-debloat icon indicating copy to clipboard operation
firefox-debloat copied to clipboard

Published 20 hours ago verified publisher icon amq

Tips

Open davidhedlund opened this issue 8 years ago • 0 comments

From https://lists.gnu.org/archive/html/bug-gnuzilla/2015-06/msg00005.html

Dear Rubin,

Congratulations! I wish you many happy years to come!

I have recently seen firefox adding more and more unnecessary and dangerous things so I have decide to work on a version of firefox which deletes them.

Then I discovered Icecat which shares a lot of my goals and I was able to benefit from its source code. Thank you very much!

Here are the components I propose for deletion and why:

  • EME/DRM - [freedom] - This is a sandbox intended to run some kind of nasty binary from adobe used to block users from having full control over videos they watch.
  • NewTab - [freedom/privacy] - The "newtab" has been getting sponsored adverts being put into it. It is a danger to privacy because when the mouse hovers over them a connection is made to the advertisers page.
  • HealthReport - [privacy] - Turned this off by default. I do not believe something like this that reports statistics about usage should be on by default.
  • WebGL - [security] - Turned this off by default. The security dangers of having this on are too high.
  • Pocket - [freedom] - Pocket seems to be some kind of 3rd party "cloud" service. This is a danger to freedom.
  • Hello!/Loop - [superfluous] - I think you can technically run your own loop server and all the source code is available so this is not a freedom concern but in any case this is not required to browse the web.

To delete EME I did an rm -r on all the relevant directories, added ac_add_options --disable-eme to the mozconf and cleaned up any dangling references to the EME stuff. I think it is important that the code itself not be compiled into the program even if it is not used. "dead" code has been used in security vulnerabilities in the past.

For NewTab I blanked out the XML inside content/newtab/newTab.xul and deleted the unneeded files.

The patch for HealthReport off-by-default is based on icecat, since icecat already does this!

To set WebGL off by default I edited modules/libpref/init/all.js.

Pocket and Hello! were removed by rm -r'ing the modules and then cleaning up dangling references:

rm -r ./browser/components/pocket/

rm -rf ./browser/components/loop/ rm ./browser/base/content/browser-loop.js

I am keen on learning about new candidates for removal. I have heard that firefox will soon search users history and provide adverts based on this - I intend to produce a patch/script to remove that too.

I have included some patches and scripts here which I hope may be of use or interested to folks.

  • https://github.com/orchid-hybrid/cozy-cub/tree/master

http://gnuzilla.gnu.org

davidhedlund avatar May 05 '16 19:05 davidhedlund