Hi - heres some updates for Pale Moon config

Support and discussions for the x86/x64 Linux version of Pale Moon and specific Linux distribution questions related to the browser.

Moderator: trava90

Forum rules
If your question is about general use of the browser and not specific to Linux, then please use the General Support board.
Locked
cscs+

Hi - heres some updates for Pale Moon config

Post by cscs+ » 2016-03-27, 23:07

Hi there, this is going to be my first post. So first off - thanks for PM - I use it on win7, mint, arch, and the atom-specific builds as browser of choice.

I've noticed that the "Pale Moon Tweak Guide" has been stagnant for a while, and there isnt a separate equivalent over here in the linux room (not sure if there needs to be). In any case- since I have mainly tested these tweaks on linux, and this first set is going to come pretty much entirely from the manjaro wiki compilation I thought to post here.

And please remember the normal 'there be dragons here' about:config caveats apply.

######
But on to the fun bits:
######

DOM Storage

*This WILL break some functionality on some websites.*
DOM storage has become a much bigger threat to our privacy than the dreaded cookies were.

about:config Name: dom.storage.enabled

Default value: true

Modified value: false


Referrer Control

about:config Name: network.http.sendRefererHeader

Default Value: 2

Modified Value: 0

By setting network.http.sendRefererHeader in about:config to 0, whenever you visit a link from one site, the destination site doesn't know the original site you were referred from.

This in effect makes the Firefox add-on RefControl (& others) redundant.

From the Knowledgebase:
network. http. sendRefererHeader Integer
Determines when to send the Referer HTTP header.
0: Never send the referring URL
1: Send only on clicked links
2 (default): Send for links and image

If you find that you can't get into your online banking (or other) site, it can be due to you having set the integer to 0. You would then be best off using the integer value of 1. & Under such circumstances use the likes of RefControl as you can use whatever options you choose for your normal surfing & then choose a specific option that works with specific troublesome sites.


Silent Requests

about:config Name: network.http.speculative-parallel-limit

Default Value: 6

Modified Value: 0

By setting network.http.speculative-parallel-limit to 0, we are controlling the following:

Unlike older versions of Firefox, more recent versions will make a request to a destination server just by hovering over a link. No CSS, no JavaScript, no prefetch required.


Enable Spell Checking In All Text Fields

about:config Name: layout.spellcheckDefault

Default Value: 1

Possible Values:

0 - disable spell checker.
1 - spell check multi-line text boxes only.
2 - enable spell checker for all text boxes.

The default spell checking function only checks for multi-line text boxes. You can get it to spell-check for single line text box as well.


Session Store Interval

about:config Name: browser.sessionstore.interval

Default Value: 60,000

Modified Value: XXX,XXX

This value sets the interval at which sessions will be committed to storage for recall (eg: after recovering from a crash).
If you dont need or use this feature, increasing the value can help performance especially on underpowered machines.
This comes with the risk of losing open tabs or other data if the value is set too high and the browser closes before the allotted time.


Open Search Box Results In New Tab

about:config Name: browser.search.openintab

Default Value: false

Modified Value: true


When you search using the search box at the top right hand corner of the browser, it will display the search results in the current tab.
If you don’t want the search to interfere with your current tab, you can tweak the browser.search.openintab to make it open in a new tab.


Prevent child windows from spawning

about:config Name: dom.disable_window_open_feature.resizable

Default Value: true

Modified Value: false

Turning off the above should prevent most, if not all tabs being spawned in a new Firefox window.
Some websites like to do this to us & some of us don't like it!


Disable less secure encryption protocols

*This WILL break some reputable sites*

Many encryption experts consider them broken. It is not necessary to disable them.
If some of the websites you visit via HTTPS/SSL do not work anymore, please enable these protocols again:

about:config Name: security.ssl3.rsa_aes_128_sha

Default Value: true

Modified Value: false


about:config Name: security.ssl3.rsa_aes_256_sha

Default Value: true

Modified Value: false


about:config Name: security.ssl3.rsa_des_ede3_sha

Default Value: true

Modified Value: false


Highlight everything in the address bar by a single click

about:config Name: browser.urlbar.clickSelectsAll

Default Value: true

If you prefer to click once for url editing, instead of auto-highlighting, you'll know what to do.


Tab Animation

browser.tabs.animate

Default Value: true

Modified Value: false


...thats it for now :) . Once again, do not blindly enable all these settings. I do not use all of them and you probably dont want to either. While all those listed can be considered 'safe', user experience for some websites will be effected. As with all about:config edits - these are options for users who need them or otherwise know what they are doing.
Last edited by cscs+ on 2016-04-01, 20:24, edited 5 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29343
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Hi - heres some updates for Pale Moon config

Post by Moonchild » 2016-03-28, 01:59

A quick note that the defaults are there for a reason.
e.g.: Turning off DOM storage and sending of referrers not only can, but will break an increasing number of websites.
e.g.: The "least secure" cipher suites are still secure, and disabling what you suggest would break perfectly good sites as well. And you're falling in the trap of disabling good features just because they happen to be at the bottom of the list. After all, after these are disabled, some other suite will be "least secure". The browser already uses sane priority.
Also, you suggest prefetching pages as a good thing, but want to prevent speculative connections (without actual requests) at the same time -- that's kind of paradoxical? :)

etc.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

adisib
Lunatic
Lunatic
Posts: 380
Joined: 2015-06-13, 03:34
Location: KY

Re: Hi - heres some updates for Pale Moon config

Post by adisib » 2016-03-28, 02:42

Moonchild wrote:Also, you suggest prefetching pages as a good thing, but want to prevent speculative connections (without actual requests) at the same time -- that's kind of paradoxical? :)
cscs+ wrote: Prefetch Control

about:config Name: network.prefetch-next

Default Value: true

Modified Value: false

By setting network.prefetch-next to false, we are controlling the following:

Link prefetching, is when a web page hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user request
Actually he is suggesting the opposite, that it should be disabled. It appears that he is suggesting changing it, making it easy to think he is suggesting to enable it, because he has the incorrect default value posted. This is actually false by default, not true. I haven't checked to see if the other defaults are correct or not.

cscs+

Re: Hi - heres some updates for Pale Moon config

Post by cscs+ » 2016-03-28, 04:26

Moonchild wrote:A quick note that the defaults are there for a reason.
e.g.: Turning off DOM storage and sending of referrers not only can, but will break an increasing number of websites.
e.g.: The "least secure" cipher suites are still secure, and disabling what you suggest would break perfectly good sites as well. And you're falling in the trap of disabling good features just because they happen to be at the bottom of the list. After all, after these are disabled, some other suite will be "least secure". The browser already uses sane priority.
Also, you suggest prefetching pages as a good thing, but want to prevent speculative connections (without actual requests) at the same time -- that's kind of paradoxical? :)

etc.
I agree. I prefer DOM off on some of my setups - but dont generally suggest it to folks who cant troubleshoot things themselves or arent security freaks, etc. The cipher suites are included should someone be interested in them, not as a suggestion for smooth browsing - I dont use those changes. (Actually in the cited page, those configs were preceded by 4 other similar changes which are already included in PaleMoon [over ff], so kudos to you). As for the prefetching - everyone has different needs but I actually prefer to disable prefetching and speculative connections and DO use those changes.(edit - oops, that was the incorrect default and should not have been included)

I apologize if I was not clear that I did not *recommend or *endorse any of these changes - just thought some interested folks might find them easier on the forums. I've also updated the original post to reflect some warnings and removed the reference to prefetching.

Locked