Please, stop the misdirection. Yes, DRM is not part of, or covered by, the privacy.resistFingerprinting flag, but the module itself is fingerprintable and therefore falls under the entire “anti-fingerprinting” umbrella. Enabling it makes fingerprinting easier;
> it still is. Please learn to fact check
This issue of yours attempts to change that, and was created today:
I didn’t say that you already altered it in the user.js itself – if you did, that would be even worse than mere considerations.
> it already has mechanisms in place, please learn to read what a template, readme, wiki, instructions and setup tags are.
Nowhere do you hint in there that users should use streaming apps outside of the browser – the only reasonable reaction to a fingerprintable blackbox in the browser.
Leave me alone with all that “template” talk – you offer a preconfigured config file that is meant to be halfway workable at least; otherwise, why would you even consider enabling DRM by default for usability reasons? Those are usability considerations are contradicting your “template” claim. Not all recommendations on a “template” (= recommendation list users can selectively choose from) must be workable (however, those on a preconfigured config must be workable – hence usability considerations), a “template” would also provide extensive reasoning why a certain change was made and what alternatives are reasonable etc.
> I’ll make it easy for you .. take the reddit script and let me know the metrics gained and how much entropy they contain. Looking forward to your detailed breakdown
It checks for the following things:
– If DRM modules are available at all, whether it’s enabled or disabled.
– What type of DRM module it is.
DRM is just one possible fingerprinting vector, so one CANNOT identify a user JUST based on DRM. However, DRM is a further identifier on a list of identifiers that together form the fingerprint – you know that, those are the basics. Why would you allow yet another identifier?
> secondly: arkenshill?
Accurate description. I like to call it “Tor copycat effort”, but everyone has different wording of course.
PS: I am waiting for your user.js to to resolve the fact that Firefox still connects to firefox.settings.services.mozilla.com even if your user.js is fully applied – please resolve. By the way, there is no about:config flag for that, so good luck modifying the code.