[yscik]

I'm not sure how allowing extensions to change privacy settings is going to increase user privacy.

And while it's becoming easier to manipulate any website you visit, with basically nothing stopping a malicious extension from stealing user data or just taking over any online account, actually extending the browser UI, the original goal of many former extensions, is extremely limited.

[asfdsfggtfd]

It is a different mindset. It comes from the idea that you should be able to trust the software that you have vetted and installed (extension) over random third party code (an arbitrary website).

[mintplant]

This reduces the extent to which Tor Browser has to delve into the Firefox internals. Ideally they'd be able to package up all their changes as an extension.

[acqq]

If you mean the stuff under "Additional Privacy Controls" you already surf without the functionality that can be turned on with this API. That means that the new API allows you more privacy, at least until you install some extension that maybe overrides the extension that turned "on" that privacy functionality.

So it's like before, adding a new extension is always a security risk.

[yscik]

Wow, I thought the controls are exposed in browser preferences. This makes even less sense, why would these be only controllable by extensions? (Though they are accessible in about:config at least)

[milofeynman]

I personally have them both turned on in about:config.

But It would be nice to have an extension to turn off resistfingerprinting on some sites (like firefox's extension site) because it fakes the browser's user agent which breaks things that check your user agent. I'm not sure this will allow that. It seems like it'll allow a privacy extension to easily enable / disable it for all sites with a check box.