| I've already typed quite a few replies, and I don't want to come across as all preachy. "into turning off TLS 1.3... (all real examples from posts like this)" The user.js does NOT disable any TLS settings. HTTP2 I talked about in another reply. Client auto-installing is disabled (as that really fits with our user-base), but auto-checking for updates is not, and hasn't been since I moved to Github (it was from memory, way back when I had it on ghacks where it was shared as MY settings) Not from this comment, but I was already aware of some of our defaults putting users at risk, which is why Tracking Protection and Safe Browsing are not disabled (except real-time binary checks), and why auto-update checks have never been disabled, and so on. And why I pointed to and tried to make the wiki implementation page highlight those important settings. I was aware, but this thread prompted me to actually change it - I made the auto-updating extensions disabled -> inactive. The reasoning here is that APP update reminders are in your face, you get a dropdown panel notification, repeatedly - but extension updates are not in your face - so best practice here so no-one is disadvantaged, and one less thing to list at people and overwhelm them. Keep in mind that this is still not aimed at the average person. I also updated the wiki implementation page to make it a bit cleaner and really point some things out. Thanks everyone PS: I'm not rabid :) |