New hidden features

Discussion of features in Seamonkey
Post Reply
User avatar
Pim
Posts: 2215
Joined: May 17th, 2004, 2:04 pm
Location: Netherlands

New hidden features

Post by Pim »

Five years ago, I published a list of hidden features in SeaMonkey; about:config settings that you can switch from false to true to enable hidden functionality.
My goal was to score as high as possible on the site HTML5Test.
And now we have a newer version of SeaMonkey, which has more features, so there are new about:config settings you can flip to crank the score up even more.

However.
The times have changed, and I'm older and wiser now than when I first posted that. I'm more aware of privacy concerns, I know we care about security, we don't want to be tracked and fingerprinted; and the problem is, many of these settings enable features that do allow websites to track us, to fingerprint us!
So, do we really want the fake internet points, or do we want to be secure?
To err on the side of caution, here is a file that only sets those switches that are deemed safe by sites like Ghacks and the like. Copy this and put it in a new file called user.js in SeaMonkey's profile directory. Or, if there is already a user.js file in the directory, open it and put this at the end. Then restart SeaMonkey.

Code: Select all

user_pref("canvas.focusring.enabled", true);                        // 1 pt. 2D Graphics → System focus ring support
user_pref("canvas.hitregions.enabled", true);                       // 1 pt. 2D Graphics → Hit testing support
user_pref("dom.animations-api.core.enabled", true);                 // 3 pt. Animation → Web Animations API
user_pref("dom.dialog_element.enabled", true);                      // 1 pt. Elements → dialog element
user_pref("dom.enable_performance_observer", true);                 // 1 pt on alpha.html5test.com
user_pref("dom.experimental_forms", true);                          // 8 pt. Forms → input type=date
user_pref("dom.forms.color", true);                                 // 3 pt. Forms → input type=color
user_pref("dom.forms.datetime", true);                              // 8 pt. Forms → input type=date
user_pref("dom.forms.datetime.others", true);                       // 12 pt. Forms → input type=datetime-local
user_pref("dom.forms.number", true);                                // 3 pt. Forms → input type=number; CSS :in-range/:out-of-range
user_pref("dom.indexedDB.enabled", true);                           // 25 pt. Storage → IndexedDB
user_pref("dom.input.dirpicker", true);                             // 1 pt. input type="file" →  Directory upload support
user_pref("dom.moduleScripts.enabled", true);                       // 3 pt. Scripting → ECMAScript 6 Modules
user_pref("dom.payments.request.enabled", true);                    // 5 pt. Payments → Web Payments
user_pref("dom.requestIdleCallback.enabled", true);                 // 1 pt. Performance → window.requestIdleCallback
user_pref("dom.storage.enabled", true);                             // 10 pt. Storage → Session Storage
user_pref("dom.webnotifications.enabled", true);                    // 5 pt. Output → Web Notifications
user_pref("dom.workers.enabled", true);                             // 10 pt. Performance → Web Workers
user_pref("full-screen-api.unprefix.enabled", true);                // 5 pt. Output → Full screen support
user_pref("javascript.options.streams", true);                      // 4 pt. Streams → Readable streams
user_pref("javascript.options.writable_streams", true);             // 2 pt. Streams → Writable streams
user_pref("layout.css.all-shorthand.enabled", true);                // 3 pt on css3est.com
user_pref("layout.css.background-blend-mode.enabled", true);        // 17 pt on css3est.com
user_pref("layout.css.box-decoration-break.enabled", true);         // 2 pt on css3est.com
user_pref("layout.css.clip-path-shapes.enabled", true);             // 14 pt on css3est.com
user_pref("layout.css.color-adjust.enabled", true);                 // 2 pt on css3est.com
user_pref("layout.css.column-span.enabled", true);                  // 2 pt on css3est.com
user_pref("layout.css.contain.enabled", true);                      // 5 pt on css3est.com
user_pref("layout.css.filters.enabled", true);                      // 11 pt on css3est.com
user_pref("layout.css.float-logical-values.enabled", true);         // 4 pt on css3est.com
user_pref("layout.css.grid-template-subgrid-value.enabled", true);  // 10 pt on css3est.com
user_pref("layout.css.grid.enabled", true);                         // 108 pt on css3est.com
user_pref("layout.css.image-orientation.enabled", true);            // 8 pt on css3est.com
user_pref("layout.css.isolation.enabled", true);                    // 2 pt on css3est.com
user_pref("layout.css.prefixes.webkit", true);                      // 1 pt on css3est.com
user_pref("layout.css.resizeobserver.enabled", true);               // 1 pt on css3est.com
user_pref("layout.css.ruby.enabled", true);                         // 3 pt. Elements → ruby, rt, rp
user_pref("layout.css.scope-pseudo.enabled", true);                 // 1 pt on css3est.com
user_pref("layout.css.scroll-behavior.property-enabled", true);     // 2 pt on css3est.com
user_pref("layout.css.scroll-snap.enabled", true);                  // 3 pt on css3est.com
user_pref("layout.css.shape-outside.enabled", true);                // 14 pt on css3est.com
user_pref("layout.css.text-align-unsafe-value.enabled", true);      // 1 pt on css3est.com
user_pref("layout.css.text-combine-upright-digits.enabled", true);  // 1 pt on css3est.com
user_pref("layout.css.text-combine-upright.enabled", true);         // 3 pt on css3est.com
user_pref("layout.css.touch_action.enabled", true);                 // 6 pt on css3est.com
user_pref("layout.css.unset-value.enabled", true);                  // 2 pt on css3est.com
user_pref("media.ffmpeg.enabled", true);                            // No points, but useful. Video codecs → H.264 support
user_pref("media.mediasource.enabled", true);                       // 5 pt. Video codecs → Media Source Extensions
user_pref("media.mp4.enabled", true);                               // No points, but useful. Video codecs → H.264 support
user_pref("media.ogg.enabled", true);                               // No points, but useful. Video codecs → Ogg Theora support
user_pref("media.opus.enabled", true);                              // No points, but useful. Audio codecs → Ogg Opus
user_pref("media.track.enabled", true);                             // 4 pt. Video → Audio track selection
user_pref("media.wave.enabled", true);                              // No points, but useful. Audio codecs → PCM
user_pref("media.webm.enabled", true);                              // No points, but useful. Video codecs → WebM… support
user_pref("security.webauth.webauthn", true);                       // 3 pt. Security → Credential Management

// These are considered security or privacy issues, so they're disabled (commented out) by default.
// If you still want to use them, you can remove the comment delimiters /* and */ around this block, but
// be warned that you do so AT YOUR OWN RISK.
/*
user_pref("beacon.enabled", true);                                  // 2 pt. Communication → Beacon
user_pref("browser.cache.offline.enable", true);                    // 3 pt. Web applications → Application Cache
user_pref("browser.send_pings", true);                              // 1 pt. Elements → ping attr on a
user_pref("dom.push.enabled", true);                                // 2 pt. Web applications → Push Messages
user_pref("dom.serviceWorkers.enabled", true);                      // 10 pt. Web applications → Service Workers
user_pref("dom.vr.enabled", true);                                  // 3 pt. 3D and VR → WebVR
user_pref("dom.w3c_pointer_events.enabled", true);                  // 5 pt. Input → Pointer Events
user_pref("dom.webaudio.enabled", true);                            // 5 pt. Audio → Web Audio API
user_pref("geo.enabled", true);                                     // 15 pt. Location and Orientation → Geolocation
user_pref("layout.css.mix-blend-mode.enabled", true);               // 16 pt on css3est.com
user_pref("media.eme.enabled", true);                               // No points, but useful. Streaming → DRM support
user_pref("media.navigator.enabled", true);                         // 18 pt. Peer To Peer → Access the webcam
user_pref("media.peerconnection.enabled", true);                    // 20 pt. Peer To Peer → WebRTC 1.0
user_pref("media.webspeech.recognition.enable", true);              // 3 pt. Audio → Speech Recognition
user_pref("media.webspeech.recognition.force_enable", true);        // 3 pt. Audio → Speech Recognition
user_pref("media.webspeech.synth.enabled", true);                   // 2 pt. Audio → Speech Synthesis
user_pref("privacy.resistFingerprinting", false);                   // No points, but useful. 
user_pref("webgl.enable-webgl2", true);                             // 5 pt. 3D Graphics → WebGL 2
*/

// These are known to break some sites, so they are disabled (commented out) by default.
// If you still want to use this, you can remove the comment delimiters /* and */ around this block, but
// be warned that functionality will diminish.
/*
user_pref("dom.webcomponents.customelements.enabled", true);        // 4 pt. Web Components → Custom elements
user_pref("dom.webcomponents.enabled", true);                       // 10 pt. Web Components → Custom elements
user_pref("gfx.offscreencanvas.enabled", true);                     // 1 pt on alpha.html5test.com
user_pref("network.preload", true);                                 // 1 pt. Resource Loading → link rel=preload
*/
On my machine, this improves the score on HTML5Test from 424 to 467 points, and on css3Test.com from 1419 to 1451; your mileage may vary.
Now if you really don't care about security, and all you want is to score as high as possible, you can open the user.js file in a text editor and follow the instructions inside to enable the dangerous settings. This results in 536 points in HTML5Test on my machine. Do so at your own risk, however. I would recommend only doing this in a new profile, so that you don't affect your regular browsing. Some of these settings even decrease functionality on some sites, such as YouTube.

But in spite of all the warnings, I'm still actually interested in those scores. Does anybody know of other prefs that influence the score? Specifically, that increase the score above 536?
Groetjes, Pim
mozray
Posts: 76
Joined: March 10th, 2017, 3:48 pm

Re: New hidden features

Post by mozray »

I would not recommend setting beacon.enabled and browser.send_pings to true. This is mostly used for tracking purposes.
User avatar
Pim
Posts: 2215
Joined: May 17th, 2004, 2:04 pm
Location: Netherlands

Re: New hidden features

Post by Pim »

Indeed. Note that beacon.enabled is true by default, so if you want to be safe and secure, you might want to turn that off. See also the Ghacks site I mentioned.

browser.send_pings is a strange one; changing the setting doesn't seem to change anything. HTML5Test keeps saying that SeaMonkey sends pings and Firefox does not, no matter this setting. Other websites say neither browser does. If anybody can provide more insight into this, that would be helpful.
Groetjes, Pim
frg
Posts: 1361
Joined: December 15th, 2015, 1:20 pm

Re: New hidden features

Post by frg »

My advice: if you change something write it down somewhere. These internal settings especially if false are set for development not yet mature and bad things might happen later.

I think I stumbled over beacon.enabled before and took a dislike. But not sure if isn't needed for some sites internal redirection so didn't do something about it. Might be worth to set it to false and file a bug if nothing bad happens.

FRG
User avatar
Pim
Posts: 2215
Joined: May 17th, 2004, 2:04 pm
Location: Netherlands

Re: New hidden features

Post by Pim »

For some of those settings, I'm not sure I agree with the "for development not yet mature" part. It can also mean that SeaMonkey is more cautious than Firefox in enabling them. Settings like media.navigator.enabled and media.peerconnection.enabled have been true by default in Firefox since at least v56, so it's not a matter of not being production ready. It's more like a security consideration. (Which I respect, which is why I don't enable these in the above list.)

By the way, when checking Firefox, I also noticed that some of the settings which were true by default in v56 (such as dom.serviceWorkers.enabled) have been made false in later versions, presumably also because of security reasons. Which is good.
Groetjes, Pim
Post Reply