[BUG]: firefox: privacy.firstparty.isolate (obsolete)

[atomGit]

privacy.firstparty.isolate is obsolete and has been for some time - it has been replaced with network partitioning

see the arkenfox user.js

[undergroundwires]

Hi, I will do a patch to fix some crucial bugs, the patch after will include an improvement to fix this along with #232. I'm happy to see Linux users here. Linux will be first class citizen for privacy.sexy so I will appreciate any other feedback/improvement ideas you might have.

[atomGit]

firefox can be a tough one depending on how far you want to go with privacy

i guess the easy way would be to recommend LibreWolf, the config of which is based on arkenfox

the more intensive way would be to wget the arkenfox js but the user would need to go through it and maintain it (updates, cleaning)

re: #232 - yeah, one should never edit prefs.js unless they're testing something, nor should one edit the arkenfox user.js - any changes for that need to get dumped in user-overrides.js and copied to user.js using their updater script, else updates can be a pain in the ass

i maintain some privacy stuff if it's any help to you - feel free to use or link to stuff

regarding script syntax, you may very well know more than me, but from what i understand there are some "best practices" that could be implimented, such as using printf instead of echo - i use the shellcheck linter to keep me in line and i love it

[TheAndr0id]

I thought I'd leave these links as a primer for anyone like me asking "ok, now what the f..."

https://hacks.mozilla.org/2021/02/introducing-state-partitioning/
https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning

From my reading, both methods are kind of still in development and somewhat untested. privacy.firstparty.isolate still works, but the new State Partitioning is Mozilla's new way of doing it allowing dynamic per site controls to the cookie system. Reports suggest that State Partitioning breaks less sites when using cross site authentication (aka, using Facebook/Google credentials to sign in - which well, is a very bad idea for privacy anyway).

Personally I doubt anyone other than web devs and hardcore geeks are going to use this and it seems most of the hard core geeks are moving away from Firefox (myself included if I could find a better option).

[atomGit]

... both methods are kind of still in development and somewhat untested.

FPI is dead - nothing is being done with it far as i know - dFPI/ETP/net/state partitioning is still being developed, hence why it's not all of its features are enabled by default, but it works quite well

regarding cross site auth, that can be controlled with privacy.antitracking.enableWebcompat

Personally I doubt anyone other than web devs and hardcore geeks are going to use this ...

some of it is already enabled by default (ETP standard) and apparently more features will be enabled by default down the road - arkenfox enables ETP strict, but allows the compatibility component (SmartBlock) which is only a privacy issue if the user attempts to log on to a site which pulls required resources from a 3rd party - you can read about it here...

Firefox 90 introduces SmartBlock 2.0 for Private Browsing - Mozilla Security Blog

... it seems most of the hard core geeks are moving away from Firefox ...

that's not my impression, not if they care about privacy, but i could be wrong

i would love to dump Firefox and get the hell away from the "woke"/radical leftist ideology at Mozilla, but there's no other browser out there that's better suited for privacy that i'm aware of that isn't heavily based on Firefox

LibreWolf, while technically a fork perhaps, is really a few scripts run on Firefox releases and anything that doesn't support manifest v2 (chromium) is out, though i see that Raymond is working on a manifest v3 version of uBO

[atomGit]

...just to expand on that front a bit, the browser scene is in a rather sad state at the moment and i surely don't see that changing - the web has turned to crap and thus so must the web browser in order to deal with it

then we have one good, well maintained content blocker - uBO (though there is this and this) - that's essentially run by one guy that only works to its full potential on one browser - Firefox - whose market share has been plummeting for years

[undergroundwires]

How should we approach it here? How about keeping privacy.firstparty.isolate as it's not completely dead and people may be running older versions and add scripts for new cross-site scripting protection. The new settings seems to be:

• privacy.partition.network_state: Determines if network partitioning is enabled. Network partitioning keeps network-related states separated by the top-level site to prevent cross-site tracking.
• network.cookie.cookieBehavior: Controls the behavior of cookies and storage partitioning.
  • Value 5: Reject known trackers and partition third-party storage.
  • Value 4: Only reject trackers with storage partitioning disabled.
  • Value 0: Allow all cookies without any restrictions.
• privacy.restrict3rdpartystorage.skip_list: Disables Dynamic State Partitioning for specific origins. This preference takes a comma-separated list of origins that are exempted from partitioning. It ensures specific third-party origins are not partitioned when embedded within specified first-party origins.
• privacy.antitracking.enableWebcompat: If set to false, it disables all Enhanced Tracking Protection (ETP) and State Partitioning web-compatibility features. It helps test sites to ensure they are compatible with Firefox's State Partitioning mechanism without relying on temporary heuristics.
• privacy.restrict3rdpartystorage.heuristic.recently_visited: Enables or disables redirect heuristics based on recent visits. If a site redirects to another, and both have been recently visited, storage access may be granted.
• privacy.restrict3rdpartystorage.heuristic.redirect: Enables or disables redirect heuristics. It controls storage access based on redirection between sites.
• privacy.restrict3rdpartystorage.heuristic.window_open: Enables or disables window open heuristics. Determines if storage access is granted when a partitioned third-party opens a popup window.
• privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction: Enables or disables window open heuristics after interaction. Determines if storage access is granted when a first-party opens a third-party popup, and there was a user interaction with the popup.

Thanks for the context and link, I extracted configuration descriptions from the link you shared.

Out-of-topic

@atomGit:

Recommended installs: This is hard when we do not know which package manager users would prefer. I prefer flatpak, and would not like any other software to install stuff using e.g. apt.

Shellcheck: Thanks for the recommendation, it's a great tool. I want to automate shellcheck linting, this was brought up #164 as well. However there are a lot of stuff to do so this did not get love yet :) I'd appreciate any PR.

12bytes.org: I've stumbled upon your blog before. Great to have you here as contributor, all of your feedback is greatly appreciated, also the work on the blog. Questioning encryption is useless is mind-opening. Adding it to my RSS feed :)

@TheAndr0id I run Ungoogled Chromium and sometimes Brave. I'm looking for a Thunderbird alternative but could not find anything close to it yet. Mozilla lost me after advocating censoring. Firefox is basically controlled by Google and sending visited URLs (hashing as privacy is a joke here) and downloaded files by default to them is a no-go for me.

[atomGit]

privacy.firstparty.isolate as it's not completely dead and people may be running older versions ...

i'm not sure that running an older non-JS browser is necessarily a bad thing, but if they're running an older version of FF that supports FPI (meaning it's not all that old), i would think that may be a very bad idea and personally i would not support such a configuration

FPI is not being worked on anymore, so i would do 2 things: first and foremost, make sure privacy.firstparty.isolate is disabled and 2, enable dFPI (you surely do not want to enable both)

as for the prefs involved, you can easily grab them from the arkenfox js, or just download the whole thing along with their updater and prefsCleaner scripts (they have versions for both winblows and linux)

regarding FF telemetry, all of it can be disabled, including Safe BRowsing, but not all of it should be

regarding T-bird, the nice thing about it, beyond the fact that, like FF, it's super configurable, is that it makes encrypting mails almost as easy as it can be with it's built-in support which no longer requires a complicated add-on

regarding Brave, personally i won't touch it - i don't feel good about that corporation plus they are manipulating results for their search engine in unethical ways

personally, if i drop FF, at this point i would likely go with either LibreWolf or the Mullvad browser ... but without enabling Tor since i don't trust that either lol

[TheAndr0id]

Sorry, I didn't mean to start a browser war - really!

I'm currently rebuilding the family Windows 7 box to Windows 10 because of Steam. I need to have solutions that are either well hidden or easy to understand that have minimal impact on functionality. Explaining how cookie isolation and supercookies work is just not an option.

From my point of view Firefox has been on a serious downhill slide for a few years now. They seem to be determined to push away all of their 3rd party extension developers and have annoyed most of their main users with senseless UI changes. I only run their ESR releases since their release rate is crazy (which speaks to poor project management). I fully expect a release titled "Firefox Chrome - powered by Google!" real soon now.

Ungoogled Chrome scares me - kind of like having a pet cobra. It might be cool and all, but then, well you're dead... When I read about the crypto currency attached to the Brave browser? Nope. Nope. Nope. The problem is there isn't a lot of choices and turning off these intrusive data collection schemes are not trivial.

Thank you @undergroundwires for doing all the work you are doing on this (and many other fronts)!

[atomGit]

Sorry, I didn't mean to start a browser war

no worries - you didn't

From my point of view Firefox has been on a serious downhill slide for a few years now.

agreed! their market share has tanked and i think part of that is due to idiotic decisions by the board and part due to googles influence and promotion of their trashy browser

that said, my POV is that, unfortunately, FF is still the best potential candidate for privacy geeks (with LOTS of tweaking)

it seems to me that some of the FF devs are very serious about privacy (Tor uplift is a big part of that), however that attitude is clearly not shared by corporate, else they'd divest from google and all of the other ethically crippled corporations they continue to partner with

here's a very interesting read by Lunduke...

Firefox Money: Investigating the bizarre finances of Mozilla

[undergroundwires]

@atomGit Could you clarify why we should remove privacy.firstparty.isolate completely? Does it break any of the new privacy features? Can we e.g. use it together with privacy.antitracking.enableWebcompat? What are the cons with keeping it in addition to other new privacy features?

[atomGit]

privacy.firstparty.isolate (FPI) should be set to false - since people have already used your scripts and pref is in there, you shouldn't remove it - just set to false (and maybe let peeps know that it's replaced with ETP)

FPI was replaced with ETP - enhanced tracking protection - this does what FPI did + more - from the arkenfox js...

/*** [SECTION 2700]: ETP (ENHANCED TRACKING PROTECTION) ***/
user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
/* 2701: enable ETP Strict Mode [FF86+]
 * ETP Strict Mode enables Total Cookie Protection (TCP)
 * [NOTE] Adding site exceptions disables all ETP protections for that site and increases the risk of
 * cross-site state tracking e.g. exceptions for SiteA and SiteB means PartyC on both sites is shared
 * [1] https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
 * [SETTING] to add site exceptions: Urlbar>ETP Shield
 * [SETTING] to manage site exceptions: Options>Privacy & Security>Enhanced Tracking Protection>Manage Exceptions ***/
user_pref("browser.contentblocking.category", "strict");
/* 2702: disable ETP web compat features [FF93+]
 * [SETUP-HARDEN] Includes skip lists, heuristics (SmartBlock) and automatic grants
 * Opener and redirect heuristics are granted for 30 days, see [3]
 * [1] https://blog.mozilla.org/security/2021/07/13/smartblock-v2/
 * [2] https://hg.mozilla.org/mozilla-central/rev/e5483fd469ab#l4.12
 * [3] https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#storage_access_heuristics ***/
   // user_pref("privacy.antitracking.enableWebcompat", false);
/* 2710: enable state partitioning of service workers [FF96+] ***/
user_pref("privacy.partition.serviceWorkers", true); // [DEFAULT: true FF105+]
/* 2720: enable APS (Always Partitioning Storage) ***/
user_pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [FF104+] [DEFAULT: true FF109+]
user_pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [FF105+] [DEFAULT: false FF109+]

as you can see, privacy.antitracking.enableWebcompat is commented out so it's set to its default, true - personally i set it to false, but this will break some x-domain logins

privacy.resistFingerprinting is the other crucial pref - set to true - but this will/may annoy some users insomuch as the outer and inner window dimensions will be set to common values - personally i override this part of RFP by setting privacy.resistFingerprinting.letterboxing to false, however that's not a great idea since the viewport size is pretty unique (course grabbing this depends on JS being enabled)

you should really go through the arkenfox js and see what all you want to employ

the other crucial thing is to disable JS globally, then allow per domain as needed

you might want to consider creating a links page to link to info that you can't do with scripts - the arkenfox repo and wiki would be a good start and apparently my stuff is well liked, but also Alicia's repos, Namoi's stuff, and i can recommend more

[undergroundwires]

New configurations by privacy.sexy

Based on the documentation about disabling dynamic state partitioning 1, the network.cookie.cookieBehavior setting offers three main values:

Value	Description
5	Reject (known) trackers and partition third-party storage.
4	Only reject trackers (Storage partitioning disabled).
0	Allow all

Given this, I think we should recommend setting the value to 5. The impact of this setting on various websites is not fully documented, but it aligns with privacy best practices. So it should be on recommended privacy.sexy level. Another reason for 5 is that setting the value to 4 would still maintain First-Party Isolation (FPI) 2.

Additionally, we should enable "Firefox Enhanced Tracking Protection" 3 through the browser.contentblocking.category setting. This is also advised by DoD and NIST 4. Users can manually disable this feature on a per-website basis using the Firefox shield icon 3.

These are main toggles that should be introduced along with others in source from @TheAndr0id.

---

In the search of official documentation

arkenfox user repository, although popular, isn't an official source. My previous reliance on the Arch Linux WIKI led to some misguidance. It's unfortunate that Mozilla's documentation is not more straightforward. However, after extensive research, here's what I found:

1. FPI conflicts with dynamic First-Party Isolation (dFPI) [1][5], and Mozilla has no plans for compatibility [2].
2. FPI (`privacy.firstPartyIsolate`) is depreciated [1], with dFPI expected to become the default [3].
3. dFPI, along with network partitioning, is essentially a superset of FPI [1] [4].

[1]: https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c0
[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c3
[3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5
[4]: https://bugzilla.mozilla.org/show_bug.cgi?id=1637344#c2
[5]: https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25

This information supports all your points, @atomGit, and I believe should convince you, @TheAndr0id, that adjusting FPI setting to true is not advisable.

---

Addressing prefs.js

I patched this in #232 but not yet released. I'll include a cleanup script in the release notes to assist Linux users in removing any old settings generated by privacy.sexy. Though I'm not certain how many users actually read the release notes, it's the most direct communication channel I have.

---

Future plans for browser settings

At the moment, I don't plan to expand the scope of browser tweak, except patching this problem with new settings. I'd like to focus on improving privacy.sexy's internal compiler to unify settings across all OS platforms. Now, Linux scripts stays in Linux, but with this feature all browsers tweaks will be centralized and be available for all OSes. After this, I can work it to make it more feature-complete for for all major browsers. But before that these Firefox configurations need to get more stable Unfortunately, Linux has become the test rabbit these settings. preview disclaimer on UI may partly justify this.

---

Thank you, @atomGit, for your invaluable contribution. It's very nice of you to come here, put an en effort to share your knowledge and recommendations that guides us here. Your input will benefit privacy of thousands of privacy.sexy users.

[atomGit]

network.cookie.cookieBehavior can be left at the default (5) (and then privacy.firstparty.isolate gets disabled as you mentioned)

browser.contentblocking.category needs to be set to 'strict' as you pointed out - that pref is a master pref that controls several others, including...

network.cookie.cookieBehavior
network.http.referer.disallowCrossSiteRelaxingDefault
network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation
privacy.donottrackheader.enabled
privacy.partition.network_state.ocsp_cache
privacy.query_stripping.enabled
privacy.trackingprotection.enabled
privacy.trackingprotection.socialtracking.enabled
privacy.trackingprotection.cryptomining.enabled
privacy.trackingprotection.fingerprinting.enabled

that list may not be complete

arkenfox user repository, although popular, isn't an official source.

while that is technically true, i would add that the core members are a very knowledgeable bunch who, to my knowledge, as well as considering statements they made, have access to some key people in the Tor and Firefox development teams

I'll include a cleanup script in the release notes to assist Linux users in removing any old settings generated by privacy.sexy.

perhaps the arkenfox prefsCleaner script might be of use?

only other thing i would suggest is enabling privacy.resistFingerprinting

[undergroundwires]

Great that you shared what the master switch browser.contentblocking.category does. I could not find any proper source of what prefs it enables in technical terms, but this is not needed. A config hell and tiring to visit bug tracking systems to hunt down some official info from devs.. All you mentioned could (and should) be added in future too to give users more granular control if they choose to. But I'll add this switch as FPI replacement that enables Total Cookie Protection 1, SmartBlock 2, and seems to be designed to not break stuff 3.

privacy.resistFingerprinting exists as "Enable Firefox anti-fingerprinting (may break some websites)" in the current version.

I will do change on what we discussed and share on this thread and would appreciate feedback before publishing the code. I have no doubt arkenfox and similar projects sit on deeper knowledge about configurations in detail that privacy.sexy lacks for now, but we are stronger here with you :).

Regarding cleanup, I will just generate a privacy.sexy script by clicking on revert on UI for all prefs.js scripts.

[undergroundwires]

To fix the bug and avoid scope creep, I plan to do this fix:

.
├── (category) Enable Firefox state partitioning (Total Cookie Protection)
│   ├──   (script) Enable Firefox dynamic storage partitioning
│   ├──   (script) Disable depreciated Firefox First-Party Isolation (FPI)
│   ├──   (script) Enable Firefox network partitioning

Script	Recommendation	Setting
Enable dynamic First-Party Isolation (dFPI)	standard	network.cookie.cookieBehavior > 5
Disable depreciated Firefox First-Party Isolation (FPI)	strict (enabling this i.e. wrong behavior was also on strict recommendation, would fix for those who apply strict pool)	privacy.firstparty.isolate > false
Enable Firefox network partitioning	standard	privacy.partition.network_state > true

I'm looking forward for your feedback before releasing this. I've seen that you did considerable contributions to arkenfox @atomGit, so if you have the time, I'd appreciate if you check out the documentation and let me know if I misinterpreted something:

↘️ See code draft with documentation

              -
                category: Enable Firefox state partitioning (Total Cookie Protection)
                docs: |-
                  Web browsers, including Firefox, save various data types such as cookies, cache, and site-specific details.
                  While this data helps in providing a faster and personalized browsing experience, it can be exploited by websites to track
                  your activities across the internet, potentially compromising your privacy.

                  State partitioning, also known as "Total Cookie Protection" [1], is a feature designed to enhance user privacy in Firefox.
                  It works by allocating different, isolated storage spaces for every website you visit [2]. This means that each website has its own
                  "compartment" where it saves its data, separate from other sites [2]. This structure limits websites' capabilities to track users
                  across various domains.

                  The underlying technology for state partitioning in Firefox is termed "double-keying" [1]. In this method, when a website intends
                  to store data, Firefox attaches an extra identifier tied to the site's origin, ensuring unique data storage for each site [1]. For
                  example, if two different sites incorporate content from the same third-party source, each of these sites will have its own unique
                  version of the third-party's data (like cookies) due to state partitioning [1] This impedes the third-party's tracking ability between
                  the sites.

                  This protection isn't just against known trackers [1]. Firefox applies state partitioning to all third-party content on a site, ensuring
                  a comprehensive privacy coverage, beyond just identifiable tracking sources [1] [3].

                  A notable misuse by some trackers is the creation of "supercookies" [4]. Contrary to standard cookies, which users can delete effortlessly,
                  supercookies are harder to eliminate and block, posing a considerable privacy challenge. Through state partitioning, Firefox renders
                  supercookies ineffective for tracking users across sites [4]. As a part of this feature, Firefox not only ensures site-specific data
                  but also partitions multiple caches, such as HTTP cache, image cache, and favicon cache [4]. This partitioning prevents any potential
                  cache exploitation for tracking purposes [4].

                  In summary, enabling state partitioning in Firefox is a powerful privacy tool, helping to defend users from potential online tracking and
                  offering a more private browsing experience.

                  [1]: https://hacks.mozilla.org/2021/02/introducing-state-partitioning/
                  [2]: https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning
                  [3]: https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
                  [4]: https://blog.mozilla.org/security/2021/01/26/supercookie-protections/
                children:
                  -
                    name: Enable dynamic First-Party Isolation (dFPI)
                    recommend: standard
                    docs: |-
                      Dynamic First-Party Isolation, also known as dFPI, is an advanced privacy feature in Firefox.

                      It is commonly referred also as:

                      - Total Cookie Protection [1],
                      - dFPI (dynamic First-Party Isolation) [2],
                      - Dynamic storage partitioning [3].

                      Essentially, dFPI is an enhanced version of a previous privacy tool known as First-Party Isolation (FPI) [4].

                      The primary purpose of dFPI is to improve user privacy online. It accomplishes this by preventing third-party websites from
                      accessing or tracking a user's data across different websites [1] [3].

                      By default, this feature is activated for all Firefox desktop users [5].

                      Within Firefox's settings, there's an option called `network.cookie.cookieBehavior` which governs how dFPI operates.
                      This setting has three potential values [3]:

                      - `5`: The browser will block known trackers and partition storage for third-party content.
                      - `4`: Only known trackers will be blocked without any partitioning of third-party storage.
                      - `0`: All trackers and third-party content are allowed.

                      This script is designed sets the value to `5`, ensuring the highest level of privacy by blocking trackers and partitioning
                      third-party storage. This aligns with recommended privacy practices because even if you choose the `4` value, the older
                      First-Party Isolation (FPI) will still be active [6].

                      [1]: https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq
                      [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1746646
                      [3]: https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#disable_dynamic_state_partitioning
                      [4]: https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
                      [5]: https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/
                      [6]: https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25
                    call:
                      function: AddFirefoxPrefs
                      parameters:
                        prefName: network.cookie.cookieBehavior
                        jsonValue: '5'
                  -
                    name: Disable depreciated Firefox First-Party Isolation (FPI)
                    recommend: strict
                    docs: |-
                      First-party isolation (FPI) helps in preventing third parties from tracking users across
                      multiple websites [1] [2]. This is sometimes referred to as "double keying" (double-keying)
                      [1] or supercookies [1] [2].

                      This script disables FPI in favor of a newer technology called dynamic First-Party Isolation
                      (dFPI) for the following reasons:

                      1. FPI and dFPI conflict with each other, and they cannot function simultaneously [3] [4].
                      Additionally, Mozilla doesn't plan to make them compatible [5].
                      2. FPI has been marked as depreciated and is expected to be phased out [3], with dFPI set to
                      become the standard in the future [6].
                      3. dFPI, when combined with network partitioning, offers broader and more effective privacy
                      coverage than FPI, being essentially a superset of FPI [3][7].

                      [1]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#First_party_isolation "Firefox/Privacy - ArchWiki | wiki.archlinux.org"
                      [2]: https://web.archive.org/web/20221025200527/https://bugzilla.mozilla.org/show_bug.cgi?id=1397624#c0 "1397624 - Provide an option for first-party isolation in Private Browsing Mode | bugzilla.mozilla.org"
                      [3]: https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c0 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
                      [4]: https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25 "1631676 - Disable dfpi when privacy.firstparty.isolate=true | bugzilla.mozilla.org"
                      [5]: https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c3 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
                      [6]: https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
                      [7]: https://bugzilla.mozilla.org/show_bug.cgi?id=1637344#c2 "1637344 - Add message to show dFPI is incompatible with FPI | bugzilla.mozilla.org"
                    call:
                      function: AddFirefoxPrefs
                      parameters:
                        prefName: privacy.firstparty.isolate
                        jsonValue: 'false'
                  -
                    name: Enable Firefox network partitioning
                    recommend: standard
                    docs: |-
                      Network partitioning is a method used by Firefox to enhance user privacy [1]. When enabled, each website you visit has its own
                      isolated storage location, preventing it from accessing data from another website [1]. This limits the ability of websites to track
                      users across multiple sites [1].

                      Network Partitioning, formerly referred as `cache partitioning` [2], is a subset of state partitioning [1]. While state partitioning
                      deals with data like cookies, network partitioning deals with networking-related components, such as caches and connection pools [1].
                      It ensures that these components are isolated to each website, further enhancing user privacy [1].

                      Firefox has enabled network partitioning by default since version 85 [1]. Once enabled, network partitioning becomes permanent,
                      meaning websites cannot bypass or relax its restrictions [1].

                      Network partitioning can be controlled with the `privacy.partition.network_state` preference [1].

                      [1]: https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning
                      [2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1687569
                    call:
                      function: AddFirefoxPrefs
                      parameters:
                        prefName: privacy.partition.network_state
                        jsonValue: 'true'

[atomGit]

looks very good to me, but i don't claim to be an expert - if you really want to confirm, maybe ask the dudes at arkenfox

[undergroundwires]

The fix is released in 0.12.5 🚀