I personally didn’t want to get involved in this but I really dislike your overall attitude towards those who are trying to bring valid points forward.
Well, “Security by Compartmentalization” is kinda QubesOS’s main selling point, innit?
In a recipe, do you look for the ingredients that are not used?
Hold up, let me place a big red warning that says “This cake does not come with pepper”.
Bear in mind that hardening often comes at a cost of convenience and/or usability. The average Joe may simply not care about hardened Firefox and instead may be happy with simply compartmentalizing various aspects of his life, instead of possibly having to deal with breakages caused by security measures.
Since I know you like examples, just look at Firefox RFP. Is it effective? Sure. Is it convenient? Not so much, and surely not for everyone: the preferred color scheme is always light, the timezone is set to UTC, and let’s not even mention uploading pictures since websites won’t be allowed to access canvas data.
Clearly, not for everyone, hence the reason the best compromise is to simply ship default settings. If you have issues with such settings, open a PR with the respective upstream developers.
And since you’re of the idea that Firefox should ship secure defaults, you should consider contributing to the project: How To Contribute Code To Firefox — Firefox Source Docs documentation
I believe this to be completely irrelevant to the discussion, also considering he raised a valid point:
At the end of the day, it shouldn’t be such a hard task for you @anon11917472 right?
This full code audit might just be the breakthrough we didn’t think we needed.
It really seems like you’re ready to spit facts left and right, but are not able to take criticism very well when it’s directed at you.