alexander.schaeferdiek/privacy
1
0
Fork 0
Code Activity

Unify all app privacy related settings under one repository - initial commit

Browse source
This commit is contained in:
Alexander Schäferdiek 2019-12-03 13:26:59 +01:00
commit a2a5feaecb
6 changed files with 413 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
README.md Executable file
View file

@ -0,0 +1,24 @@
# Privacy
The following is a brief collection of scripts and settings to easily apply more privacy-friendly settings to your used devices and software.
Don't give them your data away for free, fight for your digital rights _now_!
The collection is heavily based on the follow sites. It's recommended to read them if possible.
* [kuketz-blog.de (german)](https://www.kuketz-blog.de/empfehlungsecke/)
* [privacy-handbuch.de (german)](https://www.privacy-handbuch.de/)
## Links
Here are some additional links to think about. Most of them are in German.
* [Deceived by design](https://fil.forbrukerradet.no/wp-content/uploads/2018/06/2018-06-27-deceived-by-design-final.pdf)
* [Facebooks attitude on encryption](https://img.pr0gramm.com/2019/07/30/7823552c9e4e8844.png)
* [Nothing to hide video (german)](https://vimeo.com/195446463)
* [Nichts zu verbergen (german)](https://www.heise.de/ct/ausgabe/2015-17-Editorial-Nichts-zu-verbergen-2755486.html)
* [Scroogled, a Microsoft campaign against Google (german)](http://www.wort-und-satz.de/scroogled.htm)
* [What is the 'chilling effect' (german)](https://de.wikipedia.org/wiki/Chilling_effect)
* [How tracking steals your data while surfing (german)](https://www.heise.de/security/meldung/Tracking-Skripte-klauen-E-Mail-Adressen-aus-Web-Browsern-3931772.html)
* [(menschliche) Assistenzwanzen hören auch euren Bettgesprächen zu (german)](https://netzpolitik.org/2019/googles-assistenzwanze-auch-bettgespraeche-werden-von-menschen-ausgewertet/)
* [Schmeisst die Assistenzwanzen aus dem Fenster (german)](https://netzpolitik.org/2019/schmeisst-die-assistenzwanzen-aus-dem-fenster/)

27
android/README.md Executable file
View file

@ -0,0 +1,27 @@
# Android
Collection based on [kuketz-blog.de](https://www.kuketz-blog.de/empfehlungsecke/).
## App Store
Not using the Google PlayStore as source for your apps is a huge step forward. Try to replace your apps with privacy-friendly apps from the [fdroid app store](https://f-droid.org/).
## Captive portal
Periodically and on connect/disconnect of any Internet connection, Android queries a server endpoint from Google to test if Internet connectivity is (still) available. Sometimes you might have already seen a small 'x' indicating you have no Internet access. This is the result of this query. Those queries are logged consistently by Google: the time when you accessed it, with which device you accessed it and the IP you had when you accessed it. Just for the connectivity check you're giving away so much information.
The `adb` cli tools provide a way to set a different captive portal not owned by Google which don't log data. You should change it. See `captiveportal.sh` for an example.
## DNS
By default Android will use Google DNS servers not secured with SSL. Starting from Android 8, Android provides means to overcome this by setting a _private DNS_ server in `Settings -> Network & internet -> Private DNS`. For example, set it to `fdns1.dismail.de`.
## Scanning
You're giving away information when you keep your WiFi on. Your device will automatically scan for nearby access points. Therefore you'll be uniquely identifiable across locations.
To overcome follow these instructions:
1. Disable WiFi and Bluetooth scanning because it's easily possible to create an accurate profile of your movement from it. In the settings, search for `Wi-Fi and Bluetooth scanning`.
2. When you leave a known WiFi access point switch off your WiFi adapter. There are apps for this: [WiFi Automatic](https://f-droid.org/en/packages/de.j4velin.wifiAutoOff/).

8
android/captiveportal.sh Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env sh
#
# For more information see https://www.kuketz-blog.de/empfehlungsecke/#captive-portal
adb shell 'settings put global captive_portal_http_url "http://captiveportal.myservermanager.com"'
adb shell 'settings put global captive_portal_https_url "https://captiveportal.myservermanager.com"'
adb shell 'settings put global captive_portal_fallback_url "http://captiveportal.myservermanager.com"'
adb shell 'settings put global captive_portal_other_fallback_urls "http://captiveportal.myservermanager.com"'

77
firefox/README.md Executable file
View file

@ -0,0 +1,77 @@
# Firefox
Make using the web more safe by disabling commonly used techniques and mechanism _without_ sacrificing usability.
Why Firefox? It provides high configurability, is open source and thus better to be reviewed by external security advisories.
Based on [https://www.privacy-handbuch.de/handbuch_21.htm](https://www.privacy-handbuch.de/handbuch_21.htm).
## Recommended extensions
```
Cookie AutoDelete
HTTPS Everywhere
Neat url
Skip Redirect
uBlock Origin
(Invidious Redirect to use liberated YouTube if needed)
(a Passwordmanager if needed)
```
1. First Party Isolation _might_ lead to malfunctioning of some websites. Disable it per page.
2. Fix white bar on YouTube when using uBlock Origin (_if applicable_). Add the following as a line in My Filters of the extension:
`youtube.com##.no-scroll #page-manager:style(margin-top: 0px !important)`
## Recommended search engines
```
https://www.startpage.com/do/mypage.pl?prfh=enable_stay_controlEEE0N1NsuggestionsEEE1N1Ngeo_mapEEE1N1Nwikipedia_iaEEE1N1Nother_iaEEE1N1Ndisable_open_in_new_windowEEE1N1Ndisable_video_family_filterEEE1N1Nenable_post_methodEEE1N1Nenable_proxy_safety_suggestEEE0N1Ndisable_family_filterEEE1N1Nconnect_to_serverEEEeuN1NsslEEE1N1Nlanguage_uiEEEenglishN1NlanguageEEEdeutschN1Nwt_unitEEEcelsiusN1Nnum_of_resultsEEE20N1Nlang_homepageEEEs/default/en/&op=un11
```
```
https://www.qwant.com/?r=DE&sr=de&l=en_gb&h=1&s=0&a=1&b=1&vt=0&hc=0&smartNews=0&smartSocial=0&theme=0&i=1&donation=0&qoz=0&shb=0&shl=0
```
```
www.kuketz-suche.de
```
## Recommended settings
How to do it?
* Use the provided `user.js` file and copy it into your Firefox profile folder while application is _not_ running.
To find your profile folder, click on the menu top right, on `Help -> Troubleshooting Information`. You can directly open your **Profile Directory** from there or see it, typically it's something like `$HOME/.mozilla/firefox/...` or in Windows `%APPDATA%\Mozilla\Firefox\Profiles\...`
* Adjust values by browsing `about:config` in the address bar. `""` means empty, just delete the characters and press ENTER.
* Create your own profile and copy it into the application data folder while application is _not_ running. See [https://ffprofile.com](https://ffprofile.com).
Some settings _might_ break website behavior although this is not very likely. Be aware of that!
Use an external password manager like KeepassXC, at least AutoFill is advised to be disabled). See [https://www.privacy-handbuch.de/handbuch_21j2.htm#08_07_18](https://www.privacy-handbuch.de/handbuch_21j2.htm#08_07_18).
### Common User Preferences
Optional, but commonly used to ease browsing. Not security-related.
```
general.smoothScroll = false
general.smoothScroll.pages = false
mousewheel.min_line_scroll_amount = 40
browser.newtabpage.activity-stream.feeds.topsites = true
```
Optional and **potentially dangerous in terms of website behavior**, for _GNU/Linux only_.
```
image.mem.max_decoded_image_kb = 512000
media.getusermedia.aec_enabled = false
media.getusermedia.agc_enabled = false
media.getusermedia.noise_enabled = false
```
## Additional hints
Besides securing Firefox, you should consider not using the DNS servers of your Internet provider and instead install system-wide [DNS alternatives](https://www.kuketz-blog.de/empfehlungsecke/#dns) or a [local DNS server](https://wiki.archlinux.org/index.php/Unbound) which directly queries root DNS servers. There's really no downside of this.

219
firefox/user.js Executable file
View file

@ -0,0 +1,219 @@
# Mozilla User Preferences
#
# 2019/11/11
# Based on
#
# Privacy-Handbuch, minimal/moderate user.js (vom 01.11.2019)
# Download: https://www.privacy-handbuch.de/handbuch_21u.htm
#
#
# Install when Firefox is closed!
# Feel free to comment in or modify if you don't like the default setting.
user_pref("general.warnOnAboutConfig", false);
user_pref("app.normandy.enabled", false);
user_pref("app.normandy.api_url", "");
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("beacon.enabled", false);
user_pref("browser.aboutHomeSnippets.updateUrl", "");
user_pref("browser.cache.compression_level", 1);
user_pref("browser.cache.disk.enable", false);
user_pref("browser.cache.disk_cache_ssl", false);
user_pref("browser.cache.offline.enable", false);
user_pref("browser.contentblocking.category", "strict");
//user_pref("browser.display.use_document_fonts", 0);
user_pref("browser.fixup.alternate.enabled", false);
user_pref("browser.formfill.enable", false);
user_pref("browser.link.open_newwindow.restriction", 0);
user_pref("browser.library.activity-stream.enabled", false);
user_pref("browser.newtabpage.activity-stream.enabled", false);
user_pref("browser.newtabpage.enabled", false);
user_pref("browser.newtabpage.activity-stream.asrouterExperimentEnabled", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.activity-stream.feeds.sections", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.feeds.systemtick", false);
user_pref("browser.newtabpage.activity-stream.feeds.topsites", true);
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "");
user_pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
user_pref("browser.onboarding.enabled", false);
user_pref("browser.pagethumbnails.capturing_disabled", true);
user_pref("browser.ping-centre.telemetry", false);
user_pref("browser.ping-centre.production.endpoint", "");
user_pref("browser.ping-centre.staging.endpoint", "");
user_pref("browser.privatebrowsing.autostart", false);
user_pref("browser.safebrowsing.downloads.remote.url", " ");
user_pref("browser.safebrowsing.downloads.enabled", false);
user_pref("browser.safebrowsing.phishing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
user_pref("browser.safebrowsing.provider.google.gethashURL", "");
user_pref("browser.safebrowsing.provider.google.updateURL", "");
user_pref("browser.safebrowsing.provider.google4.gethashURL", "");
user_pref("browser.safebrowsing.provider.google4.updateURL", "");
user_pref("browser.safebrowsing.provider.mozilla.gethashURL", "");
user_pref("browser.safebrowsing.provider.mozilla.updateURL", "");
user_pref("browser.search.update", false);
user_pref("browser.search.countryCode", "DE");
user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", "");
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.suggest.enabled", false);
user_pref("browser.search.reset.enabled", false);
user_pref("browser.search.reset.status", "");
user_pref("browser.search.reset.whitelist", "");
user_pref("browser.search.widget.inNavBar", true);
user_pref("browser.sessionstore.max_windows_undo", 0);
user_pref("browser.sessionstore.privacy_level", 2);
user_pref("browser.slowStartup.notificationDisabled", true);
user_pref("browser.slowStartup.maxSamples", 0);
user_pref("browser.slowStartup.samples", 0);
user_pref("browser.startup.page", 0);
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.urlbar.speculativeConnect.enabled", false);
user_pref("browser.urlbar.trimURLs", false);
user_pref("browser.urlbar.oneOffSearches", false);
user_pref("browser.urlbar.suggest.openpage", false);
user_pref("browser.urlbar.suggest.searches", false);
user_pref("camera.control.face_detection.enabled", false);
user_pref("camera.control.autofocus_moving_callback.enabled", false);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
//user_pref("devtools.webide.autoinstallADBHelper", false);
//user_pref("devtools.webide.enabled", false);
//user_pref("device.sensors.enabled", false);
//user_pref("dom.enable_performance", false);
//user_pref("dom.enable_performance_navigation_timing", false);
//user_pref("dom.enable_resource_timing", false);
//user_pref("dom.gamepad.enabled", false);
//user_pref("dom.idle-observers-api.enabled", false);
//user_pref("dom.webaudio.enabled", false);
//user_pref("dom.webnotifications.enabled", false);
user_pref("experiments.activeExperiment", false);
user_pref("experiments.enabled", false);
user_pref("experiments.manifest.uri", "");
user_pref("experiments.supported", false);
user_pref("extensions.blocklist.enabled", false);
user_pref("extensions.blocklist.url", "");
user_pref("extensions.getAddons.cache.enabled", false);
user_pref("extensions.htmlaboutaddons.discover.enabled", false);
user_pref("extensions.htmlaboutaddons.recommendations.enabled", false);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("extensions.formautofill.addresses.enabled", false);
user_pref("extensions.formautofill.creditCards.enabled", false);
user_pref("extensions.formautofill.heuristics.enabled", false);
user_pref("extensions.pocket.enabled", false);
user_pref("extensions.screenshots.disabled", false);
user_pref("extensions.screenshots.upload-disabled", true);
user_pref("extensions.systemAddon.update.enabled", false);
user_pref("extensions.systemAddon.update.url", "");
user_pref("extensions.webextensions.restrictedDomains", "");
//user_pref("font.blacklist.underline_offset", "");
//user_pref("layers.acceleration.disabled", true);
user_pref("media.cache_size", 0);
//user_pref("media.eme.enabled", false);
//user_pref("media.navigator.enabled", false);
//user_pref("media.navigator.video.enabled", false);
//user_pref("media.peerconnection.enabled", false);
//user_pref("media.video_stats.enabled", false);
//user_pref("media.webspeech.synth.enabled", false);
user_pref("network.allow-experiments", false);
//user_pref("network.dns.disablePrefetch", true);
user_pref("network.captive-portal-service.enabled", false);
//user_pref("network.http.altsvc.enabled", false);
//user_pref("network.http.altsvc.oe", false);
user_pref("network.http.referer.XOriginPolicy", 2);
user_pref("network.http.sendRefererHeader", 0)
//user_pref("network.http.speculative-parallel-limit", 0);
user_pref("network.IDN_show_punycode", true);
user_pref("network.manage-offline-status", false);
//user_pref("offline-apps.allow_by_default", false);
//user_pref("offline-apps.quota.warn", 0);
user_pref("places.history.enabled", false);
//user_pref("permissions.default.geo", 2);
//user_pref("plugin.default.state", 0);
//user_pref("plugins.enumerable_names", "");
//user_pref("plugins.update.url", "");
user_pref("privacy.clearOnShutdown.cache", false);
user_pref("privacy.clearOnShutdown.cookies", true);
user_pref("privacy.clearOnShutdown.downloads", true);
user_pref("privacy.clearOnShutdown.history", false);
user_pref("privacy.clearOnShutdown.offlineApps", true);
user_pref("privacy.clearOnShutdown.openWindows", false);
user_pref("privacy.clearOnShutdown.sessions", true);
user_pref("privacy.clearOnShutdown.formdata", true);
user_pref("privacy.clearOnShutdown.siteSettings", true);
user_pref("privacy.cpd.offlineApps", true);
user_pref("privacy.cpd.passwords", true);
user_pref("privacy.cpd.siteSettings", true);
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.firstparty.isolate", true);
user_pref("privacy.history.custom", true);
user_pref("privacy.resistFingerprinting.block_mozAddonManager", true);
user_pref("privacy.sanitize.migrateClearSavedPwdsOnExit", true);
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.userContext.enabled", true);
user_pref("privacy.userContext.ui.enabled", true);
user_pref("privacy.userContext.longPressBehavior", 2);
user_pref("privacy.usercontext.about_newtab_segregation.enabled", true);
user_pref("reader.parse-on-load.enabled", false);
user_pref("security.cert_pinning.enforcement_level", 2);
user_pref("security.family_safety.mode", 0);
user_pref("security.identityblock.show_extended_validation", true);
user_pref("security.insecure_connection_icon.enabled", true);
user_pref("security.insecure_connection_icon.pbmode.enabled", true);
user_pref("security.insecure_connection_text.enabled", true);
user_pref("security.insecure_connection_text.pbmode.enabled", true);
user_pref("security.mixed_content.upgrade_display_content", true);
user_pref("security.mixed_content.block_active_content", true);
user_pref("security.secure_connection_icon_color_gray", false);
user_pref("security.ssl.require_safe_negotiation", true);
user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);
user_pref("security.OCSP.enabled", 1);
user_pref("security.family_safety.mode", 0);
user_pref("signon.management.page.breach-alerts.enabled", false);
user_pref("signon.management.page.breachAlertUrl", "");
user_pref("signon.autofillForms", false);
user_pref("signon.formlessCapture.enabled", false);
user_pref("shield.savant.enabled", false);
user_pref("startup.homepage_welcome_url", "");
user_pref("toolkit.coverage.endpoint.base", "");
user_pref("toolkit.coverage.opt-out", true);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.coverage.opt-out", true);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.infoURL", "");
user_pref("webgl.disable-extensions", true);
user_pref("webgl.disable-fail-if-major-performance-caveat", true);
user_pref("webgl.min_capability_mode", true);
user_pref("webgl.enable-debug-renderer-info", false);
user_pref("network.trr.resolvers", '[{ "name": "Cloudflare", "url": "https://mozilla.cloudflare-dns.com/dns-query" },{ "name": "SecureDNS", "url": "https://doh.securedns.eu/dns-query" },{ "name": "AppliedPrivacy", "url": "https://doh.appliedprivacy.net/query" },{ "name": "Digitale Gesellschaft (CH)", "url": "https://dns.digitale-gesellschaft.ch/dns-query" }, { "name": "Quad9", "url": "https://dns.quad9.net/dns-query" }]');
// customly set, adjust to your liking
user_pref("general.smoothScroll", false);
user_pref("general.smoothScroll.pages", false);
user_pref("mousewheel.min_line_scroll_amount", 40);
user_pref("geo.enabled", false);
user_pref("geo.wifi.uri", "");
user_pref("webgl.disabled", true);
user_pref("media.video_stats.enabled", false);
user_pref("security.ssl3.dhe_rsa_aes_128_sha", false);
user_pref("security.ssl3.dhe_rsa_aes_256_sha", false);
user_pref("browser.sessionstore.resume_session_once", true);
user_pref("browser.sessionstore.max_tabs_undo", 3);

58
thunderbird/README.md Executable file
View file

@ -0,0 +1,58 @@
# Thunderbird
Go to `Settings -> Advanced -> config editor`
## Remove Autocrypt and PEP
In _config editor_ set to `false` or `""` for search values `pep`, `autocrypt` and `extraHeaders`.
## Recommended settings
```
mail.inline_attachments = false
privacy.firstparty.isolate = true
mail.showCondensedAddresses = false
mailnews.headers.showSender = true
mailnews.headers.showUserAgent = true
mail.collect_email_address_outgoing = false
extensions.blocklist.enabled = false
extensions.getAddons.cache.enabled = false
mailnews.start_page.enabled = false
mailnews.start_page.url =
mailnews.start_page.override_url =
```
## Check all folders
```
mail.server.default.check_all_folders_for_new = true
```
## Sort view
```
mailnews.default_sort_type = 18
mailnews.default_sort_order = 2 // 1 (ascending) to 2 (descending)
mailnews.default_view_flags = 0 // 0 (unthreaded) to 1 (threaded)
```
## Commons addons
* Allow HTML Temp
* Paranoia
* Enigmail
* Lightning
* Nextcloud for Filelink
* Provider for CalDAV/CardDAV
* TBSync
Source: [privacy-handbuch.de](https://www.privacy-handbuch.de/handbuch_31d.htm)
## Server specific settings
**POTENTIALLY DANGEROUS** and might end up in spam!
Right click in config editor -> new String in _config editor_
```
mail.domain.tld.default.hello_argument;[127.0.0.1]
```