From ef1b7f540360113967ad550a6797dadb0bc9158b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20Sch=C3=A4ferdiek?= Date: Sat, 11 Jun 2022 10:37:16 +0200 Subject: [PATCH] Update to latest privacy handbuch recommendations --- firefox/user-overrides.js | 1 + thunderbird/user.js | 60 +++++++++++++++++++++++---------------- 2 files changed, 37 insertions(+), 24 deletions(-) diff --git a/firefox/user-overrides.js b/firefox/user-overrides.js index 266ce82..1d3a7f3 100755 --- a/firefox/user-overrides.js +++ b/firefox/user-overrides.js @@ -14,6 +14,7 @@ user_pref("security.secure_connection_icon_color_gray", false); user_pref("security.insecure_connection_icon.enabled", true); user_pref("security.insecure_connection_icon.pbmode.enabled", true); user_pref("security.insecure_connection_text.enabled", true); +user_pref("security.insecure_connection_text.pbmode.enabled", true); /* Keep history */ user_pref("privacy.clearOnShutdown.history", false); // [DEFAULT: true] diff --git a/thunderbird/user.js b/thunderbird/user.js index 6018c0c..a7846d7 100755 --- a/thunderbird/user.js +++ b/thunderbird/user.js @@ -8,35 +8,19 @@ // Install when Thunderbird is closed! // Feel free to comment in or modify if you don't like the default setting. -user_pref("_user.js.prhdb", "tb_01112021"); +user_pref("_user.js.prhdb", "tb_09042022"); user_pref("beacon.enabled", false); user_pref("browser.chrome.site_icons", false); user_pref("browser.chrome.favicons", false); user_pref("browser.display.use_document_fonts", 0); user_pref("browser.cache.disk.enable", false); -user_pref("browser.cache.memory.enable", false); user_pref("browser.cache.offline.enable", false); user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); user_pref("browser.formfill.enable", false); -user_pref("browser.safebrowsing.appRepURL", " "); -user_pref("browser.safebrowsing.downloads.remote.url", ""); -user_pref("browser.safebrowsing.downloads.enabled", false); -user_pref("browser.safebrowsing.phishing.enabled", false); -user_pref("browser.safebrowsing.malware.enabled", false); -user_pref("browser.safebrowsing.downloads.remote.enabled", false); -user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); -user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); -user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); -user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); -user_pref("browser.safebrowsing.blockedURIs.enabled", false); -user_pref("browser.safebrowsing.provider.google.gethashURL", ""); -user_pref("browser.safebrowsing.provider.google.updateURL", ""); -user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); -user_pref("browser.safebrowsing.provider.google4.updateURL", ""); -user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); -user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); -user_pref("calendar.useragent.extra", ""); +user_pref("browser.region.update.enabled", false); +user_pref("browser.search.update", false); +user_pref("browser.search.suggest.enabled", false); user_pref("datareporting.policy.dataSubmissionEnabled", false); user_pref("datareporting.healthreport.uploadEnabled", false); user_pref("dom.security.https_only_mode", true); @@ -44,12 +28,13 @@ user_pref("extensions.getAddons.cache.enabled", false); user_pref("extensions.htmlaboutaddons.recommendations.enabled", false); user_pref("extensions.ui.lastCategory", "addons://list/extension"); user_pref("javascript.enabled", false); +user_pref("general.useragent.override", ""); user_pref("gfx.downloadable_fonts.enabled", false); user_pref("gfx.font_rendering.opentype_svg.enabled", false); user_pref("layout.css.visited_links_enabled", false); user_pref("mailnews.auto_config.fetchFromExchange.enabled", false); user_pref("mailnews.auto_config.fetchFromISP.sendEmailAddress", false); -user_pref("mailnews.auto_config.fetchFromISP.sslOnly", false); +user_pref("mailnews.auto_config.fetchFromISP.sslOnly", true); user_pref("mailnews.auto_config.guess.sslOnly", true); user_pref("mailnews.display.disallow_mime_handlers", 3); user_pref("mailnews.display.html_as", 1); @@ -80,6 +65,7 @@ user_pref("network.http.sendRefererHeader", 0); user_pref("network.http.speculative-parallel-limit", 0); user_pref("network.http.referer.XOriginPolicy", 2); user_pref("network.prefetch-next", false); +user_pref("pdfjs.disabled", true); user_pref("pdfjs.enableScripting", false); user_pref("rss.display.disallow_mime_handlers", 3); user_pref("rss.display.html_as", 1); @@ -92,9 +78,6 @@ user_pref("security.mixed_content.block_active_content", true); user_pref("security.OCSP.enabled", 0); user_pref("security.ssl.require_safe_negotiation", true); user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true); -// Set to TLS v1.3 min (= 4, = 3 otherwise) -//user_pref("security.tls.version.min", 3); -// BEGIN - enable all below instead of the above min 4 if your mail provider doesn't support TLS v1.3 only user_pref("security.ssl3.dhe_rsa_aes_128_sha", false); user_pref("security.ssl3.dhe_rsa_aes_256_sha", false); user_pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", false); @@ -105,4 +88,33 @@ user_pref("security.ssl3.rsa_aes_128_sha", false); user_pref("security.ssl3.rsa_aes_256_sha", false); user_pref("security.ssl3.rsa_des_ede3_sha", false); user_pref("security.tls.enable_0rtt_data", false); +user_pref("services.settings.server", "https://s.%.c.invalid/v1"); +user_pref("toolkit.telemetry.archive.enabled", false); +user_pref("toolkit.telemetry.bhrPing.enabled", false); +user_pref("toolkit.telemetry.updatePing.enabled", false); +user_pref("toolkit.telemetry.unified", false); + +// custom +user_pref("browser.safebrowsing.appRepURL", " "); +user_pref("browser.safebrowsing.downloads.remote.url", ""); +user_pref("browser.safebrowsing.downloads.enabled", false); +user_pref("browser.safebrowsing.phishing.enabled", false); +user_pref("browser.safebrowsing.malware.enabled", false); +user_pref("browser.safebrowsing.downloads.remote.enabled", false); +user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); +user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); +user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); +user_pref("browser.safebrowsing.blockedURIs.enabled", false); +user_pref("browser.safebrowsing.provider.google.gethashURL", ""); +user_pref("browser.safebrowsing.provider.google.updateURL", ""); +user_pref("browser.safebrowsing.provider.google4.gethashURL", ""); +user_pref("browser.safebrowsing.provider.google4.updateURL", ""); +user_pref("browser.safebrowsing.provider.mozilla.gethashURL", ""); +user_pref("browser.safebrowsing.provider.mozilla.updateURL", ""); +user_pref("calendar.useragent.extra", ""); + +// Set to TLS v1.3 min (= 4, = 3 otherwise) +//user_pref("security.tls.version.min", 3); +// BEGIN - enable all below instead of the above min 4 if your mail provider doesn't support TLS v1.3 only