project:spyzilla
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
project:spyzilla [2020/06/03 21:21] – [Firefox (v. 64 basic setup) Work in Progress] niekt0 | project:spyzilla [2021/08/07 04:35] – [Thunderbird] update source code line jenda | ||
---|---|---|---|
Line 81: | Line 81: | ||
XXX TODO: How to get rid of: | XXX TODO: How to get rid of: | ||
- | POST https:// | + | |
+ | |||
+ | - POST https:// | ||
+ | - GET https:// | ||
+ | (once a day? with a bunch of similar requests) | ||
+ | - GET https:// | ||
==== Edit -> Preferences ==== | ==== Edit -> Preferences ==== | ||
Line 149: | Line 155: | ||
media.navigator.enabled = false | media.navigator.enabled = false | ||
+ | |||
+ | # Disable captive portal | ||
network.captive-portal-service.enabled = false | network.captive-portal-service.enabled = false | ||
+ | # The key above seems to be ignored in some versions, so remove the captive portal address | ||
+ | captivedetect.canonicalURL = "" | ||
browser.ping-centre.production.endpoint = "" | browser.ping-centre.production.endpoint = "" | ||
Line 168: | Line 178: | ||
browser.search.geoSpecific.Defaults = false | browser.search.geoSpecific.Defaults = false | ||
- | ??? XXX firefox.settings.services.mozilla.com | + | # https://firefox.settings.services.mozilla.com/v1/buckets settings fetching? |
+ | services.settings.server = "" | ||
+ | |||
+ | # some websocket telemetry | ||
+ | dom.push.enabled = false | ||
+ | |||
+ | # ? | ||
+ | app.normandy.enabled = false | ||
+ | |||
+ | # ? investigate GET https:// | ||
+ | # | ||
+ | extensions.systemAddon.update.enabled = false | ||
+ | services.sync.engineStatusChanged.addons = false | ||
</ | </ | ||
Line 178: | Line 200: | ||
New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline. | New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline. | ||
+ | When you uncheck "Allow Thunderbird to send technical and interaction data to Mozilla", | ||
+ | < | ||
+ | POST / | ||
+ | / | ||
+ | Host: incoming-telemetry.thunderbird.net | ||
+ | User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/ | ||
+ | |||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | When you open an attachment (tested with PDF), the following request is sent, leaking username, profile name, attachment filename and attachment SHA-256 hash (as raw binary data in the middle): | ||
+ | |||
+ | < | ||
+ | POST / | ||
+ | Host: sb-ssl.google.com | ||
+ | User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/ | ||
+ | |||
+ | 00000000 | ||
+ | 00000010 | ||
+ | 00000020 | ||
+ | 00000030 | ||
+ | 00000040 | ||
+ | 00000050 | ||
+ | 00000060 | ||
+ | 00000070 | ||
+ | 00000080 | ||
+ | 00000090 | ||
+ | 000000a0 | ||
+ | 000000b0 | ||
+ | 000000c0 | ||
+ | 000000d0 | ||
+ | 000000e0 | ||
+ | 000000f0 | ||
+ | </ | ||
+ | To disable this, remove browser.safebrowsing.downloads.remote.url in about: | ||
===== Firefox for Android ===== | ===== Firefox for Android ===== | ||
project/spyzilla.txt · Last modified: 2022/12/24 16:23 by jenda