project:spyzilla
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
project:spyzilla [2020/06/03 21:42] – [about:config] niekt0 | project:spyzilla [2022/12/24 16:23] (current) – [Thunderbird] jenda | ||
---|---|---|---|
Line 86: | Line 86: | ||
- GET https:// | - GET https:// | ||
(once a day? with a bunch of similar requests) | (once a day? with a bunch of similar requests) | ||
+ | - GET https:// | ||
Line 155: | Line 155: | ||
media.navigator.enabled = false | media.navigator.enabled = false | ||
+ | |||
+ | # Disable captive portal | ||
network.captive-portal-service.enabled = false | network.captive-portal-service.enabled = false | ||
+ | # The key above seems to be ignored in some versions, so remove the captive portal address | ||
+ | captivedetect.canonicalURL = "" | ||
browser.ping-centre.production.endpoint = "" | browser.ping-centre.production.endpoint = "" | ||
Line 183: | Line 187: | ||
app.normandy.enabled = false | app.normandy.enabled = false | ||
+ | # ? investigate GET https:// | ||
+ | # | ||
+ | extensions.systemAddon.update.enabled = false | ||
+ | services.sync.engineStatusChanged.addons = false | ||
</ | </ | ||
Line 192: | Line 200: | ||
New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline. | New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline. | ||
+ | When you uncheck "Allow Thunderbird to send technical and interaction data to Mozilla", | ||
+ | < | ||
+ | POST / | ||
+ | / | ||
+ | Host: incoming-telemetry.thunderbird.net | ||
+ | User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/ | ||
+ | |||
+ | { | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | " | ||
+ | }, | ||
+ | " | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ==== Attachments ==== | ||
+ | |||
+ | When you open an attachment (tested with PDF), the following request is sent, leaking username, profile name, attachment filename and attachment SHA-256 hash (as raw binary data in the middle): | ||
+ | |||
+ | < | ||
+ | POST / | ||
+ | Host: sb-ssl.google.com | ||
+ | User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/ | ||
+ | |||
+ | 00000000 | ||
+ | 00000010 | ||
+ | 00000020 | ||
+ | 00000030 | ||
+ | 00000040 | ||
+ | 00000050 | ||
+ | 00000060 | ||
+ | 00000070 | ||
+ | 00000080 | ||
+ | 00000090 | ||
+ | 000000a0 | ||
+ | 000000b0 | ||
+ | 000000c0 | ||
+ | 000000d0 | ||
+ | 000000e0 | ||
+ | 000000f0 | ||
+ | </ | ||
+ | To disable this, remove browser.safebrowsing.downloads.remote.url in about: | ||
===== Firefox for Android ===== | ===== Firefox for Android ===== | ||
project/spyzilla.1591220557.txt.gz · Last modified: 2020/06/03 21:42 by niekt0