User Tools

Site Tools


project:spyzilla

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
project:spyzilla [2019/02/01 21:24] – [about:config] mrkvaproject:spyzilla [2022/12/24 16:23] (current) – [Thunderbird] jenda
Line 16: Line 16:
  
  
-  * Run with parameter -P. Select "Start offline"+  * Run with parameter -P. Select "Start offline". Please note that Firefox at least since version 67 ignore offline parameter for captive portal requests anyway, and perform HTTP requests against detectportal.firefox.com.
   * Visit Preferences. In "Security", turn off "Block reported attack sites" and "Block reported web forgeries"   * Visit Preferences. In "Security", turn off "Block reported attack sites" and "Block reported web forgeries"
   * Uncheck Advanced → Updates   * Uncheck Advanced → Updates
Line 77: Line 77:
   * https://www.ghacks.net/2017/07/13/privacy-blunder-firefox-getaddons-page-google-analytics/   * https://www.ghacks.net/2017/07/13/privacy-blunder-firefox-getaddons-page-google-analytics/
  
-===== Firefox (v. 64 basic setup) Work in Progress =====+===== Firefox (v. 64basic setup) Work in Progress =====
 After these changes, firefox should not open any outgoing connections (if autoupdate was disabled by company policy / Linux distribution maintainers) when starting with a blank page, except for checking updates of installed extensions. After these changes, firefox should not open any outgoing connections (if autoupdate was disabled by company policy / Linux distribution maintainers) when starting with a blank page, except for checking updates of installed extensions.
 +
 +XXX TODO: How to get rid of: 
 +
 +
 +  - POST https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=...&pver=2.2 
 +  - GET https://firefox.settings.services.mozilla.com/v1/buckets/pinning/collections/pins?_expected=148.....
 +      (once a day? with a bunch of similar requests)
 +  - GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2020-07-06-00-19-31.chain
 +
  
 ==== Edit -> Preferences ==== ==== Edit -> Preferences ====
Line 146: Line 155:
  
 media.navigator.enabled = false media.navigator.enabled = false
 +
 +# Disable captive portal
 network.captive-portal-service.enabled = false network.captive-portal-service.enabled = false
 +# The key above seems to be ignored in some versions, so remove the captive portal address
 +captivedetect.canonicalURL = ""
  
 browser.ping-centre.production.endpoint = "" browser.ping-centre.production.endpoint = ""
Line 155: Line 168:
 privacy.firstparty.isolate = true privacy.firstparty.isolate = true
 privacy.resistFingerprinting = true privacy.resistFingerprinting = true
 +
 +# extension blocklists
 +extensions.blocklist.enabled = false
 +
 +# extensions automatic update
 +extensions.systemAddon.update.enabled = false
 +
 +# disable requests to search.services.mozilla.com/...
 +browser.search.geoSpecific.Defaults = false
 +
 +# https://firefox.settings.services.mozilla.com/v1/buckets settings fetching?
 +services.settings.server = ""
 +
 +# some websocket telemetry
 +dom.push.enabled = false
 +
 +# ?
 +app.normandy.enabled = false
 +
 +# ? investigate GET https://services.addons.mozilla.org/api/v3/addons/search/?guid=defau...
 +
 +extensions.systemAddon.update.enabled = false
 +services.sync.engineStatusChanged.addons = false
  
 </code> </code>
Line 164: Line 200:
 New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline. New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline.
  
 +When you uncheck "Allow Thunderbird to send technical and interaction data to Mozilla", it sends the following request to Mozilla:
  
 +<code>
 +POST /submit/telemetry/4e0009de-f8dc-4aad-8b07-30011f7622de/deletion-request\
 +/Thunderbird/78.7.1/default/20210203182138?v=4 HTTP/1.1
 +Host: incoming-telemetry.thunderbird.net
 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
 +
 +{
 +  "type": "deletion-request",
 +  "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX",
 +  "creationDate": "2021-02-10T18:55:32.926Z",
 +  "version": 4,
 +  "application": {
 +    "architecture": "x86-64",
 +    "buildId": "20210203182138",
 +    "name": "Thunderbird",
 +    "version": "78.7.1",
 +    "displayVersion": "78.7.1",
 +    "vendor": "",
 +    "platformVersion": "78.7.0",
 +    "xpcomAbi": "x86_64-gcc3",
 +    "channel": "default"
 +  },
 +  "payload": {
 +    "scalars": {}
 +  },
 +  "clientId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX"
 +}
 +</code>
 +
 +==== Attachments ====
 +
 +When you open an attachment (tested with PDF), the following request is sent, leaking username, profile name, attachment filename and attachment SHA-256 hash (as raw binary data in the middle):
 +
 +<code>
 +POST /safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY% HTTP/1.1
 +Host: sb-ssl.google.com
 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
 +
 +00000000  4e 6d 61 69 6c 62 6f 78  3a 2f 2f 2f 68 6f 6d 65  |Nmailbox:///home|
 +00000010  2f 6a 65 6e 64 61 2f 2e  74 68 75 6e 64 65 72 62  |/jenda/.thunderb|
 +00000020  69 72 64 2f XX XX XX XX  XX XX XX XX 2e 64 65 66  |ird/XXXXXXXX.def|
 +00000030  61 75 6c 74 2f 4d 61 69  6c 2f 4c 6f 63 61 6c 25  |ault/Mail/Local%|
 +00000040  32 30 46 6f 6c 64 65 72  73 2f 49 6e 62 6f 78 12  |20Folders/Inbox.|
 +00000050  22 0a 20 ac a6 20 97 00  fa aa c6 15 80 ed b0 be  |". .. ..........|
 +00000060  5d 60 dd 49 64 4d b8 0c  9a e4 af 46 5b b6 ca b4  |]`.IdM.....F[...|
 +00000070  5b 09 e3 18 ff f4 0d 22  52 0a 4e 6d 61 69 6c 62  |[......"R.Nmailb|
 +00000080  6f 78 3a 2f 2f 2f 68 6f  6d 65 2f 6a 65 6e 64 61  |ox:///home/jenda|
 +00000090  2f 2e 74 68 75 6e 64 65  72 62 69 72 64 2f XX XX  |/.thunderbird/XX|
 +000000a0  XX XX XX XX XX XX 2e 64  65 66 61 75 6c 74 2f 4d  |XXXXXX.default/M|
 +000000b0  61 69 6c 2f 4c 6f 63 61  6c 25 32 30 46 6f 6c 64  |ail/Local%20Fold|
 +000000c0  65 72 73 2f 49 6e 62 6f  78 10 00 30 01 4a 25 50  |ers/Inbox..0.J%P|
 +000000d0  6f 74 76 72 7a 65 6e c3  ad 20 6f 62 6a 65 64 6e  |otvrzen.. objedn|
 +000000e0  c3 a1 76 6b 79 20 31 35  31 30 37 35 36 34 2d 31  |..vky 15107564-1|
 +000000f0  2e 70 64 66 50 00 5a 05  65 6e 2d 55 53           |.pdfP.Z.en-US|
 +</code>
 +To disable this, remove browser.safebrowsing.downloads.remote.url in about:config. [[https://searchfox.org/mozilla-central/source/toolkit/components/reputationservice/ApplicationReputation.cpp#1564|Link to source where this happens.]]
 ===== Firefox for Android ===== ===== Firefox for Android =====
  
project/spyzilla.1549056277.txt.gz · Last modified: 2019/02/01 21:24 by mrkva