User Tools

Site Tools


project:spyzilla

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
project:spyzilla [2020/06/03 21:21] – [Firefox (v. 64 basic setup) Work in Progress] niekt0project:spyzilla [2022/12/24 16:23] (current) – [Thunderbird] jenda
Line 81: Line 81:
  
 XXX TODO: How to get rid of:  XXX TODO: How to get rid of: 
-POST https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=...&pver=2.2 HTTP/1.1+ 
 + 
 +  - POST https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=...&pver=2.2  
 +  - GET https://firefox.settings.services.mozilla.com/v1/buckets/pinning/collections/pins?_expected=148..... 
 +      (once a day? with a bunch of similar requests) 
 +  - GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2020-07-06-00-19-31.chain 
  
 ==== Edit -> Preferences ==== ==== Edit -> Preferences ====
Line 149: Line 155:
  
 media.navigator.enabled = false media.navigator.enabled = false
 +
 +# Disable captive portal
 network.captive-portal-service.enabled = false network.captive-portal-service.enabled = false
 +# The key above seems to be ignored in some versions, so remove the captive portal address
 +captivedetect.canonicalURL = ""
  
 browser.ping-centre.production.endpoint = "" browser.ping-centre.production.endpoint = ""
Line 168: Line 178:
 browser.search.geoSpecific.Defaults = false browser.search.geoSpecific.Defaults = false
  
-??? XXX firefox.settings.services.mozilla.com +# https://firefox.settings.services.mozilla.com/v1/buckets settings fetching? 
 +services.settings.server = "" 
 + 
 +# some websocket telemetry 
 +dom.push.enabled = false 
 + 
 +# ? 
 +app.normandy.enabled = false 
 + 
 +# ? investigate GET https://services.addons.mozilla.org/api/v3/addons/search/?guid=defau... 
 +#  
 +extensions.systemAddon.update.enabled = false 
 +services.sync.engineStatusChanged.addons = false
  
 </code> </code>
Line 178: Line 200:
 New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline. New Account setup wizard sends your e-mail domain to Mozilla. To add an account without this feature, select File → Offline → Work offline.
  
 +When you uncheck "Allow Thunderbird to send technical and interaction data to Mozilla", it sends the following request to Mozilla:
  
 +<code>
 +POST /submit/telemetry/4e0009de-f8dc-4aad-8b07-30011f7622de/deletion-request\
 +/Thunderbird/78.7.1/default/20210203182138?v=4 HTTP/1.1
 +Host: incoming-telemetry.thunderbird.net
 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
 +
 +{
 +  "type": "deletion-request",
 +  "id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXX",
 +  "creationDate": "2021-02-10T18:55:32.926Z",
 +  "version": 4,
 +  "application": {
 +    "architecture": "x86-64",
 +    "buildId": "20210203182138",
 +    "name": "Thunderbird",
 +    "version": "78.7.1",
 +    "displayVersion": "78.7.1",
 +    "vendor": "",
 +    "platformVersion": "78.7.0",
 +    "xpcomAbi": "x86_64-gcc3",
 +    "channel": "default"
 +  },
 +  "payload": {
 +    "scalars": {}
 +  },
 +  "clientId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX"
 +}
 +</code>
 +
 +==== Attachments ====
 +
 +When you open an attachment (tested with PDF), the following request is sent, leaking username, profile name, attachment filename and attachment SHA-256 hash (as raw binary data in the middle):
 +
 +<code>
 +POST /safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY% HTTP/1.1
 +Host: sb-ssl.google.com
 +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
 +
 +00000000  4e 6d 61 69 6c 62 6f 78  3a 2f 2f 2f 68 6f 6d 65  |Nmailbox:///home|
 +00000010  2f 6a 65 6e 64 61 2f 2e  74 68 75 6e 64 65 72 62  |/jenda/.thunderb|
 +00000020  69 72 64 2f XX XX XX XX  XX XX XX XX 2e 64 65 66  |ird/XXXXXXXX.def|
 +00000030  61 75 6c 74 2f 4d 61 69  6c 2f 4c 6f 63 61 6c 25  |ault/Mail/Local%|
 +00000040  32 30 46 6f 6c 64 65 72  73 2f 49 6e 62 6f 78 12  |20Folders/Inbox.|
 +00000050  22 0a 20 ac a6 20 97 00  fa aa c6 15 80 ed b0 be  |". .. ..........|
 +00000060  5d 60 dd 49 64 4d b8 0c  9a e4 af 46 5b b6 ca b4  |]`.IdM.....F[...|
 +00000070  5b 09 e3 18 ff f4 0d 22  52 0a 4e 6d 61 69 6c 62  |[......"R.Nmailb|
 +00000080  6f 78 3a 2f 2f 2f 68 6f  6d 65 2f 6a 65 6e 64 61  |ox:///home/jenda|
 +00000090  2f 2e 74 68 75 6e 64 65  72 62 69 72 64 2f XX XX  |/.thunderbird/XX|
 +000000a0  XX XX XX XX XX XX 2e 64  65 66 61 75 6c 74 2f 4d  |XXXXXX.default/M|
 +000000b0  61 69 6c 2f 4c 6f 63 61  6c 25 32 30 46 6f 6c 64  |ail/Local%20Fold|
 +000000c0  65 72 73 2f 49 6e 62 6f  78 10 00 30 01 4a 25 50  |ers/Inbox..0.J%P|
 +000000d0  6f 74 76 72 7a 65 6e c3  ad 20 6f 62 6a 65 64 6e  |otvrzen.. objedn|
 +000000e0  c3 a1 76 6b 79 20 31 35  31 30 37 35 36 34 2d 31  |..vky 15107564-1|
 +000000f0  2e 70 64 66 50 00 5a 05  65 6e 2d 55 53           |.pdfP.Z.en-US|
 +</code>
 +To disable this, remove browser.safebrowsing.downloads.remote.url in about:config. [[https://searchfox.org/mozilla-central/source/toolkit/components/reputationservice/ApplicationReputation.cpp#1564|Link to source where this happens.]]
 ===== Firefox for Android ===== ===== Firefox for Android =====
  
project/spyzilla.1591219299.txt.gz · Last modified: 2020/06/03 21:21 by niekt0