aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortilpner2020-06-14 20:40:32 +0200
committertilpner2020-06-14 20:40:32 +0200
commit885a16dce7a93ecb359594caf62a9c88b789d7a0 (patch)
treeb20ad3e7e8cebb43ce0737f3344204bfb0de27b5
parentedd85db3bb461a1c118489c0ed5dac2db2ef76fe (diff)
downloadfirefox-profiles-885a16dce7a93ecb359594caf62a9c88b789d7a0.tar.gz
firefox-profiles-885a16dce7a93ecb359594caf62a9c88b789d7a0.tar.xz
firefox-profiles-885a16dce7a93ecb359594caf62a9c88b789d7a0.zip
replaceAllUrls: init
-rw-r--r--profiles/replaceAllUrls.nix192
1 files changed, 192 insertions, 0 deletions
diff --git a/profiles/replaceAllUrls.nix b/profiles/replaceAllUrls.nix
new file mode 100644
index 0000000..8b71033
--- /dev/null
+++ b/profiles/replaceAllUrls.nix
@@ -0,0 +1,192 @@
+{ ... }:
+
+let
+ # Requirements:
+ # - is valid connection target (from FF perspective)
+ # - doesn't have any negative effects on the user privacy or security
+ h = "127.0.0.1";
+ u = "http://${h}";
+in {
+ meta.description = ''
+ Firefox communicates with external services in many different ways. Not all of them
+ happen on startup, and they can be triggered on different intervals.
+
+ This is a desperate effort to prevent as much of that communication as possible, by depriving FF of all configurable
+ URLs. It will break things, put the users security/privacy at risk, and probably shouldn't be enabled.
+
+ Even so, this list may be insufficient. It was created manually from an about:config listing
+ for the searchterms "url", "uri", "endpoint", and "server", so it will miss hidden (but defaulted) and hardcoded URLs.
+
+ Further consideration for the placeholder value is required.
+
+ Known issues:
+ - This list will get outdated rather quickly
+ - Typos and renaming of keys are not caught in any way
+ '';
+
+ preferences = {
+ app = {
+ feedback.baseURL = u;
+ releaseNotesURL = u;
+ support.baseURL = u;
+ update = {
+ url.details = u;
+ url.manual = u;
+ };
+ };
+
+ browser = {
+ uitour.url = u;
+
+ contentblocking = {
+ report = {
+ cookie.url = u;
+ cryptominer.url = u;
+ fingerprinter.url = u;
+
+ lockwise = {
+ how_it_works.url = u;
+ };
+
+ monitor = {
+ enabled = false;
+ url = u;
+ how_it_works.url = u;
+ sign_in_url = u;
+ };
+ };
+ };
+
+ newtabpage.activity-stream = {
+ discoverystream = {
+ config = "{}";
+ endpoints = u;
+ endpointSpocsClear = u;
+ };
+
+ default.sites = "";
+ feeds = {
+ snippets = false;
+ section.topstories.options = "{}";
+ };
+ asrouter.providers.snippets = false;
+
+ fxaccounts.endpoint = u;
+
+ telemetry.structuredIngestion.endpoint = u;
+ };
+
+ safebrowsing = {
+ downloads.remote.url = u;
+ provider =
+ let mock = {
+ advisoryURL = u;
+ dataSharingURL = u;
+ gethashURL = u;
+ reportMalwareMistakeURL = u;
+ reportPhishMistakeURL = u;
+ reportURL = u;
+ updateURL = u;
+ };
+ in {
+ google = mock;
+ google4 = mock;
+ mozilla = mock;
+ };
+ };
+
+ search.searchEnginesURL = u;
+ };
+
+ captivedetect.canonicalURL = u;
+ datareporting = {
+ healthreport.infoURL = u;
+ firstRunURL = u;
+ policy.firstRunURL = u;
+ };
+
+ dom.push.serverURL = "wss://${h}";
+
+ extensions = {
+ abuseReport = {
+ amoDetailsURL = u;
+ url = u;
+ };
+
+ blocklist = {
+ detailsURL = u;
+ itemURL = u;
+ };
+
+ getAddons = {
+ discovery.api_url = u;
+ get.url = u;
+ langpacks.url = u;
+ link.url = u;
+ search.browseURL = u;
+ };
+
+ recommendations = {
+ privacyPolicyUrl = u;
+ themeRecommendationUrl = u;
+ };
+
+ systemAddon.update.url = u;
+ update.background.url = u;
+ update.url = u;
+ webservice.discoverURL = u;
+ };
+
+ media.gmp-manager.url = u;
+
+ identity = {
+ fxaccounts = {
+ remote.root = u;
+ auth.uri = u;
+ remote = {
+ oauth.uri = u;
+ pairing.uri = u;
+ profile.uri = u;
+ };
+
+ service = {
+ monitorLoginUrl = u;
+ sendLoginUrl = u;
+ };
+ };
+ sync.tokenserver.uri = u;
+ sendtabpromo.url = u;
+ };
+
+ services.settings.server = u;
+
+ network.trr.uri = u;
+
+ toolkit = {
+ telemetry.server = u;
+ coverage.endpoint.base = u;
+ };
+
+ security = {
+ # TODO: investigate exploit potential (I told you not to enable it!)
+ certerrors.mitm.priming.endpoint = u;
+
+ ssl.errorReporting.url = u;
+
+ remote_settings = {
+ intermediates.enabled = false;
+ intermediates.signer = "";
+ crlite_filters.enabled = false;
+ crlite_filters.signer = "";
+ };
+ };
+
+ signon.management.page = {
+ breachAlertUrl = u;
+ mobileAndroidURL = u;
+ mobileAppleURL = u;
+ };
+
+ webextensions.storage.sync.serverURL = u;
+ };
+}