aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--profiles/noClutter.nix6
-rw-r--r--profiles/noPocket.nix6
-rw-r--r--profiles/noStudies.nix12
-rw-r--r--profiles/noTunnels.nix10
-rw-r--r--profiles/noUpdates.nix13
5 files changed, 45 insertions, 2 deletions
diff --git a/profiles/noClutter.nix b/profiles/noClutter.nix
index e416894..42e864a 100644
--- a/profiles/noClutter.nix
+++ b/profiles/noClutter.nix
@@ -1,4 +1,10 @@
{ }: {
+ meta.description = ''
+ Disable potentionally distracting features, to let the user focus.
+
+ This module does not aim to improve privacy or security.
+ '';
+
policies = {
HomePage.StartPage = "none";
};
diff --git a/profiles/noPocket.nix b/profiles/noPocket.nix
index 0814328..7582fd6 100644
--- a/profiles/noPocket.nix
+++ b/profiles/noPocket.nix
@@ -1,4 +1,10 @@
{ ffLib }: {
+ meta.description = ''
+ Pocket allows saving sites to an external services.
+ For some reason, it has been integrated into Firefox directly,
+ instead of being offered as an extension.
+ '';
+
policies = {
DisablePocket = true;
};
diff --git a/profiles/noStudies.nix b/profiles/noStudies.nix
index 222cefe..c6398d5 100644
--- a/profiles/noStudies.nix
+++ b/profiles/noStudies.nix
@@ -1,6 +1,14 @@
{ ffLib }: {
- # https://blog.mozilla.org/firefox/update-looking-glass-add/
- # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference
+ meta.description = ''
+ Firefox Shield Studies are meant to allow Mozilla to perform A/B testing
+ on Firefox users.
+ Studies have been used in the past to introduce surprising behaviour [1],
+ and we may want to prevent that from happening to our users.
+
+ [1]: https://blog.mozilla.org/firefox/update-looking-glass-add/
+ https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference
+ '';
+
policies = {
DisableFirefoxStudies = true;
};
diff --git a/profiles/noTunnels.nix b/profiles/noTunnels.nix
index f8f5154..292b034 100644
--- a/profiles/noTunnels.nix
+++ b/profiles/noTunnels.nix
@@ -1,4 +1,14 @@
{ }: {
+ meta.description = ''
+ Take reasonable precautions against the use of a proxy, or an encrypted DNS tunnel.
+
+ This can make sense if we do DNS-level filtering, and the user does not have full control
+ over the device they're using.
+
+ If a motivated user has local write and execution privileges, it is unlikely that we can prevent
+ them from circumventing these restrictions.
+ '';
+
policies = {
DNSOverHTTPS = {
Enabled = false;
diff --git a/profiles/noUpdates.nix b/profiles/noUpdates.nix
index 67cdb43..921a969 100644
--- a/profiles/noUpdates.nix
+++ b/profiles/noUpdates.nix
@@ -1,4 +1,17 @@
{ ffLib }: {
+ meta.description = ''
+ Disable all automatic updates, including:
+ - Firefox itself
+ - Extensions
+ - Search providers
+
+ If some or all of these are externally managed, we may want to prevent automatic
+ updates from undoing our changes.
+
+ If any properties of our deployment have been audited, automatic updates may introduce
+ unaudited components and compromise any guarantees made about the users security or privacy.
+ '';
+
policies = {
DisableAppUpdate = true;
DisableSystemAddonUpdate = true;