From 9e60a30afa8aef1fd2258a0217b02cdb3bd123a5 Mon Sep 17 00:00:00 2001
From: tilpner
Date: Sun, 5 Apr 2020 22:03:29 +0200
Subject: no{Clutter,Pocket,Studies,Tunnels,Updates}: document

---
 profiles/noClutter.nix |  6 ++++++
 profiles/noPocket.nix  |  6 ++++++
 profiles/noStudies.nix | 12 ++++++++++--
 profiles/noTunnels.nix | 10 ++++++++++
 profiles/noUpdates.nix | 13 +++++++++++++
 5 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/profiles/noClutter.nix b/profiles/noClutter.nix
index e416894..42e864a 100644
--- a/profiles/noClutter.nix
+++ b/profiles/noClutter.nix
@@ -1,4 +1,10 @@
 { }: {
+  meta.description = ''
+    Disable potentionally distracting features, to let the user focus.
+
+    This module does not aim to improve privacy or security.
+  '';
+
   policies = {
     HomePage.StartPage = "none";
   };
diff --git a/profiles/noPocket.nix b/profiles/noPocket.nix
index 0814328..7582fd6 100644
--- a/profiles/noPocket.nix
+++ b/profiles/noPocket.nix
@@ -1,4 +1,10 @@
 { ffLib }: {
+  meta.description = ''
+    Pocket allows saving sites to an external services.
+    For some reason, it has been integrated into Firefox directly,
+    instead of being offered as an extension.
+  '';
+
   policies = {
     DisablePocket = true;
   };
diff --git a/profiles/noStudies.nix b/profiles/noStudies.nix
index 222cefe..c6398d5 100644
--- a/profiles/noStudies.nix
+++ b/profiles/noStudies.nix
@@ -1,6 +1,14 @@
 { ffLib }: {
-  # https://blog.mozilla.org/firefox/update-looking-glass-add/
-  # https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference
+  meta.description = ''
+    Firefox Shield Studies are meant to allow Mozilla to perform A/B testing
+    on Firefox users.
+    Studies have been used in the past to introduce surprising behaviour [1],
+    and we may want to prevent that from happening to our users.
+
+    [1]: https://blog.mozilla.org/firefox/update-looking-glass-add/
+    https://mozilla.github.io/normandy/user/end_user_interaction.html#opt-out-preference
+  '';
+
   policies = {
     DisableFirefoxStudies = true;
   };
diff --git a/profiles/noTunnels.nix b/profiles/noTunnels.nix
index f8f5154..292b034 100644
--- a/profiles/noTunnels.nix
+++ b/profiles/noTunnels.nix
@@ -1,4 +1,14 @@
 { }: {
+  meta.description = ''
+    Take reasonable precautions against the use of a proxy, or an encrypted DNS tunnel.
+
+    This can make sense if we do DNS-level filtering, and the user does not have full control
+    over the device they're using.
+
+    If a motivated user has local write and execution privileges, it is unlikely that we can prevent
+    them from circumventing these restrictions.
+  '';
+
   policies = {
     DNSOverHTTPS = {
       Enabled = false;
diff --git a/profiles/noUpdates.nix b/profiles/noUpdates.nix
index 67cdb43..921a969 100644
--- a/profiles/noUpdates.nix
+++ b/profiles/noUpdates.nix
@@ -1,4 +1,17 @@
 { ffLib }: {
+  meta.description = ''
+    Disable all automatic updates, including:
+      - Firefox itself
+      - Extensions
+      - Search providers
+
+    If some or all of these are externally managed, we may want to prevent automatic
+    updates from undoing our changes.
+
+    If any properties of our deployment have been audited, automatic updates may introduce
+    unaudited components and compromise any guarantees made about the users security or privacy.
+  '';
+
   policies = {
     DisableAppUpdate = true;
     DisableSystemAddonUpdate = true;
-- 
cgit v1.2.3