From 885a16dce7a93ecb359594caf62a9c88b789d7a0 Mon Sep 17 00:00:00 2001 From: tilpner Date: Sun, 14 Jun 2020 20:40:32 +0200 Subject: replaceAllUrls: init --- profiles/replaceAllUrls.nix | 192 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 192 insertions(+) create mode 100644 profiles/replaceAllUrls.nix (limited to 'profiles') diff --git a/profiles/replaceAllUrls.nix b/profiles/replaceAllUrls.nix new file mode 100644 index 0000000..8b71033 --- /dev/null +++ b/profiles/replaceAllUrls.nix @@ -0,0 +1,192 @@ +{ ... }: + +let + # Requirements: + # - is valid connection target (from FF perspective) + # - doesn't have any negative effects on the user privacy or security + h = "127.0.0.1"; + u = "http://${h}"; +in { + meta.description = '' + Firefox communicates with external services in many different ways. Not all of them + happen on startup, and they can be triggered on different intervals. + + This is a desperate effort to prevent as much of that communication as possible, by depriving FF of all configurable + URLs. It will break things, put the users security/privacy at risk, and probably shouldn't be enabled. + + Even so, this list may be insufficient. It was created manually from an about:config listing + for the searchterms "url", "uri", "endpoint", and "server", so it will miss hidden (but defaulted) and hardcoded URLs. + + Further consideration for the placeholder value is required. + + Known issues: + - This list will get outdated rather quickly + - Typos and renaming of keys are not caught in any way + ''; + + preferences = { + app = { + feedback.baseURL = u; + releaseNotesURL = u; + support.baseURL = u; + update = { + url.details = u; + url.manual = u; + }; + }; + + browser = { + uitour.url = u; + + contentblocking = { + report = { + cookie.url = u; + cryptominer.url = u; + fingerprinter.url = u; + + lockwise = { + how_it_works.url = u; + }; + + monitor = { + enabled = false; + url = u; + how_it_works.url = u; + sign_in_url = u; + }; + }; + }; + + newtabpage.activity-stream = { + discoverystream = { + config = "{}"; + endpoints = u; + endpointSpocsClear = u; + }; + + default.sites = ""; + feeds = { + snippets = false; + section.topstories.options = "{}"; + }; + asrouter.providers.snippets = false; + + fxaccounts.endpoint = u; + + telemetry.structuredIngestion.endpoint = u; + }; + + safebrowsing = { + downloads.remote.url = u; + provider = + let mock = { + advisoryURL = u; + dataSharingURL = u; + gethashURL = u; + reportMalwareMistakeURL = u; + reportPhishMistakeURL = u; + reportURL = u; + updateURL = u; + }; + in { + google = mock; + google4 = mock; + mozilla = mock; + }; + }; + + search.searchEnginesURL = u; + }; + + captivedetect.canonicalURL = u; + datareporting = { + healthreport.infoURL = u; + firstRunURL = u; + policy.firstRunURL = u; + }; + + dom.push.serverURL = "wss://${h}"; + + extensions = { + abuseReport = { + amoDetailsURL = u; + url = u; + }; + + blocklist = { + detailsURL = u; + itemURL = u; + }; + + getAddons = { + discovery.api_url = u; + get.url = u; + langpacks.url = u; + link.url = u; + search.browseURL = u; + }; + + recommendations = { + privacyPolicyUrl = u; + themeRecommendationUrl = u; + }; + + systemAddon.update.url = u; + update.background.url = u; + update.url = u; + webservice.discoverURL = u; + }; + + media.gmp-manager.url = u; + + identity = { + fxaccounts = { + remote.root = u; + auth.uri = u; + remote = { + oauth.uri = u; + pairing.uri = u; + profile.uri = u; + }; + + service = { + monitorLoginUrl = u; + sendLoginUrl = u; + }; + }; + sync.tokenserver.uri = u; + sendtabpromo.url = u; + }; + + services.settings.server = u; + + network.trr.uri = u; + + toolkit = { + telemetry.server = u; + coverage.endpoint.base = u; + }; + + security = { + # TODO: investigate exploit potential (I told you not to enable it!) + certerrors.mitm.priming.endpoint = u; + + ssl.errorReporting.url = u; + + remote_settings = { + intermediates.enabled = false; + intermediates.signer = ""; + crlite_filters.enabled = false; + crlite_filters.signer = ""; + }; + }; + + signon.management.page = { + breachAlertUrl = u; + mobileAndroidURL = u; + mobileAppleURL = u; + }; + + webextensions.storage.sync.serverURL = u; + }; +} -- cgit v1.2.3