{ config, lib, ... }: with lib; let # Requirements: # - is valid connection target (from FF perspective) # - doesn't have any negative effects on the user privacy or security h = "127.0.0.1"; u = lib.mkForce "http://${h}"; in { options.dataFrugality.replaceAllUrls = mkOption { type = types.bool; default = false; description = '' Firefox communicates with external services in many different ways. Not all of them happen on startup, and they can be triggered on different intervals. This is a desperate effort to prevent as much of that communication as possible, by depriving FF of all configurable URLs. It will break things, put the users security/privacy at risk, and probably shouldn't be enabled. Even so, this list may be insufficient. It was created manually from an about:config listing for the searchterms "url", "uri", "endpoint", and "server", so it will miss hidden (but defaulted) and hardcoded URLs. Further consideration for the placeholder value is required. Known issues: * This list will get outdated rather quickly * Typos and renaming of keys are not caught in any way ''; }; config.preferences = lib.mkIf config.dataFrugality.replaceAllUrls { app = { feedback.baseURL = u; releaseNotesURL = u; support.baseURL = u; update = { url.details = u; url.manual = u; }; }; browser = { uitour.url = u; contentblocking = { report = { cookie.url = u; cryptominer.url = u; fingerprinter.url = u; lockwise = { how_it_works.url = u; }; monitor = { enabled = false; url = u; how_it_works.url = u; sign_in_url = u; }; }; }; newtabpage.activity-stream = { discoverystream = { config = "{}"; endpoints = u; endpointSpocsClear = u; }; default.sites = ""; feeds = { snippets = false; section.topstories.options = "{}"; }; asrouter.providers.snippets = false; fxaccounts.endpoint = u; telemetry.structuredIngestion.endpoint = u; }; safebrowsing = { downloads.remote.url = u; provider = let mock = { advisoryURL = u; dataSharingURL = u; gethashURL = u; reportMalwareMistakeURL = u; reportPhishMistakeURL = u; reportURL = u; updateURL = u; }; in { google = mock; google4 = mock; mozilla = mock; }; }; search.searchEnginesURL = u; }; captivedetect.canonicalURL = u; datareporting = { healthreport.infoURL = u; firstRunURL = u; policy.firstRunURL = u; }; dom.push.serverURL = "wss://${h}"; extensions = { abuseReport = { amoDetailsURL = u; url = u; }; blocklist = { detailsURL = u; itemURL = u; }; getAddons = { discovery.api_url = u; get.url = u; langpacks.url = u; link.url = u; search.browseURL = u; }; recommendations = { privacyPolicyUrl = u; themeRecommendationUrl = u; }; systemAddon.update.url = u; update.background.url = u; update.url = u; webservice.discoverURL = u; }; media.gmp-manager.url = u; identity = { fxaccounts = { remote.root = u; auth.uri = u; remote = { oauth.uri = u; pairing.uri = u; profile.uri = u; }; service = { monitorLoginUrl = u; sendLoginUrl = u; }; }; sync.tokenserver.uri = u; sendtabpromo.url = u; }; services.settings.server = u; network.trr.uri = u; toolkit = { telemetry.server = u; coverage.endpoint.base = u; }; security = { # TODO: investigate exploit potential (I told you not to enable it!) certerrors.mitm.priming.endpoint = u; ssl.errorReporting.url = u; remote_settings = { intermediates.enabled = false; intermediates.signer = ""; crlite_filters.enabled = false; crlite_filters.signer = ""; }; }; signon.management.page = { breachAlertUrl = u; mobileAndroidURL = u; mobileAppleURL = u; }; webextensions.storage.sync.serverURL = u; }; }