-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dove.cfg
314 lines (200 loc) · 11.2 KB
/
dove.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
// Dove Thunderbird Mozilla.cfg
// Built from Phoenix (Hardened)
// 000 RESET UNDESIRED PREFS FROM PHOENIX
defaultPref("app.releaseNotesURL", "https://live.thunderbird.net/%APP%/releasenotes?locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%");
defaultPref("app.releaseNotesURL.aboutDialog", "https://live.thunderbird.net/%APP%/releasenotes?locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%");
defaultPref("app.releaseNotesURL.prompt", "https://live.thunderbird.net/%APP%/releasenotes?locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%");
/// Required for extensions from the ATO
unlockPref("privacy.resistFingerprinting.block_mozAddonManager");
clearPref("privacy.resistFingerprinting.block_mozAddonManager");
defaultPref("privacy.resistFingerprinting.block_mozAddonManager", false);
unlockPref("xpinstall.signatures.required");
clearPref("xpinstall.signatures.required");
defaultPref("xpinstall.signatures.required", false);
defaultPref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid,addons.thunderbird.net");
// 001 TELEMETRY
lockPref("toolkit.telemetry.ecosystemtelemetry.enabled", false); // [DEFAULT]
/// Crash Reporting
lockPref("dom.ipc.plugins.reportCrashURL", false);
// 002 MOZILLA CRAP
/// Disable Mozilla Email Provisioner/Creating new email addresses with their "partners"
lockPref("mail.provider.enabled", false);
/// Never check default mail client
lockPref("mail.shell.checkDefaultClient", false);
/// Skip Onboarding
lockPref("mail.rights.override", true);
lockPref("mailnews.start_page_override.mstone", "ignore");
/// Disable Start Page by default & clear default URL
defaultPref("mailnews.start_page.enabled", false);
defaultPref("mailnews.start_page.override_url", "");
defaultPref("mailnews.start_page.url", "");
/// Disable Donate Page
lockPref("app.donation.eoy.url", "");
lockPref("app.donation.eoy.version.viewed", 999);
/// Disable Filelink
// https://support.mozilla.org/kb/filelink-large-attachments
lockPref("mail.cloud_files.enabled", false);
/// Disable "Chat" functionality
lockPref("mail.chat.enabled", false);
/// Kill Add-on "Discovery" Recommendations
lockPref("extensions.getAddons.recommended.url", "");
/// Remove unnecessary URL params
defaultPref("extensions.getAddons.search.browseURL", "https://addons.thunderbird.net/%LOCALE%/%APP%/search/?q=%TERMS%");
// 003 DISK AVOIDANCE
/// Disable caching, might reconsider since we clear cache on exit anyways
lockPref("mail.imap.use_disk_cache2", false);
/// Set website permissions to be session only [INVESTIGATE]
defaultPref("permissions.memory_only", true);
/// Fully disable browsing history [INVESTIGATE]
lockPref("places.history.enabled", false);
/// Sanitize cookies on exit
lockPref("network.cookie.noPersistentStorage", true);
/// Prevent logging chat history
// https://stackoverflow.com/questions/32155137/how-to-disable-chat-history-in-mozilla-thunderbird
lockPref("purple.logging.log_chats", false);
lockPref("purple.logging.log_ims", false);
/// Do not leak info in chat notifications by default
defaultPref("mail.chat.notification_info", 2);
// 004 GENERAL NETWORK HARDENING
/// Enforce using secure connections for Auto config
lockPref("mailnews.auto_config.fetchFromISP.sslOnly", true);
lockPref("mailnews.auto_config.guess.requireGoodCert", true); // [DEFAULT]
lockPref("mailnews.auto_config.guess.sslOnly", true);
/// Disable link previews
lockPref("mail.compose.add_link_preview", false);
/// Always warn when making insecure connections
// Unclear whether actually used anywhere
lockPref("security.warn_entering_weak", true);
lockPref("security.warn_leaving_secure", true);
lockPref("security.warn_viewing_mixed", true);
// 005 UI
/// Always show full email addresses
lockPref("mail.showCondensedAddresses", false);
/// Always show email information & headers
lockPref("mail.show_headers", 2);
lockPref("mailnews.headers.showMessageId", true);
lockPref("mailnews.headers.showOrganization", true);
lockPref("mailnews.headers.showReferences", true);
lockPref("mailnews.headers.showSender", true);
lockPref("mailnews.headers.showUserAgent", true);
// 006 INFORMATION LEAKAGE
/// Never send read receipts
lockPref("mail.mdn.report.enabled", false);
lockPref("purple.conversations.im.send_read", false); // [CHAT]
/// Never send chat typing notifications
lockPref("purple.conversations.im.send_typing", false);
/// Never report chat idle status
lockPref("messenger.status.reportIdle", false);
/// Prevent sending user agent with emails, as it is unnecessary, not even defined in spec, & leaks information
// https://bugzilla.mozilla.org/show_bug.cgi?id=1114475
lockPref("mailnews.headers.sendUserAgent", false);
lockPref("mailnews.headers.useMinimalUserAgent", true); // [DEFAULT, DEFENSE IN DEPTH]
/// Prevent leaking system locale & date/time in replies
lockPref("mailnews.reply_header_authorwroteondate", "#1 wrote on #2 #3:");
lockPref("mailnews.reply_header_authorwrotesingle", "#1 wrote:");
lockPref("mailnews.reply_header_ondateauthorwrote", "On #2 #3, #1 wrote:");
lockPref("mailnews.reply_header_type", 1);
/// Prevent leaking spellcheck dictionary info
// https://bugzilla.mozilla.org/show_bug.cgi?id=1370217
lockPref("mail.suppress_content_language", true);
/// Prevent leaking locale & specific time through date header
// https://bugzilla.mozilla.org/show_bug.cgi?id=1603359
lockPref("mail.sanitize_date_header", true);
// 007 MISC. PRIVACY
/// Never load remote content in emails
lockPref("mailnews.message_display.disable_remote_image", true); // [DEFAULT]
/// Disable Geolocation
lockPref("browser.geolocation.warning.infoURL", "");
lockPref("geo.enabled", false);
lockPref("geo.provider.network.url", "");
lockPref("geo.provider.use_corelocation", false);
lockPref("geo.provider.use_geoclue", false);
lockPref("geo.provider.ms-windows-location", false);
/// Enable & Enforce ETP Strict Features (ETP Strict is not available on Thunderbird)
lockPref("network.cookie.cookieBehavior", 5);
lockPref("network.cookie.cookieBehavior.pbmode", 5);
lockPref("network.http.referer.disallowCrossSiteRelaxingDefault", true); // [DEFAULT]
lockPref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode", true); // [DEFAULT]
lockPref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode.top_navigation", true); // [DEFAULT]
lockPref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true);
lockPref("privacy.bounceTrackingProtection.enabled", true); // [DEFAULT
lockPref("privacy.fingerprintingProtection", true);
lockPref("privacy.fingerprintingProtection.pbmode", true);
lockPref("privacy.partition.always_partition_third_party_non_cookie_storage", true); // [DEFAULT]
lockPref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); // [DEFAULT]
lockPref("privacy.partition.bloburl_per_partition_key", true); // [DEFAULT]
lockPref("privacy.partition.network_state.ocsp_cache", true); // [DEFAULT]
lockPref("privacy.partition.network_state.ocsp_cache.pbmode", true); // [DEFAULT]
lockPref("privacy.query_stripping.enabled", true);
lockPref("privacy.query_stripping.enabled.pbmode", true);
lockPref("privacy.trackingprotection.cryptomining.enabled", true);
lockPref("privacy.trackingprotection.emailtracking.enabled", true);
lockPref("privacy.trackingprotection.emailtracking.pbmode.enabled", true); // [DEFAULT]
lockPref("privacy.trackingprotection.enabled", true);
lockPref("privacy.trackingprotection.fingerprinting.enabled", true);
lockPref("privacy.trackingprotection.pbmode.enabled", true); // [DEFAULT]
lockPref("privacy.trackingprotection.socialtracking.enabled", true);
/// Enforce never using heuristics
lockPref("privacy.antitracking.enableWebcompat", false);
lockPref("privacy.fingerprintingProtection.remoteOverrides.enabled", false);
lockPref("privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction", false);
lockPref("privacy.restrict3rdpartystorage.heuristic.recently_visited", false);
lockPref("privacy.restrict3rdpartystorage.heuristic.redirect", false);
lockPref("privacy.restrict3rdpartystorage.heuristic.window_open", false);
/// Allow toggling per session
defaultPref("network.http.referer.XOriginPolicy", 0);
pref("network.http.referer.XOriginPolicy", 2);
/// Prevent leaking sensitive information from the Cardbook extension
// https://github.com/HorlogeSkynet/thunderbird-user.js/blob/master/user.js#L1231
lockPref("extensions.cardbook.useOnlyEmail", true);
/// Always notify when encryption is possible
lockPref("mail.openpgp.remind_encryption_possible", true); // [DEFAULT]
lockPref("mail.smime.remind_encryption_possible", true); // [DEFAULT]
/// Always automatically encrypt when possible
lockPref("mail.e2ee.auto_enable", true);
/// Always notify when E2EE is disabled
lockPref("mail.e2ee.notify_on_auto_disable", true); // [DEFAULT]
/// Use GnuPG if built-in RNP fails
// https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards#Allow_the_use_of_external_GnuP
lockPref("mail.openpgp.allow_external_gnupg", true);
// 008 MISC. SECURITY
/// Sanitize HTML content
// https://www.bucksch.org/1/projects/mozilla/108153/
lockPref("mail.html_sanitize.drop_conditional_css", true); // [DEFAULT]
lockPref("mailnews.display.html_as", 3);
lockPref("rss.display.html_as", 3);
/// Enforce built-in phishing protection
// https://support.mozilla.org/kb/thunderbirds-scam-detection
lockPref("mail.phishing.detection.disallow_form_actions", true); // [DEFAULT]
lockPref("mail.phishing.detection.enabled", true); // [DEFAULT]
lockPref("mail.phishing.detection.ipaddresses", true); // [DEFAULT]
lockPref("mail.phishing.detection.mismatched_hosts", true); // [DEFAULT]
// 009 MISC.
/// Send emails in plaintext by default
// https://drewdevault.com/2016/04/11/Please-use-text-plain-for-emails.html
defaultPref("mail.html_compose", false);
defaultPref("mail.default_send_format", 1);
defaultPref("mail.identity.default.compose_html", false);
/// By default, load summary of RSS feeds instead of the full webpage & prevent loading additional webpage content
defaultPref("rss.message.loadWebPageOnSelect", 0);
defaultPref("rss.show.summary", 1);
/// Do not allow calendar to extract data from emails
lockPref("calendar.extract.service.enabled", false); // [DEFAULT]
/// Disable Web Notifications
lockPref("dom.webnotifications.enabled", false);
/// Kill Gecko Media Plugins
lockPref("media.gmp-gmpopenh264.enabled", false);
lockPref("media.gmp-gmpopenh264.provider.enabled", false);
lockPref("media.gmp-gmpopenh264.visible", false);
unlockPref("media.gmp-manager.updateEnabled");
clearPref("media.gmp-manager.updateEnabled");
lockPref("media.gmp-manager.url", "");
lockPref("media.gmp-manager.url.override", "");
lockPref("media.gmp-provider.enabled", false);
/// Enforce allow installing "incompatible" add-ons - REQUIRED FOR UBLOCK ORIGIN
lockPref("extensions.strictCompatibility", false);
/// Always disable WebGL
lockPref("webgl.disabled", true);
// DO NOT TOUCH
lockPref("browser.privatebrowsing.autostart", false); // Breaks uBlock Origin & all other extensions... also unnecessary since we always sanitize data anyways
lockPref("mailnews.oauth.usePrivateBrowser", false); // Breaks uBlock Origin & all other extensions... also unnecessary since we always sanitize data anyways