[tor-commits] [torbirdy/develop] Update privacy settings and related preferences
sukhbir at torproject.org
sukhbir at torproject.org
Fri Nov 25 05:54:48 UTC 2016
commit 2bdeffbbeedfdf382b33f0faaf6839427096544a
Author: Sukhbir Singh <sukhbir at torproject.org>
Date: Mon May 16 12:26:34 2016 -0400
Update privacy settings and related preferences
---
components/torbirdy.js | 161 ++++++++++++++++++++++++++++++++++---------------
1 file changed, 111 insertions(+), 50 deletions(-)
diff --git a/components/torbirdy.js b/components/torbirdy.js
index 238c089..ba8195e 100644
--- a/components/torbirdy.js
+++ b/components/torbirdy.js
@@ -25,12 +25,7 @@ const kTorBirdyBranch = "extensions.torbirdy.";
// preferences dialog. See `preferences.js'.
const TorBirdyPrefs = {
"extensions.torbirdy.protected": false,
- // When the preferences below have been set, then only enable TorBirdy.
- // Generate our own custom time-independent message-ID.
- "mailnews.custom_message_id": true,
- "mailnews.header.custom_message_id": "",
- // Remove the date header.
- "mailnews.local_date_header_generation": false,
+ // When the preferences below have been set, enable TorBirdy.
/*
Network
@@ -38,6 +33,10 @@ const TorBirdyPrefs = {
// Use a manual proxy configuration.
"network.proxy.type": 1,
+ // https://bugs.torproject.org/10419
+ "network.proxy.no_proxies_on": "",
+ // Restrict TBB ports.
+ "network.security.ports.banned": "9050,9051,9150,9151",
// Number of seconds to wait before attempting to recontact an unresponsive proxy server.
"network.proxy.failover_timeout": 1800,
@@ -48,6 +47,8 @@ const TorBirdyPrefs = {
// Set DNS proxying through SOCKS5.
"network.proxy.socks_remote_dns": true,
+ // Disable DNS prefetching.
+ "network.dns.disablePrefetch": true,
// https://lists.torproject.org/pipermail/tor-talk/2011-September/021398.html
// "Towards a Tor-safe Mozilla Thunderbird"
@@ -62,8 +63,15 @@ const TorBirdyPrefs = {
// Likely privacy violations
// https://blog.torproject.org/blog/experimental-defense-website-traffic-fingerprinting
- // https://trac.torproject.org/projects/tor/ticket/3914
+ // https://bugs.torproject.org/3914
"network.http.pipelining": true,
+ "network.http.pipelining.aggressive": true,
+ "network.http.pipelining.maxrequests": 12,
+ "network.http.connection-retry-timeout": 0,
+ "network.http.max-persistent-connections-per-proxy": 256,
+ "network.http.pipelining.reschedule-timeout": 15000,
+ "network.http.pipelining.read-timeout": 60000,
+
// We do not fully understand the privacy issues of the SPDY protocol
// We have no reason to believe that anyone would actually use it with
// Thunderbird but we fail closed to keep users safe out of an abundance of
@@ -74,8 +82,10 @@ const TorBirdyPrefs = {
// author Mike Perry.
"network.http.pipelining.ssl": true,
"network.http.proxy.pipelining": true,
- "network.http.pipelining.maxrequests": 12,
- "network.http.sendRefererHeader": 0,
+ "network.http.sendRefererHeader": 2,
+ // https://bugs.torproject.org/16673
+ "network.http.altsvc.enabled": false,
+ "network.http.altsvc.oe": false,
// Disable proxy bypass issue.
// Websockets have no use in Thunderbird over Tor; some versions of the
@@ -87,6 +97,9 @@ const TorBirdyPrefs = {
"network.websocket.enabled": false,
// Cookies are allowed, but not third-party cookies. For Gmail and Twitter.
"network.cookie.cookieBehavior": 1,
+ // http://kb.mozillazine.org/Network.cookie.lifetimePolicy
+ // 2: cookie expires at the end of the session.
+ "network.cookie.lifetimePolicy": 2,
// Disable link prefetching.
"network.prefetch-next": false,
@@ -103,6 +116,7 @@ const TorBirdyPrefs = {
// - OCSP servers may log information about a user as they use the internet
// generally; it's everything we hate about CRLs and more
"security.OCSP.enabled": 1,
+ "security.OCSP.GET.enabled": false,
"security.OCSP.require": false,
// Disable TLS Session Ticket.
// See https://trac.torproject.org/projects/tor/ticket/4099
@@ -111,7 +125,9 @@ const TorBirdyPrefs = {
// We do not want to enable a known weak protocol; users should use only use TLS
"security.enable_ssl3": false,
// Thunderbird 23.0 uses the following preference.
+ // https://bugs.torproject.org/11253
"security.tls.version.min": 1,
+ "security.tls.version.max": 3,
// Display a dialog warning the user when entering an insecure site from a secure one.
"security.warn_entering_weak": true,
// Display a dialog warning the user when submtting a form to an insecure site.
@@ -126,6 +142,8 @@ const TorBirdyPrefs = {
// Disable 'extension blocklist' which might leak the OS information.
// See https://trac.torproject.org/projects/tor/ticket/6734
"extensions.blocklist.enabled": false,
+ // Strict: certificate pinning is always enforced.
+ "security.cert_pinning.enforcement_level": 2,
/*
Mailnews
@@ -196,6 +214,46 @@ const TorBirdyPrefs = {
// Disable caching.
"browser.cache.disk.enable": false,
"browser.cache.memory.enable": false,
+ "browser.cache.offline.enable": false,
+ "browser.formfill.enable": false,
+ "signon.rememberSignons": false,
+ "signon.autofillForms": false,
+
+ // https://bugs.torproject.org/10367
+ "datareporting.healthreport.service.enabled": false,
+ "datareporting.healthreport.uploadEnabled": false,
+ "datareporting.policy.dataSubmissionEnabled": false,
+ "datareporting.healthreport.about.reportUrl": "data:text/plain,",
+
+ // https://bugs.torproject.org/16256
+ "browser.search.countryCode": "US",
+ "browser.search.region": "US",
+ "browser.search.geoip.url": "",
+
+ // These have been copied from Tor Browser and don't apply to Thunderbird
+ // since the browser surface is limited (Gmail/Twitter) but we set them
+ // nevertheless.
+ // Disable client-side session and persistent storage.
+ "dom.storage.enabled": false,
+ // https://bugs.torproject.org/15758
+ "device.sensors.enabled": false,
+ // https://bugs.torproject.org/5293
+ "dom.battery.enabled": false,
+ // https://bugs.torproject.org/6204
+ "dom.enable_performance": false,
+ // https://bugs.torproject.org/13023
+ "dom.gamepad.enabled": false,
+ // https://bugs.torproject.org/8382
+ "dom.indexedDB.enabled": false,
+ // https://bugs.torproject.org/13024
+ "dom.enable_resource_timing": false,
+ // https://bugs.torproject.org/16336
+ "dom.enable_user_timing": false,
+ // https://bugs.torproject.org/17046
+ "dom.event.highrestimestamp.enabled": true,
+
+ // https://bugs.torproject.org/11817
+ "extensions.getAddons.cache.enabled": false,
/*
Enigmail
@@ -230,6 +288,45 @@ const TorBirdyPrefs = {
// Force GnuPG to use SHA512.
"extensions.enigmail.mimeHashAlgorithm": 5,
+ /*
+ Chat and Calendar
+ */
+
+ // Thunderbird 15 introduces the chat feature so disable the preferences below.
+ "purple.logging.log_chats": false,
+ "purple.logging.log_ims": false,
+ "purple.logging.log_system": false,
+ "purple.conversations.im.send_typing": false,
+
+ // Messenger related preferences.
+ // Do not report idle.
+ "messenger.status.reportIdle": false,
+ "messenger.status.awayWhenIdle": false,
+ // Set the following preferences to empty strings.
+ "messenger.status.defaultIdleAwayMessage": "",
+ "messenger.status.userDisplayName": "",
+ // Do not connect automatically.
+ "messenger.startup.action": 0,
+ // Ignore invitations; do not automatically accept them.
+ "messenger.conversations.autoAcceptChatInvitations": 0,
+ // Do not format incoming messages.
+ "messenger.options.filterMode": 0,
+ // On copying the content in the chat window, remove the time information.
+ // See `comm-central/chat/locales/conversations.properties' for more information.
+ "messenger.conversations.selections.systemMessagesTemplate": "%message%",
+ "messenger.conversations.selections.contentMessagesTemplate": "%sender%: %message%",
+ "messenger.conversations.selections.actionMessagesTemplate": "%sender% %message%",
+
+ // Mozilla Lightning.
+ "calendar.useragent.extra": "",
+ // We have to set a timezone otherwise the system time is used. "UTC" or
+ // "GMT" is not an option so we set it to Europe/London.
+ "calendar.timezone.local": "Europe/London",
+
+ /*
+ Other Settings
+ */
+
// RSS.
"rss.display.prefer_plaintext": true,
// These are similar to the mailnews.* settings.
@@ -251,18 +348,10 @@ const TorBirdyPrefs = {
// Disable JavaScript (email).
"javascript.enabled": false,
- // Disable client-side session and persistent storage.
- "dom.storage.enabled": false,
- // Do not run plugins out-of-process.
- "dom.ipc.plugins.java.enabled": false,
- // Disable changing of images via JavaScript.
- "dom.disable_image_src_set": true,
-
// Disable WebM, WAV, Ogg, PeerConnection.
- "media.webm.enabled": false,
- "media.wave.enabled": false,
- "media.ogg.enabled": false,
+ "media.navigator.enabled": false,
"media.peerconnection.enabled": false,
+ "media.cache_size": 0,
// Disable CSS :visited selector.
"layout.css.visited_links_enabled": false,
@@ -273,37 +362,9 @@ const TorBirdyPrefs = {
// Disable remote images.
"permissions.default.image": 2,
- // Thunderbird 15 introduces the chat feature so disable the preferences below.
- "purple.logging.log_chats": false,
- "purple.logging.log_ims": false,
- "purple.logging.log_system": false,
- "purple.conversations.im.send_typing": false,
-
- // Messenger related preferences.
- // Do not report idle.
- "messenger.status.reportIdle": false,
- "messenger.status.awayWhenIdle": false,
- // Set the following preferences to empty strings.
- "messenger.status.defaultIdleAwayMessage": "",
- "messenger.status.userDisplayName": "",
- // Do not connect automatically.
- "messenger.startup.action": 0,
- // Ignore invitations; do not automatically accept them.
- "messenger.conversations.autoAcceptChatInvitations": 0,
- // Do not format incoming messages.
- "messenger.options.filterMode": 0,
- // On copying the content in the chat window, remove the time information.
- // See `comm-central/chat/locales/conversations.properties' for more information.
- "messenger.conversations.selections.systemMessagesTemplate": "%message%",
- "messenger.conversations.selections.contentMessagesTemplate": "%sender%: %message%",
- "messenger.conversations.selections.actionMessagesTemplate": "%sender% %message%",
-
- // Mozilla Lightning.
- "calendar.useragent.extra": "",
- // We have to set a timezone otherwise the system time is used. "UTC" or
- // "GMT" is not an option so we set it to Europe/London.
- "calendar.timezone.local": "Europe/London",
-
+ /*
+ Finish
+ */
// All preferences have been set: now enable TorBirdy.
"extensions.torbirdy.protected": true,
}
More information about the tor-commits
mailing list