diff --git a/modules/firefox.nix b/modules/firefox.nix index 8ab5561..52a15f6 100644 --- a/modules/firefox.nix +++ b/modules/firefox.nix @@ -17,7 +17,59 @@ enable = true; profiles.default = { isDefault = true; - settings = {}; + # https://wiki.archlinux.org/title/Firefox/Privacy + settings = { + # Don't execute JavaScript from PDF files. + "pdfjs.enableScripting" = false; + # "Do Not Track" header. + "privacy.donottrackheader.enabled" = true; + # HTTPS-only mode in all windows. + # https://www.privacy-handbuch.de/handbuch_21l.htm + "dom.security.https_only_mode" = true; + # Don't ask to save passwords/logins. + "signon.rememberSignons" = false; + + # https://wiki.archlinux.org/title/Firefox/Privacy#Tracking_protection + "privacy.trackingprotection.enabled" = true; + #"privacy.trackingprotection.emailtracking.enabled" = true; + #"privacy.trackingprotection.socialtracking.enabled" = true; + + # https://wiki.archlinux.org/title/Firefox/Privacy#Anti-fingerprinting + "privacy.resistFingerprinting" = true; + # https://wiki.archlinux.org/title/Firefox/Privacy#First_party_isolation + "privacy.firstparty.isolate" = true; + + # https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + # The attribute would be useful for letting websites track visitors’ clicks. + "browser.send_pings" = false; + + # https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + # Disable preloading of autocomplete URLs. + # Firefox preloads URLs that autocomplete when a user types into the address bar, + # which is a concern if URLs are suggested that the user does not want to connect to. + "browser.urlbar.speculativeConnect.enabled" = false; + + # https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + # Website owners can track the battery status of your device. + "dom.battery.enabled" = false; + + # https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + # Disable that websites can get notifications if you copy, paste, or cut something from a web page, + # and it lets them know which part of the page had been selected. + "dom.event.clipboardevents.enabled" = false; + + # https://wiki.mozilla.org/Privacy/Privacy_Task_Force/firefox_about_config_privacy_tweeks + # Only accept from the originating site (block third party cookies) + "network.cookie.cookieBehavior" = 1; + + # DNS-over-HTTPS + # https://www.privacy-handbuch.de/handbuch_21w.htm + "network.trr.mode" = 3; + "network.trr.uri" = "https://doh.ffmuc.net/dns-query"; + + # Don't automatically save PDF files in ~/Downloads/ + "browser.download.start_downloads_in_tmp_dir" = true; + }; search.default = "Startpage"; search.engines = { diff --git a/modules/thunderbird.nix b/modules/thunderbird.nix index 7afc232..315c9f0 100644 --- a/modules/thunderbird.nix +++ b/modules/thunderbird.nix @@ -40,18 +40,20 @@ #userContent = ""; withExternalGnupg = true; settings = { - "mail.spellcheck.inline" = false; # Don't execute JavaScript from PDF files. "pdfjs.enableScripting" = false; - # Use Paragraph format instead of Body Text by default = false - "mail.compose.default_to_paragraph" = false; "privacy.donottrackheader.enabled" = true; + # 1: Allow cookies from originating server only # https://kb.mozillazine.org/Network.cookie.cookieBehavior "network.cookie.cookieBehavior" = 1; # 2: Accept for session only # https://kb.mozillazine.org/Network.cookie.lifetimePolicy "network.cookie.lifetimePolicy" = 2; + + "mail.spellcheck.inline" = false; + # Use Paragraph format instead of Body Text by default = false + "mail.compose.default_to_paragraph" = false; # When new messages arrive: Show an alert = false "mail.biff.show_alert" = false; # When new messages arrive: Play a sound = false