🔥 removed disabling ClickToRun as it breaks office

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/deploy.yaml

@@ -1,145 +0,0 @@
-name: Build & deploy
-
-on:
- release:
-   types: [created] # will be triggered when a NON-draft release is created and published.
-
-jobs:
-  aws-deploy: # see: https://github.com/undergroundwires/aws-static-site-with-cd
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: "Infrastructure: Checkout"
-        uses: actions/checkout@v2
-        with:
-          path: aws
-          repository: undergroundwires/aws-static-site-with-cd
-      -
-        name: "Infrastructure: Create AWS user profile & session name"
-        run: >-
-          bash "scripts/configure/create-user-profile.sh" \
-            --profile user \
-            --access-key-id ${{secrets.AWS_DEPLOYMENT_USER_ACCESS_KEY_ID}} \
-            --secret-access-key ${{secrets.AWS_DEPLOYMENT_USER_SECRET_ACCESS_KEY}} \
-            --region us-east-1 \
-          && \
-            echo "::set-env name=SESSION_NAME::${{github.actor}}-${{github.event_name}}-$(echo ${{github.sha}} | cut -c1-8)"
-        working-directory: aws
-      -
-        name: "Infrastructure: Deploy IAM stack"
-        run: >-
-          bash "scripts/deploy/deploy-stack.sh" \
-            --template-file stacks/iam-stack.yaml \
-            --stack-name privacysexy-iam-stack \
-            --capabilities CAPABILITY_IAM \
-            --parameter-overrides "WebStackName=privacysexy-web-stack DnsStackName=privacysexy-dns-stack \
-                                   CertificateStackName=privacysexy-cert-stack RootDomainName=privacy.sexy" \
-            --region us-east-1 --role-arn ${{secrets.AWS_IAM_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{ env.SESSION_NAME }}
-        working-directory: aws
-      -
-        name: "Infrastructure: Deploy DNS stack"
-        run: >-
-          bash "scripts/deploy/deploy-stack.sh" \
-            --template-file stacks/dns-stack.yaml \
-            --stack-name privacysexy-dns-stack \
-            --parameter-overrides "RootDomainName=privacy.sexy" \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_DNS_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{ env.SESSION_NAME }}
-        working-directory: aws
-      -
-        name: "Infrastructure: Deploy certificate stack"
-        run: >-
-          bash "scripts/deploy/deploy-stack.sh" \
-            --template-file stacks/certificate-stack.yaml \
-            --stack-name privacysexy-cert-stack \
-            --capabilities CAPABILITY_IAM \
-            --parameter-overrides "IamStackName=privacysexy-iam-stack RootDomainName=privacy.sexy DnsStackName=privacysexy-dns-stack" \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_CERTIFICATE_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{ env.SESSION_NAME }}
-        working-directory: aws
-      -
-        name: "Infrastructure: Deploy web stack"
-        run: >-
-          bash "scripts/deploy/deploy-stack.sh" \
-            --template-file stacks/web-stack.yaml \
-            --stack-name privacysexy-web-stack \
-            --parameter-overrides "CertificateStackName=privacysexy-cert-stack DnsStackName=privacysexy-dns-stack \
-                                   RootDomainName=privacy.sexy UseDeepLinks=true" \
-            --capabilities CAPABILITY_IAM \
-            --region us-east-1 \
-            --role-arn ${{secrets.AWS_WEB_STACK_DEPLOYMENT_ROLE_ARN}} \
-            --profile user --session ${{ env.SESSION_NAME }}
-        working-directory: aws
-      -
-        name: "App: Checkout"
-        uses: actions/checkout@v2
-        with:
-          path: site
-          ref: master # otherwise we don't get version bump commit
-      -
-        name: "App: Setup node"
-        uses: actions/setup-node@v1
-        with:
-          node-version: '14.x'
-      -
-        name: "App: Install dependencies"
-        run: npm ci
-        working-directory: site
-      -
-        name: "App: Run tests"
-        run: npm run test:unit
-        working-directory: site
-      - 
-        name: "App: Build"
-        run: npm run build
-        working-directory: site
-      -
-        name: "App: Deploy to S3"
-        run: >-
-          bash "aws/scripts/deploy/deploy-to-s3.sh" \
-            --folder site/dist \
-            --web-stack-name privacysexy-web-stack --web-stack-s3-name-output-name S3BucketName \
-            --storage-class ONEZONE_IA \
-            --role-arn ${{secrets.AWS_S3_SITE_DEPLOYMENT_ROLE_ARN}} \
-            --region us-east-1 \
-            --profile user --session ${{ env.SESSION_NAME }}
-      -
-        name: "App: Invalidate CloudFront cache"
-        run: >-
-          bash "aws/scripts/deploy/invalidate-cloudfront-cache.sh" \
-            --paths "/*" \
-            --web-stack-name privacysexy-web-stack --web-stack-cloudfront-arn-output-name CloudFrontDistributionArn \
-            --role-arn ${{secrets.AWS_CLOUDFRONT_SITE_DEPLOYMENT_ROLE_ARN}} \
-            --region us-east-1 \
-            --profile user --session ${{ env.SESSION_NAME }}
-  desktop-deploy:
-    runs-on: windows-latest
-    steps:
-      -
-        name: Set GitHub PAT token # https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#github-personal-access-token
-        run: set GH_TOKEN=TOKEN-GOES-HERE
-      -
-        name: Checkout
-        uses: actions/checkout@v2
-        with:
-          ref: master # otherwise it defaults to the version tag missing bump commit
-          fetch-depth: 0 # fetch all history
-      - name: Checkout to bump commit
-        run: git checkout "$(git rev-list "${{ github.event.release.tag_name }}"..master | tail -1)"
-      -
-        name: Setup node
-        uses: actions/setup-node@v1
-        with:
-          node-version: '14.x'
-      -
-        name: Install dependencies
-        run: npm ci
-      -
-        name: Run tests
-        run: npm run test:unit
-      - 
-        name: Upload Release to GitHub # https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#upload-release-to-github
-        run: npm run electron:build -- -p always

CHANGELOG.md

@@ -1,5 +1,29 @@
 # Changelog
 
+## 0.6.1 (2020-08-09)
+
+* updated documentation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5963d2bac551083f9d16cce6b851abf0e8b88ce7)
+* fixed typo in footer | [commit](https://github.com/undergroundwires/privacy.sexy/commit/5c15a7a64aaf24578a32713dec491bf494216303)
+* more scripts can be reverted | [commit](https://github.com/undergroundwires/privacy.sexy/commit/831c014f977515454ee6dc664d77a8c434495501)
+* moved windows connect now to security & recommended | [commit](https://github.com/undergroundwires/privacy.sexy/commit/6049a2b834d8d17af741f8d8f8b07cd15153b001)
+* fixed mac / linux download links | [commit](https://github.com/undergroundwires/privacy.sexy/commit/4c8be45e287b5ea009d6f828f7f327f37850569e)
+* tweaks to disable webcam, speech and compatibility telemetry | [commit](https://github.com/undergroundwires/privacy.sexy/commit/a5dbe66fc175e39397f296ab2ff703e9b0ab4d7c)
+* refactorings | [commit](https://github.com/undergroundwires/privacy.sexy/commit/66d4d39d5bf3db305450514c6b6224654dafbfb2)
+* fixed removing onedrive does not clean start menu / quick access | [commit](https://github.com/undergroundwires/privacy.sexy/commit/1cc12195a3e9a11c590d3ed64d80299b50f74838)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.6.0...0.6.1)
+
+## 0.6.0 (2020-07-26)
+
+* fixed dead links in documentation | [commit](https://github.com/undergroundwires/privacy.sexy/commit/25ce236a7737decaf2eb9b8c29a4c4f34d43f770)
+* runs tests on each push on the repository | [commit](https://github.com/undergroundwires/privacy.sexy/commit/73c426844a0330718a9ab7de12b61ca05e853323)
+* code area now shows "how" before "why" | [commit](https://github.com/undergroundwires/privacy.sexy/commit/4ff4b52202b1c5dbfe2b80580bbe7d93132ab05c)
+* support for desktop versions #20 | [commit](https://github.com/undergroundwires/privacy.sexy/commit/04b9b59e14766ccd251474ad3710baf1f682fd49)
+* reworked on footer & removed github icon | [commit](https://github.com/undergroundwires/privacy.sexy/commit/60a5a2aa4026d384bef9e6a203f1b7514a269c33)
+* updated dependencies to latest | [commit](https://github.com/undergroundwires/privacy.sexy/commit/45816a2bccb3d11a50e3f2bc19c0a6cc2587deaa)
+
+[compare](https://github.com/undergroundwires/privacy.sexy/compare/0.5.0...0.6.0)
+
 ## 0.5.0 (2020-07-19)
 
 * added ability to revert (#21) | [commit](https://github.com/undergroundwires/privacy.sexy/commit/9c063d59defa6297c64f50b49403e8bd10620de9)

CONTRIBUTING.md

@@ -21,7 +21,7 @@
 - 🙏 DO
   - Document your changes in the pull request
 - ❗ DON'T
-  - Do not update the versions, current version is only [set by the maintainer](./docs/gitops.png) and updated automatically by [bump-everywhere](https://github.com/undergroundwires/bump-everywhere)
+  - Do not update the versions, current version is only [set by the maintainer](./img/architecture/gitops.png) and updated automatically by [bump-everywhere](https://github.com/undergroundwires/bump-everywhere)
 
 ## Guidelines
 

README.md

@@ -15,7 +15,9 @@
 ## Get started
 
 - Online version: [https://privacy.sexy](https://privacy.sexy)
-- Or download latest desktop version for [Windows](https://github.com/undergroundwires/privacy-sexy/releases/download/0.5.0/privacy.sexy-Setup-0.5.0.exe), [Linux](https://github.com/undergroundwires/privacy-sexy/releases/download/0.5.0/privacy.sexy-0.5.0.dmg), [macOS](https://github.com/undergroundwires/privacy-sexy/releases/download/0.5.0/privacy.sexy-0.5.0-mac.zip)
+  - or download latest desktop version for [Windows](https://github.com/undergroundwires/privacy.sexy/releases/download/0.6.1/privacy.sexy-Setup-0.6.1.exe), [Linux](https://github.com/undergroundwires/privacy.sexy/releases/download/0.6.1/privacy.sexy-0.6.1.AppImage), [macOS](https://github.com/undergroundwires/privacy.sexy/releases/download/0.6.1/privacy.sexy-0.6.1.dmg)
+
+![privacy.sexy application](img/app.png)
 
 ## Why
 
@@ -46,14 +48,14 @@
   - Development: `npm run serve` to compile & hot-reload for development.
   - Production: `npm run build` to prepare files for distribution.
   - Or run using Docker:
-    1. Build: `docker build -t undergroundwires/privacy.sexy:0.5.0 .`
-    2. Run: `docker run -it -p 8080:80 --rm --name privacy.sexy-0.5.0 undergroundwires/privacy.sexy:0.5.0`
+    1. Build: `docker build -t undergroundwires/privacy.sexy:0.6.1 .`
+    2. Run: `docker run -it -p 8080:80 --rm --name privacy.sexy-0.6.1 undergroundwires/privacy.sexy:0.6.1`
 
 ## Architecture
 
 ### Application
 
-- Powered by **TypeScript** + **Vue.js** 💪
+- Powered by **TypeScript**, **Vue.js** and **Electron** 💪
   - and driven by **Domain-driven design**, **Event-driven architecture**, **Data-driven programming** concepts.
 - Application uses highly decoupled models & services in different DDD layers.
   - **Domain layer** is where the application is modelled with validation logic.
@@ -66,11 +68,11 @@
       - The [state](src/application/State/ApplicationState.ts) is a mutable singleton & event producer.
     - The application is defined & controlled in a [single YAML file](src/application/application.yaml) (see [Data-driven programming](https://en.wikipedia.org/wiki/Data-driven_programming))
 
-![DDD + vue.js](docs/app-ddd.png)
+![DDD + vue.js](img/architecture/app-ddd.png)
 
 ### AWS Infrastructure
 
-[![AWS solution](docs/aws-solution.png)](https://github.com/undergroundwires/aws-static-site-with-cd)
+[![AWS solution](img/architecture/aws-solution.png)](https://github.com/undergroundwires/aws-static-site-with-cd)
 
 - It uses infrastructure from the following repository: [aws-static-site-with-cd](https://github.com/undergroundwires/aws-static-site-with-cd)
   - Runs on AWS 100% serverless and automatically provisioned using [GitHub Actions](.github/workflows/).
@@ -82,4 +84,4 @@
   - Versioning, tagging, creation of `CHANGELOG.md` and releasing is automated using [bump-everywhere](https://github.com/undergroundwires/bump-everywhere) action
 - Everything that's merged in the master goes directly to production.
 
-[![CI/CD to AWS with GitHub Actions](docs/gitops.png)](.github/workflows/)
+[![CI/CD to AWS with GitHub Actions](img/architecture/gitops.png)](.github/workflows/)

build/README.md

@@ -0,0 +1,5 @@
+# build
+
+- These are the file that are used by electron.
+- Logos are created by from the [PNG icon](./../public/icon.png)
+  - by running `npx electron-icon-builder --input=./public/icon.png --output=build --flatten`

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "privacy.sexy",
-  "version": "0.5.0",
+  "version": "0.6.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -1757,6 +1757,16 @@
       "integrity": "sha512-Phlt0plgpIIBOGTT/ehfFnbNlfsDEiqmzE2KRXoX1bLIlir4X/MR+zSyBEkL05ffWgnRSf/DXv+WrUAVr93/ow==",
       "dev": true
     },
+    "bindings": {
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz",
+      "integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ==",
+      "dev": true,
+      "optional": true,
+      "requires": {
+        "file-uri-to-path": "1.0.0"
+      }
+    },
     "bluebird": {
       "version": "3.7.2",
       "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.7.2.tgz",
@@ -4901,9 +4911,9 @@
       }
     },
     "elliptic": {
-      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz",
-      "integrity": "sha512-f4x70okzZbIQl/NSRLkI/+tteV/9WqL98zx+SQ69KbXxmVrmjwsNUPn/gYJJ0sHvEak24cZgHIPegRePAtA/xw==",
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
+      "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
       "dev": true,
       "requires": {
         "bn.js": "^4.4.0",
@@ -5473,6 +5483,13 @@
       "resolved": "https://registry.npmjs.org/file-saver/-/file-saver-2.0.2.tgz",
       "integrity": "sha512-Wz3c3XQ5xroCxd1G8b7yL0Ehkf0TC9oYC6buPFkNnU9EnaPlifeAFCyCh+iewXTyFRcg0a6j3J7FmJsIhlhBdw=="
     },
+    "file-uri-to-path": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/file-uri-to-path/-/file-uri-to-path-1.0.0.tgz",
+      "integrity": "sha512-0Zt+s3L7Vf1biwWZ29aARiVYLx7iMGnEUl9x33fbB/j3jR81u/O2LbqK+Bm1CDSNDKVtJ/YjwY7TUd5SkeLQLw==",
+      "dev": true,
+      "optional": true
+    },
     "filelist": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.1.tgz",
@@ -8541,7 +8558,11 @@
           "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz",
           "integrity": "sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==",
           "dev": true,
-          "optional": true
+          "optional": true,
+          "requires": {
+            "bindings": "^1.5.0",
+            "nan": "^2.12.1"
+          }
         },
         "glob-parent": {
           "version": "5.1.0",
@@ -8750,6 +8771,13 @@
         "thenify-all": "^1.0.0"
       }
     },
+    "nan": {
+      "version": "2.14.1",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.14.1.tgz",
+      "integrity": "sha512-isWHgVjnFjh2x2yuJ/tj3JbwoHu3UC2dX5G/88Cm24yB6YopVgxvBObDY7n5xW6ExmFhJpSEQqFPvq9zaXc8Jw==",
+      "dev": true,
+      "optional": true
+    },
     "nanomatch": {
       "version": "1.2.13",
       "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz",
@@ -14640,7 +14668,11 @@
           "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz",
           "integrity": "sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==",
           "dev": true,
-          "optional": true
+          "optional": true,
+          "requires": {
+            "bindings": "^1.5.0",
+            "nan": "^2.12.1"
+          }
         },
         "is-binary-path": {
           "version": "1.0.1",
@@ -14931,7 +14963,11 @@
           "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-1.2.13.tgz",
           "integrity": "sha512-oWb1Z6mkHIskLzEJ/XWX0srkpkTQ7vaopMQkyaEIoq0fmtFVxOthb8cCxeT+p3ynTdkk/RZwbgG4brR5BeWECw==",
           "dev": true,
-          "optional": true
+          "optional": true,
+          "requires": {
+            "bindings": "^1.5.0",
+            "nan": "^2.12.1"
+          }
         },
         "is-absolute-url": {
           "version": "3.0.3",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "privacy.sexy",
-  "version": "0.5.0",
+  "version": "0.6.1",
   "author": "undergroundwires",
   "description": "Enforce privacy & security best-practices on Windows, because privacy is sexy 🍑🍆",
   "private": true,

src/application/Environment/BrowserOs/DetectorBuilder.ts

@@ -8,19 +8,11 @@ export class DetectorBuilder {
     constructor(private readonly os: OperatingSystem) { }
 
     public mustInclude(str: string): DetectorBuilder {
-        if (!str) {
-            throw new Error('part to include is empty or undefined');
-        }
-        this.existingPartsInUserAgent.push(str);
-        return this;
+        return this.add(str, this.existingPartsInUserAgent);
     }
 
     public mustNotInclude(str: string): DetectorBuilder {
-        if (!str) {
-            throw new Error('part to not include is empty or undefined');
-        }
-        this.notExistingPartsInUserAgent.push(str);
-        return this;
+        return this.add(str, this.notExistingPartsInUserAgent);
     }
 
     public build(): IBrowserOsDetector {
@@ -28,22 +20,34 @@ export class DetectorBuilder {
             throw new Error('Must include at least a part');
         }
         return {
-            detect: (userAgent) => {
-                if (!userAgent) {
-                    throw new Error('User agent is null or undefined');
-                }
-                for (const exitingPart of this.existingPartsInUserAgent) {
-                    if (!userAgent.includes(exitingPart)) {
-                        return OperatingSystem.Unknown;
-                    }
-                }
-                for (const notExistingPart of this.notExistingPartsInUserAgent) {
-                    if (userAgent.includes(notExistingPart)) {
-                        return OperatingSystem.Unknown;
-                    }
-                }
-                return this.os;
-            },
+            detect: (agent) => this.detect(agent),
         };
     }
+
+    private detect(userAgent: string): OperatingSystem {
+        if (!userAgent) {
+            throw new Error('User agent is null or undefined');
+        }
+        if (this.existingPartsInUserAgent.some((part) => !userAgent.includes(part))) {
+            return OperatingSystem.Unknown;
+        }
+        if (this.notExistingPartsInUserAgent.some((part) => userAgent.includes(part))) {
+            return OperatingSystem.Unknown;
+        }
+        return this.os;
+    }
+
+    private add(part: string, array: string[]): DetectorBuilder {
+        if (!part) {
+            throw new Error('part is empty or undefined');
+        }
+        if (this.existingPartsInUserAgent.includes(part)) {
+            throw new Error(`part ${part} is already included as existing part`);
+        }
+        if (this.notExistingPartsInUserAgent.includes(part)) {
+            throw new Error(`part ${part} is already included as not existing part`);
+        }
+        array.push(part);
+        return this;
+    }
 }

src/application/Parser/DocumentationParser.ts

@@ -1,37 +1,46 @@
-import { YamlDocumentable } from 'js-yaml-loader!./application.yaml';
+import { YamlDocumentable, DocumentationUrls } from 'js-yaml-loader!./application.yaml';
 
 export function parseDocUrls(documentable: YamlDocumentable): ReadonlyArray<string> {
     if (!documentable) {
         throw new Error('documentable is null or undefined');
     }
     const docs = documentable.docs;
-    if (!docs) {
+    if (!docs || !docs.length) {
         return [];
     }
-    const result = new DocumentationUrls();
-    if (docs instanceof Array) {
-        for (const doc of docs) {
-            if (typeof doc !== 'string') {
-                throw new Error('Docs field (documentation url) must be an array of strings');
-            }
-            result.add(doc);
-        }
-    } else if (typeof docs === 'string') {
-        result.add(docs);
-    } else {
-        throw new Error('Docs field (documentation url) must a string or array of strings');
-    }
+    let result = new DocumentationUrlContainer();
+    result = addDocs(docs, result);
     return result.getAll();
 }
 
-class DocumentationUrls {
+function addDocs(docs: DocumentationUrls, urls: DocumentationUrlContainer): DocumentationUrlContainer {
+    if (docs instanceof Array) {
+        urls.addUrls(docs);
+    } else if (typeof docs === 'string') {
+        urls.addUrl(docs);
+    } else {
+        throw new Error('Docs field (documentation url) must a string or array of strings');
+    }
+    return urls;
+}
+
+class DocumentationUrlContainer {
     private readonly urls = new Array<string>();
 
-    public add(url: string) {
+    public addUrl(url: string) {
         validateUrl(url);
         this.urls.push(url);
     }
 
+    public addUrls(urls: any[]) {
+        for (const url of urls) {
+            if (typeof url !== 'string') {
+                throw new Error('Docs field (documentation url) must be an array of strings');
+            }
+            this.addUrl(url);
+        }
+    }
+
     public getAll(): ReadonlyArray<string> {
         return this.urls;
     }

src/application/application.yaml

@@ -122,6 +122,10 @@ actions:
                                 code: |-
                                    reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU" /va /f
                                    reg delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths" /va /f
+                    -
+                        name: Clear Dotnet CLI telemetry
+                        recommend: true
+                        code: rmdir /s /q "%USERPROFILE%\.dotnet\TelemetryStorageService" 2>nul
             - 
                 category: Clear browser history
                 children:
@@ -351,6 +355,26 @@ actions:
                             schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" /ENABLE
                             schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" /ENABLE
                             schtasks /change /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" /ENABLE
+                    -
+                        name: Disable Webcam Telemetry (devicecensus.exe)
+                        recommend: true
+                        docs: https://www.ghacks.net/2019/09/23/what-is-devicecensus-exe-on-windows-10-and-why-does-it-need-internet-connectivity/
+                        code: schtasks /change /TN "Microsoft\Windows\Device Information\Device" /DISABLE
+                        revertCode: schtasks /change /TN "Microsoft\Windows\Device Information\Device" /ENABLE
+                    -
+                        name: Disable Application Experience (Compatibility Telemetry)
+                        recommend: true
+                        code: |-
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /DISABLE
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /DISABLE
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /DISABLE
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\AitAgent" /DISABLE
+                            reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CompatTelRunner.exe" /v Debugger /t REG_SZ /d "%windir%\System32\taskkill.exe" /f
+                        revertCode: |-
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" /ENABLE
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\ProgramDataUpdater" /ENABLE
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\StartupAppTask" /ENABLE
+                            schtasks /change /TN "Microsoft\Windows\Application Experience\AitAgent" /ENABLE
                     -
                         name: Disable telemetry in data collection policy
                         recommend: true
@@ -367,17 +391,59 @@ actions:
                     -
                         name: Disable error reporting
                         recommend: true
+                        docs:
+                            - https://docs.microsoft.com/en-us/windows/win32/wer/wer-settings
+                            - https://www.stigviewer.com/stig/windows_10/2016-06-24/finding/V-63493
                         code: |-
-                            reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
+                            :: Disable Windows Error Reporting (WER)
+                            reg add "HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t REG_DWORD /d "1" /f
                             reg add "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /t "REG_DWORD" /d "1" /f
+                            :: DefaultConsent / 1 - Always ask (default) / 2 - Parameters only / 3 - Parameters and safe data / 4 - All data
+                            reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultConsent" /t REG_DWORD /d "0" /f
+                            reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultOverrideBehavior" /t REG_DWORD /d "1" /f
+                            :: Disable WER sending second-level data
+                            reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /t REG_DWORD /d "1" /f
+                            :: Disable WER crash dialogs, popups
+                            reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t REG_DWORD /d "1" /f
+                            schtasks /Change /TN "Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" /Disable
+                            schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Disable
+                            :: Disable Windows Error Reporting Service
                             sc stop "WerSvc" & sc config "WerSvc" start=disabled
                             sc stop "wercplsupport" & sc config "wercplsupport" start=disabled
+                        revertCode: |-
+                            :: Enable Windows Error Reporting (WER)
+                            reg delete "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /f
+                            reg delete "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v "Disabled" /f
+                            :: DefaultConsent / 1 - Always ask (default) / 2 - Parameters only / 3 - Parameters and safe data / 4 - All data
+                            reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultConsent" /t REG_DWORD /d "1" /f
+                            reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting\Consent" /v "DefaultOverrideBehavior" /t REG_DWORD /d "0" /f
+                            :: Enable WER sending second-level data
+                            reg delete "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "DontSendAdditionalData" /f
+                            :: Enable WER crash dialogs, popups
+                            reg add "HKLM\Software\Microsoft\Windows\Windows Error Reporting" /v "LoggingDisabled" /t REG_DWORD /d "0" /f
+                            schtasks /Change /TN "Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" /Enable
+                            schtasks /Change /TN "Microsoft\Windows\Windows Error Reporting\QueueReporting" /Enable
+                            :: Enable Windows Error Reporting Service
+                            sc config "WerSvc" start=demand
+                            sc config "wercplsupport" start=demand
             -
                 name: Disable online device metadata collection
-                recommend: true
+                recommend: false
+                docs:
+                    - https://www.stigviewer.com/stig/windows_server_2012_member_server/2014-01-07/finding/V-21964
+                    - https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork
                 code: |-
                     reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f
                     reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 1 /f
+                revertCode: |-
+                    reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 0 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata" /v "PreventDeviceMetadataFromNetwork" /t REG_DWORD /d 0 /f
+            -
+                name: Disable cloud speech recognation
+                recommend: true
+                docs: https://www.tenforums.com/tutorials/101902-turn-off-online-speech-recognition-windows-10-a.html
+                code: reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t "REG_DWORD" /d 0 /f
+                revertCode: reg add "HKCU\Software\Microsoft\Speech_OneCore\Settings\OnlineSpeechPrivacy" /v "HasAccepted" /t "REG_DWORD" /d 1 /f
             -
                 name: Disable active prompting (pings to MSFT NCSI server)
                 recommend: false
@@ -701,13 +767,6 @@ actions:
                     reg add "HKLM\SOFTWARE\Microsoft\PolicyManager\default\System\AllowExperimentation" /v "value" /t "REG_DWORD" /d 0 /f
                     reg add "HKLM\SOFTWARE\Microsoft\WindowsSelfHost\UI\Visibility" /v "HideInsiderPage" /t "REG_DWORD" /d "1" /f
                     sc stop "wisvc" & sc config "wisvc" start=disabled
-            -
-                name: Disable the Windows Connect Now wizard
-                recommend: false
-                docs:
-                    - https://docs.microsoft.com/en-us/windows/win32/wcn/about-windows-connect-now
-                    - https://www.windows-security.org/f637a705712eb59f8cd410673c96472e/prohibit-access-of-the-windows-connect-now-wizards
-                code: reg add "HKCU\Software\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t REG_DWORD /d 1 /f
             -
                 category: Disable cloud sync
                 children:
@@ -834,9 +893,10 @@ actions:
                                 recommend: true
                                 code: reg add "HKLM\SOFTWARE\Policies\Microsoft\MRT" /v "DontReportInfectionInformation" /t REG_DWORD /d 1 /f
             -
-                name: Disable NetCore Cli telemetry
+                name: Disable NET Core CLI telemetry
                 recommend: true
                 code: setx DOTNET_CLI_TELEMETRY_OPTOUT 1
+                revertCode: setx DOTNET_CLI_TELEMETRY_OPTOUT 0
             -
                 name: Disable NVIDIA telemetry
                 recommend: true
@@ -873,27 +933,97 @@ actions:
                     del %appdata%\Code\User\settings.json
                     echo { "telemetry.enableCrashReporter": false, "telemetry.enableTelemetry": false } > %appdata%\Code\User\settings.json
             -
-                name: Disable Microsoft Office telemetry
-                recommend: true
+                category: Disable Microsoft Office telemetry
                 docs: https://docs.microsoft.com/en-us/deployoffice/compat/manage-the-privacy-of-data-monitored-by-telemetry-in-office
-                code: |-
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\osm" /v "Enablelogging" /t REG_DWORD /d 0 /f 
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\osm" /v "EnableUpload" /t REG_DWORD /d 0 /f 
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\osm" /v "Enablelogging" /t REG_DWORD /d 0 /f 
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\osm" /v "EnableUpload" /t REG_DWORD /d 0 /f
-                    schtasks /change /TN "Microsoft\Office\Office ClickToRun Service Monitor" /DISABLE
-                    schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /DISABLE
-                    schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /DISABLE
-                    sc stop "ClickToRunSvc" & sc config "ClickToRunSvc" start=disabled
-                revertCode: |-
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\osm" /v "Enablelogging" /t REG_DWORD /d 1 /f 
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\osm" /v "EnableUpload" /t REG_DWORD /d 1 /f 
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\osm" /v "Enablelogging" /t REG_DWORD /d 1 /f 
-                    reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\osm" /v "EnableUpload" /t REG_DWORD /d 1 /f
-                    schtasks /change /TN "Microsoft\Office\Office ClickToRun Service Monitor" /ENABLE
-                    schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /ENABLE
-                    schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /ENABLE
-                    sc config "ClickToRunSvc" start=auto
+                children:
+                    -
+                        name: Disable logging
+                        recommend: true
+                        code: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableUpload" /t REG_DWORD /d 0 /f
+                        revertCode: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Mail" /v "EnableLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Word\Options" /v "EnableLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Outlook\Options\Calendar" /v "EnableCalendarLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\15.0\OSM" /v "EnableUpload" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Policies\Microsoft\Office\16.0\OSM" /v "EnableUpload" /t REG_DWORD /d 1 /f
+                    -
+                        name: Disable client telemetry
+                        recommend: true
+                        code: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 0 /f
+                        revertCode: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "DisableTelemetry" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\ClientTelemetry" /v "VerboseLogging" /t REG_DWORD /d 1 /f
+                    -
+                        name: Customer Experience Improvement Program
+                        docs: https://www.stigviewer.com/stig/microsoft_office_system_2013/2014-12-23/finding/V-17612
+                        recommend: true
+                        code: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common" /v "QMEnable" /t REG_DWORD /d 0 /f
+                        revertCode: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common" /v "QMEnable" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common" /v "QMEnable" /t REG_DWORD /d 1 /f
+                    -
+                        name: Disable feedback
+                        recommend: true
+                        code: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 0 /f
+                        revertCode: |-
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 1 /f
+                            reg add "HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Feedback" /v "Enabled" /t REG_DWORD /d 1 /f
+                    -
+                        name: Disable telemetry agent
+                        recommend: true
+                        code: |-
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack" /DISABLE
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /DISABLE
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn" /DISABLE
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /DISABLE
+                        revertCode: |-
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack" /ENABLE
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentFallBack2016" /ENABLE
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn" /ENABLE
+                            schtasks /change /TN "Microsoft\Office\OfficeTelemetryAgentLogOn2016" /ENABLE
+                    # - (breaks office, see https://answers.microsoft.com/en-us/office/forum/office_2016-officeapps/office-2016-click-to-run-service-is-it-necessary/07f87963-7193-488a-9885-d6339105824b)
+                    #     name: Disable ClickToRun Service Monitor
+                    #     recommend: false
+                    #     code: |-
+                    #         schtasks /change /TN "Microsoft\Office\Office ClickToRun Service Monitor" /DISABLE
+                    #         sc stop "ClickToRunSvc" & sc config "ClickToRunSvc" start=disabled
+                    #     revertCode: |-
+                    #         schtasks /change /TN "Microsoft\Office\Office ClickToRun Service Monitor" /ENABLE
+                    #         sc config "ClickToRunSvc" start=auto
+                    -
+                        name: Disable Subscription Heartbeat
+                        recommend: false
+                        code: |-
+                            schtasks /change /TN "Microsoft\Office\Office 15 Subscription Heartbeat" /DISABLE
+                            schtasks /change /TN "Microsoft\Office\Office 16 Subscription Heartbeat" /DISABLE
+                        revertCode: |-
+                            schtasks /change /TN "Microsoft\Office\Office 15 Subscription Heartbeat" /ENABLE
+                            schtasks /change /TN "Microsoft\Office\Office 16 Subscription Heartbeat" /ENABLE
             -
                 category: Configure browsers
                 children: 
@@ -1151,6 +1281,26 @@ actions:
                         code: |-
                             dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2Root" /NoRestart
                             dism /online /Disable-Feature /FeatureName:"MicrosoftWindowsPowerShellV2" /NoRestart
+            -
+                name: Disable the Windows Connect Now wizard
+                recommend: true
+                docs:
+                    - https://docs.microsoft.com/en-us/windows/win32/wcn/about-windows-connect-now
+                    - https://www.stigviewer.com/stig/windows_server_20122012_r2_domain_controller/2019-01-16/finding/V-15698
+                code: |-
+                    reg add "HKLM\Software\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t REG_DWORD /d 1 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableFlashConfigRegistrar" /t REG_DWORD /d 0 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableInBand802DOT11Registrar" /t REG_DWORD /d 0 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableUPnPRegistrar" /t REG_DWORD /d 0 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableWPDRegistrar" /t REG_DWORD /d 0 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "EnableRegistrars" /t REG_DWORD /d 0 /f
+                revertCode: |-
+                    reg add "HKLM\Software\Policies\Microsoft\Windows\WCN\UI" /v "DisableWcnUi" /t REG_DWORD /d 0 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableFlashConfigRegistrar" /t REG_DWORD /d 1 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableInBand802DOT11Registrar" /t REG_DWORD /d 1 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableUPnPRegistrar" /t REG_DWORD /d 1 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "DisableWPDRegistrar" /t REG_DWORD /d 1 /f
+                    reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars" /v "EnableRegistrars" /t REG_DWORD /d 1 /f
     -
         category: Privacy over security
         children:         
@@ -1249,11 +1399,13 @@ actions:
             -
                 name: Disable Sync Provider Notifications
                 recommend: false
-                code: REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSyncProviderNotifications" /d 0 /t REG_DWORD /f
+                code: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSyncProviderNotifications" /d 0 /t REG_DWORD /f
+                revertCode: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSyncProviderNotifications" /d 1 /t REG_DWORD /f
             -
                 name: Turn hibernate off to disable sleep for quick start
                 recommend: false
                 code: powercfg -h off
+                revertCode: powercfg -h on
                 docs: http://www.windows10windows7.com/w10/win10zs/100102504.html
             -
                 category: Hide from This PC and Browse in dialog boxes
@@ -1355,14 +1507,17 @@ actions:
                         name: Xbox Live Auth Manager
                         recommend: true
                         code: sc stop "XblAuthManager" & sc config "XblAuthManager" start=disabled
+                        revetCode: sc config "XblAuthManager" start=demand
                     -
                         name: Xbox Live Game Save
                         recommend: true
                         code: sc stop "XblGameSave" & sc config "XblGameSave" start=disabled
+                        revertCode: sc config "XblGameSave" start=demand
                     -
                         name: Xbox Live Networking Service
                         recommend: true
                         code: sc stop "XboxNetApiSvc" & sc config "XboxNetApiSvc" start=disabled
+                        revetCode: sc config "XboxNetApiSvc" start=demand
             -
                 name: Windows Biometric Service
                 recommend: true
@@ -1781,15 +1936,18 @@ actions:
             - 
               name: Remove OneDrive
               code: |-
-                taskkill /F /IM OneDrive.exe
+                taskkill /f /im OneDrive.exe
                 %SystemRoot%\System32\OneDriveSetup.exe /uninstall
                 %SystemRoot%\SysWOW64\OneDriveSetup.exe /uninstall
-                rd "%UserProfile%\OneDrive" /Q /S
-                rd "%LocalAppData%\Microsoft\OneDrive" /Q /S
-                rd "%ProgramData%\Microsoft OneDrive" /Q /S
-                rd "C:\OneDriveTemp" /Q /S
+                rd "%UserProfile%\OneDrive" /q /s
+                rd "%LocalAppData%\Microsoft\OneDrive" /q /s
+                rd "%ProgramData%\Microsoft OneDrive" /q /s
+                rd "C:\OneDriveTemp" /q /s
+                del "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk" /s /f /q
                 reg delete "HKEY_CLASSES_ROOT\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
                 reg delete "HKEY_CLASSES_ROOT\Wow6432Node\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /f
+                reg add "HKEY_CLASSES_ROOT\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v System.IsPinnedToNameSpaceTree /d "0" /t REG_DWORD /f
+                for /f "tokens=1 delims=," %%x in ('schtasks /query /fo csv ^| find "OneDrive"') do schtasks /Delete /TN %%x /F
             -
                 category: Disable built-in Windows features
                 children:
@@ -2095,18 +2253,33 @@ actions:
                                 code: dism /online /Remove-Capability /CapabilityName:"XPS.Viewer~~~~0.0.1.0" /NoRestart
     -
         category: Advanced settings
+        docs: https://www.pool.ntp.org/en/use.html
         children:   
             -
                 name: Change NTP (time) server to pool.ntp.org
                 recommend: false
                 code: |-
-                    reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\Parameters" /v "NtpServer" /t REG_SZ /d "pool.ntp.org, 0x8" /f
-                    reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\Parameters" /v "Type" /t REG_SZ /d "NTP" /f
-                    reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "CrossSiteSyncFlags" /t REG_DWORD /d 2 /f
-                    reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "EventLogFlags" /t REG_DWORD /d 0 /f
-                    reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "ResolvePeerBackoffMaxTimes" /t REG_DWORD /d 7 /f
-                    reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "ResolvePeerBackoffMinutes" /t REG_DWORD /d 15 /f
-                    reg add "HKLM\SOFTWARE\Policies\Microsoft\W32time\TimeProviders\NtpClient" /v "SpecialPollInterval" /t REG_DWORD /d 1024 /f
+                    :: Configure time source
+                    w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org"
+                    :: Restart time service if running
+                    SC queryex "w32time"|Find "STATE"|Find /v "RUNNING">Nul||(
+                        net stop w32time
+                        net start w32time
+                    )
+                    :: Sync now
+                    w32tm /config /update
+                    w32tm /resync
+                revertCode: |-
+                    :: Configure time source
+                    w32tm /config /syncfromflags:manual /manualpeerlist:"time.windows.com"
+                    :: Restart time service if running
+                    SC queryex "w32time"|Find "STATE"|Find /v "RUNNING">Nul||(
+                        net stop w32time
+                        net start w32time
+                    )
+                    :: Sync now
+                    w32tm /config /update
+                    w32tm /resync
             -
                 name: Disable Reserved Storage for updates
                 recommend: false

src/application/application.yaml.d.ts

@@ -1,6 +1,6 @@
 declare module 'js-yaml-loader!*' {
     export type CategoryOrScript = YamlCategory | YamlScript;
-    type DocumentationUrls = ReadonlyArray<string> | string;
+    export type DocumentationUrls = ReadonlyArray<string> | string;
 
     export interface YamlDocumentable {
         docs?: DocumentationUrls;

src/background.ts

@@ -35,12 +35,12 @@ function createWindow() {
     height: 955,
     webPreferences: {
       // Use pluginOptions.nodeIntegration, leave this alone
-      // See nklayman.github.io/vue-cli-plugin-electron-builder/guide/security.html#node-integration for more info
+      // See https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/security.html#node-integration
       nodeIntegration: (process.env
           .ELECTRON_NODE_INTEGRATION as unknown) as boolean,
     },
-    // https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#icons
-    icon: path.join(__static, `favicon.ico`),
+    // https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#set-tray-icon
+    icon: path.join(__static, 'icon.png'),
   });
 
   win.setMenuBarVisibility(false);

src/domain/Application.ts

@@ -18,15 +18,7 @@ export class Application implements IApplication {
         if (!repositoryUrl) { throw Error('Application has no repository url'); }
         if (!version) { throw Error('Version cannot be empty'); }
         this.flattened = flatten(actions);
-        if (this.flattened.allCategories.length === 0) {
-            throw new Error('Application must consist of at least one category');
-        }
-        if (this.flattened.allScripts.length === 0) {
-            throw new Error('Application must consist of at least one script');
-        }
-        if (this.flattened.allScripts.filter((script) => script.isRecommended).length === 0) {
-            throw new Error('Application must consist of at least one recommended script');
-        }
+        ensureValid(this.flattened);
         ensureNoDuplicates(this.flattened.allCategories);
         ensureNoDuplicates(this.flattened.allScripts);
     }
@@ -75,30 +67,50 @@ interface IFlattenedApplication {
     allScripts: IScript[];
 }
 
-function flattenRecursive(
+function ensureValid(application: IFlattenedApplication) {
+    if (!application.allCategories || application.allCategories.length === 0) {
+        throw new Error('Application must consist of at least one category');
+    }
+    if (!application.allScripts || application.allScripts.length === 0) {
+        throw new Error('Application must consist of at least one script');
+    }
+    if (application.allScripts.filter((script) => script.isRecommended).length === 0) {
+        throw new Error('Application must consist of at least one recommended script');
+    }
+}
+
+function flattenCategories(
     categories: ReadonlyArray<ICategory>,
-    flattened: IFlattenedApplication) {
+    flattened: IFlattenedApplication): IFlattenedApplication {
+    if (!categories || categories.length === 0) {
+        return flattened;
+    }
     for (const category of categories) {
         flattened.allCategories.push(category);
-        if (category.scripts) {
-            for (const script of category.scripts) {
-                flattened.allScripts.push(script);
-            }
-        }
-        if (category.subCategories && category.subCategories.length > 0) {
-            flattenRecursive(
-                category.subCategories as ReadonlyArray<ICategory>,
-                flattened);
-        }
+        flattened = flattenScripts(category.scripts, flattened);
+        flattened = flattenCategories(category.subCategories, flattened);
     }
+    return flattened;
+}
+
+function flattenScripts(
+    scripts: ReadonlyArray<IScript>,
+    flattened: IFlattenedApplication): IFlattenedApplication {
+    if (!scripts) {
+        return flattened;
+    }
+    for (const script of scripts) {
+        flattened.allScripts.push(script);
+    }
+    return flattened;
 }
 
 function flatten(
     categories: ReadonlyArray<ICategory>): IFlattenedApplication {
-    const flattened: IFlattenedApplication = {
+    let flattened: IFlattenedApplication = {
         allCategories: new Array<ICategory>(),
         allScripts: new Array<IScript>(),
     };
-    flattenRecursive(categories, flattened);
+    flattened = flattenCategories(categories, flattened);
     return flattened;
 }

src/presentation/Bootstrapping/Modules/IconBootstrapper.ts

@@ -4,7 +4,7 @@ import { faGithub } from '@fortawesome/free-brands-svg-icons';
 /** BRAND ICONS (PREFIX: fab) */
 import { FontAwesomeIcon } from '@fortawesome/vue-fontawesome';
 /** REGULAR ICONS (PREFIX: far) */
-import { faFolderOpen, faFolder, faComment, faSmile } from '@fortawesome/free-regular-svg-icons';
+import { faFolderOpen, faFolder, faSmile } from '@fortawesome/free-regular-svg-icons';
 /** SOLID ICONS (PREFIX: fas (default)) */
 import { faTimes, faFileDownload, faCopy, faSearch, faInfoCircle, faUserSecret, faDesktop, faTag, faGlobe } from '@fortawesome/free-solid-svg-icons';
 

src/presentation/Scripts/ScriptsTree/ScriptNodeParser.ts

@@ -30,19 +30,32 @@ export function getCategoryNodeId(category: ICategory): string {
 
 function parseCategoryRecursively(
   parentCategory: ICategory): INode[] {
-  if (!parentCategory) { throw new Error('parentCategory is undefined'); }
-
-  const nodes = new Array<INode>();
-  if (parentCategory.subCategories && parentCategory.subCategories.length > 0) {
-    for (const subCategory of parentCategory.subCategories) {
-      const subCategoryNodes = parseCategoryRecursively(subCategory);
-      nodes.push(convertCategoryToNode(subCategory, subCategoryNodes));
-    }
+  if (!parentCategory) {
+    throw new Error('parentCategory is undefined');
   }
-  if (parentCategory.scripts && parentCategory.scripts.length > 0) {
-    for (const script of parentCategory.scripts) {
-      nodes.push(convertScriptToNode(script));
-    }
+  let nodes = new Array<INode>();
+  nodes = addCategories(parentCategory.subCategories, nodes);
+  nodes = addScripts(parentCategory.scripts, nodes);
+  return nodes;
+}
+
+function addScripts(scripts: ReadonlyArray<IScript>, nodes: INode[]): INode[] {
+  if (!scripts || scripts.length === 0) {
+    return nodes;
+  }
+  for (const script of scripts) {
+    nodes.push(convertScriptToNode(script));
+  }
+  return nodes;
+}
+
+function addCategories(categories: ReadonlyArray<ICategory>, nodes: INode[]): INode[] {
+  if (!categories || categories.length === 0) {
+    return nodes;
+  }
+  for (const category of categories) {
+    const subCategoryNodes = parseCategoryRecursively(category);
+    nodes.push(convertCategoryToNode(category, subCategoryNodes));
   }
   return nodes;
 }

src/presentation/Scripts/ScriptsTree/SelectableTree/NodeTranslator.ts

@@ -9,8 +9,7 @@ export function convertExistingToNode(liquorTreeNode: ILiquorTreeExistingNode):
         id: liquorTreeNode.id,
         text: liquorTreeNode.data.text,
         // selected: liquorTreeNode.states && liquorTreeNode.states.checked,
-        children: (!liquorTreeNode.children || liquorTreeNode.children.length === 0)
-         ? [] : liquorTreeNode.children.map((childNode) => convertExistingToNode(childNode)),
+        children: convertChildren(liquorTreeNode.children, convertExistingToNode),
         documentationUrls: liquorTreeNode.data.documentationUrls,
         isReversible : liquorTreeNode.data.isReversible,
     };
@@ -24,11 +23,19 @@ export function toNewLiquorTreeNode(node: INode): ILiquorTreeNewNode {
         state: {
             checked: false,
         },
-        children: (!node.children || node.children.length === 0) ? [] :
-         node.children.map((childNode) => toNewLiquorTreeNode(childNode)),
+        children: convertChildren(node.children, toNewLiquorTreeNode),
         data: {
             documentationUrls: node.documentationUrls,
             isReversible: node.isReversible,
         },
     };
 }
+
+function convertChildren<TOldNode, TNewNode>(
+    oldChildren: readonly TOldNode[],
+    callback: (value: TOldNode) => TNewNode): TNewNode[] {
+    if (!oldChildren || oldChildren.length === 0) {
+        return [];
+    }
+    return oldChildren.map((childNode) => callback(childNode));
+}

src/presentation/TheFooter/DownloadUrlListItem.vue

@@ -65,9 +65,9 @@ function getOperatingSystemName(os: OperatingSystem): string {
 function getFileName(os: OperatingSystem, version: string): string {
     switch (os) {
         case OperatingSystem.Linux:
-            return `privacy.sexy-${version}.dmg`;
+            return `privacy.sexy-${version}.AppImage`;
         case OperatingSystem.macOS:
-            return `privacy.sexy-${version}-mac.zip`;
+            return `privacy.sexy-${version}.dmg`;
         case OperatingSystem.Windows:
             return `privacy.sexy-Setup-${version}.exe`;
         default:

src/presentation/TheFooter/PrivacyPolicy.vue

@@ -6,7 +6,7 @@
       </div>
       <div v-if="isDesktop" class="line">
           <div class="line__emoji">🚫🌐</div>
-          <div>Everything is offline, except single request GitHub toto check for updates on application start.</div>
+          <div>Everything is offline, except single request GitHub to check for updates on application start.</div>
       </div>
       <div class="line">
           <div class="line__emoji">🚫👀</div>

vue.config.js

@@ -6,9 +6,6 @@ module.exports = {
         electronBuilder: {
             // https://www.electron.build/configuration/configuration
             builderOptions: {
-                win: {
-                    icon: './public/favicon.ico'
-                },
                 publish: [{
                     // https://www.electron.build/configuration/publish#githuboptions
                     // https://nklayman.github.io/vue-cli-plugin-electron-builder/guide/recipes.html#enable-publishing-to-github