# Structure is documented in "docs/collection-files.md" os: linux scripting: language: shellscript startCode: |- #!/usr/bin/env bash # {{ $homepage }} — v{{ $version }} — {{ $date }} if [ "$EUID" -ne 0 ]; then script_path=$([[ "$0" = /* ]] && echo "$0" || echo "$PWD/${0#./}") sudo "$script_path" || ( echo 'Administrator privileges are required.' exit 1 ) exit 0 fi export HOME="/home/${SUDO_USER:-${USER}}" # Keep `~` and `$HOME` for user not `/root`. endCode: |- echo 'Your privacy and security is now hardened 🎉💪' echo 'Press any key to exit.' read -n 1 -s actions: - category: Privacy cleanup docs: |- These scripts allow you to increase privacy by deleting collected data about you and your behavior. children: - category: Clear terminal history docs: |- Reading terminal history is one of the attack techniques. The existence of bash history files is defined as an unsecured credential attack technique by MITRE [1]. [1]: https://web.archive.org/web/20221029134827/https://attack.mitre.org/techniques/T1552/003/ "Unsecured Credentials: Bash History, Sub-technique T1552.003 - Enterprise | MITRE ATT&CK® | attack.mitre.org" children: - name: Clear bash history recommend: strict docs: |- Bash (Bourne-Again SHell) is from the GNU project. It is used by most distributions as their default shell. See also [GNU Bash Homepage](https://web.archive.org/web/20221029211839/https://www.gnu.org/software/bash/). call: function: DeleteFileFromUserAndRootHome parameters: file: .bash_history - name: Clear Zsh history recommend: strict docs: |- Zsh is also known as Z-shell [1]. See its [homepage](https://web.archive.org/web/20221029211848/https://www.zsh.org/) for more information. It is one of the most used shells and has been the default shell in Kali Linux since 2020.4 [2]. Arch Linux installer uses zsh [3] but sets bash on disk as default [4]. [1]: https://web.archive.org/web/20221029134900/https://en.wikipedia.org/wiki/Z_shell "Z shell - Wikipedia | wikipedia.org" [2]: https://web.archive.org/web/20221029134925/https://www.kali.org/blog/kali-linux-2020-4-release/ "Kali Linux 2020.4 Release (ZSH, Bash, CME, MOTD, AWS, Docs, Win-KeX & Vagrant) | Kali Linux Blog | kali.org" [3]: https://web.archive.org/web/20221029181441/https://gitlab.archlinux.org/archlinux/archiso/-/blob/9f16862acd7e7be02da72f63a03b4c0e256dabff/configs/releng/packages.x86_64#L32 "configs/releng/packages.x86_64 · 9f16862acd7e7be02da72f63a03b4c0e256dabff · Arch Linux / archiso · GitLab" [4]: https://web.archive.org/web/20221029181616/https://wiki.archlinux.org/title/bash "Bash - ArchWiki" call: function: DeleteFileFromUserAndRootHome parameters: file: .zsh_history - name: Clear tcsh history recommend: strict docs: |- C shell (csh) with file name completion and command line editing. `~/.history` is its default histfile (history file) [1]. It's shipped by FreeBSD as the default root shell [2]. See also: - [tcsh homepage](https://web.archive.org/web/20221029211930/https://www.tcsh.org/), - [tcsh source code](https://web.archive.org/web/20221029212024/https://github.com/tcsh-org/tcsh). [1]: https://web.archive.org/web/20221029134950/https://linux.die.net/man/1/tcsh "tcsh(1) - Linux man page | linux.die.net" [2]: https://web.archive.org/web/20221029135007/https://books.google.com/books?id=LyDP5b2xzaMC&pg=PA56#v=onepage&q&f=false "Sams Teach Yourself FreeBSD in 24 Hours - Michael Urban, Brian Tiemann - Google Books | books.google.com" call: function: DeleteFileFromUserAndRootHome parameters: file: .history - name: Clear fish history recommend: strict docs: |- It is one of the most popular exotic shells that favors usability over standard compliance. Its history file is stored in `~/.local/share/fish/fish_history` and `~/.config/fish/fish_history` [1]. It is used by PEUX OS as the default shell [2]. See also [fish shell homepage](https://web.archive.org/web/20221029212109/https://fishshell.com/) for more information. [1]: https://web.archive.org/web/20221029135026/https://github.com/fish-shell/fish-shell/issues/862 "history file location · Issue #862 · fish-shell/fish-shell | github.com/fish-shell" [2]: https://web.archive.org/web/20221029135110/https://peux-os.netlify.app/ "Homepage of Peux OS | [POS] | peux-os.netlify.app" call: - # >= 2.3.0 function: DeleteFileFromUserAndRootHome parameters: file: .local/share/fish/fish_history - # < 2.3.0 function: DeleteFileFromUserAndRootHome parameters: file: .config/fish/fish_history - name: Clear KornShell (ksh) history recommend: strict docs: |- KornShell is a shell that has different versions by different maintainers and developers such as `ksh93+u`, `ksh93v-, and `ksh2020`. The latest maintained version is `ksh93u+m`, see its [GitHub repository (ksh93/ksh)](https://web.archive.org/web/20221029212509/https://github.com/ksh93/ksh). Its history file (histfile) is saved at `~/.sh_history` by default [1] [2]. OpenBSD symlinks sh to ksh [3]. See also the [Wikipedia page](https://web.archive.org/web/20221029212931/https://en.wikipedia.org/wiki/KornShell) for more information. [1]: https://web.archive.org/web/20221029135158/https://www.mkssoftware.com/docs/man1/history.1.asp "history -- display KornShell command history | manpage | mkssoftware.com" [2]: https://web.archive.org/web/20221029135207/https://www.ibm.com/docs/en/aix/7.2?topic=commands-korn-shell-posix-shell-command-history "Korn shell or POSIX shell command history - IBM Documentation | ibm.com" [3]: https://web.archive.org/web/20221029135300/https://www.reddit.com/r/unix/comments/6zqyl1/nix_distros_with_default_shells/ "*nix distros with default shells? | Reddit (/r/unix) | reddit.com" call: function: DeleteFileFromUserAndRootHome parameters: file: .sh_history # - # Dash [1] (used by Debian, Ubuntu, Void Linux etc.) does not support history [2]. # [1]: https://web.archive.org/web/20221029135301/https://git.kernel.org/pub/scm/utils/dash/dash.git # [2]: https://web.archive.org/web/20221029135344/https://unix.stackexchange.com/questions/271595/how-can-i-access-the-history-buffer-in-sh-not-in-bash - name: Clear ash history recommend: strict docs: |- It's also known as Almquist shell [1]. It's mainly a fork of dash (Debian Almquist shell) used in embedded Linux distributions such as DSLinux, Alpine Linux, Tiny Core Linux and Linux-based router firmware such as OpenWrt, Tomato and DD-WRT [1]. It was also used by Android until Android 4.0 [2]. It uses `~/.ash_history` as the history file [3]. [1]: https://web.archive.org/web/20221030142637/https://en.wikipedia.org/wiki/Almquist_shell#Embedded_Linux "Almquist shell - Wikipedia | wikipedia.org" [2]: https://web.archive.org/web/20221029135416/https://android.googlesource.com/platform/system/core/+/master/shell_and_utilities/README.md "Android's shell and utilities | android.googlesource.com" [3]: https://web.archive.org/web/20221029135513/https://github.com/brgl/busybox/blob/abbf17abccbf832365d9acf1c280369ba7d5f8b2/shell/ash.c#L13626 "busybox/ash.c source code | github.com/brgl/busybox" call: function: DeleteFileFromUserAndRootHome parameters: file: .ash_history - name: Clear crosh history recommend: strict docs: |- crosh is also known as ChromiumOS shell [1]. It is used in Chromium OS [2]. The history file is found in `~/.crosh_history` by default. See its [source code (chromiumos/platform2)](https://web.archive.org/web/20221029135520/https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/crosh) for more information. [1]: https://web.archive.org/web/20221029135520/https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/crosh "crosh git repository | chromium.googlesource.com" [2]: https://web.archive.org/web/20221029135620/https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/crosh/README.md "README.md file | crosh git repository | chromium.googlesource.com" [3]: https://web.archive.org/web/20221029135627/https://chromium.googlesource.com/chromiumos/platform2/+/183c7e421bd3a55c757b33b639201555b9d7a283/crosh/crosh#154 "histfile source code | crosh git repository | chromium.googlesource.com" call: function: DeleteFileFromUserAndRootHome parameters: file: .crosh_history - category: Clear third-party application data docs: |- Scripts in this category clear data for third-party applications installed on the operating system. Third-party applications are not typically distributed as part of the operating system and are installed separately. children: - category: Clear privacy.sexy data # Marked: refactor-with-variables, refactor-with-partials # - Documentation is same across macOS, Linux and Windows, this should be shared and not duplicated. docs: |- This category offers scripts to remove data left by the privacy.sexy desktop application, helping you ensure your privacy by eliminating all traces of use. The web application version of privacy.sexy does not create or store user data on your device [1], so this category is applicable to desktop application users only. These scripts are designed for anyone wanting to ensure their script activities leave no trace on their systems. > **Caution**: > Deleting this data might affect security [2] and troubleshooting [1]: > - Logs are valuable for diagnosing issues and understanding past actions [1]. > - Script files can help review changes made to the system and aid in reverting those changes if needed. [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" children: - name: Clear privacy.sexy script history docs: |- This script removes script files generated by the privacy.sexy desktop application. The desktop version executes scripts directly on your device [1], saving a script file for execution [1], troubleshooting [1], and security [2]. By running this script, you remove the executed script files, enhancing your privacy by ensuring that there is no residual data that could reveal your usage patterns or preferences. > **Caution**: > - This action is irreversible. Deleted script files cannot be retrieved. > - These files might be necessary for troubleshooting if you experience issues after using privacy.sexy scripts. [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" call: function: ClearDirectoryContents parameters: directoryGlob: "$HOME/.config/privacy.sexy/runs" - name: Clear privacy.sexy activity logs docs: |- This script removes log files generated by the privacy.sexy desktop application. Different from the web version, the desktop application records logs for troubleshooting [1]. Additionally, these logs offer auditing and transparency for security [2]. Deleting these logs can help maintain your privacy by ensuring there are no records of the application's activities on your system. > **Caution**: > - Removing logs will prevent you from reviewing the application's activities, which could be helpful in diagnosing issues. > - Logs can contain valuable information for technical support should you need assistance. [1]: https://github.com/undergroundwires/privacy.sexy/blob/master/docs/desktop-vs-web-features.md "Desktop vs. Web Features | privacy.sexy | github.com" [2]: https://github.com/undergroundwires/privacy.sexy/blob/master/SECURITY.md "SECURITY.md | privacy.sexy | github.com" call: function: ClearDirectoryContents parameters: directoryGlob: "$HOME/.config/privacy.sexy/logs" - name: Clear Steam cache docs: |- Steam is a video game digital distribution service and storefront by Valve [1]. Clearing Steam cache is safe without any side effects. This may resolve issues with Steam and help you save space and increase privacy, but may lead to a single-time application performance decrease due to cache renewal. See also: [Steam Homepage](https://web.archive.org/web/20221029212925/https://store.steampowered.com/) [1]: https://web.archive.org/web/20221029135718/https://en.wikipedia.org/wiki/Steam_%28service%29 "Steam | Wikipedia | wikipedia.org" code: |- # Global installation rm -rfv ~/.local/share/Steam/appcache/* # Snap rm -rfv ~/snap/steam/common/.cache/* rm -rfv ~/snap/steam/common/.local/share/Steam/appcache/* # Flatpak rm -rfv ~/.var/app/com.valvesoftware.Steam/cache/* rm -rfv ~/.var/app/com.valvesoftware.Steam/data/Steam/appcache/* - name: Clear Clementine cache docs: |- Clementine is a free and open-source audio player [1]. Cover art, moodbar, and network cache are all part of Clementine cache [2]. Clementine cache is kept in the global XDG spec (`~/.cache`) folder [3]. See also: [Clementine Homepage](https://web.archive.org/web/20221029213331/https://www.clementine-player.org/) [1]: https://web.archive.org/web/20221029135732/https://en.wikipedia.org/wiki/Clementine_%28software%29 "Clementine | Wikipedia | wikipedia.org" [2]: https://web.archive.org/web/20221029135808/https://github.com/clementine-player/Clementine/blob/7e48b78c158116166348502fd1da5116a2a480bf/src/core/utilities.cpp#L365-L391 "Clementine cache source code | GitHub | github.com/clementine-player/Clementine" [3]: https://web.archive.org/web/20221029135834/https://github.com/clementine-player/Clementine/issues/3265 "Cache folder · Issue #3265 · clementine-player/Clementine | GitHub | github.com/clementine-player/Clementine" code: |- # Global installation rm -rfv ~/.cache/Clementine/* # Flatpak installation rm -rfv ~/.var/app/org.clementine_player.Clementine/cache/* # Snap installation rm -rfv ~/snap/clementine/common/.cache/* - category: Clear Wine data docs: |- Wine is a compatibility layer capable of running Windows applications [1]. See also: [Wine Homepage](https://web.archive.org/web/20221029213416/https://www.winehq.org/). [1]: https://web.archive.org/web/20221029135913/https://en.wikipedia.org/wiki/Wine_%28software%29 "Wine | Wikipedia | en.wikipedia.org" children: - name: Clear Wine cache recommend: standard docs: |- Wine has two different caches: 1. Temporary Windows files. Wine saves temporary Windows files at `/drive_c/windows/temp/` [1] [2]. 2. Temporary Wine application cache [3] that is not connected to inner Windows files. [1]: https://web.archive.org/web/20180328090608/http://www.zdnet.com/article/keeping-temp-folders-clean/ "Keeping temp folders clean | ZDNet | zdnet.com" [2]: https://web.archive.org/web/20221029135944/https://ubuntuforums.org/showthread.php?t=1006132 "Why does Wine have its own temp folders? | UbuntuForums | ubuntuforums.org" [3]: https://web.archive.org/web/20221029135955/https://wiki.debian.org/Wine#Mono_and_Gecko "Wine - Debian Wiki | wiki.debian.org" code: |- # Temporary Windows files for global prefix rm -rfv ~/.wine/drive_c/windows/temp/* # Wine cache: rm -rfv ~/.cache/wine/ - name: Clear Winetricks cache recommend: standard docs: |- Winetricks is a helper script to download and install various redistributable runtime libraries needed to run some programs in Wine [1]. Winetricks cache includes downloaded files cache (runtime libraries/directories). It caches downloads `winetrickscache/$packagename` [2] [3]. User data cache is stored in `$XDG_CACHE_HOME/winetricks` (by default, `~/.cache/winetricks`) [4]. [1]: https://web.archive.org/web/20221029140111/https://wiki.winehq.org/Winetricks "Winetricks - WineHQ Wiki | wiki.winehq.org" [2]: https://web.archive.org/web/20221029140047/https://github.com/Winetricks/winetricks/blob/164d243e1384ba7cc6058a6524c1472100b7722c/src/winetricks#L1269-L1271 "Wine source code | GitHub | github.com/Winetricks/winetricks" [3]: https://web.archive.org/web/20221029140047/https://github.com/Winetricks/winetricks/blob/164d243e1384ba7cc6058a6524c1472100b7722c/src/winetricks#L1515-L1517 "Wine source code | GitHub | github.com/Winetricks/winetricks" [4]: https://web.archive.org/web/20221029140204/https://manpages.debian.org/experimental/winetricks/winetricks.1.en.html#XDG_CACHE_HOME "winetricks man page | Debian Manpages | manpages.debian.org" code: rm -rfv ~/.cache/winetricks/ - name: Clear LibreOffice usage history recommend: strict docs: |- LibreOffice is a free and open-source office productivity software suite, a project of The Document Foundation (TDF) [1]. `registrymodifications.xcu` is an XML file that contains the user-specified settings [2]. It is found inside the user settings directory (`~/.config/libreoffice/4/user`) [2]. It includes thumbnails generated [3], and a recent document list [4]. See also: [LibreOffice Homepage](https://web.archive.org/web/20221029214216/https://www.libreoffice.org/). [1]: https://web.archive.org/web/20221029140306/https://en.wikipedia.org/wiki/LibreOffice "LibreOffice | Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029140313/https://wiki.documentfoundation.org/images/b/b0/LibreOffice_config_extension_writing.pdf "Config specification | LibreOffice documentation | wiki.documentfoundation.org" [3]: https://web.archive.org/web/20221029140438/https://askubuntu.com/questions/996397/where-are-libre-office-thumbnails-stored/996528 "Where are Libre Office thumbnails stored? | Ask Ubuntu Forums | askubuntu.com" [4]: https://web.archive.org/web/20221029140501/https://forum.openoffice.org/en/forum/viewtopic.php?f=6&t=102020 "Restoring Recent documents list | Apache OpenOffice Community Forum | forum.openoffice.org" code: |- # Global installation rm -f ~/.config/libreoffice/4/user/registrymodifications.xcu # Snap package rm -fv ~/snap/libreoffice/*/.config/libreoffice/4/user/registrymodifications.xcu # Flatpak installation rm -fv ~/.var/app/org.libreoffice.LibreOffice/config/libreoffice/4/user/registrymodifications.xcu - category: Clear Thunderbird data docs: |- Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat client developed by the Mozilla Foundation [1]. See also: [Thunderbird Homepage | thunderbird.net](https://web.archive.org/web/20221029214240/https://www.thunderbird.net/en-US/). Read about the files and folders in the profile folder in depth: [Files and folders in the profile - Thunderbird | kb.mozillazine.org](https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird). [1]: https://web.archive.org/web/20221029140516/https://en.wikipedia.org/wiki/Mozilla_Thunderbird "Thunderbird | Wikipedia | en.wikipedia.org" children: - name: Clear Thunderbird cookies docs: |- Thunderbird stores cookie information in [1]: - `cookies.sqlite`: Stores all cookies. - `cookies.sqlite-journal`: The journal file for `cookies.sqlite`. - `cookies.sqlite-shm`, `cookies.sqlite-wal`: Write-ahead log files for `cookies.sqlite`. The file `cookies.sqlite` in the user's profile directory is used to store cookies between sessions [2]. [1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org" [2]: https://web.archive.org/web/20221029140816/https://kb.mozillazine.org/Cookies.sqlite "Cookies.sqlite | Thunderbird | kb.mozillazine.org" call: - function: DeleteFileFromThunderbirdProfiles parameters: file: cookies.sqlite - function: DeleteFileFromThunderbirdProfiles parameters: file: cookies.sqlite-wal - function: DeleteFileFromThunderbirdProfiles parameters: file: cookies.sqlite-journal - function: DeleteFileFromThunderbirdProfiles parameters: file: cookies.sqlite-shm - name: Clear Thunderbird session restoration data (open windows and tabs) docs: |- The default window layout is saved in the session file (`session.json`) [1]. It includes data on what tabs are open [1]. [1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org" call: function: DeleteFileFromThunderbirdProfiles parameters: file: session.json - name: Clear Thunderbird passwords docs: |- `logins.json` stores encrypted passwords [1]. It replaces `signons.sqlite`, which had replaced `signons.txt` [1]. `logins-backup.json` is stored to recreate `logins.json` [2]. [1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org" [2]: https://web.archive.org/web/20221029141151/https://support.mozilla.org/id/questions/1362315#answer-1469311 "Mozilla Support | support.mozilla.org" call: - function: DeleteFileFromThunderbirdProfiles parameters: file: logins.json - function: DeleteFileFromThunderbirdProfiles parameters: file: logins-backup.json - name: Clear Thunderbird download history docs: |- Download history is saved in `downloads.sqlite` since Thunderbird 3 and in `downloads.rdf` before [1]. It stores data to show downloads in **Download Manager** [2]. Clearing download history can help to resolve slow downloads or program hangs [3]. [1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org" [2]: https://web.archive.org/web/20221029210450/https://kb.mozillazine.org/Downloads_not_visible_in_Download_Manager "Downloads not visible in Download Manager | Thunderbird | kb.mozillazine.org" [3]: https://web.archive.org/web/20221029141349/https://bugzilla.mozilla.org/show_bug.cgi?id=159107 "159107 - page saving/downloads takes too much time (is slow) ('marooned' entries in downloads.rdf) | Mozilla Bug Report | bugzilla.mozilla.org" call: - function: DeleteFileFromThunderbirdProfiles parameters: file: downloads.rdf # < Thunderbird 3 - function: DeleteFileFromThunderbirdProfiles parameters: file: downloads.sqlite # >= Thunderbird 3 - category: Clear Thunderbird address book data docs: |- Most users open the Thunderbird address book from within the email client, but it can also be launched separately [1]. Mozilla Thunderbird by default comes with two address books, even though more can be added [2]: 1. **Personal book**: For the most frequently used contacts. 2. **Collected book**: Collects addresses from email that you send. [1]: https://web.archive.org/web/20221029141424/https://wiki.mozilla.org/Thunderbird:Help_Documentation:Using_the_Address_Book "Thunderbird:Help Documentation:Using the Address Book | MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20221029141448/https://support.mozilla.org/en-US/questions/1038172 "WHAT ARE COLLECTED ADDRESSES VS, PERSONAL ADDRESS BOOK | Thunderbird Support Forum | Mozilla Support | support.mozilla.org" children: - name: Clear Thunderbird personal address book docs: |- Files for personal addresses [1]: - Since Thunderbird v78: `abook.sqlite`, `abook.sqlite-wal`. - Before Thunderbird v78: `abook.mab`. [1]: https://web.archive.org/web/20221029141501/https://www.recoverytools.com/blog/thunderbird-new-address-book/ "Thunderbird v78 Introduces New Address Book Formats (abook.sqlite) | RecoveryTools | recoverytools.com" call: - function: DeleteFileFromThunderbirdProfiles parameters: file: abook.sqlite # >= Thunderbird v78 - function: DeleteFileFromThunderbirdProfiles parameters: file: abook.sqlite-wal # >= Thunderbird v78 - function: DeleteFileFromThunderbirdProfiles parameters: file: abook.mab # < Thunderbird v78 - name: Clear Thunderbird collected address book docs: |- Files for collected addresses [1]: - Since Thunderbird v78: `history.sqlite`, `history.sqlite-wal`. - Before Thunderbird v78: `history.mab`. [1]: https://web.archive.org/web/20221029141501/https://www.recoverytools.com/blog/thunderbird-new-address-book/ "Thunderbird v78 Introduces New Address Book Formats (abook.sqlite) | RecoveryTools | recoverytools.com" call: - function: DeleteFileFromThunderbirdProfiles parameters: file: history.sqlite # >= Thunderbird v78 - function: DeleteFileFromThunderbirdProfiles parameters: file: history.sqlite-wal # >= Thunderbird v78 - function: DeleteFileFromThunderbirdProfiles parameters: file: history.mab # < Thunderbird v78 - name: Clear clicked links history in Thunderbird docs: |- Thunderbird saves annotations, bookmarks, favorite icons, input history, keywords, and browsing history (a list of pages visited) [1]. Data is saved at persistent `places.sqlite` [1] and temporary `places.sqlite-shm` and `places.sqlite.wal` [2]. [1]: https://web.archive.org/web/20221029141626/https://kb.mozillazine.org/Places.sqlite "Places.sqlite | MozillaZine Knowledge Base | kb.mozillazine.org" [2]: https://web.archive.org/web/20221029141631/https://bugzilla.mozilla.org/show_bug.cgi?id=686237 "686237 - places.sqlite-wal and places.sqlite-shm not removed on exit | Mozilla Bugs | bugzilla.mozilla.org" call: - function: DeleteFileFromThunderbirdProfiles parameters: file: places.sqlite - function: DeleteFileFromThunderbirdProfiles parameters: file: places.sqlite-shm - function: DeleteFileFromThunderbirdProfiles parameters: file: places.sqlite.wal - category: Clear data from development tools docs: |- This category includes tools that are typically used by developers, also known as "developer tools". These tools allow a developer to create, test, and debug software. Their data may leak data about the developer, their usage patterns, the environment used for development or the developed project. children: - name: Clear Python history docs: |- Python is a high-level, general-purpose programming language [1]. Python comes preinstalled on most Linux distributions [2]. Since Python 3.4 the interactive mode does log all commands to `~/.python_history` [3]. See also: - [Source code](https://web.archive.org/web/20221029214327/https://github.com/python/cpython/blob/b2499669ef2e6dc9a2cdb49b4dc498e078167e26/Lib/site.py#L430-L451) that creates the file and registers it. - [Python homepage](https://web.archive.org/web/20221029214344/https://www.python.org/) [1]: https://web.archive.org/web/20221029210646/https://en.wikipedia.org/wiki/Python_%28programming_language%29 "Python (programming language) | Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029141851/https://docs.python.org/3/using/unix.html "Using Python on Unix platforms | Python documentation | docs.python.org" [3]: https://web.archive.org/web/20221029141921/https://bugs.python.org/issue20886 "Issue 20886: Disabling logging to ~/.python_history is not simple enough | Python tracker | bugs.python.org" call: function: DeleteFileFromUserAndRootHome parameters: file: .python_history - category: Clear Visual Studio Code data docs: |- Visual Studio Code, also commonly referred to as VS Code, is a source-code editor made by Microsoft [1]. Visual Studio Code saves data that reveals user behavior and preferences. [1]: https://web.archive.org/web/20221029142001/https://en.wikipedia.org/wiki/Visual_Studio_Code "Visual Studio Code | Wikipedia | en.wikipedia.org" children: - name: Clear Visual Studio Code crash reports recommend: standard docs: |- Visual Studio Code stores crash reports that later on are uploaded to Microsoft servers by default [1]. It collects crash reports in `exthost Crash Reports` [1] and `Crash Reports` directories. Deleting crash reports does not cause you any data loss that would affect your productivity. [1]: https://web.archive.org/web/20221029142036/https://github.com/microsoft/vscode/blob/2948450d50c201acb40c8b10da305d8d3a293473/src/vs/workbench/services/extensions/electron-browser/localProcessExtensionHost.ts#L280-L301 "vscode source code | GitHub | github.com" call: - function: ClearDirFromVsCodeUserDataDir parameters: directory: Crash\ Reports - function: ClearDirFromVsCodeUserDataDir parameters: directory: exthost\ Crash\ Reports - name: Clear Visual Studio Code cache docs: |- Unless you have unsaved changes, deleting the cache does not result in data loss [1]. However deleting cached data will lead to a slower initial experience as the files are cached again [1]. Visual Studio Code does not follow platform conventions for cache directories, but stores them in user data directories instead [2]. Folders include `Cache`, `CachedData`, `Code Cache`, `GPUCache`, `CachedExtensions`, `CachedExtensionVSIXs` [3] [4]. [1]: https://web.archive.org/web/20221029142053/https://github.com/microsoft/vscode/issues/132509#issuecomment-914576815 "Provide functionality to delete temporary and cached files that do not affect core functionality · microsoft/vscode | GitHub | github.com" [2]: https://web.archive.org/web/20221029142453/https://github.com/microsoft/vscode/issues/3884 "Revisit VS Code folder structure for app data, settings,extensions · Issue #3884 · microsoft/vscode | GitHub | github.com" [3]: https://web.archive.org/web/20221029142505/https://github.com/microsoft/vscode/issues/126182#issue-919877609 "Cache files not stored under appropriate XDG directory · Issue #126182 · microsoft/vscode | GitHub | github.com" [4]: https://web.archive.org/web/20221029142526/https://stackoverflow.com/questions/46246437/visual-studio-for-mac-cache-location/66295480 "macos - Visual Studio for Mac: Cache Location | Stack Overflow | stackoverflow.com" call: - function: ClearDirFromVsCodeUserDataDir parameters: directory: Cache - function: ClearDirFromVsCodeUserDataDir parameters: directory: CachedData - function: ClearDirFromVsCodeUserDataDir parameters: directory: Code\ Cache - function: ClearDirFromVsCodeUserDataDir parameters: directory: GPUCache - function: ClearDirFromVsCodeUserDataDir parameters: directory: CachedExtensions - function: ClearDirFromVsCodeUserDataDir parameters: directory: CachedExtensionVSIXs - name: Clear Visual Studio Code logs recommend: standard docs: |- Deleting Visual Studio Code logs does not cause any data loss, but hides usage patterns. The logs are stored in `{user data dir}/logs` folder [1]. [1]: https://web.archive.org/web/20221029142630/https://github.com/microsoft/vscode/blob/f0f4c8782190861ce7ad536eecca45edca7d2ac7/src/vs/platform/environment/common/environmentService.ts#L71-L78 "vscode/environmentService.ts · microsoft/vscode · GitHub | " call: function: ClearDirFromVsCodeUserDataDir parameters: directory: logs - category: Clear Azure CLI data docs: |- The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources [1]. With an emphasis on automation, the Azure CLI is accessible across all Azure services and is made to work quickly with Azure [1]. [1]: https://web.archive.org/web/20221029142932/https://learn.microsoft.com/en-us/cli/azure/ "Azure Command-Line Interface (CLI) - Overview | Microsoft Learn | learn.microsoft.com" children: - name: Clear Azure CLI telemetry data recommend: standard docs: |- The Azure CLI stores telemetry in the `telemetry` directory and `telemetry.txt`, `logs/telemetry.txt` files [1]. [1]: https://web.archive.org/web/20221029142939/https://github.com/Azure/azure-cli/blob/29767d75d850ddc1c24cc85bd46d861b61d77a47/src/azure-cli-telemetry/azure/cli/telemetry/const.py "Azure CLI Source Code | GitHub | github.com" code: |- rm -rfv ~/.azure/telemetry rm -fv ~/.azure/telemetry.txt rm -fv ~/.azure/logs/telemetry.txt - name: Clear Azure CLI logs recommend: standard docs: |- Azure CLI saves logs in the `logs` directory [1]. [1]: https://web.archive.org/web/20221029143112/https://github.com/Azure/azure-cli/blob/87c9c3c5a46de622b38e1ec4d5797bb9a3eb9e6f/src/azure/cli/_logging.py#L23 "Azure CLI Source Code | GitHub | github.com" code: rm -rfv ~/.azure/logs - name: Clear Azure CLI cache recommend: standard docs: |- This script deletes cached Azure CLI objects [1]. Cleaning cache does not remove your credentials, so you'll keep your session and be logged in. [1]: https://web.archive.org/web/20221029143238/https://learn.microsoft.com/en-us/cli/azure/cache?view=azure-cli-latest#az_cache_purge "az cache | Microsoft Learn | learn.microsoft.com" call: function: RunIfCommandExists parameters: command: az code: az cache purge - name: Clear Azure login data (this will log you out of the current session) recommend: strict docs: |- This script cleans the login data in three steps: 1. **`az logout`**: It deletes the current authentication token and subscription ID [1]. It only logs out the selected/current user [1]. 2. **`az account clear`**: It clears all other subscriptions from the CLI's local cache [2]. It also logs out all users [2]. 3. **Clear all access tokens**: It removes the ADAL token cache file [3]. These are stored tokens from the Active Directory OAuth 2.0 code flow [4]. [1]: https://web.archive.org/web/20221029143252/https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-logout "az logout | Microsoft Learn | learn.microsoft.com" [2]: https://web.archive.org/web/20221029144354/https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az_account_clear "az account clear | Microsoft Learn | learn.microsoft.com" [3]: https://web.archive.org/web/20221029143409/https://github.com/Azure/azure-cli/blob/2e0a42f304f5fd543818a98a9eab2faf8d1fd6d6/src/azure-cli/azure/cli/command_modules/profile/custom.py#L215-L224 "Azure CLI source code | GitHub | github.com" [4]: https://web.archive.org/web/20221029143429/https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow "Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra | Microsoft Learn | learn.microsoft.com" call: function: RunIfCommandExists parameters: command: az code: |- az logout 2&> /dev/null az account clear rm -fv ~/.azure/accessTokens.json - category: Clear browser history docs: |- A web browser (commonly just called a browser) is software that is used to visit websites [1]. The browsing history, cache entries, and other potentially sensitive data are all stored by browsers [1]. [1]: https://web.archive.org/web/20221029193056/https://en.wikipedia.org/wiki/Web_browser "Web browser - Wikipedia | wikipedia.org" children: - category: Clear GNOME Web (Epiphany) history docs: |- GNOME Web (called Epiphany until 2012) is a free and open-source web browser based on the GTK port of Apple's WebKit rendering engine, called WebKitGTK [1]. It is developed by the GNOME project for Unix-like systems [1]. It is the default and official web browser of GNOME [1]. It has been the default browser of elementary OS since 5.0 [2] Bodhi Linux since 5.1.0 [3]. See also: [GNOME Web source code](https://web.archive.org/web/20221029214415/https://gitlab.gnome.org/GNOME/epiphany) [1]: https://web.archive.org/web/20221029143523/https://en.wikipedia.org/wiki/GNOME_Web "GNOME Web | Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029211521/https://medium.com/elementaryos/elementary-os-5-juno-is-here-471dfdedc7b3 "elementary OS 5 Juno is Here | medium.com" [3]: https://web.archive.org/web/20221029211555/https://www.bodhilinux.com/2020/03/25/bodhi-linux-5-1-0-released/ "Bodhi Linux 5.1.0 Released | bodhilinux.com" children: - name: Clear GNOME Web cache docs: This script clears the temporary cache and does not cause any user data loss. code: |- # Global installation rm -rfv /.cache/epiphany/* # Flatpak installation rm -rfv ~/.var/app/org.gnome.Epiphany/cache/* # Snap installation rm -rfv ~/~/snap/epiphany/common/.cache/* - name: Clear GNOME Web browsing history recommend: strict docs: |- Your browsing history consists of the web pages that you have visited [1]. The history database is `ephy-history.db` [2] and uses `-shm` and `-wal` files during operation [3]. [1]: https://web.archive.org/web/20220810160903/https://help.gnome.org/users/epiphany/stable/history.html.en "Browsing history | GNOME Help | help.gnome.org" [2]: https://web.archive.org/web/20221030154804/https://gitlab.gnome.org/GNOME/epiphany/-/issues/1169 "Maintainer defining ephy-history.db | GNOME/epiphany | GitLab | gitlab.gnome.org" [3]: https://web.archive.org/web/20221030154903/https://gitlab.gnome.org/GNOME/epiphany/-/issues/1642 "Logs showing ephy-history.db-shm | GNOME/epiphany | GitLab | gitlab.gnome.org" call: - function: DeleteFileFromGNOMEWebData parameters: file: ephy-history.db - function: DeleteFileFromGNOMEWebData parameters: file: ephy-history.db-shm - function: DeleteFileFromGNOMEWebData parameters: file: ephy-history.db-wal - name: Clear GNOME Web cookies recommend: strict docs: |- `cookies.sqlite` file is used to store cookies in WebKit-based browsers [1]. See also: - [What are cookies? | GNOME Web | gnome.org](https://web.archive.org/web/20221029214420/https://help.gnome.org/users/epiphany/stable/cookies.html.en) - [Delete a cookie | GNOME Web | gnome.org](https://web.archive.org/web/20221029214415/https://gitlab.gnome.org/GNOME/epiphany) [1]: https://web.archive.org/web/20221029144608/https://bugs.webkit.org/show_bug.cgi?id=149551 "Discussion around cookies.sqlite in WebKit source code | WebKit Bugzilla | bugs.webkit.org" call: function: DeleteFileFromGNOMEWebData parameters: file: cookies.sqlite - name: Clear GNOME Web bookmarks docs: |- Bookmarks are evidently stored in a file called `bookmarks.gvdb` [1]. See also [Bookmarks design | GNOME Wiki](https://web.archive.org/web/20221029214609/https://wiki.gnome.org/Design/Apps/Web/Bookmarks) to read more about GNOME Web bookmarks. [1]: https://web.archive.org/web/20221029144626/https://gitlab.gnome.org/GNOME/epiphany/-/issues/198 "Discussion around bookmarks.gvdb | GNOME/epiphany | gitlab.gnome.org" call: function: DeleteFileFromGNOMEWebData parameters: file: bookmarks.gvdb - category: Clear Firefox history docs: |- This category encompasses a series of scripts aimed at helping users manage and delete their browsing history and related data in Mozilla Firefox. The scripts are designed to target different aspects of user data stored by Firefox, providing users options for maintaining privacy and freeing up disk space. children: - name: Clear Firefox cache recommend: standard docs: |- The cache gets stored `.cache` folder, which you can see when you navigate to `about:cache` [1] [2]. [1]: https://web.archive.org/web/20221029145216/https://support.mozilla.org/en-US/questions/1317032 "How to locate and change Firefox Cache storage location | Firefox Support Forum | Mozilla Support | support.mozilla.org" [2]: https://web.archive.org/web/20221029145237/https://wiki.archlinux.org/title/Firefox/Profile_on_RAM "Firefox/Profile on RAM | ArchWiki | wiki.archlinux.org" code: |- # Global installation rm -rfv ~/.cache/mozilla/* # Flatpak installation rm -rfv ~/.var/app/org.mozilla.firefox/cache/* # Snap installation rm -rfv ~/snap/firefox/common/.cache/* - name: Clear Firefox crash reports recommend: standard docs: |- Firefox stores crash reports in `~/.mozilla/firefox/Crash Reports/` to submit them later [1]. They are also seen to be stored in the profile directory [2]. You can run `about:crashes` in the address bar to see crash reports and their submission dates [1]. [1]: https://web.archive.org/web/20221029145258/https://support.mozilla.org/en-US/kb/mozillacrashreporter "Mozilla Crash Reporter | Firefox Help | support.mozilla.org" [2]: https://web.archive.org/web/20221029145312/https://bugzilla.mozilla.org/show_bug.cgi?id=1653852#c16 "1653852 - Flatpak sandbox breaks crash reporting | Bugzilla | mozilla.org" call: - function: RunInlineCode parameters: code: |- # Global installation rm -fv ~/.mozilla/firefox/Crash\ Reports/* # Flatpak installation rm -rfv ~/.var/app/org.mozilla.firefox/.mozilla/firefox/Crash\ Reports/* # Snap installation rm -rfv ~/snap/firefox/common/.mozilla/firefox/Crash\ Reports/* - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: crashes/* - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: crashes/events/* - name: Clear Firefox cookies docs: |- Firefox Cookies are stored in the `cookies.sqlite` database, within the 'moz_cookies' table [1]. [1]: https://web.archive.org/web/20221029140816/https://kb.mozillazine.org/Cookies.sqlite "Cookies.sqlite - MozillaZine Knowledge Base | kb.mozillazine.org" call: function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: cookies.sqlite - name: Clear Firefox browsing history (URLs, downloads, bookmarks, visits, etc.) # This script (name, documentation and code) is same in Linux and Windows collections. # Changes should be done at both places. # Marked: refactor-with-partials docs: |- This script targets the Firefox browsing history, including URLs, downloads, bookmarks, and site visits, by deleting specific database entries. Firefox stores various user data in a file named `places.sqlite`. This file includes: - Annotations, bookmarks, and favorite icons (`moz_anno_attributes`, `moz_annos`, `moz_favicons`) [1] - Browsing history, a record of pages visited (`moz_places`, `moz_historyvisits`) [1] - Keywords and typed URLs (`moz_keywords`, `moz_inputhistory`) [1] - Item annotations (`moz_items_annos`) [1] - Bookmark roots such as places, menu, toolbar, tags, unfiled (`moz_bookmarks_roots`) [1] The `moz_places` table holds URL data, connecting to various other tables like `moz_annos`, `moz_bookmarks`, `moz_inputhistory`, and `moz_historyvisits` [2]. Due to these connections, the script removes entries from all relevant tables simultaneously to maintain database integrity. **Bookmarks**: Stored across several tables (`moz_bookmarks`, `moz_bookmarks_folders`, `moz_bookmarks_roots`) [3], with additional undocumented tables like `moz_bookmarks_deleted` [4]. **Downloads**: Stored in the 'places.sqlite' database, within the 'moz_annos' table [5]. The entries in `moz_annos` are linked to `moz_places` that store the actual history entry (`moz_places.id = moz_annos.place_id`) [6]. Associated URL information is stored within the 'moz_places' table [5]. Downloads have been historically stored in `downloads.rdf` for Firefox 2.x and below [7], and `downloads.sqlite` later on [7]. **Favicons**: Older Firefox versions stored favicons in `places.sqlite` within the `moz_favicons` table [5], while newer versions use `favicons.sqlite` and the `moz_icons` table [5]. By executing this script, users can ensure their Firefox browsing history, bookmarks, and downloads are thoroughly removed, contributing to a cleaner and more private browsing experience. [1]: https://web.archive.org/web/20221029141626/https://kb.mozillazine.org/Places.sqlite "Places.sqlite - MozillaZine Knowledge Base | kb.mozillazine.org" [2]: https://web.archive.org/web/20221030160803/https://wiki.mozilla.org/images/0/08/Places.sqlite.schema.pdf "Places.sqlite.schema.pdf | Mozilla Wiki" [3]: https://web.archive.org/web/20221029145432/https://wiki.mozilla.org/Places:BookmarksComments "Places:BookmarksComments | MozillaWiki | wiki.mozilla.org" [4]: https://web.archive.org/web/20221029145447/https://github.com/mozilla/application-services/issues/514 "Add a `moz_bookmarks_deleted` table for tombstones · Issue #514 · mozilla/application-services | GitHub | github.com" [5]: https://web.archive.org/web/20221029145535/https://www.foxtonforensics.com/browser-history-examiner/firefox-history-location "Mozilla Firefox History Location | Firefox History Viewer | foxtonforensics.com" [6]: https://web.archive.org/web/20221029145550/https://support.mozilla.org/en-US/questions/1319253 "Where does Firefox store SQLITE download history | Firefox Support Forum | Mozilla Support | support.mozilla.org" [7]: https://web.archive.org/web/20221029145712/https://kb.mozillazine.org/Downloads.rdf "Downloads.rdf | MozillaZine Knowledge Base | kb.mozillazine.org" call: - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: downloads.rdf - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: downloads.sqlite - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: places.sqlite - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: favicons.sqlite - name: Clear Firefox logins docs: |- Logins for Firefox are saved in the `logins.json` file [1]. Older versions of Firefox stored logins in the `signons.sqlite` database, within the `moz_logins` table [1]. Back-ups are stored in the `logins-backup.json` file [2]. [1]: https://web.archive.org/web/20221029145535/https://www.foxtonforensics.com/browser-history-examiner/firefox-history-location "Mozilla Firefox History Location | Firefox History Viewer | foxtonforensics.com" [2]: https://web.archive.org/web/20221029145757/https://bugzilla.mozilla.org/show_bug.cgi?id=1593467 "1593467 - Automatically restore from logins-backup.json when logins.json is missing or corrupt | Bugzilla | mozilla.org | bugzilla.mozilla.org" call: - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: logins.json - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: logins-backup.json - function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: signons.sqlite - name: Clear Firefox autocomplete history docs: |- The `formhistory.sqlite` file remembers what you have searched for in the Firefox search bar and what information you've entered into website forms [1]. [1]: https://web.archive.org/web/20221029145152/https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data "Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help | support.mozilla.org" call: function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: formhistory.sqlite - name: Clear Firefox "Multi-Account Containers" data docs: |- The `containers.json` file stores the details of containers used by the [Container Tabs](https://web.archive.org/web/20221029214648/https://support.mozilla.org/en-US/kb/containers) feature [1]. [1]: https://web.archive.org/web/20221029145152/https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data "Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help | support.mozilla.org" call: function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: containers.json - name: Clear Firefox open tabs and windows data docs: |- The `sessionstore.jsonlz4` file stores the currently open tabs and windows [1]. See ["Restore previous session - Configure when Firefox shows your most recent tabs and windows"](https://web.archive.org/web/20221029220311/https://support.mozilla.org/en-US/kb/restore-previous-session). [1]: https://web.archive.org/web/20221029145152/https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data "Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help | support.mozilla.org" call: function: DeleteFilesFromFirefoxProfiles parameters: pathGlob: sessionstore.jsonlz4 - category: Clear system and kernel usage data docs: |- Your system (operating system along with other software on it) and kernel store data that may reveal your behavior and can be considered sensitive. These scripts clean up the data that could potentially expose your user data. children: - name: Clear system crash report files docs: |- The `/var/crash` directory holds system crash dumps according to Filesystem Hierarchy Standard (FHS) [1]. You may get reports on a system's boot when crash report files exist. When the `/var/crash` directory contains files, Apport will display notifications [2]. This directory is then cleaned up by Apport using [`/etc/cron.daily/apport`](https://web.archive.org/web/20221029220300/https://www.apt-browse.org/browse/ubuntu/precise/main/all/apport/2.0.1-0ubuntu5/file/etc/cron.daily/apport) job [6]. Read more: ["Apport | Ubuntu Wiki"](https://web.archive.org/web/20221029220354/https://wiki.ubuntu.com/Apport). The folder typically contains kernel crash dumps [3], but it can be used by other applications as well. E.g., the Debian package corekeeper stores user-space coredumps in subfolders of `/var/crash` [4]. Some systems, such as Ubuntu also put userspace crashes in this folder [5]. When using systemd to start services or processes, the crash logs are stored in the `/var/lib/systemd/coredump/` directory [7]. [1]: https://web.archive.org/web/20221029145818/https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html "Filesystem Hierarchy Standard | FHS | linuxfoundation.org" [2]: https://web.archive.org/web/20221029150025/https://support.starlabs.systems/kb/guides/disable-program-problem-reports "Disable program problem reports | Star Labs | support.starlabs.systems" [3]: https://web.archive.org/web/20221029150105/https://elinux.org/Crash_Diagnostics "Crash Diagnostics | eLinux.org" [4]: https://web.archive.org/web/20221029150118/https://packages.debian.org/unstable/main/corekeeper "Details of package corekeeper in sid | packages.debian.org" [5]: https://web.archive.org/web/20221029150311/https://wiki.ubuntu.com/AutomatedProblemReports "AutomatedProblemReports - Ubuntu Wiki | wiki.ubuntu.com" [6]: https://web.archive.org/web/20221029150331/https://bugs.launchpad.net/apport/+bug/357024 "Bug #357024 (pertian7) “security hole in /etc/cron.daily/apport” : Bugs : Apport | bugs.launchpad.net" [7]: https://web.archive.org/web/20221029211018/https://www.freedesktop.org/software/systemd/man/systemd-coredump.html "systemd-coredump | freedesktop.org" code: |- sudo rm -rfv /var/crash/* sudo rm -rfv /var/lib/systemd/coredump/ - name: Clear system logs (`journald`) docs: |- journald is the part of systemd that captures, queries, and removes logs when needed [1]. It allows removing logs by setting `--vacuum-time` [2]. systemd is also known as "System and Service Manager" and is a suite of basic building blocks for a Linux system [3]. systemd keeps files in two places: `/var/log/journal/` (persistently) and `/run/log/journal/` (volatilely, the data is lost when the system is rebooted) [4]. [1]: https://web.archive.org/web/20221029211624/https://docs.google.com/document/pub?id=1IC9yOXj7j6cdLLxWEBAGRL6wl97tFxgjLUEHIX3MSTs&pli=1 "Paper announcing journald | docs.google.com" [2]: https://web.archive.org/web/20221029150611/https://wiki.archlinux.org/title/Systemd/Journal#Clean_journal_files_manually "systemd/Journal - ArchWiki | Arch Linux documentation | archlinux.org | wiki.archlinux.org" [3]: https://web.archive.org/web/20221026211029/https://systemd.io/ "Systemd Homepage | systemd.io" [4]: https://web.archive.org/web/20221029150659/https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html "systemd-journald.service | freedesktop.org" call: - function: RunIfCommandExists parameters: command: journalctl code: sudo journalctl --vacuum-time=1s - function: RunInlineCode parameters: code: |- sudo rm -rfv /run/log/journal/* sudo rm -rfv /var/log/journal/* - name: Clear Zeitgeist data (activity logs) recommend: strict docs: |- Zeitgeist logs files opened, websites visited, conversations, and emails and provides this information over an API to applications [1] [2]. It serves as a comprehensive activity log and also makes it possible to determine relationships between items based on usage patterns [2]. This script deletes indexes (`fts.index` directory). It's safe to delete and will be regenerated the next time you start Zeitgeist [3]. This script also deletes all activity logs (`activity.sqlite`) and related user-data. [1]: https://web.archive.org/web/20221029150843/https://zeitgeist.freedesktop.org/ "The Zeitgeist Project | freedesktop.org" [2]: https://web.archive.org/web/20221029150843/https://packages.debian.org/sid/libdevel/libzeitgeist-2.0-dev "Debian -- Details of package libzeitgeist-2.0-dev in sid | packages.debian.org" [3]: https://web.archive.org/web/20221029150959/https://bugs.launchpad.net/ubuntu/+source/zeitgeist/+bug/941643 "Bug #941643 “activity.sqlite-wal's size increments dramatically” : Bugs : zeitgeist package : Ubuntu | Ubuntu Zeitgeist Package | bugs.launchpad.net" code: |- sudo rm -rfv {/root,/home/*}/.local/share/zeitgeist - category: Clear recently used files list docs: |- Revealing data about recent files used by a user has privacy risks, such as exposing your actions and files that you wish to keep private. children: - name: Clear GTK recently used files list recommend: strict docs: |- `recently-used.xbel` is part of the GTK+ toolkit [1] that's developed and used by GNOME [2]. provides a facility for adding, removing, and looking up recently used files and acts like a database of all the recently used files [3]. GTK is used by many GUI software. GNOME uses the GTK+ library [2], while KDE uses the QT library [4]. `recently-used.xbel` is used by other third-party GTK 3 based applications such as Firefox, Visual Studio Code (and all other Electron applications [5]), Thunderbird… See also: ["List of GTK applications | Wikipedia"](https://web.archive.org/web/20221029221112/https://en.wikipedia.org/wiki/List_of_GTK_applications). [1]: https://web.archive.org/web/20221030164434/https://gitlab.gnome.org/GNOME/gtk/-/raw/1c3f179a20bf7537691216c28332f00c651a577f/gtk/gtkrecentmanager.c#L103 "Line 103 defines GTK_RECENTLY_USED_FILE as recently-used.xbel | GTK source code | gitlab.gnome.org" [2]: https://web.archive.org/web/20221029151059/https://gtk.org/ "GTK homepage | gtk.org" [3]: https://web.archive.org/web/20221029151529/https://www.gnu.org/software/guile-gnome/docs/gtk/html/GtkRecentManager.html "GtkRecentManager - Guile-Gtk | www.gnu.org" [4]: https://web.archive.org/web/20221029151457/https://www.qt.io/faq/3.2.-why-do-you-have-an-agreement-with-kde-about-your-licensing-what-kde-is-and-whats-the-history-of-qt-and-kde "What's the history of Qt and KDE? | qt.io" [5]: https://web.archive.org/web/20221029151534/https://github.com/electron/electron/issues/2927 "Consider replacing GTK2 w GTK3 in Linux builds · Issue #2927 · electron/electron | GitHub" code: |- # From global installations rm -fv /.recently-used.xbel rm -fv ~/.local/share/recently-used.xbel* # From snap packages rm -fv ~/snap/*/*/.local/share/recently-used.xbel # From Flatpak packages rm -fv ~/.var/app/*/data/recently-used.xbel - name: Clear KDE-tracked recently used items list recommend: strict docs: |- `.desktop` files are used by KDE to store recent documents and are exposed through an API [1]. They are not only specific to the desktop environment, but also used by applications. Likewise, they are used by the KDE implementation of QT components, such as [QFileDialog](https://web.archive.org/web/20221029221146/https://doc.qt.io/qt-5/qfiledialog.html) ([KFileWidget](https://web.archive.org/web/20221029221152/https://api.kde.org/frameworks/kio/html/classKFileWidget.html)) [1]. Furthermore, they are used by other [KDE apps](https://web.archive.org/web/20221029221245/https://apps.kde.org/) and can even be used by GTK applications [1]. [1]: https://web.archive.org/web/20221029151634/https://api.kde.org/frameworks/kio/html/classKRecentDocument.html "KIO - KRecentDocument Class Reference | api.kde.org" code: |- # From global installations rm -rfv ~/.local/share/RecentDocuments/*.desktop rm -rfv ~/.kde/share/apps/RecentDocuments/*.desktop rm -rfv ~/.kde4/share/apps/RecentDocuments/*.desktop # From snap packages rm -fv ~/snap/*/*/.local/share/*.desktop # From Flatpak packages rm -rfv ~/.var/app/*/data/*.desktop - name: Empty trash docs: |- The trash location is standardized by ["The FreeDesktop.org Trash specification"](https://web.archive.org/web/20221029151648/https://specifications.freedesktop.org/trash-spec/trashspec-latest.html) [1]. It uses the `$XDG_DATA_HOME/Trash` directory [1], which defaults to `$HOME/.local/share/Trash` [2]. Flatpak applications may use the same trash using special APIs [3]. However, Snap applications do not have an API to use the global trash [4]. [1]: https://web.archive.org/web/20221029151648/https://specifications.freedesktop.org/trash-spec/trashspec-latest.html "The FreeDesktop.org Trash specification | freedesktop.org" [2]: https://web.archive.org/web/20221029151712/https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html "XDG Base Directory Specification | freedesktop.org" [3]: https://web.archive.org/web/20221029151919/https://docs.flatpak.org/en/latest/portal-api-reference.html#gdbus-org.freedesktop.portal.Trash "Portal API Reference - Flatpak documentation | docs.flatpak.org" [4]: https://web.archive.org/web/20221029151931/https://bugs.launchpad.net/snapd/+bug/1787903 "Bug #1787903 “Snapped application can't access user's trash can” : Bugs : snapd | bugs.launchpad.net" code: |- # Empty global trash rm -rfv ~/.local/share/Trash/* sudo rm -rfv /root/.local/share/Trash/* # Empty Snap trash rm -rfv ~/snap/*/*/.local/share/Trash/* # Empty Flatpak trash (apps may not choose to use Portal API) rm -rfv ~/.var/app/*/data/Trash/* - name: Clear global temporary folders docs: |- A temporary folder or temporary directory is a directory used to hold temporary files [1]. In Unix and Linux, the global temporary directories are `/tmp` [2] and `/var/tmp` [1]. Typically, `/var/tmp` is for persistent files (as it may be preserved over reboots), and `/tmp` is for more temporary files [1]. Programs do not assume that any files or directories in temporary folders are preserved between invocations of the program, and these files may be deleted after reboot and in a site-specific manner [2]. See also: "[Filesystem Hierarchy Standard](https://web.archive.org/web/20221029152204/https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s18.html)". [1]: https://web.archive.org/web/20221029152135/https://en.wikipedia.org/wiki/Temporary_folder "Temporary folder | Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029152204/https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s18.html "Filesystem Hierarchy Standard | LinuxFoundation.org" code: |- sudo rm -rfv /tmp/* sudo rm -rfv /var/tmp/* - category: Clear package manager data docs: |- Package managers store caches, statistics, and logs that may reveal data on how you use the package managers and software downloaded from them, such as your choice of software. children: - name: Clear YUM/RPM data docs: |- The Yellowdog Updater, Modified (YUM) is a free and open-source command-line package-management utility for computers running the Linux operating system using the RPM Package Manager [1]. It has been shipped by default by distros such as Fedora, Rocky Linux, AlmaLinux, CentOS [2]. YUM stores cached packages, header files, and metadata to determine the remote availability of packages, SQLite database cache, rpmdb cache [3]. Every YUM plugin may store its own cache [3]. `yum clean all` cleans all temporary files. See also: ["Yum Package Manager homepage"](https://web.archive.org/web/20221029221419/http://yum.baseurl.org/). [1]: https://web.archive.org/web/20221029152219/https://en.wikipedia.org/wiki/Yum_%28software%29 "Yum | Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029152251/https://webhome.phy.duke.edu/~rgb/General/yum_article/yum_article.pdf "YUM: Yellowdog Updater, Modified | www.phy.duke.edu" [3]: https://web.archive.org/web/20221029152334/https://linux.die.net/man/8/yum "yum: Yellowdog Updater Modified - Linux man page | linux.die.net" call: function: RunIfCommandExists parameters: command: yum code: yum clean all --enablerepo='*' - name: Clear DNF/RPM data docs: |- DNF or Dandified YUM is the next-generation version of YUM, a package manager for .rpm-based Linux distributions [1]. It has been the default package manager since Fedora 22 in 2015, Red Hat Enterprise Linux 8, and OpenMandriva [1]. DNF stores temporary files for repositories such as repository metadata, cache files generated from the repository metadata, and cached packages [2]. `dnf clean all` cleans all temporary files [2]. [1]: https://web.archive.org/web/20221029152448/https://en.wikipedia.org/wiki/DNF_%28software%29 "DNF (software) | Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029152515/https://manpages.ubuntu.com/manpages/kinetic/en/man8/dnf.8.html "Ubuntu Manpage: dnf - DNF Command Reference | manpages.ubuntu.com" call: function: RunIfCommandExists parameters: command: dnf code: dnf clean all --enablerepo='*' - category: Clear Snap data docs: |- Snap is a software packaging and deployment system developed by Canonical [1]. The packages are called snaps, and the tool for using them is called snapd [1]. Snap is available on many distros and is supported out-of-the-box by distros such as Ubuntu, Kubuntu, Xubuntu, Manjaro, Zorin OS, KDE Neon and Solus among others [1]. [1]: https://web.archive.org/web/20221029152606/https://en.wikipedia.org/wiki/Snap_%28software%29 "Snap | Wikipedia | en.wikipedia.org" children: - name: Clear Snap cache docs: |- The Snap cache is stored at `/var/lib/snapd/cache/` [1]. Clearing the Snap cache is safe and can be done without causing any issues while running Snap [2]. [1]: https://web.archive.org/web/20221029152638/https://github.com/snapcore/snapd/blob/76b081beee1899c573b42bf216b6e087656011e7/tests/main/auto-refresh-private/task.yaml#L74 "snapd source code | GitHub | github.com" [2]: https://web.archive.org/web/20221029152651/https://forum.snapcraft.io/t/is-if-safe-for-me-to-remove-cache-files/7641/2 "Is if safe for me to remove cache files? - snapd - snapcraft.io | forum.snapcraft.io" code: sudo rm -rfv /var/lib/snapd/cache/* - name: Remove old Snap packages recommend: standard docs: |- This script removes all disabled Snap packages. Old and unused snaps get "disabled" by Snap. This is due to the snapd that keeps multiple revisions of the same package [1]. Disabled state means that the binaries and services of the snap will no longer be available [2]. But all the data is still available, and the snap can easily be enabled again [2]. [1]: https://web.archive.org/web/20221029153110/https://forum.snapcraft.io/t/configure-number-of-old-revisions-to-keep/2337/7 "Configure number of old revisions to keep - snapd | forum.snapcraft.io" [2]: https://web.archive.org/web/20221029153125/https://www.mankier.com/8/snap#Commands-disable "snap man page - snapd - System Administration | ManKier | www.mankier.com" call: function: RunIfCommandExists parameters: command: snap code: |- snap list --all | while read name version rev tracking publisher notes; do if [[ $notes = *disabled* ]]; then sudo snap remove "$name" --revision="$rev"; fi done - category: Clear Flatpak data docs: |- Flatpak, formerly known as xdg-app, is a utility for software deployment and package management for Linux [1]. It is supported out-of-the-box by many Linux distributions including CentOS, Clear Linux, elementary OS, Endless OS, Fedoora Workstation, Fedora Silverblue, Linux Mint, Pop! OS, PureOS, SteamOS, Ubuntu MATE and Zorin OS [1]. [1]: https://web.archive.org/web/20221029153354/https://en.wikipedia.org/wiki/Flatpak "Flatpak - Wikipedia | en.wikipedia.org" children: - name: Remove orphaned Flatpak runtimes recommend: standard docs: |- This script removes runtimes and extensions that are not used by installed applications by running `flatpak uninstall --unused` [1]. Flatpak doesn't automatically remove a runtime after the last application that depends on it is uninstalled [2]. This may cause issues with disk space or leave hints about what software has been installed before. This happens because when a Flatpak package is uninstalled, its runtime dependencies are not automatically uninstalled, as `flatpak uninstall` can uninstall either an application or runtime [3]. [1]: https://web.archive.org/web/20221029153522/https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-uninstall "Flatpak Command Reference - Flatpak documentation | docs.flatpak.org" [2]: https://web.archive.org/web/20221029153359/https://github.com/flatpak/flatpak/issues/2639 "[RFE] Auto remove orphaned runtimes · Issue #2639 · flatpak/flatpak | GitHub | github.com" [3]: https://web.archive.org/web/20221029153507/https://docs.flatpak.org/en/latest/using-flatpak.html#troubleshooting "Using Flatpak - Flatpak documentation | docs.flatpak.org" call: function: RunIfCommandExists parameters: command: flatpak code: flatpak uninstall --unused --noninteractive - name: Clear Flatpak cache docs: |- This script clears the Flatpak cache. Flatpak creates temporary files as `/var/tmp/flatpak-cache-*` [1]. These files can fill up a large portion of the disk [1], and reveal usage patterns. Flatpak stores cache files in `~/.cache/flatpak/system-cache/` which replaces the directory used in older versions (`~/.local/share/flatpak/system-cache/`) [2]. [1]: https://web.archive.org/web/20221029153602/https://github.com/flatpak/flatpak/issues/1119 "Prevent /var/tmp/flatpak-cache from piling up · Issue #1119 · flatpak/flatpak | GitHub | github.com" [2]: https://web.archive.org/web/20221029153627/https://github.com/flatpak/flatpak/commit/1a49029f9d8fbee0338665522cf7432ae7485841 "Move caches to ~/.cache · flatpak/flatpak@1a49029 · GitHub | github.com" code: |- # Temporary cache sudo rm -rfv /var/tmp/flatpak-cache-* # New cache rm -rfv ~/.cache/flatpak/system-cache/* # Old cache rm -rfv ~/.local/share/flatpak/system-cache/* - category: Clear APT data docs: |- Advanced Package Tool (APT) is a free software user interface that works with core libraries to handle the installation and removal of software on Debian, and Debian-based Linux distributions [1]. See also: ["APT | Debian Wiki"](https://web.archive.org/web/20221029221422/https://wiki.debian.org/Apt). [1]: https://web.archive.org/web/20221029153651/https://en.wikipedia.org/wiki/APT_%28software%29 "APT | Wikipedia" children: - name: Clear obsolete APT packages recommend: standard docs: |- This script runs the `autoclean` command which removes package files that can no longer be downloaded, and are largely useless [1]. This allows a cache to be maintained over a long period without it growing out of control [1]. [1]: https://web.archive.org/web/20221029153705/https://manpages.ubuntu.com/manpages/jammy/en/man8/apt-get.8.html "Ubuntu Manpage: apt-get - APT package handling utility | manpages.ubuntu.com" call: function: RunIfCommandExists parameters: command: apt-get code: sudo apt-get autoclean - name: Clear APT package file lists docs: |- This script removes package file lists. APT stores a copy of those files (in `/var/lib/apt/lists/`) and searches are done within those local files to avoid going through the network for every search [1]. An `apt-get update` will repopulate the necessary information and recreate the list file [2]. The list files should be recreated as they get lost over time [2]. [1]: https://web.archive.org/web/20221029153731/https://www.debian.org/doc/manuals/debian-handbook/sect.apt-cache.en.html "6.3. The apt-cache Command | Debian Handbook | www.debian.org" [2]: https://web.archive.org/web/20221029154335/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775163 "#775163 - apt pigs out in /var, particularly with multi-arch - Debian Bug report logs | bugs.debian.org" code: sudo rm -rfv /var/lib/apt/lists/* - name: Clear orphaned APT package dependencies recommend: standard docs: |- This script runs the `autoremove` command, which removes packages that were automatically installed to satisfy dependencies for other packages and are now no longer needed [1]. This script also purges removed packages, which means that the configuration files of the removed packages are deleted too [1]. [1]: https://web.archive.org/web/20221029153705/https://manpages.ubuntu.com/manpages/jammy/en/man8/apt-get.8.html "Ubuntu Manpage: apt-get - APT package handling utility | manpages.ubuntu.com" call: function: RunIfCommandExists parameters: command: apt-get code: sudo apt-get -y autoremove --purge - name: Clear cache for APT packages docs: |- This script runs the `clean` command. It clears out the local repository of retrieved package files [1], meaning that it deletes downloaded packages (`.deb`) already installed (and no longer needed) [2]. It clears the whole `/var/cache/apt/archives/` directory that contains a copy of each downloaded `.deb` file [2]. It clears the cache but does not delete the lists [3]. [1]: https://web.archive.org/web/20221029153705/https://manpages.ubuntu.com/manpages/jammy/en/man8/apt-get.8.html "Ubuntu Manpage: apt-get - APT package handling utility | manpages.ubuntu.com" [2]: https://web.archive.org/web/20221030163316/https://www.debian.org/doc/manuals/debian-handbook/sect.apt-get.en.html "6.2. aptitude, apt-get, and apt Commands | Debian Handbook | Debian" [3]: https://web.archive.org/web/20221029154423/https://lists.debian.org/debian-user/2015/09/msg00024.html "Re: /var/lib/apt/lists/partial fills entire partition | Debian Issues" call: function: RunIfCommandExists parameters: command: apt-get code: sudo apt-get clean - category: Clear shared caches docs: |- The scripts in this category bulk delete all cache entries for the given scope. These scripts are designed to affect more than a single application and do a wide range of cleaning. children: - name: Clear user-specific cache docs: |- User-specific non-essential data is stored in `$XDG_CACHE_HOME`, which defaults to `$HOME/.cache` [1]. Even though this data should be safe to delete, an application might still not comply with the standard and put anything in the cache folder, but this is very rare. This cache is used by both the operating system and different applications on it, e.g., used by KDE since v5.0 [2], pip (Python package manager) [3], or Google Chrome and Chromium-based browsers. Deleting this cache does not affect sandboxed applications, e.g., those that are installed using Snap or Flatpak. [1]: https://web.archive.org/web/20221029151712/https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html "XDG Base Directory Specification | specifications.freedesktop.org" [2]: https://web.archive.org/web/20221029154505/https://wiki.archlinux.org/title/KDE#Clean_cache_to_resolve_upgrade_problems "KDE - ArchWiki | wiki.archlinux.org" [3]: https://web.archive.org/web/20221029154542/https://pip.pypa.io/en/stable/topics/caching/#default-paths "Caching - pip documentation v22.2.2 | pip.pypa.io" [4]: https://web.archive.org/web/20221029154556/https://chromium.googlesource.com/chromium/src/+/master/docs/user_data_dir.md#Linux "Chromium Docs - User Data Directory | chromium.googlesource.com" code: |- rm -rfv ~/.cache/* sudo rm -rfv root/.cache/* - name: Clear system-wide cache docs: |- The `/var/cache` directory contains cached files, i.e. files that were generated and can be re-generated at any time, but they are worth storing to save time recomputing them [1]. The application must be able to regenerate or restore the data [2], so the system can delete the contents of /var/cache either periodically or when its contents get too large [1]. However, there is no guarantee that applications will follow the specification, but this is very rare. It's not only used by applications but also by the operating system. This may include OS folders such as [2]: - Locally-generated fonts (`/var/cache/fonts`) - Locally-formatted manual pages (`/var/cache/man`) - WWW proxy or cache data (`/var/cache/www`) [1]: https://web.archive.org/web/20130511220135/http://www.lindevdoc.org/wiki//var/cache "/var/cache - Linux Developer's Documentation" [2]: https://web.archive.org/web/20221029154623/https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s05.html "5.5. /var/cache : Application cache data | refspecs.linuxfoundation.org" code: rm -rf /var/cache/* - name: Clear Flatpak application cache docs: |- Non-essential user-specific data is stored in `~/.var/app//cache` by Flatpak applications [1]. This directory points to `XDG_CACHE_HOME` [1] from the XDG base directory specification [2]. [1]: https://web.archive.org/web/20221029154654/https://docs.flatpak.org/en/latest/conventions.html#xdg-base-directories "Requirements & Conventions - Flatpak documentation | docs.flatpak.org" [2]: https://web.archive.org/web/20221029151712/https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html "XDG Base Directory Specification | specifications.freedesktop.org" code: rm -rfv ~/.var/app/*/cache/* - name: Clear Snap application cache docs: |- Application caches are isolated per application and stored in the `~/snaps/APP-NAME/VERSION/.cache` folders for Snap applications [1]. [1]: https://web.archive.org/web/20221029154850/https://bugs.launchpad.net/snappy/+bug/1744584 "Bug #1744584 “Exclude Snap .cache from Dejadup backups” : Bugs : Snappy | bugs.launchpad.net/snappy" code: rm -fv ~/snap/*/*/.cache/* - name: Clear thumbnails (icon cache) docs: |- Thumbnails are reduced-size versions of pictures or videos, used to help in recognizing and organizing them, serving the same role for images as a normal text index does for words [1]. Depending on the program that processes the thumbnails, the "icons" are usually located either in the `~/.cache/thumbnails/` folder (e.g., Nautilus from GNOME does this [2] [3]) or the `~/.thumbnails/` directory [4]. [1]: https://web.archive.org/web/20221029154942/https://en.wikipedia.org/wiki/Thumbnail "Thumbnail - Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029154933/https://wiki.archlinux.org/title/GNOME/Files#Thumbnails "GNOME/Files - ArchWiki | wiki.archlinux.org" [3]: https://web.archive.org/web/20221030163411/https://gitlab.gnome.org/GNOME/nautilus/-/issues/1237 "Unable to generate thumbnails (#1237) · Issues · GNOME / Files · GitLab | gitlab.gnome.org" [4]: https://web.archive.org/web/20221029155859/https://bugs.kde.org/show_bug.cgi?id=79943 "79943 - It should be possible to limit the amount of disk space used by thumbnails (.thumbnails directory) | bugs.kde.org" code: |- rm -rfv ~/.thumbnails/* rm -rfv ~/.cache/thumbnails/* - name: Clear screenshots docs: |- GNOME's default screenshot folder (as seen in Pop!_OS and Elementary OS) is `~/Pictures/Screenshots/` [1]. Flameshot also uses the same default folder as GNOME [2]. Despite being GNOME-based, Ubuntu changes this default to `~/Pictures/` with files that look like "`Screenshot from ***.png`" [3]. KDE ([Spectacle](https://web.archive.org/web/20221029221516/https://apps.kde.org/spectacle/)) saves screenshots in the `~/Pictures/` folder with the default name format of `Screenshot_%Y%M%D_%H%m%S.**` [4]. Other applications use different paths, e.g. ksnip uses `ksnip_$Y$M$D-$T.png` by default in the home folder [5]. [1]: https://web.archive.org/web/20221030163430/https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/1950 "Save screenshots to dedicated Screenshots folder (#1950) · Issues · GNOME / gnome-shell | gitlab.gnome.org" [2]: https://web.archive.org/web/20221029155930/https://github.com/flameshot-org/flameshot/blob/fa6164bedf683d4deb9c879563506310908280bf/README.md#on-kde-plasma-desktop "flameshot/README.md · flameshot-org/flameshot | GitHub" [3]: https://web.archive.org/web/20221029160024/https://help.ubuntu.com/stable/ubuntu-help/screen-shot-record.html "Screenshots and screencasts | help.ubuntu.com" [4]: https://web.archive.org/web/20221029160018/https://docs.kde.org/stable5/en/spectacle/spectacle/ch04s02.html "Configure | docs.kde.org" [5]: https://web.archive.org/web/20221029160052/https://github.com/ksnip/ksnip/blob/89b7f3f1f5efc0c62797c091e985dc70be17e347/src/backend/config/Config.cpp#L232-L241 "ksnip/Config.cpp · ksnip/ksnip | GitHub" code: |- # Clear default directory for GNOME screenshots rm -rfv ~/Pictures/Screenshots/* if [ -d ~/Pictures ]; then # Clear Ubuntu screenshots find ~/Pictures -name 'Screenshot from *.png' | while read -r file_path; do rm -fv "$file_path" # E.g. Screenshot from 2022-08-20 02-46-41.png done # Clear KDE (Spectatle) screenshots find ~/Pictures -name 'Screenshot_*' | while read -r file_path; do rm -fv "$file_path" # E.g. Screenshot_20220927_205646.png done fi # Clear ksnip screenshots find ~ -name 'ksnip_*' | while read -r file_path; do rm -fv "$file_path" # E.g. ksnip_20220927-195151.png done - category: Disable OS data collection docs: |- All operating systems collect data. This is part of their work. Sometimes, this data has high privacy implications, especially when it is submitted to third parties. Some Linux distributions come with out-of-the-box data collection and submission. Most of the time, this data collection is opt-in, but not necessarily always. Data collection and telemetry is not always a bad thing, and can help developers provide better software that can compete with proprietary and much more privacy-invasive alternatives. children: - category: Disable Debian telemetry docs: |- Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source software, developed by the community-supported Debian Project [1]. Debian-based distributions include Ubuntu, Kali Linux, MX Linux, Pardus, Parrot OS, PureOS, Raspberry Pi OS, TAILS, and others [2]. Debian contains some telemetry client libraries, and some packages depend or build-depend on them [3]. Some pre-installed packages send data or facilitate sending data, which may risk your privacy to some extent [4]. [1]: https://web.archive.org/web/20221029160202/https://en.wikipedia.org/wiki/Debian "Debian - Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029160241/https://en.wikipedia.org/wiki/List_of_Linux_distributions#Ubuntu-based "List of Linux distributions - Wikipedia | en.wikipedia.org" [3]: https://web.archive.org/web/20221029160255/https://wiki.debian.org/PrivacyIssues#Telemetry_libraries "Privacy Issues | Debian Wiki | wiki.debian.org" [4]: https://web.archive.org/web/20221030133248/https://www.debian.org/legal/privacy "Debian -- Privacy Policy | www.debian.org" children: - category: Disable sending of package statistics (popcon) docs: |- Popularity Contest (or popcon) collects statistical data to determine which packages are the most popular [1]. It sends a list of packages installed and the access and change times of relevant files to the server via email in different distros such as Debian and Ubuntu [2]. `popularity-contest` package sets up a cron job that will periodically anonymously submit statistical data to the Debian developers about the statistics of the most used Debian packages on the system [3]. It also sends data about the system architecture and the version of popularity-contest [4]. Communication is encrypted but with the right configuration and software, but if that's not the case, communication can be eavesdropped as it does not use HTTPS but HTTP [4]. Statistics are publicly accessible and can be seen online: - [Ubuntu](https://web.archive.org/web/20220816072409/https://popcon.ubuntu.com/) - [Debian](https://web.archive.org/web/20221029221738/https://popcon.debian.org/) See also: "[popularity-contest source code | debian.org](https://web.archive.org/web/20221030163518/https://salsa.debian.org/popularity-contest-team/popularity-contest)". [1]: https://web.archive.org/web/20221029160500/https://help.ubuntu.com/community/UbuntuPopularityContest "UbuntuPopularityContest - Community Help Wiki | help.ubuntu.com" [2]: https://web.archive.org/web/20221029160506/https://manpages.debian.org/testing/popularity-contest/popularity-contest.8.en.html "popularity-contest - Debian testing | Debian Manpages" [3]: https://web.archive.org/web/20221029160859/https://packages.debian.org/buster/popularity-contest "Debian - Details of package popularity-contest in buster | packages.debian.org" [4]: https://web.archive.org/web/20221029160841/https://popcon.debian.org/FAQ "FAQ | popcon | popcon.debian.org" children: - name: Disable participation in Popularity Contest recommend: standard docs: |- `popularity-contest` checks `/etc/popularity-contest.conf` for the value of `PARTICIPATE` to send data [1]. Configuring this configuration allows you to opt out of the submission of data [1]. [1]: https://web.archive.org/web/20221029161047/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172824 "#172824 - popularity-contest: dpkg-reconfigure popularity-contest does not include PARTICIPATE=yes - Debian Bug report logs | bugs.debian.org" code: |- config_file='/etc/popularity-contest.conf' if [ -f "$config_file" ]; then sudo sed -i '/PARTICIPATE/c\PARTICIPATE=no' "$config_file" else echo "Skipping because configuration file at ($config_file) is not found. Is popcon installed?" fi revertCode: |- config_file='/etc/popularity-contest.conf' if [ -f "$config_file" ]; then sudo sed -i 's/PARTICIPATE=no/PARTICIPATE=yes/g' "$config_file" else echo "Skipping because configuration file ($config_file) is not found. Is popcon installed?" fi - name: Remove Popularity Contest (`popcon`) package recommend: strict docs: |- This script deletes the `popularity-contest` package. This package submits to the Debian developers statistics about the most used Debian packages on the system [1]. According to community reports, deleting this package does not have any side effects [2]. [1]: https://web.archive.org/web/20221029161449/https://packages.debian.org/sid/popularity-contest "Debian -- Details of package popularity-contest in sid | packages.debian.org" [2]: https://web.archive.org/web/20221029161049/https://askubuntu.com/questions/84831/removing-popularity-contest-without-trashing-the-system "apt - Removing popularity-contest without trashing the system? - Ask Ubuntu | askubuntu.com" call: function: UninstallAptPackage parameters: packageName: popularity-contest - name: Remove daily cron entry for Popularity Contest (popcon) recommend: strict docs: |- Normally, `popularity-contest` is run from a cron job, `/etc/cron.daily/popularity-contest` [1]. This job automatically submits the results to package maintainers once a week [1]. This script disables the cronjob, thus the automatic submission, but manually running `popularity-contest` would still send data. [1]: https://web.archive.org/web/20221029160506/https://manpages.debian.org/testing/popularity-contest/popularity-contest.8.en.html "popularity-contest - Debian testing | Debian Manpages | manpages.debian.org" call: function: DisableCronjob parameters: jobName: popularity-contest - category: Disable reportbug (opt-in telemetry) docs: |- These scripts disable the functionality of reportbug. reportbug is a tool for reporting bugs on Debian and derivative distributions [1]. It communicates with the [Debian Bug Tracking System](https://web.archive.org/web/20221029221811/https://www.debian.org/Bugs/), which is used for both reporting and researching bugs, through a number of interfaces, including email, web, and command-line utilities [1]. By default, it creates an email to the Debian bug tracking system at `submit@bugs.debian.org` with information about the bug and makes a carbon copy of the report [2]. [1]: https://web.archive.org/web/20221029161457/https://wiki.debian.org/reportbug "reportbug - Debian Wiki | wiki.debian.org" [2]: https://web.archive.org/web/20221029161559/https://manpages.ubuntu.com/manpages/trusty/man1/reportbug.1.html "Ubuntu Manpage: reportbug - reports a bug to a debbugs server | manpages.ubuntu.com" children: - name: Remove `reportbug` package recommend: strict docs: |- This script uninstalls `reportbug` package, which includes the tool itself. It depends on `python3-reportbug`, so after removing this package, the Python modules may be left on the system [1]. [1]: https://web.archive.org/web/20221029161615/https://packages.debian.org/buster/reportbug "Debian -- Details of package reportbug in buster | packages.debian.org" call: function: UninstallAptPackage parameters: packageName: reportbug - name: Remove Python modules for `reportbug` recommend: strict docs: |- This script uninstalls `python3-reportbug`. This package includes Python modules that may be reusable by other tools that want to interact with the Debian bug tracking system [1]. [1]: https://web.archive.org/web/20221029161637/https://packages.debian.org/buster/python3-reportbug "Debian -- Details of package python3-reportbug in buster | packages.debian.org" call: function: UninstallAptPackage parameters: packageName: python3-reportbug - name: Remove UI for reportbug (`reportbug-gtk` package) recommend: strict docs: |- This script uninstalls `reportbug-gtk`. It consists of a desktop file and an icon, and it has dependencies to enable the GTK+ UI mode of reportbug to work [1]. This package depends on `reportbug` and is unusable without it. [1]: https://web.archive.org/web/20221029161725/https://packages.debian.org/buster/reportbug-gtk "Debian -- Details of package reportbug-gtk in buster | packages.debian.org" call: function: UninstallAptPackage parameters: packageName: reportbug-gtk - category: Disable Arch Linux telemetry docs: |- Arch Linux is an independently developed, x86-64 general-purpose Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model [1]. The default installation is a minimal base system, configured by the user to only add what is specifically required. [1]: https://web.archive.org/web/20221029161747/https://en.wikipedia.org/wiki/Arch_Linux "Arch Linux | Wikipedia | en.wikipedia.org" children: - category: Disable `pkgstats` that collects installed package list (opt-in) docs: |- `pkgstats` sends a list of all installed packages, the architecture, and the mirror you are using to the Arch Linux project [1]. It stores personally identifiable information such as IP addresses for one month [2] and then anonymizes and aggregates the data [1] [2]. [1]: https://web.archive.org/web/20221029161806/https://wiki.archlinux.org/title/Pkgstats "pkgstats - ArchWiki | wiki.archlinux.org" [2]: https://web.archive.org/web/20221029161821/https://pkgstats.archlinux.de/privacy-policy "Privacy policy | pkgstats | pkgstats.archlinux.de" children: - name: Remove `pkgstats` package recommend: strict docs: |- `pkgstats` package submits a list of installed packages to the Arch Linux project [1]. It's available in the Arch Linux repository [1]. The package enables a timer to send data periodically [2]. [1]: https://web.archive.org/web/20221029161948/https://archlinux.org/packages/extra/x86_64/pkgstats/ "Arch Linux - pkgstats 3.2.6-1 (x86_64) | archlinux.org" [2]: https://web.archive.org/web/20221029161923/https://bugs.archlinux.org/task/51510?project=1&string=pkgstats "FS#51510 : [pkgstats] do not enable pkgstats.timer during install | bugs.archlinux.org" call: function: UninstallPacmanPackage parameters: packageName: pkgstats - name: Disable weekly `pkgstats` submission recommend: standard docs: |- `pkgstats` is set up to automatically run every week using systemd/timers [1]. Once disabled, the data will only be sent once manually invoked [1]. The weekly timer is named `pkgstats.timer` [2]. [1]: https://web.archive.org/web/20221029161806/https://wiki.archlinux.org/title/Pkgstats "pkgstats - ArchWiki | wiki.archlinux.org" [2]: https://web.archive.org/web/20221029162027/https://pkgstats.archlinux.de/ "Arch Linux package statistics | pkgstats.archlinux.de" call: function: DisableSystemdService parameters: serviceName: pkgstats.timer - category: Disable Zorin OS telemetry docs: |- Zorin OS is a Linux distribution based on Ubuntu [1]. It is customized to help users transition from Windows and macOS easily [1]. [1]: https://web.archive.org/web/20221029162035/https://en.wikipedia.org/wiki/Zorin_OS "Zorin OS - Wikipedia | en.wikipedia.org" children: - name: Disable Zorin OS census pings docs: |- Zorin OS pings Zorin OS servers [1]. It sends pings on an hourly basis [2]. It sends a unique ID, the operating system version, the number of user accounts and the city and country the user is in [3]. It can be disabled by deleting the `zorin-os-census` package [1]. [1]: https://web.archive.org/web/20221029162136/https://zorin.com/legal/privacy/ "Privacy Policy - Zorin | zorin.com" [2]: https://web.archive.org/web/20221029162148/https://launchpad.net/~zorinos/+archive/ubuntu/stable/+sourcepub/7408190/+listing-archive-extra "Zorin OS source code | launchpad.net" [3]: https://web.archive.org/web/20221029162231/https://launchpadlibrarian.net/425925849/zorin-os-census_1.1~zorinos15_1.2.diff.gz "Zorin OS source code | launchpad.net" call: function: UninstallAptPackage parameters: packageName: zorin-os-census - name: Remove Zorin OS census unique ID docs: |- Census submits a unique ID associated with the installation when pings are sent [1]. Removing the identifier reduces the risk of your computer being identified. [1]: https://web.archive.org/web/20221029162231/https://launchpadlibrarian.net/425925849/zorin-os-census_1.1~zorinos15_1.2.diff.gz "Zorin OS source code | launchpad.net" code: sudo rm -fv '/var/lib/zorin-os-census/uuid' revertCode: |- if [ -f /var/lib/zorin-os-census/uuid ]; then echo 'Skipping, uuid already exists.' else sudo mkdir -p /var/lib/zorin-os-census uuidgen | sudo tee /var/lib/zorin-os-census/uuid > /dev/null fi - category: Disable Ubuntu telemetry docs: |- Ubuntu is a Linux distribution based on Debian and composed mostly of free and open-source software [1]. Ubuntu, along with its upstream Debian, has many official (Kubuntu, Lubuntu, Ubuntu Studio…) and unofficial (elementary OS, KDE neon, Linux Mint, Pop! OS, Zorin OS…) derivatives [2]. [1]: https://web.archive.org/web/20221029162338/https://en.wikipedia.org/wiki/Ubuntu "Ubuntu - Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029160241/https://en.wikipedia.org/wiki/List_of_Linux_distributions#Ubuntu-based "List of Linux distributions - Wikipedia | en.wikipedia.org" children: - name: Disable online search result collection (collects queries) recommend: strict docs: |- Online search is introduced in Ubuntu Lens in Ubuntu 12.10 [1]. It has been known as "Shopping Lens", "Online Search Results" and "More Suggestions" [1]. The search data is sent to `productsearch.ubuntu.com` [1]. Online search results are considered a privacy concern by governments [2] and can be disabled using the `remote-content-search` option [2]. [1]: https://web.archive.org/web/20221029162420/https://help.ubuntu.com/community/UbuntuLens "UbuntuLens - Community Help Wiki | help.ubuntu.com" [2]: https://web.archive.org/web/20221029162443/https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts/end-user-devices-guidance-ubuntu-1404-lts "End User Devices Guidance: Ubuntu 14.04 LTS | gov.uk" call: function: RunIfCommandExists parameters: command: gsettings code: gsettings set com.canonical.Unity.Lenses remote-content-search none revertCode: gsettings set com.canonical.Unity.Lenses remote-content-search all - category: Disable metrics reporting in Ubuntu docs: |- `ubuntu-report` reports hardware and other collected metrics like installer or upgrade information [1]. Reported data includes but is not limited to [2]: - The Ubuntu version and its flavor, - Whether there is network connectivity, - CPU family, - RAM, - Disk(s) size, - Screen(s) resolution, - GPU model and manufacturer, - OEM manufacturer, - Location (based on the location selection made by the user at install), - Installation duration (time taken), - Whether auto-login is enabled, - Selected disk layout, - Whether third-party software is selected, - Whether to download updates during installation, - Whether LivePatch is enabled. See also: - [Source code for the Ubuntu Report tool | github.com](https://web.archive.org/web/20221029221854/https://github.com/ubuntu/ubuntu-report/) - [Statistics gathered and visualized | ubuntu.com/desktop/statistics](https://web.archive.org/web/20221029221910/https://ubuntu.com/desktop/statistics) - [ubuntu-devel mailing list thread where ubuntu-report was first proposed | lists.ubuntu.com](https://web.archive.org/web/20221029162523/https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040139.html) [1]: https://web.archive.org/web/20221029162505/https://github.com/ubuntu/ubuntu-report/blob/30e902ebc17e4e10d83392d7cd3dc05fc9e35cc4/README.md "ubuntu-report/README.md at master · ubuntu/ubuntu-report | github.com" [2]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md "More diagnostics data from desktop | lists.ubuntu.com" children: - name: Disable participation in metrics reporting in Ubuntu recommend: standard docs: |- This script uses the `ubuntu-report` CLI to opt you out of data submission [1]. Alternatively, one can opt out during the installation of Ubuntu [2]. [1]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md#synopsis-1 "ubuntu-report/README.md at 8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d · ubuntu/ubuntu-report | GitHub" [2]: https://web.archive.org/web/20221029162523/https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040139.html "More diagnostics data from desktop | lists.ubuntu.com" call: function: RunIfCommandExists parameters: command: ubuntu-report code: |- if ubuntu-report -f send no; then echo 'Successfully opted out.' else >&2 echo 'Failed to opt out.' fi revertCode: |- if ubuntu-report -f send yes; then echo 'Successfully opted in.' else >&2 echo 'Failed to opt in.' fi - name: Remove Ubuntu Report tool (`ubuntu-report`) recommend: strict docs: |- `ubuntu-report` is installed as an apt package and can be uninstalled in this way [1]. Once uninstalled, the `send` command [2] will function and therefore no data will be collected. [1]: https://web.archive.org/web/20221029162615/https://packages.ubuntu.com/bionic/ubuntu-report "Ubuntu - Details of package ubuntu-report in bionic | packages.ubuntu.com" [2]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md#ubuntu-report-send "ubuntu-report/README.md at 8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d · ubuntu/ubuntu-report | GitHub" call: function: UninstallAptPackage parameters: packageName: ubuntu-report - category: Disable Ubuntu error tracker docs: |- Ubuntu's error tracker explains crashes, hangs, and other severe errors to end users; lets them report an error; and collects these reports and shares them with Ubuntu [1]. Error reports are also accessible to trusted Ubuntu developers who are not employed by Canonical [1]. See ["the Ubuntu error tracker | errors.ubuntu.com"](https://web.archive.org/web/20221029221957/https://errors.ubuntu.com/) that shows error statistics to the public. [1]: https://web.archive.org/web/20221029162649/https://wiki.ubuntu.com/ErrorTracker children: - category: Disable creating crash reports to send (Apport) docs: |- Apport intercepts program crashes, collects debugging information about the crash and the operating system environment, and sends it to bug trackers in a standardized form [1]. It also allows the user to report a bug about a package by collecting as much information about it as possible [1]. Disabling Apport prevents the UI which informs the user about the crash and instructs them on how to proceed because that dialog is part of Apport [2] [3]. Furthermore, Apport creates crash report files in the `/var/crash` directory, and having files in this directory causes an error message to appear every time Ubuntu boots [4]. Apport collects potentially sensitive data, such as core dumps, stack traces, and log files [2]. It can contain passwords, credit card numbers, serial numbers, and other private information [2]. Bug reports are shared with the [Ubuntu bug triaging team](https://web.archive.org/web/20221029222122/https://launchpad.net/~ubuntu-crashes-universe) [2]. Apport is disabled by default in stable releases due to the sensitive data it collects [2]. Apport only uploads data if the package `whoopsie` is installed; otherwise it appears to be uploading but does not upload [3]. [1]: https://web.archive.org/web/20221029162724/https://github.com/canonical/apport/blob/75540cb0f665e50495d994b529c8418a1ebca178/README.md "apport/README.md at main · canonical/apport | GitHub | github.com" [2]: https://web.archive.org/web/20221029162740/https://wiki.ubuntu.com/Apport "Apport - Ubuntu Wiki | wiki.ubuntu.com" [3]: https://web.archive.org/web/20221029162829/https://help.ubuntu.com/community/ReportingBugs#A4._Collect_information_about_the_bug "ReportingBugs - Community Help Wiki | help.ubuntu.com" [4]: https://web.archive.org/web/20221029150025/https://support.starlabs.systems/kb/guides/disable-program-problem-reports "Disable program problem reports - Star Labs | support.starlabs.systems" children: - name: Remove `apport` package recommend: strict docs: |- The `apport` package is responsible for automatically generating crash reports for debugging [1]. Apport software is provided using multiple packages such as `apport`, `python3-apport`, `apport-gtk`, `apport-kde`, among others [1]. This script removes the main `apport` package that would lead other dependencies to be in orphaned states that can be auto-removed. It does not attempt to remove all packages in the suite as these can cause side effects and unintended crashes, such as deleting `python3-apport` may crash interactive `python3` completely [2]. Uninstallation of all other packages is not yet supported [3]. See also ["source code of apport | launchpad.net"](https://web.archive.org/web/20221029222108/https://code.launchpad.net/ubuntu/+source/apport). [1]: https://web.archive.org/web/20221030194324/https://packages.ubuntu.com/bionic/apport "Ubuntu - Details of package apport in bionic | packages.ubuntu.com" [2]: https://web.archive.org/web/20221029162934/https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1773087 "Bug #1773087 “Remove python3-apport as dependency of xserver-xor...” : Bugs : xorg package : Ubuntu | bugs.launchpad.net" [3]: https://web.archive.org/web/20221029162946/https://bugs.launchpad.net/apport/+bug/1910304 "Issue showing that uninstallation support is undecided | Bug #1910304 “Add non-invasive option to disable python3-apport ...” : Bugs : Apport | bugs.launchpad.net" call: function: UninstallAptPackage parameters: packageName: apport - name: Disable Apport service recommend: standard docs: |- The Apport service can be stopped using the following command: `systemctl stop apport` [1] [2]. Stopping the service can mitigate the risk of Ubuntu not respecting the opt-out configuration. This has happened before in different Ubuntu versions, as reported by the community [2]. This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [1]. [1]: https://web.archive.org/web/20221029163021/https://wiki.ubuntuusers.de/Apport/#Benutzung "Apport › Wiki › ubuntuusers.de | wiki.ubuntuusers.de" [2]: https://web.archive.org/web/20221029163036/https://askubuntu.com/questions/93457/how-do-i-enable-or-disable-apport/93467 "How do I enable or disable Apport? - Ask Ubuntu | askubuntu.com" [3]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk" call: function: DisableSystemdService parameters: serviceName: apport - name: Disable participation in Apport error messaging system recommend: standard docs: |- Opting out of Apport prevents it from creating crash files after a crash [1]. It can be disabled by setting `enabled=0` in `/etc/default/apport` [1] [2]. This setting comes enabled by default in a clean installation of Ubuntu and some of its derivatives (such as Pop!_OS). This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [1]. [1]: https://web.archive.org/web/20221029163213/https://help.ubuntu.com/community/ReportingBugs?action=recall&rev=321#Reporting_a_crash_when_no_message_shows_up_and_crash_files_not_created "ReportingBugs - Community Help Wiki | help.ubuntu.com" [2]: https://web.archive.org/web/20221029163228/https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1773087/comments/1 "Comment #1 : Bug #1773087 : Bugs : xorg package : Ubuntu | help.ubuntu.com" [3]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk" code: |- if [ -f /etc/default/apport ]; then sudo sed -i 's/enabled=1/enabled=0/g' /etc/default/apport echo 'Successfully disabled apport.' else echo 'Skipping, apport is not configured to be enabled.' fi revertCode: |- if [ -f /etc/default/apport ]; then sudo sed -i 's/enabled=0/enabled=1/g' /etc/default/apport echo 'Successfully enabled apport.' else echo 'Skipping, apport is not configured to be disabled.' fi - category: Disable uploading errors (Whoopsie) docs: |- The software responsible for uploading crash reports is called Whoopsie [1]. It's always running on Ubuntu systems, watching the `/var/crash` directory for crash reports (that usually Apport creates) to send over the internet to Canonical servers at `http://daisy.ubuntu.com` for further processing [1]. Along with the crash report, it sends a unique identifier (GUID) for your computer [1] in `/etc/default/whoopsie` [2]. Apport only uploads data if package `whoopsie` is installed; otherwise it appears to be uploading but does not upload [3]. See also: - [Whoopsie source code | launchpad.net](https://web.archive.org/web/20221029222205/https://code.launchpad.net/ubuntu/+source/whoopsie) - [oops (back-end for Whoopsie) source code | launchpad.net](https://web.archive.org/web/20221029222222/https://code.launchpad.net/oops-repository) - [Data gathered from errors | errors.ubuntu.com](https://web.archive.org/web/20221029221957/https://errors.ubuntu.com/) [1]: https://web.archive.org/web/20221029162649/https://wiki.ubuntu.com/ErrorTracker#Anatomy_of_a_crash "ErrorTracker - Ubuntu Wiki | wiki.ubuntu.com" [2]: https://web.archive.org/web/20221029163347/https://wiki.ubuntu.com/ErrorTracker/ServerArchitecture "ErrorTracker/ServerArchitecture - Ubuntu Wiki | wiki.ubuntu.com" [3]: https://web.archive.org/web/20221029162829/https://help.ubuntu.com/community/ReportingBugs#A4._Collect_information_about_the_bug "ReportingBugs - Community Help Wiki | help.ubuntu.com" children: - name: Remove `whoopsie` package docs: |- This script uninstalls the `whoopsie` package. This package is used for error tracker submission in Ubuntu [1]. [1]: https://web.archive.org/web/20221029163609/https://packages.ubuntu.com/bionic/utils/whoopsie "Ubuntu – Details of package whoopsie in bionic | package.ubuntu.com" call: function: UninstallAptPackage parameters: packageName: whoopsie - name: Disable Whoopsie service recommend: standard docs: |- Whoopsie works through a service file created in `/lib/systemd/system/whoopsie.service` [1]. This script disables this service to immobilize the main functionality of Whoopsie. This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [2]. [1]: https://web.archive.org/web/20221029163615/https://packages.ubuntu.com/focal/all/whoopsie/filelist "Ubuntu – File list of package whoopsie/focal/all | packages.ubuntu.com" [2]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk" call: function: DisableSystemdService parameters: serviceName: whoopsie - name: Disable crash report submissions recommend: standard docs: |- Once opted-out Whoopsie disables the related service [1]. This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [2]. [1]: https://web.archive.org/web/20221029163651/https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1390014 "Bug #1390014 “systemd is in degraded state if whoopsie is disabl...” : Bugs : whoopsie package : Ubuntu | bugs.launchpad.net" [2]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk" code: |- if [ -f /etc/default/whoopsie ] ; then sudo sed -i 's/report_crashes=true/report_crashes=false/' /etc/default/whoopsie fi revertCode: |- if [ -f /etc/default/whoopsie ] ; then sudo sed -i 's/report_crashes=false/report_crashes=true/' /etc/default/whoopsie fi - category: Disable Zeitgeist activity logging docs: |- Zeitgeist logs files opened, websites visited, conversations, and emails and provides this information over an API to applications [1]. It serves as a comprehensive activity log and also makes it possible to determine relationships between items based on usage patterns [1]. It stores computer use actions such as files accessed, sites visited, and conversations held. The data is typically used to facilitate searches and "best-fit" to your local query only. There's no proof that it's uploading data. It does **not** send data over the network but still makes the system more vulnerable by storing usage information that can be used for further exploitation. It is primarily used by desktop environments such as GNOME [2], Pantheon [3], and Unity [4]. Furthermore, it is supported by applications (typically as optional functionality) such as Gnome Rhythmbox (as a plugin) [5], catfish (optional support) [6], and synapse [7]. Read more about Zeitgeist: - [Official website | zeitgeist.freedesktop.org](https://web.archive.org/web/20221029150843/https://zeitgeist.freedesktop.org/) - [Wikipedia article | en.wikipedia.org](https://web.archive.org/web/20221029222921/https://en.wikipedia.org/wiki/Zeitgeist_%28free_software%29) - [Launchpad project page | launchpad.net](https://web.archive.org/web/20221029223026/https://launchpad.net/zeitgeist/) - [ArchWiki article | wiki.archlinux.org](https://web.archive.org/web/20221029164539/https://wiki.archlinux.org/title/Zeitgeist) [1]: https://web.archive.org/web/20221029163704/https://packages.debian.org/en/sid/libdevel/libzeitgeist-2.0-dev "libzeitgeist-2.0-dev | Debian Packages | packages.debian.org" [2]: https://web.archive.org/web/20221029163817/https://gitlab.gnome.org/crvi/gnome-activity-journal "crvi / GNOME Activity Journal · GitLab | gitlab.gnome.org" [3]: https://web.archive.org/web/20221029163813/https://github.com/elementary/files/blob/70f43e398f989ebbd8b7f2bb3e32c708f8fbdb3b/src/ZeitgeistManager.vala "files/ZeitgeistManager.vala at 70f43e398f989ebbd8b7f2bb3e32c708f8fbdb3b · elementary/files · GitHub | Pantheon Source Code | github.com" [4]: https://web.archive.org/web/20221029164229/https://bugs.launchpad.net/unity/+bug/717338 "Bug #717338 “No items in Files and Folders place” : Bugs : Unity | bugs.launchpad.net" [5]: https://web.archive.org/web/20221029164237/https://packages.ubuntu.com/focal/gnome/rhythmbox-plugin-zeitgeist "Ubuntu – Details of package rhythmbox-plugin-zeitgeist in focal | packages.ubuntu.com" [6]: https://web.archive.org/web/20221029164402/https://docs.xfce.org/apps/catfish/introduction "apps:catfish:introduction [Xfce Docs] | docs.xfce.org" [7]: https://web.archive.org/web/20221029164405/https://launchpad.net/synapse-project "Synapse in Launchpad | launchpad.net" children: - name: Kill Zeitgeist daemon process docs: |- `zeitgeist-daemon` is a daemon providing an activity log [1]. Activity logs consist of a central database for events such as file usage, browser history, and calendar entries [1]. This script stops a currently running Zeitgeist instance, letting Zeitgeist finish any operation it may currently be doing [1]. The Zeigeist daemon receives metadata from data sources and provides it to applications using D-Bus [2]. The datahub provides passive plugins which insert events into Zeitgeist [2]. [1]: https://web.archive.org/web/20221029164529/https://www.commandlinux.com/man-page/man1/zeitgeist-daemon.1.html "zeitgeist-daemon linux command man page | commandlinux.com" [2]: https://web.archive.org/web/20221029164539/https://wiki.archlinux.org/title/Zeitgeist "Zeitgeist - ArchWiki | wiki.archlinux.org" call: function: RunIfCommandExists parameters: command: zeitgeist-daemon # According to manpage: # > Stop a currently running Zeitgeist instance and exit. This lets Zeitgeist finish any operation it # > may currently be doing. code: zeitgeist-daemon --quit # According to manpage: # > Replace any existing Zeitgeist instance if there is one already running. If this option isn't # > used, zeitgeist-daemon will refuse to start if another running instance is found. revertCode: zeitgeist-daemon --replace - name: Remove Zeitgeist startup entry docs: |- This script removes the Autostart entry that is used by the Zeitgeist package to start itself [1]. [The XDG Autostart specification](https://web.archive.org/web/20221029223114/https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html) defines a method for autostarting ordinary desktop entries on desktop environment startup [2]. It is executed by desktop environments such as GNOME [3] and KDE [4]. [1]: https://web.archive.org/web/20221029164654/https://www.apt-browse.org/browse/ubuntu/xenial/main/amd64/zeitgeist-datahub/0.9.16-0ubuntu4/file/etc/xdg/autostart/zeitgeist-datahub.desktop "/etc/xdg/autostart/zeitgeist-datahub.desktop | Zeitgeist package source code | apt-browse.org" [2]: https://web.archive.org/web/20221029164713/https://wiki.archlinux.org/title/XDG_Autostart "XDG Autostart - ArchWiki | wiki.archlinux.org" [3]: https://web.archive.org/web/20221030195216/https://help.gnome.org/admin/system-admin-guide/stable/autostart-applications.html.en "Add an autostart application for all users | help.gnome.org" [4]: https://web.archive.org/web/20221029164803/https://bugs.kde.org/show_bug.cgi?id=433538 "KDE bug report confirming autostart behavior | bugs.kde.org" call: function: RenameFile parameters: path: /etc/xdg/autostart/zeitgeist-datahub.desktop - name: Disable access to Zeitgeist database docs: |- Zeitgeist logs its data in the `activity.sqlite` file at `$HOME/.local/share/zeitgeist/activity.sqlite` [1]. This script tells the operating system to remove read and write rights on this file to make it immutable and inaccessible to both reads and writes. It prevents Zeitgeist from updating its database. This method has been used successfully by the community [2] [3]. [1]: https://web.archive.org/web/20221029164814/https://forensicswiki.xyz/wiki/index.php?title=Zeitgeist "Zeitgeist - Forensics Wiki | forensicswiki.xyz" [2]: https://web.archive.org/web/20221029164958/https://askubuntu.com/questions/994827/why-is-zeitgeist-daemon-still-in-exitstance-how-to-remove-the-database/994837 "apt - Why is zeitgeist daemon still in exitstance? How to remove the database - Ask Ubuntu | askubuntu.com" [3]: https://web.archive.org/web/20221029165309/https://linuxaria.com/howto/how-to-remove-zeitgeist-in-ubuntu-and-why "How to remove Zeitgeist in Ubuntu and why | Linuxaria | linuxaria.com" code: |- file="$HOME/.local/share/zeitgeist/activity.sqlite" if [ -f "$file" ]; then chmod -rw "$file" echo "Successfully disabled read/write access to $file." else echo "Skipping, no action needed, file does not exist at $file." fi revertCode: |- file="$HOME/.local/share/zeitgeist/activity.sqlite" if [ -f "$file" ]; then chmod +rw "$file" echo "Successfully restored read/write access to $file." else >&2 echo "Failed to restore access, file does not exist at $file." fi - name: Remove Zeitgeist package (can break integrated software) docs: |- The main functionality for Zeitgeist is provided by the `zeitgeist` package in Fedora [1] and Arch Linux [2], and the `zeitgeist-core` package in Debian [3]. It was installed by default in Ubuntu 16.x [4] and 18.x [5] as `zeitgeist-core`. It is known to be installed by default by Arch Linux [6] and Artix Linux [7] too. Removing this package may break the Unity desktop environment and prevent you from searching for programs by typing into the box [8]. [1]: https://web.archive.org/web/20221029165307/https://packages.fedoraproject.org/pkgs/zeitgeist/zeitgeist/index.html "zeitgeist - Fedora Packages | packages.fedoraproject.org" [2]: https://web.archive.org/web/20221029165603/https://archlinux.org/packages/extra/x86_64/zeitgeist/ "Arch Linux - zeitgeist 1.0.4-1 (x86_64) | archlinux.org" [3]: https://web.archive.org/web/20221029165609/https://packages.debian.org/search?keywords=zeitgeist-core "Debian -- Package Search Results -- zeitgeist-core | packages.debian.org" [4]: https://web.archive.org/web/20221029165714/https://releases.ubuntu.com/xenial/ubuntu-16.04.6-desktop-i386.manifest "List of sofware packags shipped with Ubuntu 16.04.6 | releases.ubuntu.com" [5]: https://web.archive.org/web/20221029165726/https://releases.ubuntu.com/18.04/ubuntu-18.04.6-desktop-amd64.manifest "List of sofware packags shipped with Ubuntu 18.04.6 | releases.ubuntu.com" [6]: https://web.archive.org/web/20221029165821/https://bugs.archlinux.org/task/52326 "FS#52326 : [midori-gtk2] Please remove the zeitgeist dependency! | archlinux.org" [7]: https://web.archive.org/web/20221029165914/https://forum.artixlinux.org/index.php/topic,1432.0.html "Remove Unmaintained Zeitgeist (Spyware/Telemetry) from Default MATE installation | artixlinux.org" [8]: https://web.archive.org/web/20221029165902/https://askubuntu.com/questions/45548/disabling-zeitgeist/57487 "Disabling Zeitgeist - Ask Ubuntu | askubuntu.com" call: - function: UninstallAptPackage parameters: packageName: zeitgeist-core # Other related packages include (apt list *zeitgeist*): # zeitgeist-core, zeitgeist-datahub, python3-zeitgeist among many others. # Packages that use it include e.g. activity-log-manager, activity-log-manager-control-center.. - function: UninstallPacmanPackage parameters: packageName: zeitgeist - function: UninstallRPMPackage parameters: packageName: zeitgeist - name: Disable connectivity checks (breaks Captive Portal detection) docs: |- [NetworkManager](https://web.archive.org/web/20221029223230/https://developer-old.gnome.org/NetworkManager/stable/NetworkManager.conf.html) can try to reach a web server after connecting to a network in order to determine if it is, e.g., behind a captive portal [1]. Disabling connectivity protects against privacy leaks [1], but breaks captive portal detection. Connectivity URLs differ depending on the Linux distribution, e.g.: - Arch Linux: `http://ping.archlinux.org/nm-check.txt` (in `/usr/lib/NetworkManager/conf.d/20-connectivity.conf`) [1]. - Ubuntu: `http://connectivity-check.ubuntu.com` [2] (in `/usr/lib/NetworkManager/conf.d/20-connectivity-ubuntu.conf` [3]). - Pop!_OS: `http://204.pop-os.org/` in `20-connectivity-pop.conf` [4]. - Fedora: `http://fedoraproject.org/static/hotspot.txt` [5] in `/usr/lib/NetworkManager/conf.d/20-connectivity-fedora.conf` [6]. - … This script disables connectivity checks by adding a global rule that will override Linux distribution-specific configuration. This is the recommended way to disable connectivity checks [1]. [1]: https://web.archive.org/web/20221029165948/https://wiki.archlinux.org/title/NetworkManager "NetworkManager - ArchWiki | wiki.archlinux.org" [2]: https://web.archive.org/web/20221029170031/https://launchpad.net/ubuntu/jammy/+package/network-manager-config-connectivity-ubuntu "network-manager-config-connectivity-ubuntu : Jammy (22.04) : Ubuntu | launchpad.net/ubuntu" [3]: https://web.archive.org/web/20221029170026/https://packages.ubuntu.com/bionic/all/network-manager-config-connectivity-ubuntu/filelist "Ubuntu - File list of package network-manager-config-connectivity-ubuntu/bionic/all | packages.ubuntu.com" [4]: https://web.archive.org/web/20221029170108/https://github.com/pop-os/connectivity/blob/master/debian/20-connectivity-pop.conf "connectivity/20-connectivity-pop.conf at master · pop-os/connectivity | github.com" [5]: https://web.archive.org/web/20221029170202/https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/20-connectivity-fedora.conf "20-connectivity-fedora.conf\rpm\fedora\contrib - NetworkManager/NetworkManager - Network connection manager and user applications | reedesktop.org" [6]: https://archive.ph/2023.12.06-185917/https://pkgs.org/download/NetworkManager-config-connectivity-fedora "Networkmanager-config-connectivity-fedora Download (RPM) | pkgs.org" call: function: RunIfCommandExists parameters: command: /usr/sbin/NetworkManager code: |- file='/etc/NetworkManager/conf.d/20-disable-connectivity-privacy-sexy.conf' content=$'# Created by privacy.sexy\n[connectivity]\nenabled=false' directory="${file%/*}" mkdir -p "$directory" if [ -f "$file" ]; then echo "Skipping, connectivity checks are already disabled through $file." else echo -n "$content" | sudo tee "$file" > /dev/null echo 'Successfully disabled connectivity checks.' fi if command -v 'nmcli' &> /dev/null; then sudo nmcli general reload echo 'Successfully reloaded configuration.' else echo 'It will take effect after reboot.' fi revertCode: |- if [ ! -f "$file" ]; then echo 'Skipping, connectivity checks are not disabled.' else sudo rm -fv "$file" echo 'Successfully restored connectivity checks.' fi if command -v 'nmcli' &> /dev/null; then sudo nmcli general reload echo 'Successfully reloaded configuration.' else echo 'It will take effect after reboot.' fi - category: Configure programs docs: |- These scripts configure third-party applications installed on Linux distributions to harden their security and privacy to protect your data. They scripts differ from OS level configurations as they configure applications that are not typically native to Linux distributions, i.e., not included in the OS itself and are not known as being part of a specific distribution. children: - name: Disable Python history for future interactive commands docs: |- Python is a high-level, general-purpose programming language [1]. Most Python implementations (including CPython) include a [read-eval-print loop (REPL)](https://web.archive.org/web/20221029223210/https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop), permitting them to function as a command-line interpreter for which users enter statements sequentially and receive results immediately [1]. Python saves interactive commands in the `~/.python_history` file [2] [3]. This script ensures that this file is immutable by changing the file attributes [4], so Python can no longer update the file. [1]: https://web.archive.org/web/20221029170256/https://en.wikipedia.org/wiki/Python_%28programming_language%29 "Python (programming language) - Wikipedia | wikipedia.org" [2]: https://web.archive.org/web/20221029170303/https://github.com/python/cpython/blob/b2499669ef2e6dc9a2cdb49b4dc498e078167e26/Lib/site.py#L430-L451 "cpython/site.py at b2499669ef2e6dc9a2cdb49b4dc498e078167e26 · python/cpython · Source code that registers it | github.com" [3]: https://web.archive.org/web/20221029170501/https://bugs.python.org/issue20886 "Issue 20886: Disabling logging to ~/.python_history is not simple enough | Python tracker | bugs.python.org" [4]: https://web.archive.org/web/20221029170511/https://man7.org/linux/man-pages/man1/chattr.1.html "Chattr manpage | chattr - Linux manual page | man7.org" code: |- history_file="$HOME/.python_history" if [ ! -f "$history_file" ]; then touch "$history_file" echo "Created $history_file." fi sudo chattr +i "$(realpath $history_file)" # realpath in case of symlink revertCode: |- history_file="$HOME/.python_history" if [ ! -f "$history_file" ]; then echo "Skipping, $history_file does not exist." else sudo chattr -i "$(realpath $history_file)" # realpath in case of symlink fi - category: Disable Visual Studio Code data collection docs: |- Visual Studio Code, also commonly referred to as VS Code, is a source-code editor made by Microsoft [1]. Visual Studio Code makes outgoing network requests to collect data in the background without users invoking a feature that requires online access [2]. The requests include, but are not limited to, automatic extension update checks, querying settings for A/B experiments, and fetching online data for auto-completion [2]. In addition, Visual Studio Code collects and transmits telemetry data to Microsoft servers, such as [3]: - Diagnostic information about your system and usage is sent to Microsoft servers [3]. - Your usage data and data about feature performance [3]. [1]: https://web.archive.org/web/20221029142001/https://en.wikipedia.org/wiki/Visual_Studio_Code "Visual Studio Code - Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221029170840/https://code.visualstudio.com/updates/v1_26#_offline-mode "Visual Studio Code July 2018 | code.visualstudio.com" [3]: https://web.archive.org/web/20221029171138/https://code.visualstudio.com/docs/getstarted/telemetry "Visual Studio Code Telemetry | code.visualstudio.com" children: - name: Disable Visual Studio Code telemetry recommend: standard docs: |- The `telemetry.telemetryLevel` preference can be adjusted as follows [1]: - `default` (on): Transmits usage data, errors, and crash reports. - `error`: Transmits general error telemetry and crash reports. - `crash`: Transmits OS-level crash reports. - `off`: Disables all product telemetry. This script disables telemetry data, which includes usage data, errors, and crash reports. The `telemetry.enableTelemetry` was the primary option to disable telemetry collection [2]. This disabled the collection of diagnostic data [3]. However, it has been deprecated and replaced by the `telemetry.telemetryLevel` setting [4] [5]. Crash reports use a unique ID to identify you [6]. They were initially controlled using the `telemetry.enableCrashReporter` setting [7], but this setting has been deprecated and replaced by the `telemetry.telemetryLevel` setting [7]. [1]: https://web.archive.org/web/20221029171158/https://github.com/microsoft/vscode/blob/d32b92bd7a49ce8667b954d86320cc29545fc505/src/vs/platform/telemetry/common/telemetryService.ts#L278-L294 "vscode/telemetryService.ts at d32b92bd7a49ce8667b954d86320cc29545fc505 · microsoft/vscode · GitHub | github.com" [2]: https://web.archive.org/web/20221029171236/https://github.com/microsoft/vscode/issues/3182 "Telemetry opt-out · Issue #3182 · microsoft/vscode · GitHub | github.com" [3]: https://web.archive.org/web/20221029171302/https://github.com/microsoft/vscode/blob/9f2d55f21247224e00e438ff0e8a080c557356dc/src/vs/platform/telemetry/common/telemetryService.ts#L247-L265 "vscode/telemetryService.ts at 9f2d55f21247224e00e438ff0e8a080c557356dc · microsoft/vscode · GitHub | github.com" [4]: https://web.archive.org/web/20221029171313/https://github.com/microsoft/vscode/issues/132552 "Explore splitting the telemetry settings into error telemetry + all other telemetry · Issue #132552 · microsoft/vscode · GitHub | github.com" [5]: https://web.archive.org/web/20221029171158/https://github.com/microsoft/vscode/blob/d32b92bd7a49ce8667b954d86320cc29545fc505/src/vs/platform/telemetry/common/telemetryService.ts#L302-L314 "vscode/telemetryService.ts at d32b92bd7a49ce8667b954d86320cc29545fc505 · microsoft/vscode · GitHub | github.com" [6]: https://web.archive.org/web/20221029171339/https://github.com/microsoft/vscode/blob/1dd67592e120d916a8963903babaf0fae74440c5/src/vs/code/electron-main/app.ts#L1259 "vscode/app.ts at 1dd67592e120d916a8963903babaf0fae74440c5 · microsoft/vscode · GitHub | github.com" [7]: https://web.archive.org/web/20221029171353/https://github.com/microsoft/vscode/blob/17fc955b4ffb1f9a0097a561291aaa5c8918eee6/src/vs/workbench/electron-sandbox/desktop.contribution.ts#L253-L267 "vscode/desktop.contribution.ts at 17fc955b4ffb1f9a0097a561291aaa5c8918eee6 · microsoft/vscode · GitHub | github.com" call: - function: SetVsCodeSetting parameters: setting: telemetry.telemetryLevel jsonValue: >- "off" - function: SetVsCodeSetting parameters: setting: telemetry.enableTelemetry jsonValue: >- false - function: SetVsCodeSetting parameters: setting: telemetry.enableCrashReporter jsonValue: >- false - name: Disable online experiments by Microsoft in Visual Studio Code recommend: standard docs: |- VS Code employs experiments to test new features or gradually roll them out [1]. The experimentation framework communicates with Microsoft servers [1]. This setting is enabled by default [1]. This script disables fetching experiments from a Microsoft online service [1]. It accomplishes this by setting `workbench.enableExperiments` to `false` [1]. [1]: https://web.archive.org/web/20221029171424/https://github.com/microsoft/vscode-docs/blob/d2dbfc5bcad0be08afca69e9253c1d5541e19d31/docs/supporting/faq.md "vscode-docs/faq.md at d2dbfc5bcad0be08afca69e9253c1d5541e19d31 · microsoft/vscode-docs · GitHub" [2]: https://web.archive.org/web/20221029171439/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/experiments/browser/experiments.contribution.ts#L25-L34 "vscode/experiments.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub" call: function: SetVsCodeSetting parameters: setting: workbench.enableExperiments jsonValue: >- false - name: Disable Visual Studio Code automatic updates in favor of manual updates docs: |- By default, VS Code is configured to automatically update when new versions are released [1]. Automatic updates reduce your control over privacy by sending data to Microsoft servers. On Linux, updates are often handled by the system package manager, rendering this setting redundant [1]. To opt out of auto-updates, the Update: Mode (`update.mode`) setting is changed from default to none [1]. `update.mode` has replaced the older `update.channel` setting [2] [3]. [1]: https://web.archive.org/web/20221029171537/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/supporting/faq.md#how-do-i-opt-out-of-vs-code-auto-updates "vscode-docs/faq.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com" [2]: https://web.archive.org/web/20221029171549/https://github.com/microsoft/vscode/blob/8e2ec5a7ee1ae5500c645c05145359f2a814611c/src/vs/platform/update/common/update.config.contribution.ts#L36-L42 "vscode/update.config.contribution.ts at 8e2ec5a7ee1ae5500c645c05145359f2a814611c · microsoft/vscode · GitHub | github.com" [3]: https://web.archive.org/web/20221029171607/https://github.com/microsoft/vscode/issues/70084 'VS Code 1.31.1 does not respect "update.channel": "none" · Issue #70084 · microsoft/vscode · GitHub | github.com' call: - function: SetVsCodeSetting parameters: setting: update.mode jsonValue: >- "none" - function: SetVsCodeSetting parameters: setting: update.channel jsonValue: >- "none" - name: Disable fetching release notes from Microsoft servers after an update docs: |- This script prevents Visual Studio Code from displaying release notes after an update [1]. Release notes are fetched from a Microsoft online service [1] and thus expose data about you, such as your IP address, to Microsoft. It is enabled by default [1] and can be disabled by setting `update.showReleaseNotes` to `false` [1]. [1]: https://web.archive.org/web/20221029171549/https://github.com/microsoft/vscode/blob/8e2ec5a7ee1ae5500c645c05145359f2a814611c/src/vs/platform/update/common/update.config.contribution.ts#L51-L57 "vscode/update.config.contribution.ts at 8e2ec5a7ee1ae5500c645c05145359f2a814611c · microsoft/vscode | github.com" call: function: SetVsCodeSetting parameters: setting: update.showReleaseNotes jsonValue: >- false - category: Configure auto-update settings for Visual Studio Code extensions docs: |- These scripts control the automatic update behavior of extensions. Updates are fetched from Microsoft servers [1] [2]. Use of online Microsoft services can disclose information about you and your behavior. [1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L135-L150 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub | github.com" [2]: https://web.archive.org/web/20221029171719/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/extension-marketplace.md#extension-auto-update "vscode-docs/extension-marketplace.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com" children: - name: Disable automatic Visual Studio Code extension updates docs: |- By default, Visual Studio Code automatically downloads and installs updates for all extensions [1]. These updates are fetched from a Microsoft online service [1]. This script disables the automatic updating of installed extensions. It accomplishes this by setting `extensions.autoUpdate` to `false` [2]. [1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L135-L150 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub | github.com" [2]: https://web.archive.org/web/20221029171719/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/extension-marketplace.md#extension-auto-update "vscode-docs/extension-marketplace.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: extensions.autoUpdate jsonValue: >- false - name: Disable Visual Studio Code automatic extension update checks docs: |- By default, Visual Studio Code automatically checks extensions for updates [1]. If an update for an extension is available, it is marked as outdated in the Extensions view [1]. These updates are fetched from a Microsoft online service [1]. This script disables the automatic checking of updates for extensions. It achieves this by setting `extensions.autoCheckUpdates` to `false` [2]. [1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L152-L158 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode | github.com" [2]: https://web.archive.org/web/20221029171719/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/extension-marketplace.md#extension-auto-update "vscode-docs/extension-marketplace.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: extensions.autoCheckUpdates jsonValue: >- false - name: Disable automatic fetching of Microsoft recommendations in Visual Studio Code recommend: strict docs: |- Visual Studio Code, by default, fetches recommendations from online Microsoft servers [1]. This script modifies that default behavior, making recommendations from Microsoft servers available only on demand, rather than being fetched automatically [1]. Despite this setting being deprecated [1] [2], it is still respected [3] [4]. [1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L164-L169 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub | github.com" [2]: https://web.archive.org/web/20221029171802/https://github.com/microsoft/vscode/issues/94416 "Combine extensions.ignoreRecommendations and extensions.showRecommendationsOnlyOnDemand · Issue #94416 · microsoft/vscode · GitHub | github.com" [3]: https://web.archive.org/web/20221029171840/https://github.com/microsoft/vscode/blob/df0a8572e5e97ba71160c736addf171c671bb9e9/src/vs/workbench/contrib/extensions/browser/extensionsViewlet.ts#L221-L234 "vscode/extensionsViewlet.ts at df0a8572e5e97ba71160c736addf171c671bb9e9 · microsoft/vscode · GitHub | github.com" [4]: https://web.archive.org/web/20221029171850/https://github.com/microsoft/vscode/blob/1f86576cb95925e79d92c8af04424680bb144945/src/vs/workbench/contrib/extensions/browser/extensionRecommendationNotificationService.ts#L144-L147 "vscode/extensionRecommendationNotificationService.ts at 1f86576cb95925e79d92c8af04424680bb144945 · microsoft/vscode · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: extensions.showRecommendationsOnlyOnDemand jsonValue: >- true - name: Disable automatic fetching of remote repositories in Visual Studio Code docs: |- Visual Studio Code (VS Code) periodically fetches changes from remote repositories [1]. This feature lets VS Code display how many changes your local repository is ahead or behind the remote [1]. This script disables the automatic fetching, providing you more control over when you communicate with remote servers. Note that this feature shares data not with Microsoft, but with the servers hosting the remote repositories you're working with. As of VS Code 1.19, this feature is disabled by default [1] [3], although it was enabled by default in earlier versions [2]. The `git.autofetch` setting controls this feature, with `true` enabling it and `false` disabling it [2]. [1]: https://web.archive.org/web/20221029171946/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/sourcecontrol/overview.md#remotes "vscode-docs/overview.md at main · microsoft/vscode-docs · GitHub | github.com" [2]: https://web.archive.org/web/20221029172003/https://github.com/Microsoft/vscode/issues/34684 "Set git.autofetch to disabled, by default · Issue #34684 · microsoft/vscode · GitHub | github.com" [3]: https://web.archive.org/web/20221029172102/https://github.com/microsoft/vscode/blob/9bc43c7f8acc1d3b2d572f75ca30dccc2fed643d/extensions/git/package.json#L1929-L1945 "vscode/package.json at 9bc43c7f8acc1d3b2d572f75ca30dccc2fed643d · microsoft/vscode · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: git.autofetch jsonValue: >- false - name: Disable fetching package information from NPM and Bower in Visual Studio Code docs: |- Visual Studio Code fetches data from NPM and Bower to provide autocompletion and hover information for npm dependencies [1]. By default, this feature is enabled [2] and fetches data from `https://registry.npmjs.org` and `https://registry.bower.io` [1]. This script prevents the automatic fetching of package information. You can disable this feature by setting `npm.fetchOnlinePackageInfo` to `false` [2]. [1]: https://web.archive.org/web/20221029172113/https://github.com/microsoft/vscode/blob/21504708043941c1e9e45b7d0892a9a8a03470d7/extensions/npm/package.nls.json#L17 "vscode/package.nls.json at 21504708043941c1e9e45b7d0892a9a8a03470d7 · microsoft/vscode · GitHub | github.com" [2]: https://web.archive.org/web/20221029172220/https://github.com/microsoft/vscode/blob/29e985eca0713c8458ae8349c1742d6fb75719e4/extensions/npm/package.json#L293-L300 "vscode/package.json at 29e985eca0713c8458ae8349c1742d6fb75719e4 · microsoft/vscode · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: npm.fetchOnlinePackageInfo jsonValue: >- false - name: Disable sending search queries to Microsoft in Visual Studio Code recommend: strict docs: |- By default, Visual Studio Code sends setting search queries to Microsoft servers [1]. This is part of the natural language search mode, which is powered by a Microsoft online service [1]. You can disable this feature by setting `enableNaturalLanguageSettingsSearch` to `false` [1]. For more information, see [Settings search | Feature announcement](https://web.archive.org/web/20221029223417/https://github.com/microsoft/vscode-docs/blob/8f6d43a3b24d8661f25f93d5e679c3e6ee1191b6/release-notes/v1_20.md#settings-search). [1]: https://web.archive.org/web/20221029172320/https://github.com/microsoft/vscode/blob/13ba7bb446a638d37ebccb1a7d74e31c32bb9790/src/vs/workbench/contrib/preferences/common/preferencesContribution.ts#L151-L157 "vscode/preferencesContribution.ts at 13ba7bb446a638d37ebccb1a7d74e31c32bb9790 · microsoft/vscode · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: workbench.settings.enableNaturalLanguageSearch jsonValue: >- false - name: Disable Visual Studio Code automatic type acquisition in TypeScript docs: |- This script disables [automatic type acquisition](https://web.archive.org/web/20221029223431/https://code.visualstudio.com/docs/nodejs/working-with-javascript#_typings-and-automatic-type-acquisition) [1], a feature that fetches `@types` packages from npm to improve IntelliSense for external libraries [1]. Although this feature is disabled by default [2], you can ensure it's off by setting `typescript.disableAutomaticTypeAcquisition` to `false` [2]. [1]: https://web.archive.org/web/20221029172348/https://github.com/microsoft/vscode/blob/3c37a5a8d7768ea068acf578594f9b71cfbe81e1/extensions/typescript-language-features/package.nls.json#L13 "vscode/package.nls.json at 3c37a5a8d7768ea068acf578594f9b71cfbe81e1 · microsoft/vscode · GitHub | github.com" [2]: https://web.archive.org/web/20221029172429/https://github.com/microsoft/vscode/blob/29e985eca0713c8458ae8349c1742d6fb75719e4/extensions/typescript-language-features/package.json "vscode/package.json at 29e985eca0713c8458ae8349c1742d6fb75719e4 · microsoft/vscode · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: typescript.disableAutomaticTypeAcquisition jsonValue: >- false - name: Disable Visual Studio Code Edit Sessions docs: |- **Edit Sessions** is a Visual Studio Code feature that synchronizes uncommitted changes between VS Code for the Web (e.g., GitHub Codespaces) and the Desktop version, storing data in the Microsoft Cloud [1]. This script disables **Edit Sessions** and its more granular subsettings like `workbench.experimental.editSessions.autoStore`, `workbench.editSessions.autoResume`, and `workbench.editSessions.continueOn` [2]. [1]: https://web.archive.org/web/20221029172502/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/release-notes/v1_71.md#bring-your-changes-with-you-when-moving-across-development-environments "vscode-docs/v1_71.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com" [2]: https://web.archive.org/web/20221029172519/https://github.com/microsoft/vscode/blob/b891aa212a3644cc345d061c63a67ba51080cace/src/vs/workbench/contrib/editSessions/browser/editSessions.contribution.ts#L816-L877 "vscode/editSessions.contribution.ts at b891aa212a3644cc345d061c63a67ba51080cace · microsoft/vscode | github.com" call: - function: SetVsCodeSetting parameters: setting: workbench.experimental.editSessions.enabled jsonValue: >- false - function: SetVsCodeSetting parameters: setting: workbench.experimental.editSessions.autoStore jsonValue: >- false - function: SetVsCodeSetting parameters: setting: workbench.editSessions.autoResume jsonValue: >- false - function: SetVsCodeSetting parameters: setting: workbench.editSessions.continueOn jsonValue: >- false - category: Disable data sharing for Visual Studio Code "Settings Sync" docs: |- **Settings Sync** is a Visual Studio Code feature that synchronizes settings, keybindings, and installed extensions across different machines [1]. This data is stored in the Microsoft Cloud [1]. [1]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com" children: - name: Disable synchronization of Visual Studio Code keybindings docs: |- By default [1], Keyboard Shortcuts are synchronized across platforms [2]. You can disable this by setting `settingsSync.keybindingsPerPlatform` to `false` [1] [2]. [1]: https://web.archive.org/web/20221029172910/https://github.com/microsoft/vscode/blob/095ddabc52b82498ee7f718a34f9dd11d59099a8/src/vs/platform/userDataSync/common/userDataSync.ts#L58-L64 "vscode/userDataSync.ts at 095ddabc52b82498ee7f718a34f9dd11d59099a8 · microsoft/vscode · GitHub | github.com" [2]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: settingsSync.keybindingsPerPlatform jsonValue: >- false - name: Disable synchronization of Visual Studio Code extensions docs: |- Visual Studio Code synchronizes all built-in and installed extensions, along with their global enablement state, by default [1] [2]. This script prevents the synchronization of all Visual Studio Code extensions. To disable extension synchronization, set `settingsSync.ignoredExtensions` [1], which configures the list of extensions to be ignored during synchronization [2]. [1]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com" [2]: https://web.archive.org/web/20221029172910/https://github.com/microsoft/vscode/blob/095ddabc52b82498ee7f718a34f9dd11d59099a8/src/vs/platform/userDataSync/common/userDataSync.ts#L65-L78 "vscode/userDataSync.ts at 095ddabc52b82498ee7f718a34f9dd11d59099a8 · microsoft/vscode · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: settingsSync.ignoredExtensions jsonValue: >- ["*"] - name: Disable synchronization of Visual Studio Code settings docs: |- By default, Visual Studio Code synchronizes all settings, except for machine settings (those with machine or machine-overridable scopes), as these are specific to a given machine [1] [2]. This script disables the synchronization of all settings. You can specify settings to ignore during synchronization using the `settingsSync.ignoredSettings` setting [1] [2]. [1]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com" [2]: https://web.archive.org/web/20221029172910/https://github.com/microsoft/vscode/blob/095ddabc52b82498ee7f718a34f9dd11d59099a8/src/vs/platform/userDataSync/common/userDataSync.ts#L79-L89 "vscode/userDataSync.ts at 095ddabc52b82498ee7f718a34f9dd11d59099a8 · microsoft/vscode · GitHub | github.com" call: function: SetVsCodeSetting parameters: setting: settingsSync.ignoredSettings jsonValue: >- ["*"] - name: Disable .NET telemetry recommend: standard docs: |- .NET, previously known as .NET Core [1], is a free, open-source, and cross-platform developer platform that allows the creation of various types of applications [2]. The .NET Software Development Kit (SDK) includes a telemetry feature, enabled by default [3], that collects and sends usage data to Microsoft upon the execution of .NET Command-Line Interface (CLI) commands. This data comprises your operating system, hardware specifics, geographic location, and .NET usage/installation information [3]. A fraction of this collected data is made publicly available at [.NET CLI Telemetry Data | dotnet.microsoft.com](https://web.archive.org/web/20221029211429/https://dotnet.microsoft.com/en-us/platform/telemetry). This script sets the `DOTNET_CLI_TELEMETRY_OPTOUT` environment variable to `1`, opting you out of the .NET telemetry collection [3]. It is crucial to establish this setting prior to the .NET installation since the installation process also sends telemetry data [3]. [1]: https://web.archive.org/web/20220930202101/https://en.wikipedia.org/wiki/.NET ".NET - Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20221003175158/https://dotnet.microsoft.com/en-us/download "Download .NET (Linux, macOS, and Windows) | dotnet.microsoft.com" [3]: https://web.archive.org/web/20220903043156/https://docs.microsoft.com/en-us/dotnet/core/tools/telemetry ".NET SDK and .NET CLI telemetry - .NET CLI | Microsoft Docs | docs.microsoft.com" call: function: PersistSystemEnvironmentVariable parameters: variable: DOTNET_CLI_TELEMETRY_OPTOUT value: '1' - name: Disable PowerShell Core telemetry docs: |- PowerShell Core, a cross-platform (Windows, Linux, and macOS) automation and configuration tool/framework, incorporates a command-line shell, a related scripting language, and a framework for processing cmdlets [1]. It sends telemetry data to Microsoft servers, revealing your software usage, geolocation, and additional environment data [2]. This script sets the `env:POWERSHELL_TELEMETRY_OPTOUT` environment variable to `1`, opting you out of PowerShell Core's telemetry collection. [1]: https://web.archive.org/web/20221011001154/https://github.com/PowerShell/PowerShell "GitHub - PowerShell/PowerShell: PowerShell for every system! | github.com" [2]: https://web.archive.org/web/20221011165907/https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_telemetry?view=powershell-7.2 "about Telemetry - PowerShell | Microsoft Learn" call: function: PersistSystemEnvironmentVariable parameters: variable: POWERSHELL_TELEMETRY_OPTOUT value: '1' - category: Configure Firefox docs: |- Mozilla Firefox, colloquially known as Firefox, is a free and open-source web browser created by the Mozilla Foundation and its subsidiary, the Mozilla Corporation [1]. By default, Firefox collects telemetry data and has other features that gather information about your downloaded files and browsed webpages [2][3]. The scripts provided here adjust your Firefox installation to prevent its data collection. [1]: https://web.archive.org/web/20221029173029/https://en.wikipedia.org/wiki/Firefox "Firefox | Wikipedia | en.wikipedia.org" [2]: https://web.archive.org/web/20220901045358/https://support.mozilla.org/en-US/kb/telemetry-clientid "Telemetry collection and deletion | Firefox Help | support.mozilla.org" [3]: https://web.archive.org/web/20221008150941/https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work "How does built-in Phishing and Malware Protection work? | Firefox Help | support.mozilla.org" children: - category: Harden Firefox privacy docs: |- The following are privacy-focused tweaks to prevent browser fingerprinting and tracking. See also: [What is browser fingerprinting? | AmIUnique.org](https://web.archive.org/web/20221029223510/https://www.amiunique.org/faq) children: - category: Enable Firefox state partitioning (Total Cookie Protection) docs: |- Web browsers, including Firefox, save various data types such as cookies, cache, and site-specific details. While this data helps in providing a faster and personalized browsing experience, it can be exploited by websites to track your activities across the internet, potentially compromising your privacy. State partitioning, also known as "Total Cookie Protection" [1], is a feature designed to enhance user privacy in Firefox. It works by allocating different, isolated storage spaces for every website you visit [2]. This means that each website has its own "compartment" where it saves its data, separate from other sites [2]. This structure limits websites' capabilities to track users across various domains. The underlying technology for state partitioning in Firefox is termed "double-keying" [1]. In this method, when a website intends to store data, Firefox attaches an extra identifier tied to the site's origin, ensuring unique data storage for each site [1]. For example, if two different sites incorporate content from the same third-party source, each of these sites will have its own unique version of the third-party's data (like cookies) due to state partitioning [1]. This impedes the third-party's tracking ability between the sites. This protection isn't just against known trackers [1]. Firefox applies state partitioning to all third-party content on a site, ensuring a comprehensive privacy coverage, beyond just identifiable tracking sources [1] [3]. A notable misuse by some trackers is the creation of "supercookies" [4]. Contrary to standard cookies, which users can delete easily, supercookies are harder to eliminate and block, posing a considerable privacy challenge. Through state partitioning, Firefox renders supercookies ineffective for tracking users across sites [4]. As a part of this feature, Firefox not only ensures site-specific data but also partitions multiple caches, such as HTTP cache, image cache, and favicon cache [4]. This partitioning prevents any potential cache exploitation for tracking purposes [4]. In summary, enabling state partitioning in Firefox is a powerful privacy tool, helping to defend users from potential online tracking and offering a more private browsing experience. [1]: https://web.archive.org/web/20230918171957/https://hacks.mozilla.org/2021/02/introducing-state-partitioning/ "Introducing State Partitioning - Mozilla Hacks - the Web developer blog" [2]: https://web.archive.org/web/20230918172155/https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning "State Partitioning - Privacy on the web | MDN" [3]: https://web.archive.org/web/20230918172352/https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ "Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog" [4]: https://web.archive.org/web/20230918172503/https://blog.mozilla.org/security/2021/01/26/supercookie-protections/ "Firefox 85 Cracks Down on Supercookies - Mozilla Security Blog" children: - name: Enable dynamic First-Party Isolation (dFPI) recommend: standard docs: |- Dynamic First-Party Isolation, also known as dFPI, is an advanced privacy feature in Firefox. This feature commonly referred to as: - Total Cookie Protection [1], - dFPI (dynamic First-Party Isolation) [2], - Dynamic storage partitioning [3]. Essentially, dFPI is an enhanced version of a previous privacy tool known as First-Party Isolation (FPI) [4]. The primary purpose of dFPI is to improve user privacy online. It accomplishes this by preventing third-party websites from accessing or tracking a user's data across different websites [1] [3]. By default, this feature is activated for all Firefox desktop users [5]. Within Firefox's settings, there's an option called `network.cookie.cookieBehavior` which governs how dFPI operates. This setting has three potential values [3]: - `5`: The browser will block known trackers and partition storage for third-party content. - `4`: Only known trackers will be blocked without any partitioning of third-party storage. - `0`: All trackers and third-party content are allowed. This script sets the value to `5`, ensuring the highest level of privacy by blocking trackers and partitioning third-party storage. This aligns with recommended privacy practices because even if you choose the `4` value, the older First-Party Isolation (FPI) will still be active [6]. [1]: https://web.archive.org/web/20231003094145/https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq "Total Cookie Protection and website breakage FAQ | Firefox Help" [2]: https://web.archive.org/web/20231003094154/https://bugzilla.mozilla.org/show_bug.cgi?id=1746646 "1746646 - (tcp-mochitests) [meta] Make mochitests work with TCP enabled (cookieBehavior = 5) | bugzilla.mozilla.org" [3]: https://web.archive.org/web/20230918172155/https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#disable_dynamic_state_partitioning "State Partitioning - Privacy on the web | MDN" [4]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org" [5]: https://web.archive.org/web/20231207105610/https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ "Firefox Rolls Out Total Cookie Protection By Default" [6]: https://web.archive.org/web/20231003094350/https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25 "1631676 - Disable dfpi when privacy.firstparty.isolate=true | bugzilla.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: network.cookie.cookieBehavior jsonValue: '5' - name: Enable Firefox network partitioning recommend: standard docs: |- Network partitioning is a method used by Firefox to enhance user privacy [1]. When enabled, each website you visit has its own isolated storage location, preventing it from accessing data from another website [1]. This limits the ability of websites to track users across multiple sites [1]. Network Partitioning, formerly referred to as *cache partitioning* [2], is a subset of state partitioning [1]. While state partitioning deals with data like cookies, network partitioning deals with networking-related components, such as caches and connection pools [1]. It ensures that these components are isolated to each website, further enhancing user privacy [1]. Firefox has enabled network partitioning by default since version 85 [1]. Once enabled, network partitioning becomes permanent, meaning websites cannot bypass or weaken its restrictions [1]. Network partitioning can be controlled with the `privacy.partition.network_state` preference [1]. [1]: https://web.archive.org/web/20230918172155/https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning "State Partitioning - Privacy on the web | MDN" [2]: https://web.archive.org/web/20231003094417/https://bugzilla.mozilla.org/show_bug.cgi?id=1687569 "1687569 - cache partitioning causes web page saving extensions to waste more time and data | bugzilla.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: privacy.partition.network_state jsonValue: 'true' - name: Disable outdated Firefox First-Party Isolation (FPI) recommend: strict docs: |- First-party isolation (FPI) helps in preventing third parties from tracking users across multiple websites [1] [2]. This is sometimes referred to as "double keying" (double-keying) [1] or supercookies [1] [2]. This script disables FPI in favor of a newer technology called dynamic First-Party Isolation (dFPI) for the following reasons: 1. FPI and dFPI conflict with each other, and they cannot function simultaneously [3] [4]. Additionally, Mozilla doesn't plan to make them compatible [5]. 2. FPI has been marked as deprecated and is expected to be phased out [3], with dFPI set to become the standard in the future [6]. 3. dFPI, when combined with network partitioning, offers broader and more effective privacy coverage than FPI, being essentially a superset of FPI [3] [7]. [1]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#First_party_isolation "Firefox/Privacy - ArchWiki | wiki.archlinux.org" [2]: https://web.archive.org/web/20221025200527/https://bugzilla.mozilla.org/show_bug.cgi?id=1397624#c0 "1397624 - Provide an option for first-party isolation in Private Browsing Mode | bugzilla.mozilla.org" [3]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c0 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org" [4]: https://web.archive.org/web/20231003094350/https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25 "1631676 - Disable dfpi when privacy.firstparty.isolate=true | bugzilla.mozilla.org" [5]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c3 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org" [6]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org" [7]: https://web.archive.org/web/20231003094358/https://bugzilla.mozilla.org/show_bug.cgi?id=1637344#c2 "1637344 - Add message to show dFPI is incompatible with FPI | bugzilla.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: privacy.firstparty.isolate jsonValue: 'false' - name: Enable Firefox tracking protection recommend: standard docs: |- Firefox provides an option for Enhanced Tracking Protection [1], which blocks trackers that gather information about your browsing behavior without disrupting site functionality [1]. This feature also includes protections against harmful scripts such as malware that drains your battery [1]. This script enables the `privacy.resistFingerprinting` preference, activating anti-fingerprinting [1][2]. Beyond privacy advantages; enabling tracking protection may reduce load time by 44% [3]. Note: If you are already using an ad blocker with the correct lists, tracking protection might be redundant. [1]: https://web.archive.org/web/20221025195851/https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop "Security/Tracking protection - MozillaWiki | support.mozilla.org" [2]: https://web.archive.org/web/20221025195843/https://wiki.mozilla.org/Security/Tracking_protection#Prefs "Enhanced Tracking Protection in Firefox for desktop | Firefox Help | wiki.mozilla.org" [3]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#Tracking_protection "Firefox/Privacy - ArchWiki | wiki.archlinux.org" call: function: AddFirefoxPrefs parameters: prefName: privacy.trackingprotection.enabled jsonValue: 'true' - name: Enable Firefox anti-fingerprinting (may break some websites) recommend: strict docs: |- Fingerprinting Protection is a heavily developed experimental feature in Firefox [1]. As part of a project to integrate features from the Tor Browser, Mozilla launched an anti-fingerprinting project in Firefox [2]. This script enables the `privacy.resistFingerprinting` preference, activating anti-fingerprinting [1][2]. As an experimental feature, it might cause some website breakage [2], such as impacting web speech functionality [3] and favicons [4]. [1]: https://web.archive.org/web/20221025201025/https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting "Firefox's protection against fingerprinting | Firefox Help | support.mozilla.org" [2]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#Anti-fingerprinting "Firefox/Privacy - ArchWiki | wiki.archlinux.org" [3]: https://web.archive.org/web/20221025201301/https://bugzilla.mozilla.org/show_bug.cgi?id=1636707 "1636707 - Web speech functionality disabled if privacy.resistFingerprinting is set to true | bugzilla.mozilla.org" [4]: https://web.archive.org/web/20221025201422/https://bugzilla.mozilla.org/show_bug.cgi?id=1452391#c5 "1452391 - PNG favicons show up as white square when privacy.resistFingerprinting is enabled | bugzilla.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: privacy.resistFingerprinting jsonValue: 'true' - name: Disable WebRTC exposure of your private IP address in Firefox recommend: standard docs: |- Websites can obtain your local IP address through WebRTC's peer-to-peer protocol, facilitated by JavaScript [1]. WebRTC (Web Real-Time Communication) is a free and open-source project offering real-time communication (RTC) via application programming interfaces (APIs) to web browsers and mobile applications [2]. It enables audio and video communication to work inside web pages by facilitating direct peer-to-peer communication, and thereby eliminating the need for plugin installations or native app downloads [3]. Supported by Apple, Google, Microsoft, Mozilla, and Opera, WebRTC's specifications have been published by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) [2]. [1]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#WebRTC_exposes_LAN_IP_address "WebRTC exposes LAN IP address | Firefox/Privacy - ArchWiki | wiki.archlinux.org" [2]: https://web.archive.org/web/20221029173118/https://en.wikipedia.org/wiki/WebRTC "WebRTC - Wikipedia | en.wikipedia.org" [3]: https://web.archive.org/web/20221029173306/https://blogs.trilogy-lte.com/post/77427158750/how-webrtc-is-revolutionizing-telephony "How WebRTC Is Revolutionizing Telephony | blogs.trilogy-lte.com" call: function: AddFirefoxPrefs parameters: prefName: media.peerconnection.ice.default_address_only jsonValue: 'true' - category: Disable Firefox telemetry docs: |- By default, Firefox collects telemetry data [1]. This data comprises two main categories: **interaction data** and **technical data** [1]. **Interaction data** includes metrics such as the number of open tabs and windows, the number of webpages visited, the number and type of installed Firefox Add-ons, session length, and interactions with features offered by Mozilla or third parties. These features may include Firefox search features and search partner referrals [1]. **Technical data** provides information about your Firefox version and language, device operating system and hardware configuration, memory, basic crash and error information, as well as the outcome of automated processes like updates and safe browsing [1]. Note that Firefox logs your personally identifiable IP address [1]. [1]: https://web.archive.org/web/20220901045358/https://support.mozilla.org/en-US/kb/telemetry-clientid "Telemetry collection and deletion | Firefox Help | support.mozilla.org" children: - name: Disable collection of technical and interaction data in Firefox recommend: standard docs: |- This script alters the `datareporting.healthreport.uploadEnabled` preference, effectively disabling it. This preference regulates whether Firefox sends telemetry data [1]. The script halts all data transmitted from Firefox to Mozilla via Telemetry [2], preventing Firefox from sending technical and interaction data to Mozilla [3]. For reasons of military security, it's recommended by the U.S. government (NIST 800-53) that this data collection is disabled [4]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221015103136/https://bugzilla.mozilla.org/show_bug.cgi?id=1195552#c4 [3]: https://web.archive.org/web/20221015102419/https://bugzilla.mozilla.org/show_bug.cgi?id=1422689#c1 [4]: https://web.archive.org/web/20221015103404/https://www.stigviewer.com/stig/mozilla_firefox/2019-01-02/finding/V-79053 call: function: AddFirefoxPrefs parameters: prefName: datareporting.healthreport.uploadEnabled jsonValue: 'false' - name: Disable detailed telemetry collection in Firefox recommend: standard docs: |- This script disables the `toolkit.telemetry.enabled` preference, which controls whether the Telemetry module is enabled [1]. It's configured to be enabled in nightly, aurora, beta, or default (developer) builds. In release builds, however, it's set to false [1]. This setting is hard-coded into the C++ code to prevent easy disabling [2]. Developers have been approached about this issue but have rejected proposals to unlock it [3]. Mozilla's plan is to deprecate this setting eventually, followed by removal [1]. This preference controls telemetry verbosity and configures Firefox to collect less data [3]. For reasons of military security, the U.S. government (NIST 800-53) recommends disabling this setting [4]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221015102338/https://searchfox.org/mozilla-central/source/modules/libpref/Preferences.cpp#3213 [3]: https://web.archive.org/web/20221015102419/https://bugzilla.mozilla.org/show_bug.cgi?id=1422689#c1 [4]: https://web.archive.org/web/20221015102604/https://stigviewer.com/stig/mozilla_firefox/2020-12-10/finding/V-223170 call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.enabled jsonValue: 'false' - name: Disable archiving of Firefox telemetry recommend: standard docs: |- This script configures the `toolkit.telemetry.archive.enabled` preference to be disabled, thus preventing telemetry pings from being archived locally [1]. For reasons of military security, the U.S. government (NIST 800-53) recommends disabling this setting [2]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221015104801/https://stigviewer.com/stig/mozilla_firefox/2020-12-10/finding/V-223171 call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.archive.enabled jsonValue: 'false' - name: Disable Firefox unified telemetry recommend: standard docs: |- This script is designed to disable the `toolkit.telemetry.unified` preference. If this preference is enabled, it results in two effects: 1. Firstly, telemetry will always be enabled and recording base data [1]. 2. Secondly, additional main pings will be sent [1]. This preference is enabled by default [1]. The `toolkit.telemetry.unified` preference signifies whether the Telemetry system is operating in Unified mode or not [2]. However, it's worth noting that this feature is planned to be phased out and is considered as legacy by the developers [2]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221015105731/https://bugzilla.mozilla.org/show_bug.cgi?id=1406390#c2 call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.unified jsonValue: 'false' - category: Disable Firefox telemetry logs docs: |- Firefox logs telemetry information in various locations, such as the console and `stdout` [1]. This logged information reveals details about your usage pattern. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" children: - name: Minimize Firefox telemetry logging verbosity recommend: standard docs: |- This script sets the `toolkit.telemetry.log.level` preference to the least verbosity to minimize logs. This preference adjusts the telemetry logging verbosity as per `Log.jsm` [1]. By default, logging is restricted to the console service [1]. It displays telemetry information in the browser console [2] and can be used to monitor telemetry activity in the JavaScript console [3]. This process is also referred to as telemetry tracing [4]. The output can be accessed via the DevTools console [4], navigable through the menu by selecting "Tools" => "Developer Tools" => "Error Console" (CTRL+SHIFT+J). The available verbosity levels, in descending order, are `Trace`, `Debug`, `Config`, `Info`, `Warn` (default), `Error`, and `Fatal` [1]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221029134403/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/start/index.html "Getting started — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [3]: https://web.archive.org/web/20221025154541/https://hg.mozilla.org/comm-central/rev/f8a6cf1ee08f8223c36bb92414e29734d8d6c9d9 "comm-central: changeset 28531:f8a6cf1ee08f8223c36bb92414e29734d8d6c9d9 | hg.mozilla.org" [4]: https://web.archive.org/web/20221025154517/https://hg.mozilla.org/comm-central/file/tip/mail/components/telemetry/README.md#l81 "comm-central: mail/components/telemetry/README.md@a2958dfb3462eac068cb1a2c75c5213fc4808b1a | hg.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.log.level jsonValue: >- "Fatal" - name: Disable Firefox telemetry log output recommend: standard docs: |- This script adjusts the `toolkit.telemetry.log.dump` setting to its most restricted value. This preference controls whether to dump telemetry log messages to `stdout` [1]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.log.dump jsonValue: >- "Fatal" - name: Clear Firefox telemetry user ID recommend: standard docs: |- Firefox uses `toolkit.telemetry.cachedClientID` as an identifier for the client and/or the user [1] [2] [3]. This ID is static and is used to identify the user [3]. [1]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy "Firefox/Privacy - ArchWiki | wiki.archlinux.org" [2]: https://web.archive.org/web/20221025163051/https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/app/TelemetryUtils.jsm#l101 "mozilla-central: toolkit/components/telemetry/app/TelemetryUtils.jsm@41ff1810fc5e1ee4ccdea2f1f81fcfc6d04d0fa1" [3]: https://web.archive.org/web/20221025163051/https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/app/TelemetryUtils.jsm#l29 "mozilla-central: toolkit/components/telemetry/app/TelemetryUtils.jsm@41ff1810fc5e1ee4ccdea2f1f81fcfc6d04d0fa1" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.cachedClientID jsonValue: '""' - category: Disable Firefox telemetry pings docs: |- A telemetry ping refers to the data that Firefox transmits to Mozilla's Telemetry servers [1]. It comes in different types and includes information collected by telemetry [1]. [1]: https://web.archive.org/web/20221025163526/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/concepts/pings.html "Telemetry pings — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" children: - name: Disable pings to Firefox telemetry server recommend: standard docs: |- This script sets `toolkit.telemetry.server` to be empty. This preference defines the server to which Telemetry pings are sent [1]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.server jsonValue: '""' - name: Disable Firefox shutdown ping recommend: standard docs: |- The shutdown ping provides data about a clean shutdown [1]. This script turns off three preferences to disable shutdown pings: 1. `toolkit.telemetry.shutdownPingSender.enabled`: This preference permits the shutdown ping to be sent when the browser is closed from the second browsing session onwards, as opposed to on the next restart, through the ping sender [2]. 2. `toolkit.telemetry.shutdownPingSender.enabledFirstSession`: This preference allows the shutdown ping to be sent through the ping sender from the first browsing session [2]. 3. `toolkit.telemetry.firstShutdownPing.enabled`: This preference permits a duplicate of the main shutdown ping from the first browsing session to be sent as a separate `first-shutdown` ping [2]. [1]: https://web.archive.org/web/20221030201323/https://wiki.mozilla.org/QA/Shutdown_Ping#Test_Objectives "QA/Shutdown Ping - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" call: - function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.shutdownPingSender.enabled jsonValue: 'false' - function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.shutdownPingSender.enabledFirstSession jsonValue: 'false' - function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.firstShutdownPing.enabled jsonValue: 'false' - name: Disable Firefox new profile ping recommend: standard docs: |- This script disables the `new-profile` ping sent from Firefox Desktop. This ping is typically sent 30 minutes after the browser starts, during the first session of a newly created profile [1]. If the first session of a new profile is shorter than 30 minutes, the ping is sent at shutdown using the Ping Sender [1]. This script sets the `toolkit.telemetry.newProfilePing.enabled` preference to disabled, which effectively disables the `new-profile` ping for new profiles [2]. [1]: https://web.archive.org/web/20221025172041/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/new-profile-ping.html "“new-profile” ping — Firefox Source Docs documentation" [2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.newProfilePing.enabled jsonValue: 'false' - name: Disable Firefox update ping recommend: standard docs: |- This script disables the `update` ping sent from Firefox Desktop. This ping is sent when a browser update is ready to be applied and also after the update has been successfully applied [1]. This script sets the `toolkit.telemetry.updatePing.enabled` preference to disabled, which turns off the "update" ping associated with browser updates [2]. [1]: https://web.archive.org/web/20221025174136/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/update-ping.html "“update” ping — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.updatePing.enabled jsonValue: 'false' - name: Disable Firefox prio ping recommend: standard docs: |- This script disables the `prio` ping sent from Firefox Desktop. The ping is submitted at least once a day for sessions that last longer than 24 hours [1], and it is enabled by default [2]. It sends **Origin Telemetry** [1], which allows Mozilla to get precise counts of how many Firefox clients perform certain activities on specific origins without revealing which clients were doing which things on which origins [3]. This script sets the `toolkit.telemetry.prioping.enabled` preference to disabled, which turns off the `prio` ping [2]. [1]: https://web.archive.org/web/20221025174031/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/prio-ping.html "“prio” ping — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [3]: https://web.archive.org/web/20221025174037/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/collection/origin.html#origintelemetry "Origin Telemetry — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.prioping.enabled jsonValue: 'false' - category: Disable Firefox Pioneer program docs: |- Firefox Pioneer is a system in Firefox to test new features and changes on a subset of Firefox users [1]. Pioneer program sends private/sensitive data to Mozilla [2] [3]. [1]: https://web.archive.org/web/20221025161925/https://www.ghacks.net/2017/11/15/what-is-firefox-pioneer/ "What is Firefox Pioneer? - gHacks Tech News | ghacks.net" [2]: https://web.archive.org/web/20221025160326/https://support.mozilla.org/en-US/questions/1224660 "What is a firefox pioneer example of how data will be used and how can this lead to a better user experience? | Firefox Support Forum | Mozilla Support" [3]: https://web.archive.org/web/20221025162028/https://medium.com/firefox-context-graph/make-firefox-better-with-pioneer-10c82d0f9301 "Make Firefox Better With Pioneer. Data is the lifeblood of any product… | by Toby Elliott | Firefox Context Graph | Medium" children: - name: Disable Firefox Pioneer study monitoring recommend: standard docs: |- This script configures `toolkit.telemetry.pioneer-new-studies-available` to be disabled to opt out. Firefox Pioneer program. This setting disables availability check for Firefox Pioneer studies [1]. [1]: https://web.archive.org/web/20221025155900/https://hg.mozilla.org/mozilla-central/rev/eed56319e02a52e465929b50cccab29e34102833 "mozilla-central: changeset 539130:eed56319e02a52e465929b50cccab29e34102833 | hg.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.pioneer-new-studies-available jsonValue: 'false' - name: Clear Firefox pioneer program ID recommend: standard docs: |- If a user has chosen to participate in the Pioneer program, their Pioneer ID will be stored in this field [1]. This ID serves as a link between user data and Mozilla servers [2]. [1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org" [2]: https://web.archive.org/web/20221025162028/https://medium.com/firefox-context-graph/make-firefox-better-with-pioneer-10c82d0f9301 "Make Firefox Better With Pioneer. Data is the lifeblood of any product… | by Toby Elliott | Firefox Context Graph | Medium" call: function: AddFirefoxPrefs parameters: prefName: toolkit.telemetry.pioneerId jsonValue: '""' - name: Disable connection tests (breaks automatic Wi-Fi login) docs: |- This script turns off the Firefox Captive Portal detection feature. Firefox uses this feature to determine if a network connection requires a login, such as a public Wi-Fi hotspot [1]. The test involves initiating an outgoing connection to Mozilla servers [1]. By default, these connection attempts occur at regular intervals [2][3]. This functionality could potentially expose your usage habits [4]. For instance, a public venue like a hotel or restaurant might require you to input a password for internet access. If such a portal is in place and blocking traffic, this feature prevents all other connection attempts, possibly revealing your usage habits. See also: [Captive portal | Wikipedia](https://web.archive.org/web/20221029163002/https://en.wikipedia.org/wiki/Captive_portal). This script sets `network.captive-portal-service.enabled` to 'false', thereby disabling automatic connections [1]. [1]: https://web.archive.org/web/20221025194630/https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_network-detection "How to stop Firefox from making automatic connections | Firefox Help | support.mozilla.org" [2]: https://web.archive.org/web/20221025201801/https://bugzilla.mozilla.org/show_bug.cgi?id=1363651 "1363651 - http://detectportal.firefox.com/ is hammering our firewalls | bugzilla.mozilla.org" [3]: https://web.archive.org/web/20221025201846/https://bugzilla.mozilla.org/show_bug.cgi?id=1359697#c3 "1359697 - Don't poll for captive portal detection | bugzilla.mozilla.org" [4]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy "Firefox/Privacy - ArchWiki | wiki.archlinux.org" call: function: AddFirefoxPrefs parameters: prefName: network.captive-portal-service.enabled jsonValue: 'false' - category: Disable Firefox Phishing Protection (Safe Browsing) (decreases security) docs: |- Firefox's Safe Browsing feature, now referred to as Phishing Protection, is still internally recognized as "Safe Browsing" [1]. To provide protection against phishing and malware, Firefox transmits the following data: 1. Partial address information for visited webpages [2]. 2. Details such as name, origin, size, and hash of contents for downloaded files [2]. This data is sent to Google Safe Browsing [2] to aid in issuing warnings for downloaded files and visited sites [2]. While Phishing Protection bolsters your security, it may decrease your privacy as it involves sending data about the websites you visit and files you download to Google [1][2]. There have been concerns about the potential for Google Safe Browsing to be used for censorship in the future, although this has not occurred as of yet [3]. [1]: https://web.archive.org/web/20221026164502/https://wiki.mozilla.org/Security/Safe_Browsing "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20221025193000/https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_what-information-is-sent-to-mozilla-or-its-partners-when-phishing-and-malware-protection-is-enabled [3]: https://web.archive.org/web/20221025192516/https://www.usnews.com/opinion/articles/2016-06-22/google-is-the-worlds-biggest-censor-and-its-power-must-be-regulated "Google Is the World's Biggest Censor and Its Power Must Be Regulated | usnews.com" children: - name: Disable blocking of unstable plugins in Firefox docs: |- This script sets `browser.safebrowsing.blockedURIs.enabled` to 'false', thereby disabling plugin stability blocking [1]. Disabling this feature might have mixed implications: - Disabling the blocking of unstable plugins can potentially expose the user to vulnerabilities associated with these plugins. These plugins may include malware, which would compromise user privacy and data. - It removes the need for data communication via Mozilla servers `addons.mozilla.org` for list retrieval [2]. This feature requires frequent requests to download large amount of data. If this blocking is removed, the user should be knowledgeable about the potential risks and will take precautions. [1]: https://web.archive.org/web/20221026164502/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20230811024650/https://blog.mozilla.org/addons/2020/08/24/introducing-a-scalable-add-ons-blocklist/ "Introducing a scalable add-ons blocklist | Mozilla Add-ons Community Blog" call: function: AddFirefoxPrefs parameters: prefName: browser.safebrowsing.blockedURIs.enabled jsonValue: 'false' - name: Disable Firefox application reputation checks for downloads docs: |- This script pertains to a feature that safeguards users from malware downloads [1]. This protective measure operates by transmitting downloaded URL and file data to Google's servers [3]. The script modifies `browser.safebrowsing.downloads.enabled` to a disabled state. This adjustment consequently disables application reputation checks for downloaded files [1] [2]. Inhibiting this feature concurrently disables remote lookups (`browser.safebrowsing.downloads.remote.enabled`) [1]. Read more: [Security/Features/Application Reputation Design Doc | wiki.mozilla.org](https://web.archive.org/web/20221025204612/https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc) [1]: https://web.archive.org/web/20221025204436/https://wiki.mozilla.org/Security/Download_Protection "Security/Download Protection - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#Disable_.27Safe_Browsing.27_service "Firefox/Privacy - ArchWiki | wiki.archlinux.org" [3]: https://web.archive.org/web/20221025204612/https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc "Security/Features/Application Reputation Design Doc - MozillaWiki | wiki.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: browser.safebrowsing.downloads.enabled jsonValue: 'false' - name: Disable Firefox malware protection docs: |- Mozilla Firefox maintains a list of known malware, and checks user downloads against this list [1]. If the user downloads a file that matches an entry in the list, a warning can be displayed [1]. This script modifies `browser.safebrowsing.malware.enabled` to a disabled state. This preference dictates whether to enable malware checks [1]. Disabling it halts the downloading of malware blacklists and ceases checks on downloads [1]. It is active by default [1]. Note that disabling this protection disrupts application reputation checks for downloaded files, since it relies on this feature [2]. [1]: https://web.archive.org/web/20221025211950/https://kb.mozillazine.org/Browser.safebrowsing.malware.enabled "Browser.safebrowsing.malware.enabled - MozillaZine Knowledge Base | kb.mozillazine.org" [2]: https://web.archive.org/web/20221025204436/https://wiki.mozilla.org/Security/Download_Protection "Security/Download Protection - MozillaWiki | wiki.mozilla.org" call: function: AddFirefoxPrefs parameters: prefName: browser.safebrowsing.malware.enabled jsonValue: 'false' - name: Disable Firefox phishing protection docs: |- This script modifies `browser.safebrowsing.phishing.enabled` to a disabled state. This preference determines whether to enable phishing protection [1] [2]. It is active by default [2]. [1]: https://web.archive.org/web/20221026164502/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org" [2]: https://web.archive.org/web/20221029173442/https://github.com/mozilla/policy-templates/blob/master/README.md#preferences "policy-templates/README.md at master · mozilla/policy-templates · GitHub | github.com" call: function: AddFirefoxPrefs parameters: prefName: browser.safebrowsing.phishing.enabled jsonValue: 'false' functions: - name: RunInlineCode # Marked: refactor-with-partials # Same function in macOS, Linux, Windows parameters: - name: code - name: revertCode optional: true code: '{{ $code }}' revertCode: '{{ with $revertCode }}{{ . }}{{ end }}' - name: RunIfCommandExists # Skips if command does not exist # Marked: refactor-with-partials # Same function as macOS parameters: - name: command - name: code - name: revertCode optional: true code: |- if ! command -v '{{ $command }}' &> /dev/null; then echo 'Skipping because "{{ $command }}" is not found.' else {{ $code }} fi revertCode: |- {{ with $revertCode }} if ! command -v '{{ $command }}' &> /dev/null; then >&2 echo 'Cannot revert because "{{ $command }}" is not found.' else {{ . }} fi {{ end }} - name: RunPython3Code parameters: - name: command - name: code - name: revertCode optional: true call: function: RunIfCommandExists parameters: command: python3 code: |- python3 < /dev/null ; then echo "\"$pkg_package_name\" is installed and will be uninstalled." sudo pacman -Rcns "$pkg_package_name" --noconfirm else echo "The package $pkg_package_name is not installed" fi revertCode: |- pkg_package_name='{{ $packageName }}' if pacman -Qs "$pkg_package_name" > /dev/null ; then echo "Skipping, no action needed because \"$pkg_package_name\" is already installed." else echo "\"$pkg_package_name\" is not installed and will be reinstalled." sudo pacman -S "$pkg_package_name" --noconfirm fi - name: UninstallRPMPackage parameters: - name: packageName call: function: RunIfCommandExists parameters: command: dnf code: |- rpm_package_name='{{ $packageName }}' sudo dnf autoremove -y --skip-broken "$rpm_package_name" revertCode: |- rpm_package_name='{{ $packageName }}' sudo dnf install -y "$rpm_package_name" - name: UninstallAptPackage parameters: - name: packageName call: function: RunIfCommandExists parameters: command: apt-get code: |- apt_package_name='{{ $packageName }}' if status="$(dpkg-query -W --showformat='${db:Status-Status}' "$apt_package_name" 2>&1)" \ && [ "$status" = installed ]; then echo "\"$apt_package_name\" is installed and will be uninstalled." sudo apt-get purge -y "$apt_package_name" else echo "Skipping, no action needed, \"$apt_package_name\" is not installed." fi revertCode: |- apt_package_name='{{ $packageName }}' if status="$(dpkg-query -W --showformat='${db:Status-Status}' "$apt_package_name" 2>&1)" \ && [ "$status" = installed ]; then echo "Skipping, no action needed because \"$apt_package_name\" is already installed." else echo "\"$apt_package_name\" is not installed and will be reinstalled." sudo apt-get install -y "$apt_package_name" fi - name: DisableSystemdService parameters: - name: serviceName call: function: RunIfCommandExists parameters: command: systemctl # `service` is wrapper supporting different backends such as systemctl # However it lacks the "disable" command so we use lower level systemctl code: |- service='{{ $serviceName }}' if systemctl list-units --full -all | grep --fixed-strings --quiet "$service"; then # service exists if systemctl is-enabled --quiet "$service"; then if systemctl is-active --quiet "$service"; then echo "Service $service is running now, stopping it." if ! sudo systemctl stop "$service"; then >&2 echo "Could not stop $service." else echo 'Successfully stopped' fi fi if sudo systemctl disable "$service"; then echo "Successfully disabled $service." else >&2 echo "Failed to disable $service." fi else echo "Skipping, $service is already disabled." fi else echo "Skipping, $service does not exist." fi revertCode: |- # Not restarting/enabling service because the process/socket may need to be trigged by other hooks. service='{{ $serviceName }}' if systemctl list-units --full -all | grep --fixed-strings --quiet "$service"; then # service exists if systemctl is-enabled --quiet "$service"; then echo "Skipping, $service is already enabled." else if sudo systemctl enable "$service"; then echo "Successfully enabled $service, it may require reboot to start." else >&2 echo "Failed to enable $service." fi fi else >&2 echo "Failed, $service does not exist." fi - name: Comment # 💡 Purpose: # Adds a comment in the executed code for better readability and debugging. # This function does not affect the execution flow but helps in understanding the purpose of subsequent code. # Marked: refactor-with-partials # Same function as macOS parameters: - name: codeComment optional: true - name: revertCodeComment optional: true call: function: RunInlineCode parameters: code: '{{ with $codeComment }}# {{ . }}{{ end }}' revertCode: '{{ with $revertCodeComment }}# {{ . }}{{ end }}' - name: DeleteFiles parameters: - name: fileGlob call: - function: Comment parameters: codeComment: >- Delete files matching pattern: "{{ $fileGlob }}" - function: RunPython3Code parameters: code: |- import glob import os path = '{{ $fileGlob }}' expanded_path = os.path.expandvars(os.path.expanduser(path)) print(f'Deleting files matching pattern: {expanded_path}') paths = glob.glob(expanded_path) if not paths: print('Skipping, no paths found.') for path in paths: if not os.path.isfile(path): print(f'Skipping folder: "{path}".') continue os.remove(path) print(f'Successfully delete file: "{path}".') print(f'Successfully deleted {len(paths)} file(s).') - name: DeleteFilesFromFirefoxProfiles parameters: - name: pathGlob # file or folder in profile file call: - # Global installation function: DeleteFiles parameters: fileGlob: ~/.mozilla/firefox/*/{{ $pathGlob }} - # Flatpak installation function: DeleteFiles parameters: fileGlob: ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*/{{ $pathGlob }} - # Snap installation function: DeleteFiles parameters: fileGlob: ~/snap/firefox/common/.mozilla/firefox/*/{{ $pathGlob }} - name: CleanTableFromFirefoxProfileDatabase parameters: - name: databaseFileName - name: tableName call: function: RunPython3Code parameters: code: |- import os import sqlite3 import glob import sys database_name = 'places.sqlite' table_name = 'moz_inputhistory' # moz_historyvisits, moz_places home_dir = f'/home/{os.getenv("SUDO_USER", os.getenv("USER"))}' database_globs = [ # Global installation f'{home_dir}/.mozilla/firefox/*/{database_name}', # Flatpak installation f'{home_dir}/.var/app/org.mozilla.firefox/.mozilla/firefox/*/{database_name}', # Snap installation f'{home_dir}/snap/firefox/common/.mozilla/firefox/*/{database_name}', ] database_files = [file for files in [glob.glob(glob_pattern) for glob_pattern in database_globs] for file in files] if not database_files: print(f'Skipping, no "{database_name}" found.') exit(0) print(f'Total database files found: {len(database_files)}') for file in database_files: print(f'Cleaning "{table_name}" in: {file}') try: conn = sqlite3.connect(file) cursor = conn.cursor() cursor.execute(f'DELETE from {table_name}') total_deleted = cursor.rowcount print(f'Table was empty, no items were deleted.' if total_deleted == 0 else f'Total deleted items: {cursor.rowcount}') except Exception as e: print(f'Failed to delete: {e}', file=sys.stderr) - name: DeleteFileFromThunderbirdProfiles parameters: - name: file code: |- # {{ $file }}: Global installation rm -fv ~/.thunderbird/*/{{ $file }} # {{ $file }}: Flatpak installation rm -fv ~/snap/thunderbird/common/.thunderbird/*/{{ $file }} # {{ $file }}: Snap installation rm -fv ~/.var/app/org.mozilla.Thunderbird/.thunderbird/*/{{ $file }} - name: DeleteFileFromGNOMEWebData parameters: - name: file code: |- # {{ $file }}: Global installation rm -fv ~/.local/share/epiphany/{{ $file }} # {{ $file }}: Flatpak installation rm -fv ~/.var/app/org.gnome.Epiphany/data/epiphany/{{ $file }} # {{ $file }}: Snap installation rm -fv ~/snap/epiphany/*/.local/share/epiphany/{{ $file }} - name: ClearDirFromVsCodeUserDataDir parameters: - name: directory # Whitespaces must be escaped with / code: |- # {{ $directory }}: Global installation (also Snap with --classic) rm -rfv ~/.config/Code/{{ $directory }}/* # {{ $directory }}: Flatpak installation rm -rfv ~/.var/app/com.visualstudio.code/config/Code/{{ $directory }}/* - name: PersistSystemEnvironmentVariable parameters: - name: variable - name: value # We can change different files: # System-wide: # [/etc/profile] # Contains system wide shell initialization scripts. # ❌ It's a configuration file of the base-files package, so it's not appropriate to edit that file directly. # [/etc/profile.d/*.sh] # Files with the .sh extension in the /etc/profile.d directory get executed whenever. # a bash login shell is entered (e.g. when logging in from the console or over ssh). # ✅ Recommended to be edited by Ubuntu. # [/etc/environment] # Used for system-wide environment variable settings. # It is not a script file, but rather consists of assignment expressions, one per line.. # ✅ Owned by root, requires sudo. # ✅ Shell agnostic. # ✅ Recommended by Debian to edit for global environment variables. # User-specific: # [~/.profile] # User-specific shell initialization scripts. # ✅ Recomended by Debian to edit for user-specific environment variables. # [~/.bashrc] # User-based configuration file to set environment variables for Bash shell. # ❌ Bash-specific. # [~/.pam_environment] # User-specific "/etc/environment" # References: # - https://web.archive.org/web/20221029173442/https://help.ubuntu.com/community/EnvironmentVariables # - https://web.archive.org/web/20221029173630/https://wiki.archlinux.org/title/Environment_variables#Defining_variables # - https://web.archive.org/web/20221029173825/https://wiki.debian.org/EnvironmentVariables code: |- variable='{{ $variable }}' value='{{ $value }}' declaration_file='/etc/environment' if ! [ -f "$declaration_file" ]; then echo "\"$declaration_file\" does not exist." sudo touch "$declaration_file" echo "Created $declaration_file." fi assignment_start="$variable=" assignment="$variable=$value" if ! grep --quiet "^$assignment_start" "${declaration_file}"; then echo "Variable \"$variable\" was not configured before." echo -n $'\n'"$assignment" | sudo tee -a "$declaration_file" > /dev/null echo "Successfully configured ($assignment)." else if grep --quiet "^$assignment$" "${declaration_file}"; then echo "Skipping. Variable \"$variable\" is already set to value \"$value\"." else if ! sudo sed --in-place "/^$assignment_start/d" "$declaration_file"; then >&2 echo "Failed to delete assignment starting with \"$assignment_start\"." else echo "Successfully deleted unexpected assignment of \"$variable\"." if ! echo -n $'\n'"$assignment" | sudo tee -a "$declaration_file" > /dev/null; then >&2 echo "Failed to add assignment \"$assignment\"." else echo "Successfully reconfigured ($assignment)." fi fi fi fi revertCode: |- variable='{{ $variable }}' value='{{ $value }}' declaration_file='/etc/environment' if ! [ -f "$declaration_file" ]; then echo "Skipping, \"$declaration_file\" does not exist." else assignment="$variable=$value" if grep --quiet "^$assignment$" "${declaration_file}"; then if sudo sed --in-place "/^$assignment$/d" "$declaration_file"; then echo "Successfully deleted \"$variable\" with \"$value\"." else >&2 echo "Failed to delete \"$assignment\"." fi else echo "Skipping, \"$variable\" with \"$value\" is not found." fi fi - name: DisableCronjob parameters: - name: jobName # Cron is not restarted after changes because according to manpage: # > …cron will then examine the modification time on all crontabs and reload those which have changed. # > Thus cron need not be restarted whenever a crontab file is modified. code: |- job_name='{{ $jobName }}' cronjob_path="/etc/cron.daily/$job_name" if [[ -f "$cronjob_path" ]]; then if [[ -x "$cronjob_path" ]]; then sudo chmod -x "$cronjob_path" echo "Succesfully disabled cronjob \"$job_name\"." else echo "Skipping, cronjob \"$job_name\" is already disabled." fi else echo "Skipping, \"$job_name\" cronjob is not found." fi revertCode: |- cronjob_path="/etc/cron.daily/$job_name" if [[ -f "$cronjob_path" ]]; then if [[ -x "$cronjob_path" ]]; then echo "Skipping, cronjob \"$job_name\" is already enabled." else sudo chmod +x "$cronjob_path" echo "Succesfully enabled cronjob \"$job_name\"." fi else >&2 echo "Failed to enable cronjob \"$job_name\" because it's missing." fi - name: AddFirefoxPrefs parameters: - name: prefName - name: jsonValue docs: |- This script modifies the `user.js` file in Firefox profiles to set specific preferences. The `user.js` file can be found in a Firefox profile folder [1] and its location depends on the type of installation: - Default: `~/.mozilla/firefox//user.js` - Flatpak: `~/.var/app/org.mozilla.firefox/.mozilla/firefox//user.js` - Snap: `~/snap/firefox/common/.mozilla/firefox//user.js` While the `user.js` file is optional [2], if it's present, the Firefox will prioritize its settings over those in `prefs.js` upon startup [1] [2]. It's recommended not to directly edit `prefs.js` to avoid profile corruption [2]. When `user.js` is modified or deleted, corresponding changes in `prefs.js` are necessary for reversion, as Firefox doesn't automatically revert these changes [3]. This script safely modifies `user.js` and ensures changes are reflected in `prefs.js` during reversion, addressing issues with preference persistence [3]. [1]: https://web.archive.org/web/20230811005205/https://kb.mozillazine.org/User.js_file "User.js file - MozillaZine Knowledge Base" [2]: https://web.archive.org/web/20221029211757/https://kb.mozillazine.org/Prefs.js_file "Prefs.js file - MozillaZine Knowledge Base" [3]: https://github.com/undergroundwires/privacy.sexy/issues/282 "[BUG]: Reverting Firefox settings do not work on Linux · Issue #282 · undergroundwires/privacy.sexy | github.com" code: |- pref_name='{{ $prefName }}' pref_value='{{ $jsonValue }}' echo "Setting preference \"$pref_name\" to \"$pref_value\"." declare -a profile_paths=( ~/.mozilla/firefox/*/ ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*/ ~/snap/firefox/common/.mozilla/firefox/*/ ) declare -i total_profiles_found=0 for profile_dir in "${profile_paths[@]}"; do if [ ! -d "$profile_dir" ]; then continue fi if [[ ! "$(basename "$profile_dir")" =~ ^[a-z0-9]{8}\..+ ]]; then continue # Not a profile folder fi ((total_profiles_found++)) user_js_file="${profile_dir}user.js" echo "$user_js_file:" if [ ! -f "$user_js_file" ]; then touch "$user_js_file" echo $'\t''Created new user.js file' fi pref_start="user_pref(\"$pref_name\"," pref_line="user_pref(\"$pref_name\", $pref_value);" if ! grep --quiet "^$pref_start" "${user_js_file}"; then echo -n $'\n'"$pref_line" >> "$user_js_file" echo $'\t'"Successfully added a new preference in $user_js_file." elif grep --quiet "^$pref_line$" "$user_js_file"; then echo $'\t'"Skipping, preference is already set as expected in $user_js_file." else sed --in-place "/^$pref_start/c\\$pref_line" "$user_js_file" echo $'\t'"Successfully replaced the existing incorrect preference in $user_js_file." fi done if [ "$total_profiles_found" -eq 0 ]; then echo 'No profile folders are found, no changes are made.' else echo "Successfully verified preferences in $total_profiles_found profiles." fi revertCode: |- pref_name='{{ $prefName }}' pref_value='{{ $jsonValue }}' echo "Reverting preference: \"$pref_name\" to its default." if command -v 'ps' &> /dev/null && ps aux | grep -i "[f]irefox" > /dev/null; then >&2 echo -e "\e[33mWarning: Firefox is currently running. Please close Firefox before executing the revert script to ensure changes are applied effectively.\e[0m" fi declare -a files_to_modify=('prefs.js' 'user.js') declare -a profile_paths=( ~/.mozilla/firefox/*/ ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*/ ~/snap/firefox/common/.mozilla/firefox/*/ ) declare -i total_profiles_found=0 for profile_dir in "${profile_paths[@]}"; do if [ ! -d "$profile_dir" ]; then continue fi if [[ ! "$(basename "$profile_dir")" =~ ^[a-z0-9]{8}\..+ ]]; then continue # Not a profile folder fi ((total_profiles_found++)) for file_to_modify in "${files_to_modify[@]}"; do config_file_path="${profile_dir}${file_to_modify}" if [ ! -f "$config_file_path" ]; then continue fi echo "$config_file_path:" pref_start="user_pref(\"$pref_name\"," pref_line="user_pref(\"$pref_name\", $pref_value);" if ! grep --quiet "^$pref_start" "${config_file_path}"; then echo $'\t''Skipping, preference was not configured before.' elif grep --quiet "^$pref_line$" "${config_file_path}"; then sed --in-place "/^$pref_line/d" "$config_file_path" echo $'\t''Successfully reverted preference to default.' if ! grep --quiet '[^[:space:]]' "$config_file_path"; then rm "$config_file_path" echo $'\t'"Removed the file as it became empty." fi else echo $'\t''Skipping, the preference has value that is not configured by privacy.sexy.' fi done done if [ "$total_profiles_found" -eq 0 ]; then echo 'No reversion was necessary.' else echo "Successfully verified preferences in $total_profiles_found profiles." fi - name: RenameFile parameters: - name: path code: |- file='{{ $path }}' backup_file="${file}.old" if [ -f "$file" ]; then echo "File exists: $file." sudo mv "$file" "$backup_file" echo "Moved to: $backup_file." else echo "Skipping, no changes needed." fi revertCode: |- file='{{ $path }}' backup_file="${file}.old" if [ -f "$backup_file" ]; then echo "Backup file exists: $file." sudo mv "$backup_file" "$file" echo "Moved to: $file." echo "Succesfully restored." else >&2 echo "Failed to restore, backup file could not be found at $backup_file." >&2 echo "Was the change initially applied by privacy.sexy?" fi - name: ReplaceFileContent parameters: - name: filePath - name: newContent code: |- file='{{ $filePath }}' new_content=$'{{ $newContent }}' backup_file="${file}.backup" if [ ! -f "$file" ]; then >&2 echo "Skipping, original file missing at $file." else sudo mv "$file" "$backup_file" echo "Successfully backed up existing $file" echo -n $"$new_content" | sudo tee "$file" > /dev/null echo "Successfully replaced $file" fi revertCode: |- file='{{ $filePath }}' backup_file="${file}.backup" if [ ! -f "$backup_file" ]; then >&2 echo "Failed, backup file is missing at $backup_file." else sudo rm -fv "$file" sudo mv "$file.backup" "$file" echo "Successfully restored from backup: $file" fi - name: ClearDirectoryContents # 💡 Purpose: # Empties the contents of a directory recursively (including all of its files and subfolders) while preserving # the directory itself. # Marked: refactor-with-partials # Same function as macOS parameters: - name: directoryGlob - name: grantPermissions optional: true call: - function: Comment parameters: codeComment: 'Clear directory contents: "{{ $directoryGlob }}"' - function: RunInlineCode parameters: code: |- glob_pattern="{{ $directoryGlob }}/*" {{ with $grantPermissions }}sudo {{ end }}rm -rfv $glob_pattern