44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcad357017d9f29ce77e706ca943107dd9caefb6
privacy.sexy/src/application/collections/linux.yaml
undergroundwires bcad357017 linux: fix Firefox settings not reverting #282 
Improve the revert process for Firefox settings by extending
modifications to also include `prefs.js`.

- Validate profile directories similarly to execution script.
- Check and warn if Firefox is running during revert to prevent
  `prefs.js` from being overriden.
- Clarify output messages for execution and revert scripts.
- Add flowchart diagram for visual documentation.
- Improve documentation for consistency and precision.
- Update `.gitignore` to account for temporary draw.io files.
2023-11-26 01:20:21 +01:00

3905 lines
251 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Structure is documented in "docs/collection-files.md"
os: linux
scripting:
language: shellscript
startCode: |-
#!/usr/bin/env bash
# {{ $homepage }} — v{{ $version }} — {{ $date }}
if [ "$EUID" -ne 0 ]; then
script_path=$([[ "$0" = /* ]] && echo "$0" || echo "$PWD/${0#./}")
sudo "$script_path" || (
echo 'Administrator privileges are required.'
exit 1
)
exit 0
fi
export HOME="/home/${SUDO_USER:-${USER}}" # Keep `~` and `$HOME` for user not `/root`.
endCode: |-
echo 'Your privacy and security is now hardened 🎉💪'
echo 'Press any key to exit.'
read -n 1 -s
actions:
-
category: Privacy cleanup
docs: |-
These scripts allow you to increase privacy by deleting collected data about you and your behavior.
children:
-
category: Clear terminal history
docs: |-
Reading terminal history is one of the attack techniques.
The existence of bash history files is defined as an unsecured credential attack technique by MITRE [1].
[1]: https://web.archive.org/web/20221029134827/https://attack.mitre.org/techniques/T1552/003/ "Unsecured Credentials: Bash History, Sub-technique T1552.003 - Enterprise | MITRE ATT&CK® | attack.mitre.org"
children:
-
name: Clear bash history
recommend: strict
docs: |-
Bash (Bourne-Again SHell) is from the GNU project.
It is used by most distributions as their default shell.
See also [GNU Bash Homepage](https://web.archive.org/web/20221029211839/https://www.gnu.org/software/bash/).
call:
function: DeleteFileFromUserAndRootHome
parameters:
file: .bash_history
-
name: Clear Zsh history
recommend: strict
docs: |-
Zsh is also known as Z-shell [1]. See its [homepage](https://web.archive.org/web/20221029211848/https://www.zsh.org/) for more information.
It is one of the most used shells and has been the default shell in Kali Linux since 2020.4 [2].
Arch Linux installer uses zsh [3] but sets bash on disk as default [4].
[1]: https://web.archive.org/web/20221029134900/https://en.wikipedia.org/wiki/Z_shell "Z shell - Wikipedia | wikipedia.org"
[2]: https://web.archive.org/web/20221029134925/https://www.kali.org/blog/kali-linux-2020-4-release/ "Kali Linux 2020.4 Release (ZSH, Bash, CME, MOTD, AWS, Docs, Win-KeX & Vagrant) | Kali Linux Blog | kali.org"
[3]: https://web.archive.org/web/20221029181441/https://gitlab.archlinux.org/archlinux/archiso/-/blob/9f16862acd7e7be02da72f63a03b4c0e256dabff/configs/releng/packages.x86_64#L32 "configs/releng/packages.x86_64 · 9f16862acd7e7be02da72f63a03b4c0e256dabff · Arch Linux / archiso · GitLab"
[4]: https://web.archive.org/web/20221029181616/https://wiki.archlinux.org/title/bash "Bash - ArchWiki"
call:
function: DeleteFileFromUserAndRootHome
parameters:
file: .zsh_history
-
name: Clear tcsh history
recommend: strict
docs: |-
C shell (csh) with file name completion and command line editing.
`~/.history` is its default histfile (history file) [1].
It's shipped by FreeBSD as the default root shell [2].
See also:
- [tcsh homepage](https://web.archive.org/web/20221029211930/https://www.tcsh.org/),
- [tcsh source code](https://web.archive.org/web/20221029212024/https://github.com/tcsh-org/tcsh).
[1]: https://web.archive.org/web/20221029134950/https://linux.die.net/man/1/tcsh "tcsh(1) - Linux man page | linux.die.net"
[2]: https://web.archive.org/web/20221029135041/https://books.google.com/books?id=LyDP5b2xzaMC&pg=PA56 "Sams Teach Yourself FreeBSD in 24 Hours - Michael Urban, Brian Tiemann - Google Books | books.google.com"
call:
function: DeleteFileFromUserAndRootHome
parameters:
file: .history
-
name: Clear fish history
recommend: strict
docs: |-
It is one of the most popular exotic shells that favors usability over standard compliance.
Its history file is stored in `~/.local/share/fish/fish_history` and `~/.config/fish/fish_history` [1].
It is used by PEUX OS as the default shell [2].
See also [fish shell homepage](https://web.archive.org/web/20221029212109/https://fishshell.com/) for more information.
[1]: https://web.archive.org/web/20221029135026/https://github.com/fish-shell/fish-shell/issues/862 "history file location · Issue #862 · fish-shell/fish-shell | github.com/fish-shell"
[2]: https://web.archive.org/web/20221029135110/https://peux-os.netlify.app/ "Homepage of Peux OS | [POS] | peux-os.netlify.app"
call:
- # >= 2.3.0
function: DeleteFileFromUserAndRootHome
parameters:
file: .local/share/fish/fish_history
- # < 2.3.0
function: DeleteFileFromUserAndRootHome
parameters:
file: .config/fish/fish_history
-
name: Clear KornShell (ksh) history
recommend: strict
docs: |-
KornShell is a shell that has different versions by different maintainers and developers such as `ksh93+u`, `ksh93v-, and `ksh2020`.
The latest maintained version is `ksh93u+m`, see its [GitHub repository (ksh93/ksh)](https://web.archive.org/web/20221029212509/https://github.com/ksh93/ksh).
Its history file (histfile) is saved at `~/.sh_history` by default [1] [2].
OpenBSD symlinks sh to ksh [3].
See also the [Wikipedia page](https://web.archive.org/web/20221029212931/https://en.wikipedia.org/wiki/KornShell) for more information.
[1]: https://web.archive.org/web/20221029135158/https://www.mkssoftware.com/docs/man1/history.1.asp "history -- display KornShell command history | manpage | mkssoftware.com"
[2]: https://web.archive.org/web/20221029135207/https://www.ibm.com/docs/en/aix/7.2?topic=commands-korn-shell-posix-shell-command-history "Korn shell or POSIX shell command history - IBM Documentation | ibm.com"
[3]: https://web.archive.org/web/20221029135300/https://www.reddit.com/r/unix/comments/6zqyl1/nix_distros_with_default_shells/ "*nix distros with default shells? | Reddit (/r/unix) | reddit.com"
call:
function: DeleteFileFromUserAndRootHome
parameters:
file: .sh_history
# -
# Dash [1] (used by Debian, Ubuntu, Void Linux etc.) does not support history [2].
# [1]: https://web.archive.org/web/20221029135301/https://git.kernel.org/pub/scm/utils/dash/dash.git
# [2]: https://web.archive.org/web/20221029135344/https://unix.stackexchange.com/questions/271595/how-can-i-access-the-history-buffer-in-sh-not-in-bash
-
name: Clear ash history
recommend: strict
docs: |-
It's also known as Almquist shell [1].
It's mainly a fork of dash (Debian Almquist shell) used in embedded Linux distributions such as DSLinux,
Alpine Linux, Tiny Core Linux and Linux-based router firmware such as OpenWrt, Tomato and DD-WRT [1].
It was also used by Android until Android 4.0 [2].
It uses `~/.ash_history` as the history file [3].
[1]: https://web.archive.org/web/20221030142637/https://en.wikipedia.org/wiki/Almquist_shell#Embedded_Linux "Almquist shell - Wikipedia | wikipedia.org"
[2]: https://web.archive.org/web/20221029135416/https://android.googlesource.com/platform/system/core/+/master/shell_and_utilities/README.md "Android's shell and utilities | android.googlesource.com"
[3]: https://web.archive.org/web/20221029135513/https://github.com/brgl/busybox/blob/abbf17abccbf832365d9acf1c280369ba7d5f8b2/shell/ash.c#L13626 "busybox/ash.c source code | github.com/brgl/busybox"
call:
function: DeleteFileFromUserAndRootHome
parameters:
file: .ash_history
-
name: Clear crosh history
recommend: strict
docs: |-
crosh is also known as ChromiumOS shell [1].
It is used in Chromium OS [2].
The history file is found in `~/.crosh_history` by default.
See its [source code (chromiumos/platform2)](https://web.archive.org/web/20221029135520/https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/crosh) for more information.
[1]: https://web.archive.org/web/20221029135520/https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/crosh "crosh git repository | chromium.googlesource.com"
[2]: https://web.archive.org/web/20221029135620/https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/crosh/README.md "README.md file | crosh git repository | chromium.googlesource.com"
[3]: https://web.archive.org/web/20221029135627/https://chromium.googlesource.com/chromiumos/platform2/+/183c7e421bd3a55c757b33b639201555b9d7a283/crosh/crosh#154 "histfile source code | crosh git repository | chromium.googlesource.com"
call:
function: DeleteFileFromUserAndRootHome
parameters:
file: .crosh_history
-
category: Clear third-party application data
docs: |-
Scripts in this category clear data for third-party applications installed on the operating system.
Third-party applications are not typically distributed as part of the operating system and are
installed separately.
children:
-
name: Clear Steam cache
docs: |-
Steam is a video game digital distribution service and storefront by Valve [1].
Clearing Steam cache is safe without any side effects. This may resolve issues with Steam and help you save
space and increase privacy, but may lead to a single-time application performance decrease due to cache renewal.
See also: [Steam Homepage](https://web.archive.org/web/20221029212925/https://store.steampowered.com/)
[1]: https://web.archive.org/web/20221029135718/https://en.wikipedia.org/wiki/Steam_%28service%29 "Steam | Wikipedia | wikipedia.org"
code: |-
# Global installation
rm -rfv ~/.local/share/Steam/appcache/*
# Snap
rm -rfv ~/snap/steam/common/.cache/*
rm -rfv ~/snap/steam/common/.local/share/Steam/appcache/*
# Flatpak
rm -rfv ~/.var/app/com.valvesoftware.Steam/cache/*
rm -rfv ~/.var/app/com.valvesoftware.Steam/data/Steam/appcache/*
-
name: Clear Clementine cache
docs: |-
Clementine is a free and open-source audio player [1].
Cover art, moodbar, and network cache are all part of Clementine cache [2].
Clementine cache is kept in the global XDG spec (`~/.cache`) folder [3].
See also: [Clementine Homepage](https://web.archive.org/web/20221029213331/https://www.clementine-player.org/)
[1]: https://web.archive.org/web/20221029135732/https://en.wikipedia.org/wiki/Clementine_%28software%29 "Clementine | Wikipedia | wikipedia.org"
[2]: https://web.archive.org/web/20221029135808/https://github.com/clementine-player/Clementine/blob/7e48b78c158116166348502fd1da5116a2a480bf/src/core/utilities.cpp#L365-L391 "Clementine cache source code | GitHub | github.com/clementine-player/Clementine"
[3]: https://web.archive.org/web/20221029135834/https://github.com/clementine-player/Clementine/issues/3265 "Cache folder · Issue #3265 · clementine-player/Clementine | GitHub | github.com/clementine-player/Clementine"
code: |-
# Global installation
rm -rfv ~/.cache/Clementine/*
# Flatpak installation
rm -rfv ~/.var/app/org.clementine_player.Clementine/cache/*
# Snap installation
rm -rfv ~/snap/clementine/common/.cache/*
-
category: Clear Wine data
docs: |-
Wine is a compatibility layer capable of running Windows applications [1].
See also: [Wine Homepage](https://web.archive.org/web/20221029213416/https://www.winehq.org/).
[1]: https://web.archive.org/web/20221029135913/https://en.wikipedia.org/wiki/Wine_%28software%29 "Wine | Wikipedia | en.wikipedia.org"
children:
-
name: Clear Wine cache
recommend: standard
docs: |-
Wine has two different caches:
1. Temporary Windows files. Wine saves temporary Windows files at `<wine folder>/drive_c/windows/temp/` [1] [2].
2. Temporary Wine application cache [3] that is not connected to inner Windows files.
[1]: https://web.archive.org/web/20180328090608/http://www.zdnet.com/article/keeping-temp-folders-clean/ "Keeping temp folders clean | ZDNet | zdnet.com"
[2]: https://web.archive.org/web/20221029135944/https://ubuntuforums.org/showthread.php?t=1006132 "Why does Wine have its own temp folders? | UbuntuForums | ubuntuforums.org"
[3]: https://web.archive.org/web/20221029135955/https://wiki.debian.org/Wine#Mono_and_Gecko "Wine - Debian Wiki | wiki.debian.org"
code: |-
# Temporary Windows files for global prefix
rm -rfv ~/.wine/drive_c/windows/temp/*
# Wine cache:
rm -rfv ~/.cache/wine/
-
name: Clear Winetricks cache
recommend: standard
docs: |-
Winetricks is a helper script to download and install various redistributable runtime libraries
needed to run some programs in Wine [1].
Winetricks cache includes downloaded files cache (runtime libraries/directories).
It caches downloads `winetrickscache/$packagename` [2] [3].
User data cache is stored in `$XDG_CACHE_HOME/winetricks` (by default, `~/.cache/winetricks`) [4].
[1]: https://web.archive.org/web/20221029140111/https://wiki.winehq.org/Winetricks "Winetricks - WineHQ Wiki | wiki.winehq.org"
[2]: https://web.archive.org/web/20221029140047/https://github.com/Winetricks/winetricks/blob/164d243e1384ba7cc6058a6524c1472100b7722c/src/winetricks#L1269-L1271 "Wine source code | GitHub | github.com/Winetricks/winetricks"
[3]: https://web.archive.org/web/20221029140047/https://github.com/Winetricks/winetricks/blob/164d243e1384ba7cc6058a6524c1472100b7722c/src/winetricks#L1515-L1517 "Wine source code | GitHub | github.com/Winetricks/winetricks"
[4]: https://web.archive.org/web/20221029140204/https://manpages.debian.org/experimental/winetricks/winetricks.1.en.html#XDG_CACHE_HOME "winetricks man page | Debian Manpages | manpages.debian.org"
code: rm -rfv ~/.cache/winetricks/
-
name: Clear LibreOffice usage history
recommend: strict
docs: |-
LibreOffice is a free and open-source office productivity software suite, a project of The Document Foundation (TDF) [1].
`registrymodifications.xcu` is an XML file that contains the user-specified settings [2].
It is found inside the user settings directory (`~/.config/libreoffice/4/user`) [2].
It includes thumbnails generated [3], and a recent document list [4].
See also: [LibreOffice Homepage](https://web.archive.org/web/20221029214216/https://www.libreoffice.org/).
[1]: https://web.archive.org/web/20221029140306/https://en.wikipedia.org/wiki/LibreOffice "LibreOffice | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029140313/https://wiki.documentfoundation.org/images/b/b0/LibreOffice_config_extension_writing.pdf "Config specification | LibreOffice documentation | wiki.documentfoundation.org"
[3]: https://web.archive.org/web/20221029140438/https://askubuntu.com/questions/996397/where-are-libre-office-thumbnails-stored/996528 "Where are Libre Office thumbnails stored? | Ask Ubuntu Forums | askubuntu.com"
[4]: https://web.archive.org/web/20221029140501/https://forum.openoffice.org/en/forum/viewtopic.php?f=6&t=102020 "Restoring Recent documents list | Apache OpenOffice Community Forum | forum.openoffice.org"
code: |-
# Global installation
rm -f ~/.config/libreoffice/4/user/registrymodifications.xcu
# Snap package
rm -fv ~/snap/libreoffice/*/.config/libreoffice/4/user/registrymodifications.xcu
# Flatpak installation
rm -fv ~/.var/app/org.libreoffice.LibreOffice/config/libreoffice/4/user/registrymodifications.xcu
-
category: Clear Thunderbird data
docs: |-
Mozilla Thunderbird is a free and open-source cross-platform email client, personal information manager, news client, RSS and chat
client developed by the Mozilla Foundation [1].
See also: [Thunderbird Homepage | thunderbird.net](https://web.archive.org/web/20221029214240/https://www.thunderbird.net/en-US/).
Read about the files and folders in the profile folder in depth:
[Files and folders in the profile - Thunderbird | kb.mozillazine.org](https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird).
[1]: https://web.archive.org/web/20221029140516/https://en.wikipedia.org/wiki/Mozilla_Thunderbird "Thunderbird | Wikipedia | en.wikipedia.org"
children:
-
name: Clear Thunderbird cookies
docs: |-
Thunderbird stores cookie information in [1]:
- `cookies.sqlite`: Stores all cookies.
- `cookies.sqlite-journal`: The journal file for `cookies.sqlite`.
- `cookies.sqlite-shm`, `cookies.sqlite-wal`: Write-ahead log files for `cookies.sqlite`.
The file `cookies.sqlite` in the user's profile directory is used to store cookies between sessions [2].
[1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org"
[2]: https://web.archive.org/web/20221029140816/https://kb.mozillazine.org/Cookies.sqlite "Cookies.sqlite | Thunderbird | kb.mozillazine.org"
call:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: cookies.sqlite
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: cookies.sqlite-wal
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: cookies.sqlite-journal
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: cookies.sqlite-shm
-
name: Clear Thunderbird session restoration data (open windows and tabs)
docs: |-
The default window layout is saved in the session file (`session.json`) [1].
It includes data on what tabs are open [1].
[1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org"
call:
function: DeleteFileFromThunderbirdProfiles
parameters:
file: session.json
-
name: Clear Thunderbird passwords
docs: |-
`logins.json` stores encrypted passwords [1].
It replaces `signons.sqlite`, which had replaced `signons.txt` [1].
`logins-backup.json` is stored to recreate `logins.json` [2].
[1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org"
[2]: https://web.archive.org/web/20221029141151/https://support.mozilla.org/id/questions/1362315#answer-1469311 "Mozilla Support | support.mozilla.org"
call:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: logins.json
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: logins-backup.json
-
name: Clear Thunderbird download history
docs: |-
Download history is saved in `downloads.sqlite` since Thunderbird 3 and in `downloads.rdf` before [1].
It stores data to show downloads in **Download Manager** [2].
Clearing download history can help to resolve slow downloads or program hangs [3].
[1]: https://web.archive.org/web/20221029140819/https://kb.mozillazine.org/Files_and_folders_in_the_profile_-_Thunderbird "Files and folders in the profile | Thunderbird | kb.mozillazine.org"
[2]: https://web.archive.org/web/20221029210450/https://kb.mozillazine.org/Downloads_not_visible_in_Download_Manager "Downloads not visible in Download Manager | Thunderbird | kb.mozillazine.org"
[3]: https://web.archive.org/web/20221029141349/https://bugzilla.mozilla.org/show_bug.cgi?id=159107 "159107 - page saving/downloads takes too much time (is slow) ('marooned' entries in downloads.rdf) | Mozilla Bug Report | bugzilla.mozilla.org"
call:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: downloads.rdf # < Thunderbird 3
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: downloads.sqlite # >= Thunderbird 3
-
category: Clear Thunderbird address book data
docs: |-
Most users open the Thunderbird address book from within the email client, but it can also be launched separately [1].
Mozilla Thunderbird by default comes with two address books, even though more can be added [2]:
1. **Personal book**: For the most frequently used contacts.
2. **Collected book**: Collects addresses from email that you send.
[1]: https://web.archive.org/web/20221029141424/https://wiki.mozilla.org/Thunderbird:Help_Documentation:Using_the_Address_Book "Thunderbird:Help Documentation:Using the Address Book | MozillaWiki | wiki.mozilla.org"
[2]: https://web.archive.org/web/20221029141448/https://support.mozilla.org/en-US/questions/1038172 "WHAT ARE COLLECTED ADDRESSES VS, PERSONAL ADDRESS BOOK | Thunderbird Support Forum | Mozilla Support | support.mozilla.org"
children:
-
name: Clear Thunderbird personal address book
docs: |-
Files for personal addresses [1]:
- Since Thunderbird v78: `abook.sqlite`, `abook.sqlite-wal`.
- Before Thunderbird v78: `abook.mab`.
[1]: https://web.archive.org/web/20221029141501/https://www.recoverytools.com/blog/thunderbird-new-address-book/ "Thunderbird v78 Introduces New Address Book Formats (abook.sqlite) | RecoveryTools | recoverytools.com"
call:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: abook.sqlite # >= Thunderbird v78
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: abook.sqlite-wal # >= Thunderbird v78
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: abook.mab # < Thunderbird v78
-
name: Clear Thunderbird collected address book
docs: |-
Files for collected addresses [1]:
- Since Thunderbird v78: `history.sqlite`, `history.sqlite-wal`.
- Before Thunderbird v78: `history.mab`.
[1]: https://web.archive.org/web/20221029141501/https://www.recoverytools.com/blog/thunderbird-new-address-book/ "Thunderbird v78 Introduces New Address Book Formats (abook.sqlite) | RecoveryTools | recoverytools.com"
call:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: history.sqlite # >= Thunderbird v78
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: history.sqlite-wal # >= Thunderbird v78
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: history.mab # < Thunderbird v78
-
name: Clear clicked links history in Thunderbird
docs: |-
Thunderbird saves annotations, bookmarks, favorite icons, input history, keywords, and browsing history
(a list of pages visited) [1].
Data is saved at persistent `places.sqlite` [1] and temporary `places.sqlite-shm` and `places.sqlite.wal` [2].
[1]: https://web.archive.org/web/20221029141626/https://kb.mozillazine.org/Places.sqlite "Places.sqlite | MozillaZine Knowledge Base | kb.mozillazine.org"
[2]: https://web.archive.org/web/20221029141631/https://bugzilla.mozilla.org/show_bug.cgi?id=686237 "686237 - places.sqlite-wal and places.sqlite-shm not removed on exit | Mozilla Bugs | bugzilla.mozilla.org"
call:
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: places.sqlite
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: places.sqlite-shm
-
function: DeleteFileFromThunderbirdProfiles
parameters:
file: places.sqlite.wal
-
category: Clear data from development tools
docs: |-
This category includes tools that are typically used by developers, also known as "developer tools".
These tools allow a developer to create, test, and debug software.
Their data may leak data about the developer, their usage patterns, the environment used for development or the developed project.
children:
-
name: Clear Python history
docs: |-
Python is a high-level, general-purpose programming language [1]. Python comes preinstalled on most Linux distributions [2].
Since Python 3.4 the interactive mode does log all commands to `~/.python_history` [3].
See also:
- [Source code](https://web.archive.org/web/20221029214327/https://github.com/python/cpython/blob/b2499669ef2e6dc9a2cdb49b4dc498e078167e26/Lib/site.py#L430-L451) that
creates the file and registers it.
- [Python homepage](https://web.archive.org/web/20221029214344/https://www.python.org/)
[1]: https://web.archive.org/web/20221029210646/https://en.wikipedia.org/wiki/Python_%28programming_language%29 "Python (programming language) | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029141851/https://docs.python.org/3/using/unix.html "Using Python on Unix platforms | Python documentation | docs.python.org"
[3]: https://web.archive.org/web/20221029141921/https://bugs.python.org/issue20886 "Issue 20886: Disabling logging to ~/.python_history is not simple enough | Python tracker | bugs.python.org"
call:
function: DeleteFileFromUserAndRootHome
parameters:
file: .python_history
-
category: Clear Visual Studio Code data
docs: |-
Visual Studio Code, also commonly referred to as VS Code, is a source-code editor made by Microsoft [1].
Visual Studio Code saves data that reveals user behavior and preferences.
[1]: https://web.archive.org/web/20221029142001/https://en.wikipedia.org/wiki/Visual_Studio_Code "Visual Studio Code | Wikipedia | en.wikipedia.org"
children:
-
name: Clear Visual Studio Code crash reports
recommend: standard
docs: |-
Visual Studio Code stores crash reports that later on are uploaded to Microsoft servers by default [1].
It collects crash reports in `exthost Crash Reports` [1] and `Crash Reports` directories.
Deleting crash reports does not cause you any data loss that would affect your productivity.
[1]: https://web.archive.org/web/20221029142036/https://github.com/microsoft/vscode/blob/2948450d50c201acb40c8b10da305d8d3a293473/src/vs/workbench/services/extensions/electron-browser/localProcessExtensionHost.ts#L280-L301 "vscode source code | GitHub | github.com"
call:
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: Crash\ Reports
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: exthost\ Crash\ Reports
-
name: Clear Visual Studio Code cache
docs: |-
Unless you have unsaved changes, deleting the cache does not result in data loss [1].
However deleting cached data will lead to a slower initial experience as the files are cached again [1].
Visual Studio Code does not follow platform conventions for cache directories, but stores them in user data
directories instead [2].
Folders include `Cache`, `CachedData`, `Code Cache`, `GPUCache`, `CachedExtensions`, `CachedExtensionVSIXs` [3] [4].
[1]: https://web.archive.org/web/20221029142053/https://github.com/microsoft/vscode/issues/132509#issuecomment-914576815 "Provide functionality to delete temporary and cached files that do not affect core functionality · microsoft/vscode | GitHub | github.com"
[2]: https://web.archive.org/web/20221029142453/https://github.com/microsoft/vscode/issues/3884 "Revisit VS Code folder structure for app data, settings,extensions · Issue #3884 · microsoft/vscode | GitHub | github.com"
[3]: https://web.archive.org/web/20221029142505/https://github.com/microsoft/vscode/issues/126182#issue-919877609 "Cache files not stored under appropriate XDG directory · Issue #126182 · microsoft/vscode | GitHub | github.com"
[4]: https://web.archive.org/web/20221029142526/https://stackoverflow.com/questions/46246437/visual-studio-for-mac-cache-location/66295480 "macos - Visual Studio for Mac: Cache Location | Stack Overflow | stackoverflow.com"
call:
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: Cache
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: CachedData
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: Code\ Cache
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: GPUCache
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: CachedExtensions
-
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: CachedExtensionVSIXs
-
name: Clear Visual Studio Code logs
recommend: standard
docs: |-
Deleting Visual Studio Code logs does not cause any data loss, but hides usage patterns.
The logs are stored in `{user data dir}/logs` folder [1].
[1]: https://web.archive.org/web/20221029142630/https://github.com/microsoft/vscode/blob/f0f4c8782190861ce7ad536eecca45edca7d2ac7/src/vs/platform/environment/common/environmentService.ts#L71-L78 "vscode/environmentService.ts · microsoft/vscode · GitHub | "
call:
function: ClearDirFromVsCodeUserDataDir
parameters:
directory: logs
-
category: Clear Azure CLI data
docs: |-
The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources [1].
With an emphasis on automation, the Azure CLI is accessible across all Azure services and is made to work quickly with Azure [1].
[1]: https://web.archive.org/web/20221029142932/https://learn.microsoft.com/en-us/cli/azure/ "Azure Command-Line Interface (CLI) - Overview | Microsoft Learn | learn.microsoft.com"
children:
-
name: Clear Azure CLI telemetry data
recommend: standard
docs: |-
The Azure CLI stores telemetry in the `telemetry` directory and `telemetry.txt`, `logs/telemetry.txt` files [1].
[1]: https://web.archive.org/web/20221029142939/https://github.com/Azure/azure-cli/blob/29767d75d850ddc1c24cc85bd46d861b61d77a47/src/azure-cli-telemetry/azure/cli/telemetry/const.py "Azure CLI Source Code | GitHub | github.com"
code: |-
rm -rfv ~/.azure/telemetry
rm -fv ~/.azure/telemetry.txt
rm -fv ~/.azure/logs/telemetry.txt
-
name: Clear Azure CLI logs
recommend: standard
docs: |-
Azure CLI saves logs in the `logs` directory [1].
[1]: https://web.archive.org/web/20221029143112/https://github.com/Azure/azure-cli/blob/87c9c3c5a46de622b38e1ec4d5797bb9a3eb9e6f/src/azure/cli/_logging.py#L23 "Azure CLI Source Code | GitHub | github.com"
code: rm -rfv ~/.azure/logs
-
name: Clear Azure CLI cache
recommend: standard
docs: |-
This script deletes cached Azure CLI objects [1].
Cleaning cache does not remove your credentials, so you'll keep your session and be logged in.
[1]: https://web.archive.org/web/20221029143238/https://learn.microsoft.com/en-us/cli/azure/cache?view=azure-cli-latest#az_cache_purge "az cache | Microsoft Learn | learn.microsoft.com"
call:
function: RunIfCommandExists
parameters:
command: az
code: az cache purge
-
name: Clear Azure login data (this will log you out of the current session)
recommend: strict
docs: |-
This script cleans the login data in three steps:
1. **`az logout`**:
It deletes the current authentication token and subscription ID [1].
It only logs out the selected/current user [1].
2. **`az account clear`**:
It clears all other subscriptions from the CLI's local cache [2].
It also logs out all users [2].
3. **Clear all access tokens**:
It removes the ADAL token cache file [3].
These are stored tokens from the Active Directory OAuth 2.0 code flow [4].
[1]: https://web.archive.org/web/20221029143252/https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest#az-logout "az logout | Microsoft Learn | learn.microsoft.com"
[2]: https://web.archive.org/web/20221029144354/https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az_account_clear "az account clear | Microsoft Learn | learn.microsoft.com"
[3]: https://web.archive.org/web/20221029143409/https://github.com/Azure/azure-cli/blob/2e0a42f304f5fd543818a98a9eab2faf8d1fd6d6/src/azure-cli/azure/cli/command_modules/profile/custom.py#L215-L224 "Azure CLI source code | GitHub | github.com"
[4]: https://web.archive.org/web/20221029143429/https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow "Microsoft identity platform and OAuth 2.0 authorization code flow - Microsoft Entra | Microsoft Learn | learn.microsoft.com"
call:
function: RunIfCommandExists
parameters:
command: az
code: |-
az logout 2&> /dev/null
az account clear
rm -fv ~/.azure/accessTokens.json
-
category: Clear browser history
docs: |-
A web browser (commonly just called a browser) is software that is used to visit websites [1].
The browsing history, cache entries, and other potentially sensitive data are all stored by browsers [1].
[1]: https://web.archive.org/web/20221029193056/https://en.wikipedia.org/wiki/Web_browser "Web browser - Wikipedia | wikipedia.org"
children:
-
category: Clear GNOME Web (Epiphany) history
docs: |-
GNOME Web (called Epiphany until 2012) is a free and open-source web browser based on the GTK port of Apple's WebKit rendering engine, called WebKitGTK [1].
It is developed by the GNOME project for Unix-like systems [1].
It is the default and official web browser of GNOME [1].
It has been the default browser of elementary OS since 5.0 [2] Bodhi Linux since 5.1.0 [3].
See also: [GNOME Web source code](https://web.archive.org/web/20221029214415/https://gitlab.gnome.org/GNOME/epiphany)
[1]: https://web.archive.org/web/20221029143523/https://en.wikipedia.org/wiki/GNOME_Web "GNOME Web | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029211521/https://medium.com/elementaryos/elementary-os-5-juno-is-here-471dfdedc7b3 "elementary OS 5 Juno is Here | medium.com"
[3]: https://web.archive.org/web/20221029211555/https://www.bodhilinux.com/2020/03/25/bodhi-linux-5-1-0-released/ "Bodhi Linux 5.1.0 Released | bodhilinux.com"
children:
-
name: Clear GNOME Web cache
docs: This script clears the temporary cache and does not cause any user data loss.
code: |-
# Global installation
rm -rfv /.cache/epiphany/*
# Flatpak installation
rm -rfv ~/.var/app/org.gnome.Epiphany/cache/*
# Snap installation
rm -rfv ~/~/snap/epiphany/common/.cache/*
-
name: Clear GNOME Web browsing history
recommend: strict
docs: |-
Your browsing history consists of the web pages that you have visited [1].
The history database is `ephy-history.db` [2] and uses `-shm` and `-wal` files during operation [3].
[1]: https://web.archive.org/web/20220810160903/https://help.gnome.org/users/epiphany/stable/history.html.en "Browsing history | GNOME Help | help.gnome.org"
[2]: https://web.archive.org/web/20221030154804/https://gitlab.gnome.org/GNOME/epiphany/-/issues/1169 "Maintainer defining ephy-history.db | GNOME/epiphany | GitLab | gitlab.gnome.org"
[3]: https://web.archive.org/web/20221030154903/https://gitlab.gnome.org/GNOME/epiphany/-/issues/1642 "Logs showing ephy-history.db-shm | GNOME/epiphany | GitLab | gitlab.gnome.org"
call:
-
function: DeleteFileFromGNOMEWebData
parameters:
file: ephy-history.db
-
function: DeleteFileFromGNOMEWebData
parameters:
file: ephy-history.db-shm
-
function: DeleteFileFromGNOMEWebData
parameters:
file: ephy-history.db-wal
-
name: Clear GNOME Web cookies
recommend: strict
docs: |-
`cookies.sqlite` file is used to store cookies in WebKit-based browsers [1].
See also:
- [What are cookies? | GNOME Web | gnome.org](https://web.archive.org/web/20221029214420/https://help.gnome.org/users/epiphany/stable/cookies.html.en)
- [Delete a cookie | GNOME Web | gnome.org](https://web.archive.org/web/20221029214415/https://gitlab.gnome.org/GNOME/epiphany)
[1]: https://web.archive.org/web/20221029144608/https://bugs.webkit.org/show_bug.cgi?id=149551 "Discussion around cookies.sqlite in WebKit source code | WebKit Bugzilla | bugs.webkit.org"
call:
function: DeleteFileFromGNOMEWebData
parameters:
file: cookies.sqlite
-
name: Clear GNOME Web bookmarks
docs: |-
Bookmarks are evidently stored in a file called `bookmarks.gvdb` [1].
See also [Bookmarks design | GNOME Wiki](https://web.archive.org/web/20221029214609/https://wiki.gnome.org/Design/Apps/Web/Bookmarks) to read more about GNOME Web bookmarks.
[1]: https://web.archive.org/web/20221029144626/https://gitlab.gnome.org/GNOME/epiphany/-/issues/198 "Discussion around bookmarks.gvdb | GNOME/epiphany | gitlab.gnome.org"
call:
function: DeleteFileFromGNOMEWebData
parameters:
file: bookmarks.gvdb
-
category: Clear Firefox history
docs: |-
This category encompasses a series of scripts aimed at helping users manage and delete their browsing history and related data in Mozilla Firefox.
The scripts are designed to target different aspects of user data stored by Firefox, providing users options for maintaining privacy and freeing up disk space.
children:
-
name: Clear Firefox cache
recommend: standard
docs: |-
The cache gets stored `.cache` folder, which you can see when you navigate to `about:cache` [1] [2].
[1]: https://web.archive.org/web/20221029145216/https://support.mozilla.org/en-US/questions/1317032 "How to locate and change Firefox Cache storage location | Firefox Support Forum | Mozilla Support | support.mozilla.org"
[2]: https://web.archive.org/web/20221029145237/https://wiki.archlinux.org/title/Firefox/Profile_on_RAM "Firefox/Profile on RAM | ArchWiki | wiki.archlinux.org"
code: |-
# Global installation
rm -rfv ~/.cache/mozilla/*
# Flatpak installation
rm -rfv ~/.var/app/org.mozilla.firefox/cache/*
# Snap installation
rm -rfv ~/snap/firefox/common/.cache/*
-
name: Clear Firefox crash reports
recommend: standard
docs: |-
Firefox stores crash reports in `~/.mozilla/firefox/Crash Reports/` to submit them later [1].
They are also seen to be stored in the profile directory [2].
You can run `about:crashes` in the address bar to see crash reports and their submission dates [1].
[1]: https://web.archive.org/web/20221029145258/https://support.mozilla.org/en-US/kb/mozillacrashreporter "Mozilla Crash Reporter | Firefox Help | support.mozilla.org"
[2]: https://web.archive.org/web/20221029145312/https://bugzilla.mozilla.org/show_bug.cgi?id=1653852#c16 "1653852 - Flatpak sandbox breaks crash reporting | Bugzilla | mozilla.org"
call:
-
function: RunInlineCode
parameters:
code: |-
# Global installation
rm -fv ~/.mozilla/firefox/Crash\ Reports/*
# Flatpak installation
rm -rfv ~/.var/app/org.mozilla.firefox/.mozilla/firefox/Crash\ Reports/*
# Snap installation
rm -rfv ~/snap/firefox/common/.mozilla/firefox/Crash\ Reports/*
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: crashes/*
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: crashes/events/*
-
name: Clear Firefox cookies
docs: |-
Firefox Cookies are stored in the `cookies.sqlite` database, within the 'moz_cookies' table [1].
[1]: https://web.archive.org/web/20221029140816/https://kb.mozillazine.org/Cookies.sqlite "Cookies.sqlite - MozillaZine Knowledge Base | kb.mozillazine.org"
call:
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: cookies.sqlite
-
name: Clear Firefox browsing history (URLs, downloads, bookmarks, visits, etc.)
# This script (name, documentation and code) is same in Linux and Windows collections.
# Changes should be done at both places.
# Marked: refactor-with-partials
docs: |-
This script targets the Firefox browsing history, including URLs, downloads, bookmarks, and site visits, by deleting specific database entries.
Firefox stores various user data in a file named `places.sqlite`. This file includes:
- Annotations, bookmarks, and favorite icons (`moz_anno_attributes`, `moz_annos`, `moz_favicons`) [1]
- Browsing history, a record of pages visited (`moz_places`, `moz_historyvisits`) [1]
- Keywords and typed URLs (`moz_keywords`, `moz_inputhistory`) [1]
- Item annotations (`moz_items_annos`) [1]
- Bookmark roots such as places, menu, toolbar, tags, unfiled (`moz_bookmarks_roots`) [1]
The `moz_places` table holds URL data, connecting to various other tables like `moz_annos`, `moz_bookmarks`, `moz_inputhistory`, and `moz_historyvisits` [2].
Due to these connections, the script removes entries from all relevant tables simultaneously to maintain database integrity.
**Bookmarks**: Stored across several tables (`moz_bookmarks`, `moz_bookmarks_folders`, `moz_bookmarks_roots`) [3], with additional undocumented tables like `moz_bookmarks_deleted` [4].
**Downloads**: Stored in the 'places.sqlite' database, within the 'moz_annos' table [5]. The entries in `moz_annos` are linked to `moz_places` that store the actual history entry
(`moz_places.id = moz_annos.place_id`) [6]. Associated URL information is stored within the 'moz_places' table [5]. Downloads have been historically stored in `downloads.rdf` for Firefox 2.x
and below [7], and `downloads.sqlite` later on [7].
**Favicons**: Older Firefox versions stored favicons in `places.sqlite` within the `moz_favicons` table [5], while newer versions use `favicons.sqlite` and the `moz_icons` table [5].
By executing this script, users can ensure their Firefox browsing history, bookmarks, and downloads are thoroughly removed, contributing to a cleaner and more private browsing experience.
[1]: https://web.archive.org/web/20221029141626/https://kb.mozillazine.org/Places.sqlite "Places.sqlite - MozillaZine Knowledge Base | kb.mozillazine.org"
[2]: https://web.archive.org/web/20221030160803/https://wiki.mozilla.org/images/0/08/Places.sqlite.schema.pdf "Places.sqlite.schema.pdf | Mozilla Wiki"
[3]: https://web.archive.org/web/20221029145432/https://wiki.mozilla.org/Places:BookmarksComments "Places:BookmarksComments | MozillaWiki | wiki.mozilla.org"
[4]: https://web.archive.org/web/20221029145447/https://github.com/mozilla/application-services/issues/514 "Add a `moz_bookmarks_deleted` table for tombstones · Issue #514 · mozilla/application-services | GitHub | github.com"
[5]: https://web.archive.org/web/20221029145535/https://www.foxtonforensics.com/browser-history-examiner/firefox-history-location "Mozilla Firefox History Location | Firefox History Viewer | foxtonforensics.com"
[6]: https://web.archive.org/web/20221029145550/https://support.mozilla.org/en-US/questions/1319253 "Where does Firefox store SQLITE download history | Firefox Support Forum | Mozilla Support | support.mozilla.org"
[7]: https://web.archive.org/web/20221029145712/https://kb.mozillazine.org/Downloads.rdf "Downloads.rdf | MozillaZine Knowledge Base | kb.mozillazine.org"
call:
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: downloads.rdf
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: downloads.sqlite
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: places.sqlite
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: favicons.sqlite
-
name: Clear Firefox logins
docs: |-
Logins for Firefox are saved in the `logins.json` file [1].
Older versions of Firefox stored logins in the `signons.sqlite` database, within the `moz_logins` table [1].
Back-ups are stored in the `logins-backup.json` file [2].
[1]: https://web.archive.org/web/20221029145535/https://www.foxtonforensics.com/browser-history-examiner/firefox-history-location "Mozilla Firefox History Location | Firefox History Viewer | foxtonforensics.com"
[2]: https://web.archive.org/web/20221029145757/https://bugzilla.mozilla.org/show_bug.cgi?id=1593467 "1593467 - Automatically restore from logins-backup.json when logins.json is missing or corrupt | Bugzilla | mozilla.org | bugzilla.mozilla.org"
call:
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: logins.json
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: logins-backup.json
-
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: signons.sqlite
-
name: Clear Firefox autocomplete history
docs: |-
The `formhistory.sqlite` file remembers what you have searched for in the Firefox search bar
and what information you've entered into website forms [1].
[1]: https://web.archive.org/web/20221029145152/https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data "Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help | support.mozilla.org"
call:
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: formhistory.sqlite
-
name: Clear Firefox "Multi-Account Containers" data
docs: |-
The `containers.json` file stores the details of containers used by the [Container Tabs](https://web.archive.org/web/20221029214648/https://support.mozilla.org/en-US/kb/containers) feature [1].
[1]: https://web.archive.org/web/20221029145152/https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data "Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help | support.mozilla.org"
call:
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: containers.json
-
name: Clear Firefox open tabs and windows data
docs: |-
The `sessionstore.jsonlz4` file stores the currently open tabs and windows [1].
See ["Restore previous session - Configure when Firefox shows your most recent tabs and windows"](https://web.archive.org/web/20221029220311/https://support.mozilla.org/en-US/kb/restore-previous-session).
[1]: https://web.archive.org/web/20221029145152/https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data "Profiles - Where Firefox stores your bookmarks, passwords and other user data | Firefox Help | support.mozilla.org"
call:
function: DeleteFilesFromFirefoxProfiles
parameters:
pathGlob: sessionstore.jsonlz4
-
category: Clear system and kernel usage data
docs: |-
Your system (operating system along with other software on it) and kernel store
data that may reveal your behavior and can be considered sensitive. These scripts clean
up the data that could potentially expose your user data.
children:
-
name: Clear system crash report files
docs: |-
The `/var/crash` directory holds system crash dumps according to Filesystem Hierarchy Standard (FHS) [1].
You may get reports on a system's boot when crash report files exist.
When the `/var/crash` directory contains files, Apport will display notifications [2].
This directory is then cleaned up by Apport using [`/etc/cron.daily/apport`](https://web.archive.org/web/20221029220300/https://www.apt-browse.org/browse/ubuntu/precise/main/all/apport/2.0.1-0ubuntu5/file/etc/cron.daily/apport) job [6].
Read more: ["Apport | Ubuntu Wiki"](https://web.archive.org/web/20221029220354/https://wiki.ubuntu.com/Apport).
The folder typically contains kernel crash dumps [3], but it can be used by other applications as well.
E.g., the Debian package corekeeper stores user-space coredumps in subfolders of `/var/crash` [4].
Some systems, such as Ubuntu also put userspace crashes in this folder [5].
When using systemd to start services or processes, the crash logs are stored in the `/var/lib/systemd/coredump/`
directory [7].
[1]: https://web.archive.org/web/20221029145818/https://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html "Filesystem Hierarchy Standard | FHS | linuxfoundation.org"
[2]: https://web.archive.org/web/20221029150025/https://support.starlabs.systems/kb/guides/disable-program-problem-reports "Disable program problem reports | Star Labs | support.starlabs.systems"
[3]: https://web.archive.org/web/20221029150105/https://elinux.org/Crash_Diagnostics "Crash Diagnostics | eLinux.org"
[4]: https://web.archive.org/web/20221029150118/https://packages.debian.org/unstable/main/corekeeper "Details of package corekeeper in sid | packages.debian.org"
[5]: https://web.archive.org/web/20221029150311/https://wiki.ubuntu.com/AutomatedProblemReports "AutomatedProblemReports - Ubuntu Wiki | wiki.ubuntu.com"
[6]: https://web.archive.org/web/20221029150331/https://bugs.launchpad.net/apport/+bug/357024 "Bug #357024 (pertian7) “security hole in /etc/cron.daily/apport” : Bugs : Apport | bugs.launchpad.net"
[7]: https://web.archive.org/web/20221029211018/https://www.freedesktop.org/software/systemd/man/systemd-coredump.html "systemd-coredump | freedesktop.org"
code: |-
sudo rm -rfv /var/crash/*
sudo rm -rfv /var/lib/systemd/coredump/
-
name: Clear system logs (`journald`)
docs: |-
journald is the part of systemd that captures, queries, and removes logs when needed [1].
It allows removing logs by setting `--vacuum-time` [2].
systemd is also known as "System and Service Manager" and is a suite of basic building blocks for a Linux system [3].
systemd keeps files in two places: `/var/log/journal/` (persistently) and `/run/log/journal/` (volatilely, the data is lost when the system is rebooted) [4].
[1]: https://web.archive.org/web/20221029211624/https://docs.google.com/document/pub?id=1IC9yOXj7j6cdLLxWEBAGRL6wl97tFxgjLUEHIX3MSTs&pli=1 "Paper announcing journald | docs.google.com"
[2]: https://web.archive.org/web/20221029150611/https://wiki.archlinux.org/title/Systemd/Journal#Clean_journal_files_manually "systemd/Journal - ArchWiki | Arch Linux documentation | archlinux.org | wiki.archlinux.org"
[3]: https://web.archive.org/web/20221026211029/https://systemd.io/ "Systemd Homepage | systemd.io"
[4]: https://web.archive.org/web/20221029150659/https://www.freedesktop.org/software/systemd/man/systemd-journald.service.html "systemd-journald.service | freedesktop.org"
call:
-
function: RunIfCommandExists
parameters:
command: journalctl
code: sudo journalctl --vacuum-time=1s
-
function: RunInlineCode
parameters:
code: |-
sudo rm -rfv /run/log/journal/*
sudo rm -rfv /var/log/journal/*
-
name: Clear Zeitgeist data (activity logs)
recommend: strict
docs: |-
Zeitgeist logs files opened, websites visited, conversations, and emails and provides
this information over an API to applications [1] [2].
It serves as a comprehensive activity log and also makes it possible to determine
relationships between items based on usage patterns [2].
This script deletes indexes (`fts.index` directory). It's safe to delete and will
be regenerated the next time you start Zeitgeist [3].
This script also deletes all activity logs (`activity.sqlite`) and related user-data.
[1]: https://web.archive.org/web/20221029150843/https://zeitgeist.freedesktop.org/ "The Zeitgeist Project | freedesktop.org"
[2]: https://web.archive.org/web/20221029150843/https://packages.debian.org/sid/libdevel/libzeitgeist-2.0-dev "Debian -- Details of package libzeitgeist-2.0-dev in sid | packages.debian.org"
[3]: https://web.archive.org/web/20221029150959/https://bugs.launchpad.net/ubuntu/+source/zeitgeist/+bug/941643 "Bug #941643 “activity.sqlite-wal's size increments dramatically” : Bugs : zeitgeist package : Ubuntu | Ubuntu Zeitgeist Package | bugs.launchpad.net"
code: |-
sudo rm -rfv {/root,/home/*}/.local/share/zeitgeist
-
category: Clear recently used files list
docs: |-
Revealing data about recent files used by a user has privacy risks, such as exposing
your actions and files that you wish to keep private.
children:
-
name: Clear GTK recently used files list
recommend: strict
docs: |-
`recently-used.xbel` is part of the GTK+ toolkit [1] that's developed and used by GNOME [2].
<gtk-recent-manager> provides a facility for adding, removing, and looking up recently used files
and acts like a database of all the recently used files [3].
GTK is used by many GUI software. GNOME uses the GTK+ library [2], while KDE uses the QT library [4].
`recently-used.xbel` is used by other third-party GTK 3 based applications such as Firefox,
Visual Studio Code (and all other Electron applications [5]), Thunderbird…
See also: ["List of GTK applications | Wikipedia"](https://web.archive.org/web/20221029221112/https://en.wikipedia.org/wiki/List_of_GTK_applications).
[1]: https://web.archive.org/web/20221030164434/https://gitlab.gnome.org/GNOME/gtk/-/raw/1c3f179a20bf7537691216c28332f00c651a577f/gtk/gtkrecentmanager.c#L103 "Line 103 defines GTK_RECENTLY_USED_FILE as recently-used.xbel | GTK source code | gitlab.gnome.org"
[2]: https://web.archive.org/web/20221029151059/https://gtk.org/ "GTK homepage | gtk.org"
[3]: https://web.archive.org/web/20221029151529/https://www.gnu.org/software/guile-gnome/docs/gtk/html/GtkRecentManager.html "GtkRecentManager - Guile-Gtk | www.gnu.org"
[4]: https://web.archive.org/web/20221029151457/https://www.qt.io/faq/3.2.-why-do-you-have-an-agreement-with-kde-about-your-licensing-what-kde-is-and-whats-the-history-of-qt-and-kde "What's the history of Qt and KDE? | qt.io"
[5]: https://web.archive.org/web/20221029151534/https://github.com/electron/electron/issues/2927 "Consider replacing GTK2 w GTK3 in Linux builds · Issue #2927 · electron/electron | GitHub"
code: |-
# From global installations
rm -fv /.recently-used.xbel
rm -fv ~/.local/share/recently-used.xbel*
# From snap packages
rm -fv ~/snap/*/*/.local/share/recently-used.xbel
# From Flatpak packages
rm -fv ~/.var/app/*/data/recently-used.xbel
-
name: Clear KDE-tracked recently used items list
recommend: strict
docs: |-
`.desktop` files are used by KDE to store recent documents and are exposed through an API [1].
They are not only specific to the desktop environment, but also used by applications.
Likewise, they are used by the KDE implementation of QT components, such as [QFileDialog](https://web.archive.org/web/20221029221146/https://doc.qt.io/qt-5/qfiledialog.html)
([KFileWidget](https://web.archive.org/web/20221029221152/https://api.kde.org/frameworks/kio/html/classKFileWidget.html)) [1].
Furthermore, they are used by other [KDE apps](https://web.archive.org/web/20221029221245/https://apps.kde.org/) and can even be used by GTK applications [1].
[1]: https://web.archive.org/web/20221029151634/https://api.kde.org/frameworks/kio/html/classKRecentDocument.html "KIO - KRecentDocument Class Reference | api.kde.org"
code: |-
# From global installations
rm -rfv ~/.local/share/RecentDocuments/*.desktop
rm -rfv ~/.kde/share/apps/RecentDocuments/*.desktop
rm -rfv ~/.kde4/share/apps/RecentDocuments/*.desktop
# From snap packages
rm -fv ~/snap/*/*/.local/share/*.desktop
# From Flatpak packages
rm -rfv ~/.var/app/*/data/*.desktop
-
name: Empty trash
docs: |-
The trash location is standardized by ["The FreeDesktop.org Trash specification"](https://web.archive.org/web/20221029151648/https://specifications.freedesktop.org/trash-spec/trashspec-latest.html) [1].
It uses the `$XDG_DATA_HOME/Trash` directory [1], which defaults to `$HOME/.local/share/Trash` [2].
Flatpak applications may use the same trash using special APIs [3]. However, Snap applications do not have an API to
use the global trash [4].
[1]: https://web.archive.org/web/20221029151648/https://specifications.freedesktop.org/trash-spec/trashspec-latest.html "The FreeDesktop.org Trash specification | freedesktop.org"
[2]: https://web.archive.org/web/20221029151712/https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html "XDG Base Directory Specification | freedesktop.org"
[3]: https://web.archive.org/web/20221029151919/https://docs.flatpak.org/en/latest/portal-api-reference.html#gdbus-org.freedesktop.portal.Trash "Portal API Reference - Flatpak documentation | docs.flatpak.org"
[4]: https://web.archive.org/web/20221029151931/https://bugs.launchpad.net/snapd/+bug/1787903 "Bug #1787903 “Snapped application can't access user's trash can” : Bugs : snapd | bugs.launchpad.net"
code: |-
# Empty global trash
rm -rfv ~/.local/share/Trash/*
sudo rm -rfv /root/.local/share/Trash/*
# Empty Snap trash
rm -rfv ~/snap/*/*/.local/share/Trash/*
# Empty Flatpak trash (apps may not choose to use Portal API)
rm -rfv ~/.var/app/*/data/Trash/*
-
name: Clear global temporary folders
docs: |-
A temporary folder or temporary directory is a directory used to hold temporary files [1].
In Unix and Linux, the global temporary directories are `/tmp` [2] and `/var/tmp` [1]. Typically,
`/var/tmp` is for persistent files (as it may be preserved over reboots), and `/tmp` is for more
temporary files [1].
Programs do not assume that any files or directories in temporary folders are preserved between
invocations of the program, and these files may be deleted after reboot and in a site-specific manner [2].
See also: "[Filesystem Hierarchy Standard](https://web.archive.org/web/20221029152204/https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s18.html)".
[1]: https://web.archive.org/web/20221029152135/https://en.wikipedia.org/wiki/Temporary_folder "Temporary folder | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029152204/https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch03s18.html "Filesystem Hierarchy Standard | LinuxFoundation.org"
code: |-
sudo rm -rfv /tmp/*
sudo rm -rfv /var/tmp/*
-
category: Clear package manager data
docs: |-
Package managers store caches, statistics, and logs that may reveal data on how you use the package
managers and software downloaded from them, such as your choice of software.
children:
-
name: Clear YUM/RPM data
docs: |-
The Yellowdog Updater, Modified (YUM) is a free and open-source command-line package-management
utility for computers running the Linux operating system using the RPM Package Manager [1].
It has been shipped by default by distros such as Fedora, Rocky Linux, AlmaLinux, CentOS [2].
YUM stores cached packages, header files, and metadata to determine the remote availability of packages,
SQLite database cache, rpmdb cache [3]. Every YUM plugin may store its own cache [3]. `yum clean all`
cleans all temporary files.
See also: ["Yum Package Manager homepage"](https://web.archive.org/web/20221029221419/http://yum.baseurl.org/).
[1]: https://web.archive.org/web/20221029152219/https://en.wikipedia.org/wiki/Yum_%28software%29 "Yum | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029152251/https://webhome.phy.duke.edu/~rgb/General/yum_article/yum_article.pdf "YUM: Yellowdog Updater, Modified | www.phy.duke.edu"
[3]: https://web.archive.org/web/20221029152334/https://linux.die.net/man/8/yum "yum: Yellowdog Updater Modified - Linux man page | linux.die.net"
call:
function: RunIfCommandExists
parameters:
command: yum
code: yum clean all --enablerepo='*'
-
name: Clear DNF/RPM data
docs: |-
DNF or Dandified YUM is the next-generation version of YUM, a package manager for
.rpm-based Linux distributions [1].
It has been the default package manager since Fedora 22 in 2015, Red Hat Enterprise Linux 8,
and OpenMandriva [1].
DNF stores temporary files for repositories such as repository metadata, cache files
generated from the repository metadata, and cached packages [2]. `dnf clean all` cleans
all temporary files [2].
[1]: https://web.archive.org/web/20221029152448/https://en.wikipedia.org/wiki/DNF_%28software%29 "DNF (software) | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029152515/https://manpages.ubuntu.com/manpages/kinetic/en/man8/dnf.8.html "Ubuntu Manpage: dnf - DNF Command Reference | manpages.ubuntu.com"
call:
function: RunIfCommandExists
parameters:
command: dnf
code: dnf clean all --enablerepo='*'
-
category: Clear Snap data
docs: |-
Snap is a software packaging and deployment system developed by Canonical [1].
The packages are called snaps, and the tool for using them is called snapd [1].
Snap is available on many distros and is supported out-of-the-box by distros
such as Ubuntu, Kubuntu, Xubuntu, Manjaro, Zorin OS, KDE Neon and Solus among
others [1].
[1]: https://web.archive.org/web/20221029152606/https://en.wikipedia.org/wiki/Snap_%28software%29 "Snap | Wikipedia | en.wikipedia.org"
children:
-
name: Clear Snap cache
docs: |-
The Snap cache is stored at `/var/lib/snapd/cache/` [1].
Clearing the Snap cache is safe and can be done without causing any issues
while running Snap [2].
[1]: https://web.archive.org/web/20221029152638/https://github.com/snapcore/snapd/blob/76b081beee1899c573b42bf216b6e087656011e7/tests/main/auto-refresh-private/task.yaml#L74 "snapd source code | GitHub | github.com"
[2]: https://web.archive.org/web/20221029152651/https://forum.snapcraft.io/t/is-if-safe-for-me-to-remove-cache-files/7641/2 "Is if safe for me to remove cache files? - snapd - snapcraft.io | forum.snapcraft.io"
code: sudo rm -rfv /var/lib/snapd/cache/*
-
name: Remove old Snap packages
recommend: standard
docs: |-
This script removes all disabled Snap packages.
Old and unused snaps get "disabled" by Snap. This is due to the snapd that keeps
multiple revisions of the same package [1].
Disabled state means that the binaries and services of the snap will no longer be available [2].
But all the data is still available, and the snap can easily be enabled again [2].
[1]: https://web.archive.org/web/20221029153110/https://forum.snapcraft.io/t/configure-number-of-old-revisions-to-keep/2337/7 "Configure number of old revisions to keep - snapd | forum.snapcraft.io"
[2]: https://web.archive.org/web/20221029153125/https://www.mankier.com/8/snap#Commands-disable "snap man page - snapd - System Administration | ManKier | www.mankier.com"
call:
function: RunIfCommandExists
parameters:
command: snap
code: |-
snap list --all | while read name version rev tracking publisher notes; do
if [[ $notes = *disabled* ]]; then
sudo snap remove "$name" --revision="$rev";
fi
done
-
category: Clear Flatpak data
docs: |-
Flatpak, formerly known as xdg-app, is a utility for software deployment and package
management for Linux [1]. It is supported out-of-the-box by many Linux distributions
including CentOS, Clear Linux, elementary OS, Endless OS, Fedoora Workstation, Fedora
Silverblue, Linux Mint, Pop! OS, PureOS, SteamOS, Ubuntu MATE and Zorin OS [1].
[1]: https://web.archive.org/web/20221029153354/https://en.wikipedia.org/wiki/Flatpak "Flatpak - Wikipedia | en.wikipedia.org"
children:
-
name: Remove orphaned Flatpak runtimes
recommend: standard
docs: |-
This script removes runtimes and extensions that are not used by installed
applications by running `flatpak uninstall --unused` [1].
Flatpak doesn't automatically remove a runtime after the last application that
depends on it is uninstalled [2]. This may cause issues with disk space or leave
hints about what software has been installed before.
This happens because when a Flatpak package is uninstalled, its runtime dependencies
are not automatically uninstalled, as `flatpak uninstall` can uninstall either an
application or runtime [3].
[1]: https://web.archive.org/web/20221029153522/https://docs.flatpak.org/en/latest/flatpak-command-reference.html#flatpak-uninstall "Flatpak Command Reference - Flatpak documentation | docs.flatpak.org"
[2]: https://web.archive.org/web/20221029153359/https://github.com/flatpak/flatpak/issues/2639 "[RFE] Auto remove orphaned runtimes · Issue #2639 · flatpak/flatpak | GitHub | github.com"
[3]: https://web.archive.org/web/20221029153507/https://docs.flatpak.org/en/latest/using-flatpak.html#troubleshooting "Using Flatpak - Flatpak documentation | docs.flatpak.org"
call:
function: RunIfCommandExists
parameters:
command: flatpak
code: flatpak uninstall --unused --noninteractive
-
name: Clear Flatpak cache
docs: |-
This script clears the Flatpak cache.
Flatpak creates temporary files as `/var/tmp/flatpak-cache-*` [1].
These files can fill up a large portion of the disk [1], and reveal usage patterns.
Flatpak stores cache files in `~/.cache/flatpak/system-cache/` which replaces the directory
used in older versions (`~/.local/share/flatpak/system-cache/`) [2].
[1]: https://web.archive.org/web/20221029153602/https://github.com/flatpak/flatpak/issues/1119 "Prevent /var/tmp/flatpak-cache from piling up · Issue #1119 · flatpak/flatpak | GitHub | github.com"
[2]: https://web.archive.org/web/20221029153627/https://github.com/flatpak/flatpak/commit/1a49029f9d8fbee0338665522cf7432ae7485841 "Move caches to ~/.cache · flatpak/flatpak@1a49029 · GitHub | github.com"
code: |-
# Temporary cache
sudo rm -rfv /var/tmp/flatpak-cache-*
# New cache
rm -rfv ~/.cache/flatpak/system-cache/*
# Old cache
rm -rfv ~/.local/share/flatpak/system-cache/*
-
category: Clear APT data
docs: |-
Advanced Package Tool (APT) is a free software user interface that works with
core libraries to handle the installation and removal of software on Debian, and
Debian-based Linux distributions [1].
See also: ["APT | Debian Wiki"](https://web.archive.org/web/20221029221422/https://wiki.debian.org/Apt).
[1]: https://web.archive.org/web/20221029153651/https://en.wikipedia.org/wiki/APT_%28software%29 "APT | Wikipedia"
children:
-
name: Clear obsolete APT packages
recommend: standard
docs: |-
This script runs the `autoclean` command which removes package files that can no longer be downloaded,
and are largely useless [1]. This allows a cache to be maintained over a long period without it
growing out of control [1].
[1]: https://web.archive.org/web/20221029153705/https://manpages.ubuntu.com/manpages/jammy/en/man8/apt-get.8.html "Ubuntu Manpage: apt-get - APT package handling utility | manpages.ubuntu.com"
call:
function: RunIfCommandExists
parameters:
command: apt-get
code: sudo apt-get autoclean
-
name: Clear APT package file lists
docs: |-
This script removes package file lists. APT stores a copy of those files (in `/var/lib/apt/lists/`)
and searches are done within those local files to avoid going through the network for every search [1].
An `apt-get update` will repopulate the necessary information and recreate the list file [2].
The list files should be recreated as they get lost over time [2].
[1]: https://web.archive.org/web/20221029153731/https://www.debian.org/doc/manuals/debian-handbook/sect.apt-cache.en.html "6.3. The apt-cache Command | Debian Handbook | www.debian.org"
[2]: https://web.archive.org/web/20221029154335/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775163 "#775163 - apt pigs out in /var, particularly with multi-arch - Debian Bug report logs | bugs.debian.org"
code: sudo rm -rfv /var/lib/apt/lists/*
-
name: Clear orphaned APT package dependencies
recommend: standard
docs: |-
This script runs the `autoremove` command, which removes packages that were automatically installed
to satisfy dependencies for other packages and are now no longer needed [1].
This script also purges removed packages, which means that the configuration files of the removed
packages are deleted too [1].
[1]: https://web.archive.org/web/20221029153705/https://manpages.ubuntu.com/manpages/jammy/en/man8/apt-get.8.html "Ubuntu Manpage: apt-get - APT package handling utility | manpages.ubuntu.com"
call:
function: RunIfCommandExists
parameters:
command: apt-get
code: sudo apt-get -y autoremove --purge
-
name: Clear cache for APT packages
docs: |-
This script runs the `clean` command. It clears out the local repository of retrieved package files [1],
meaning that it deletes downloaded packages (`.deb`) already installed (and no longer needed) [2].
It clears the whole `/var/cache/apt/archives/` directory that contains a copy of each downloaded `.deb` file [2].
It clears the cache but does not delete the lists [3].
[1]: https://web.archive.org/web/20221029153705/https://manpages.ubuntu.com/manpages/jammy/en/man8/apt-get.8.html "Ubuntu Manpage: apt-get - APT package handling utility | manpages.ubuntu.com"
[2]: https://web.archive.org/web/20221030163316/https://www.debian.org/doc/manuals/debian-handbook/sect.apt-get.en.html "6.2. aptitude, apt-get, and apt Commands | Debian Handbook | Debian"
[3]: https://web.archive.org/web/20221029154423/https://lists.debian.org/debian-user/2015/09/msg00024.html "Re: /var/lib/apt/lists/partial fills entire partition | Debian Issues"
call:
function: RunIfCommandExists
parameters:
command: apt-get
code: sudo apt-get clean
-
category: Clear shared caches
docs: |-
The scripts in this category bulk delete all cache entries for the given scope.
These scripts are designed to affect more than a single application and do a wide range of cleaning.
children:
-
name: Clear user-specific cache
docs: |-
User-specific non-essential data is stored in `$XDG_CACHE_HOME`, which defaults to `$HOME/.cache` [1].
Even though this data should be safe to delete, an application might still not comply with the standard
and put anything in the cache folder, but this is very rare.
This cache is used by both the operating system and different applications on it, e.g., used by KDE since v5.0 [2],
pip (Python package manager) [3], or Google Chrome and Chromium-based browsers.
Deleting this cache does not affect sandboxed applications, e.g., those that are installed using Snap or Flatpak.
[1]: https://web.archive.org/web/20221029151712/https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html "XDG Base Directory Specification | specifications.freedesktop.org"
[2]: https://web.archive.org/web/20221029154505/https://wiki.archlinux.org/title/KDE#Clean_cache_to_resolve_upgrade_problems "KDE - ArchWiki | wiki.archlinux.org"
[3]: https://web.archive.org/web/20221029154542/https://pip.pypa.io/en/stable/topics/caching/#default-paths "Caching - pip documentation v22.2.2 | pip.pypa.io"
[4]: https://web.archive.org/web/20221029154556/https://chromium.googlesource.com/chromium/src/+/master/docs/user_data_dir.md#Linux "Chromium Docs - User Data Directory | chromium.googlesource.com"
code: |-
rm -rfv ~/.cache/*
sudo rm -rfv root/.cache/*
-
name: Clear system-wide cache
docs: |-
The `/var/cache` directory contains cached files, i.e. files that were generated and can be
re-generated at any time, but they are worth storing to save time recomputing them [1].
The application must be able to regenerate or restore the data [2], so the system can delete
the contents of /var/cache either periodically or when its contents get too large [1].
However, there is no guarantee that applications will follow the specification, but this is
very rare.
It's not only used by applications but also by the operating system. This may include OS folders
such as [2]:
- Locally-generated fonts (`/var/cache/fonts`)
- Locally-formatted manual pages (`/var/cache/man`)
- WWW proxy or cache data (`/var/cache/www`)
[1]: https://web.archive.org/web/20130511220135/http://www.lindevdoc.org/wiki//var/cache "/var/cache - Linux Developer's Documentation"
[2]: https://web.archive.org/web/20221029154623/https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s05.html "5.5. /var/cache : Application cache data | refspecs.linuxfoundation.org"
code: rm -rf /var/cache/*
-
name: Clear Flatpak application cache
docs: |-
Non-essential user-specific data is stored in `~/.var/app/<app-id>/cache` by Flatpak applications [1].
This directory points to `XDG_CACHE_HOME` [1] from the XDG base directory specification [2].
[1]: https://web.archive.org/web/20221029154654/https://docs.flatpak.org/en/latest/conventions.html#xdg-base-directories "Requirements & Conventions - Flatpak documentation | docs.flatpak.org"
[2]: https://web.archive.org/web/20221029151712/https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html "XDG Base Directory Specification | specifications.freedesktop.org"
code: rm -rfv ~/.var/app/*/cache/*
-
name: Clear Snap application cache
docs: |-
Application caches are isolated per application and stored in the `~/snaps/APP-NAME/VERSION/.cache`
folders for Snap applications [1].
[1]: https://web.archive.org/web/20221029154850/https://bugs.launchpad.net/snappy/+bug/1744584 "Bug #1744584 “Exclude Snap .cache from Dejadup backups” : Bugs : Snappy | bugs.launchpad.net/snappy"
code: rm -fv ~/snap/*/*/.cache/*
-
name: Clear thumbnails (icon cache)
docs: |-
Thumbnails are reduced-size versions of pictures or videos, used to help in recognizing and organizing
them, serving the same role for images as a normal text index does for words [1].
Depending on the program that processes the thumbnails, the "icons" are usually located either in the
`~/.cache/thumbnails/` folder (e.g., Nautilus from GNOME does this [2] [3]) or the `~/.thumbnails/`
directory [4].
[1]: https://web.archive.org/web/20221029154942/https://en.wikipedia.org/wiki/Thumbnail "Thumbnail - Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029154933/https://wiki.archlinux.org/title/GNOME/Files#Thumbnails "GNOME/Files - ArchWiki | wiki.archlinux.org"
[3]: https://web.archive.org/web/20221030163411/https://gitlab.gnome.org/GNOME/nautilus/-/issues/1237 "Unable to generate thumbnails (#1237) · Issues · GNOME / Files · GitLab | gitlab.gnome.org"
[4]: https://web.archive.org/web/20221029155859/https://bugs.kde.org/show_bug.cgi?id=79943 "79943 - It should be possible to limit the amount of disk space used by thumbnails (.thumbnails directory) | bugs.kde.org"
code: |-
rm -rfv ~/.thumbnails/*
rm -rfv ~/.cache/thumbnails/*
-
name: Clear screenshots
docs: |-
GNOME's default screenshot folder (as seen in Pop!_OS and Elementary OS) is `~/Pictures/Screenshots/` [1].
Flameshot also uses the same default folder as GNOME [2].
Despite being GNOME-based, Ubuntu changes this default to `~/Pictures/` with files that
look like "`Screenshot from ***.png`" [3].
KDE ([Spectacle](https://web.archive.org/web/20221029221516/https://apps.kde.org/spectacle/))
saves screenshots in the `~/Pictures/` folder with the default name format of
`Screenshot_%Y%M%D_%H%m%S.**` [4].
Other applications use different paths, e.g. ksnip uses `ksnip_$Y$M$D-$T.png` by
default in the home folder [5].
[1]: https://web.archive.org/web/20221030163430/https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/1950 "Save screenshots to dedicated Screenshots folder (#1950) · Issues · GNOME / gnome-shell | gitlab.gnome.org"
[2]: https://web.archive.org/web/20221029155930/https://github.com/flameshot-org/flameshot/blob/fa6164bedf683d4deb9c879563506310908280bf/README.md#on-kde-plasma-desktop "flameshot/README.md · flameshot-org/flameshot | GitHub"
[3]: https://web.archive.org/web/20221029160024/https://help.ubuntu.com/stable/ubuntu-help/screen-shot-record.html "Screenshots and screencasts | help.ubuntu.com"
[4]: https://web.archive.org/web/20221029160018/https://docs.kde.org/stable5/en/spectacle/spectacle/ch04s02.html "Configure | docs.kde.org"
[5]: https://web.archive.org/web/20221029160052/https://github.com/ksnip/ksnip/blob/89b7f3f1f5efc0c62797c091e985dc70be17e347/src/backend/config/Config.cpp#L232-L241 "ksnip/Config.cpp · ksnip/ksnip | GitHub"
code: |-
# Clear default directory for GNOME screenshots
rm -rfv ~/Pictures/Screenshots/*
if [ -d ~/Pictures ]; then
# Clear Ubuntu screenshots
find ~/Pictures -name 'Screenshot from *.png' | while read -r file_path; do
rm -fv "$file_path" # E.g. Screenshot from 2022-08-20 02-46-41.png
done
# Clear KDE (Spectatle) screenshots
find ~/Pictures -name 'Screenshot_*' | while read -r file_path; do
rm -fv "$file_path" # E.g. Screenshot_20220927_205646.png
done
fi
# Clear ksnip screenshots
find ~ -name 'ksnip_*' | while read -r file_path; do
rm -fv "$file_path" # E.g. ksnip_20220927-195151.png
done
-
category: Disable OS data collection
docs: |-
All operating systems collect data. This is part of their work. Sometimes, this data has
high privacy implications, especially when it is submitted to third parties. Some Linux
distributions come with out-of-the-box data collection and submission. Most of the time,
this data collection is opt-in, but not necessarily always.
Data collection and telemetry is not always a bad thing, and can help developers provide
better software that can compete with proprietary and much more privacy-invasive alternatives.
children:
-
category: Disable Debian telemetry
docs: |-
Debian, also known as Debian GNU/Linux, is a Linux distribution composed of free and open-source
software, developed by the community-supported Debian Project [1].
Debian-based distributions include Ubuntu, Kali Linux, MX Linux, Pardus, Parrot OS, PureOS,
Raspberry Pi OS, TAILS, and others [2].
Debian contains some telemetry client libraries, and some packages depend or build-depend on them [3].
Some pre-installed packages send data or facilitate sending data, which may risk your privacy to some
extent [4].
[1]: https://web.archive.org/web/20221029160202/https://en.wikipedia.org/wiki/Debian "Debian - Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029160241/https://en.wikipedia.org/wiki/List_of_Linux_distributions#Ubuntu-based "List of Linux distributions - Wikipedia | en.wikipedia.org"
[3]: https://web.archive.org/web/20221029160255/https://wiki.debian.org/PrivacyIssues#Telemetry_libraries "Privacy Issues | Debian Wiki | wiki.debian.org"
[4]: https://web.archive.org/web/20221030133248/https://www.debian.org/legal/privacy "Debian -- Privacy Policy | www.debian.org"
children:
-
category: Disable sending of package statistics (popcon)
docs: |-
Popularity Contest (or popcon) collects statistical data to determine which packages are the most popular [1].
It sends a list of packages installed and the access and change times of relevant files to the server via email
in different distros such as Debian and Ubuntu [2].
`popularity-contest` package sets up a cron job that will periodically anonymously submit statistical data
to the Debian developers about the statistics of the most used Debian packages on the system [3]. It also sends
data about the system architecture and the version of popularity-contest [4].
Communication is encrypted but with the right configuration and software, but if that's not the case, communication
can be eavesdropped as it does not use HTTPS but HTTP [4].
Statistics are publicly accessible and can be seen online:
- [Ubuntu](https://web.archive.org/web/20220816072409/https://popcon.ubuntu.com/)
- [Debian](https://web.archive.org/web/20221029221738/https://popcon.debian.org/)
See also: "[popularity-contest source code | debian.org](https://web.archive.org/web/20221030163518/https://salsa.debian.org/popularity-contest-team/popularity-contest)".
[1]: https://web.archive.org/web/20221029160500/https://help.ubuntu.com/community/UbuntuPopularityContest "UbuntuPopularityContest - Community Help Wiki | help.ubuntu.com"
[2]: https://web.archive.org/web/20221029160506/https://manpages.debian.org/testing/popularity-contest/popularity-contest.8.en.html "popularity-contest - Debian testing | Debian Manpages"
[3]: https://web.archive.org/web/20221029160859/https://packages.debian.org/buster/popularity-contest "Debian - Details of package popularity-contest in buster | packages.debian.org"
[4]: https://web.archive.org/web/20221029160841/https://popcon.debian.org/FAQ "FAQ | popcon | popcon.debian.org"
children:
-
name: Disable participation in Popularity Contest
recommend: standard
docs: |-
`popularity-contest` checks `/etc/popularity-contest.conf` for the value of `PARTICIPATE` to send data [1].
Configuring this configuration allows you to opt out of the submission of data [1].
[1]: https://web.archive.org/web/20221029161047/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172824 "#172824 - popularity-contest: dpkg-reconfigure popularity-contest does not include PARTICIPATE=yes - Debian Bug report logs | bugs.debian.org"
code: |-
config_file='/etc/popularity-contest.conf'
if [ -f "$config_file" ]; then
sudo sed -i '/PARTICIPATE/c\PARTICIPATE=no' "$config_file"
else
echo "Skipping because configuration file at ($config_file) is not found. Is popcon installed?"
fi
revertCode: |-
config_file='/etc/popularity-contest.conf'
if [ -f "$config_file" ]; then
sudo sed -i 's/PARTICIPATE=no/PARTICIPATE=yes/g' "$config_file"
else
echo "Skipping because configuration file ($config_file) is not found. Is popcon installed?"
fi
-
name: Remove Popularity Contest (`popcon`) package
recommend: strict
docs: |-
This script deletes the `popularity-contest` package.
This package submits to the Debian developers statistics about the most used Debian packages on the system [1].
According to community reports, deleting this package does not have any side effects [2].
[1]: https://web.archive.org/web/20221029161449/https://packages.debian.org/sid/popularity-contest "Debian -- Details of package popularity-contest in sid | packages.debian.org"
[2]: https://web.archive.org/web/20221029161049/https://askubuntu.com/questions/84831/removing-popularity-contest-without-trashing-the-system "apt - Removing popularity-contest without trashing the system? - Ask Ubuntu | askubuntu.com"
call:
function: UninstallAptPackage
parameters:
packageName: popularity-contest
-
name: Remove daily cron entry for Popularity Contest (popcon)
recommend: strict
docs: |-
Normally, `popularity-contest` is run from a cron job, `/etc/cron.daily/popularity-contest` [1].
This job automatically submits the results to package maintainers once a week [1].
This script disables the cronjob, thus the automatic submission, but manually running `popularity-contest`
would still send data.
[1]: https://web.archive.org/web/20221029160506/https://manpages.debian.org/testing/popularity-contest/popularity-contest.8.en.html "popularity-contest - Debian testing | Debian Manpages | manpages.debian.org"
call:
function: DisableCronjob
parameters:
jobName: popularity-contest
-
category: Disable reportbug (opt-in telemetry)
docs: |-
These scripts disable the functionality of reportbug.
reportbug is a tool for reporting bugs on Debian and derivative distributions [1].
It communicates with the [Debian Bug Tracking System](https://web.archive.org/web/20221029221811/https://www.debian.org/Bugs/),
which is used for both reporting and researching bugs, through a number of interfaces, including email, web, and command-line
utilities [1].
By default, it creates an email to the Debian bug tracking system at `submit@bugs.debian.org` with
information about the bug and makes a carbon copy of the report [2].
[1]: https://web.archive.org/web/20221029161457/https://wiki.debian.org/reportbug "reportbug - Debian Wiki | wiki.debian.org"
[2]: https://web.archive.org/web/20221029161559/https://manpages.ubuntu.com/manpages/trusty/man1/reportbug.1.html "Ubuntu Manpage: reportbug - reports a bug to a debbugs server | manpages.ubuntu.com"
children:
-
name: Remove `reportbug` package
recommend: strict
docs: |-
This script uninstalls `reportbug` package, which includes the tool itself.
It depends on `python3-reportbug`, so after removing this package, the Python modules may be left on the system [1].
[1]: https://web.archive.org/web/20221029161615/https://packages.debian.org/buster/reportbug "Debian -- Details of package reportbug in buster | packages.debian.org"
call:
function: UninstallAptPackage
parameters:
packageName: reportbug
-
name: Remove Python modules for `reportbug`
recommend: strict
docs: |-
This script uninstalls `python3-reportbug`.
This package includes Python modules that may be reusable by other tools that want to interact with the Debian bug
tracking system [1].
[1]: https://web.archive.org/web/20221029161637/https://packages.debian.org/buster/python3-reportbug "Debian -- Details of package python3-reportbug in buster | packages.debian.org"
call:
function: UninstallAptPackage
parameters:
packageName: python3-reportbug
-
name: Remove UI for reportbug (`reportbug-gtk` package)
recommend: strict
docs: |-
This script uninstalls `reportbug-gtk`. It consists of a desktop file and an icon, and it has dependencies to enable the
GTK+ UI mode of reportbug to work [1].
This package depends on `reportbug` and is unusable without it.
[1]: https://web.archive.org/web/20221029161725/https://packages.debian.org/buster/reportbug-gtk "Debian -- Details of package reportbug-gtk in buster | packages.debian.org"
call:
function: UninstallAptPackage
parameters:
packageName: reportbug-gtk
-
category: Disable Arch Linux telemetry
docs: |-
Arch Linux is an independently developed, x86-64 general-purpose Linux distribution that strives to
provide the latest stable versions of most software by following a rolling-release model [1]. The default
installation is a minimal base system, configured by the user to only add what is specifically required.
[1]: https://web.archive.org/web/20221029161747/https://en.wikipedia.org/wiki/Arch_Linux "Arch Linux | Wikipedia | en.wikipedia.org"
children:
-
category: Disable `pkgstats` that collects installed package list (opt-in)
docs: |-
`pkgstats` sends a list of all installed packages, the architecture, and the mirror you are using to
the Arch Linux project [1]. It stores personally identifiable information such as IP addresses for
one month [2] and then anonymizes and aggregates the data [1] [2].
[1]: https://web.archive.org/web/20221029161806/https://wiki.archlinux.org/title/Pkgstats "pkgstats - ArchWiki | wiki.archlinux.org"
[2]: https://web.archive.org/web/20221029161821/https://pkgstats.archlinux.de/privacy-policy "Privacy policy | pkgstats | pkgstats.archlinux.de"
children:
-
name: Remove `pkgstats` package
recommend: strict
docs: |-
`pkgstats` package submits a list of installed packages to the Arch Linux project [1].
It's available in the Arch Linux repository [1].
The package enables a timer to send data periodically [2].
[1]: https://web.archive.org/web/20221029161948/https://archlinux.org/packages/extra/x86_64/pkgstats/ "Arch Linux - pkgstats 3.2.6-1 (x86_64) | archlinux.org"
[2]: https://web.archive.org/web/20221029161923/https://bugs.archlinux.org/task/51510?project=1&string=pkgstats "FS#51510 : [pkgstats] do not enable pkgstats.timer during install | bugs.archlinux.org"
call:
function: UninstallPacmanPackage
parameters:
packageName: pkgstats
-
name: Disable weekly `pkgstats` submission
recommend: standard
docs: |-
`pkgstats` is set up to automatically run every week using systemd/timers [1]. Once disabled,
the data will only be sent once manually invoked [1]. The weekly timer is named `pkgstats.timer` [2].
[1]: https://web.archive.org/web/20221029161806/https://wiki.archlinux.org/title/Pkgstats "pkgstats - ArchWiki | wiki.archlinux.org"
[2]: https://web.archive.org/web/20221029162027/https://pkgstats.archlinux.de/ "Arch Linux package statistics | pkgstats.archlinux.de"
call:
function: DisableSystemdService
parameters:
serviceName: pkgstats.timer
-
category: Disable Zorin OS telemetry
docs: |-
Zorin OS is a Linux distribution based on Ubuntu [1].
It is customized to help users transition from Windows and macOS easily [1].
[1]: https://web.archive.org/web/20221029162035/https://en.wikipedia.org/wiki/Zorin_OS "Zorin OS - Wikipedia | en.wikipedia.org"
children:
-
name: Disable Zorin OS census pings
docs: |-
Zorin OS pings Zorin OS servers [1].
It sends pings on an hourly basis [2].
It sends a unique ID, the operating system version, the number of user accounts and the city and country the user is in [3].
It can be disabled by deleting the `zorin-os-census` package [1].
[1]: https://web.archive.org/web/20221029162136/https://zorin.com/legal/privacy/ "Privacy Policy - Zorin | zorin.com"
[2]: https://web.archive.org/web/20221029162148/https://launchpad.net/~zorinos/+archive/ubuntu/stable/+sourcepub/7408190/+listing-archive-extra "Zorin OS source code | launchpad.net"
[3]: https://web.archive.org/web/20221029162231/https://launchpadlibrarian.net/425925849/zorin-os-census_1.1~zorinos15_1.2.diff.gz "Zorin OS source code | launchpad.net"
call:
function: UninstallAptPackage
parameters:
packageName: zorin-os-census
-
name: Remove Zorin OS census unique ID
docs: |-
Census submits a unique ID associated with the installation when pings are sent [1].
Removing the identifier reduces the risk of your computer being identified.
[1]: https://web.archive.org/web/20221029162231/https://launchpadlibrarian.net/425925849/zorin-os-census_1.1~zorinos15_1.2.diff.gz "Zorin OS source code | launchpad.net"
code: sudo rm -fv '/var/lib/zorin-os-census/uuid'
revertCode: |-
if [ -f /var/lib/zorin-os-census/uuid ]; then
echo 'Skipping, uuid already exists.'
else
sudo mkdir -p /var/lib/zorin-os-census
uuidgen | sudo tee /var/lib/zorin-os-census/uuid > /dev/null
fi
-
category: Disable Ubuntu telemetry
docs: |-
Ubuntu is a Linux distribution based on Debian and composed mostly of free and open-source software [1].
Ubuntu, along with its upstream Debian, has many official (Kubuntu, Lubuntu, Ubuntu Studio…) and unofficial
(elementary OS, KDE neon, Linux Mint, Pop! OS, Zorin OS…) derivatives [2].
[1]: https://web.archive.org/web/20221029162338/https://en.wikipedia.org/wiki/Ubuntu "Ubuntu - Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029160241/https://en.wikipedia.org/wiki/List_of_Linux_distributions#Ubuntu-based "List of Linux distributions - Wikipedia | en.wikipedia.org"
children:
-
name: Disable online search result collection (collects queries)
recommend: strict
docs: |-
Online search is introduced in Ubuntu Lens in Ubuntu 12.10 [1]. It has been known as "Shopping Lens",
"Online Search Results" and "More Suggestions" [1]. The search data is sent to `productsearch.ubuntu.com` [1].
Online search results are considered a privacy concern by governments [2] and can be disabled using the
`remote-content-search` option [2].
[1]: https://web.archive.org/web/20221029162420/https://help.ubuntu.com/community/UbuntuLens "UbuntuLens - Community Help Wiki | help.ubuntu.com"
[2]: https://web.archive.org/web/20221029162443/https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts/end-user-devices-guidance-ubuntu-1404-lts "End User Devices Guidance: Ubuntu 14.04 LTS | gov.uk"
call:
function: RunIfCommandExists
parameters:
command: gsettings
code: gsettings set com.canonical.Unity.Lenses remote-content-search none
revertCode: gsettings set com.canonical.Unity.Lenses remote-content-search all
-
category: Disable metrics reporting in Ubuntu
docs: |-
`ubuntu-report` reports hardware and other collected metrics like installer or upgrade information [1].
Reported data includes but is not limited to [2]:
- The Ubuntu version and its flavor,
- Whether there is network connectivity,
- CPU family,
- RAM,
- Disk(s) size,
- Screen(s) resolution,
- GPU model and manufacturer,
- OEM manufacturer,
- Location (based on the location selection made by the user at install),
- Installation duration (time taken),
- Whether auto-login is enabled,
- Selected disk layout,
- Whether third-party software is selected,
- Whether to download updates during installation,
- Whether LivePatch is enabled.
See also:
- [Source code for the Ubuntu Report tool | github.com](https://web.archive.org/web/20221029221854/https://github.com/ubuntu/ubuntu-report/)
- [Statistics gathered and visualized | ubuntu.com/desktop/statistics](https://web.archive.org/web/20221029221910/https://ubuntu.com/desktop/statistics)
- [ubuntu-devel mailing list thread where ubuntu-report was first proposed, | lists.ubuntu.com ](https://web.archive.org/web/20221029221924/https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040139.html)
[1]: https://web.archive.org/web/20221029162505/https://github.com/ubuntu/ubuntu-report/blob/30e902ebc17e4e10d83392d7cd3dc05fc9e35cc4/README.md "ubuntu-report/README.md at master · ubuntu/ubuntu-report | github.com"
[2]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md "More diagnostics data from desktop | lists.ubuntu.com"
children:
-
name: Disable participation in metrics reporting in Ubuntu
recommend: standard
docs: |-
This script uses the `ubuntu-report` CLI to opt you out of data submission [1].
Alternatively, one can opt out during the installation of Ubuntu [2].
[1]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md#synopsis-1 "ubuntu-report/README.md at 8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d · ubuntu/ubuntu-report | GitHub"
[2]: https://web.archive.org/web/20221029162523/https://lists.ubuntu.com/archives/ubuntu-devel/2018-February/040139.html "More diagnostics data from desktop | lists.ubuntu.com"
call:
function: RunIfCommandExists
parameters:
command: ubuntu-report
code: |-
if ubuntu-report -f send no; then
echo 'Successfully opted out.'
else
>&2 echo 'Failed to opt out.'
fi
revertCode: |-
if ubuntu-report -f send yes; then
echo 'Successfully opted in.'
else
>&2 echo 'Failed to opt in.'
fi
-
name: Remove Ubuntu Report tool (`ubuntu-report`)
recommend: strict
docs: |-
`ubuntu-report` is installed as an apt package and can be uninstalled in this way [1].
Once uninstalled, the `send` command [2] will function and therefore no data will be collected.
[1]: https://web.archive.org/web/20221029162615/https://packages.ubuntu.com/bionic/ubuntu-report "Ubuntu - Details of package ubuntu-report in bionic | packages.ubuntu.com"
[2]: https://web.archive.org/web/20221029162538/https://github.com/ubuntu/ubuntu-report/blob/8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d/README.md#ubuntu-report-send "ubuntu-report/README.md at 8e6030ff9bbeacacf41a9b58ea638a5c9a6f864d · ubuntu/ubuntu-report | GitHub"
call:
function: UninstallAptPackage
parameters:
packageName: ubuntu-report
-
category: Disable Ubuntu error tracker
docs: |-
Ubuntu's error tracker explains crashes, hangs, and other severe errors to end users; lets
them report an error; and collects these reports and shares them with Ubuntu [1]. Error reports
are also accessible to trusted Ubuntu developers who are not employed by Canonical [1].
See ["the Ubuntu error tracker | errors.ubuntu.com"](https://web.archive.org/web/20221029221957/https://errors.ubuntu.com/) that shows error
statistics to the public.
[1]: https://web.archive.org/web/20221029162649/https://wiki.ubuntu.com/ErrorTracker
children:
-
category: Disable creating crash reports to send (Apport)
docs: |-
Apport intercepts program crashes, collects debugging information about the
crash and the operating system environment, and sends it to bug trackers in a
standardized form [1]. It also allows the user to report a bug about a package
by collecting as much information about it as possible [1].
Disabling Apport prevents the UI which informs the user about the crash and instructs
them on how to proceed because that dialog is part of Apport [2] [3]. Furthermore,
Apport creates crash report files in the `/var/crash` directory, and having files
in this directory causes an error message to appear every time Ubuntu boots [4].
Apport collects potentially sensitive data, such as core dumps, stack traces,
and log files [2]. It can contain passwords, credit card numbers, serial numbers,
and other private information [2].
Bug reports are shared with the [Ubuntu bug triaging team](https://web.archive.org/web/20221029222122/https://launchpad.net/~ubuntu-crashes-universe) [2].
Apport is disabled by default in stable releases due to the sensitive data it collects [2].
Apport only uploads data if the package `whoopsie` is installed; otherwise it appears
to be uploading but does not upload [3].
[1]: https://web.archive.org/web/20221029162724/https://github.com/canonical/apport/blob/75540cb0f665e50495d994b529c8418a1ebca178/README.md "apport/README.md at main · canonical/apport | GitHub | github.com"
[2]: https://web.archive.org/web/20221029162740/https://wiki.ubuntu.com/Apport "Apport - Ubuntu Wiki | wiki.ubuntu.com"
[3]: https://web.archive.org/web/20221029162829/https://help.ubuntu.com/community/ReportingBugs#A4._Collect_information_about_the_bug "ReportingBugs - Community Help Wiki | help.ubuntu.com"
[4]: https://web.archive.org/web/20221029150025/https://support.starlabs.systems/kb/guides/disable-program-problem-reports "Disable program problem reports - Star Labs | support.starlabs.systems"
children:
-
name: Remove `apport` package
recommend: strict
docs: |-
The `apport` package is responsible for automatically generating crash reports for debugging [1].
Apport software is provided using multiple packages such as `apport`, `python3-apport`,
`apport-gtk`, `apport-kde`, among others [1].
This script removes the main `apport` package that would lead other dependencies to be
in orphaned states that can be auto-removed. It does not attempt to remove all packages in
the suite as these can cause side effects and unintended crashes, such as deleting `python3-apport`
may crash interactive `python3` completely [2]. Uninstallation of all other packages
is not yet supported [3].
See also ["source code of apport | launchpad.net"](https://web.archive.org/web/20221029222108/https://code.launchpad.net/ubuntu/+source/apport).
[1]: https://web.archive.org/web/20221030194324/https://packages.ubuntu.com/bionic/apport "Ubuntu - Details of package apport in bionic | packages.ubuntu.com"
[2]: https://web.archive.org/web/20221029162934/https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1773087 "Bug #1773087 “Remove python3-apport as dependency of xserver-xor...” : Bugs : xorg package : Ubuntu | bugs.launchpad.net"
[3]: https://web.archive.org/web/20221029162946/https://bugs.launchpad.net/apport/+bug/1910304 "Issue showing that uninstallation support is undecided | Bug #1910304 “Add non-invasive option to disable python3-apport ...” : Bugs : Apport | bugs.launchpad.net"
call:
function: UninstallAptPackage
parameters:
packageName: apport
-
name: Disable Apport service
recommend: standard
docs: |-
The Apport service can be stopped using the following command: `systemctl stop apport` [1] [2].
Stopping the service can mitigate the risk of Ubuntu not respecting the opt-out configuration.
This has happened before in different Ubuntu versions, as reported by the community [2].
This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [1].
[1]: https://web.archive.org/web/20221029163021/https://wiki.ubuntuusers.de/Apport/#Benutzung "Apport Wiki ubuntuusers.de | wiki.ubuntuusers.de"
[2]: https://web.archive.org/web/20221029163036/https://askubuntu.com/questions/93457/how-do-i-enable-or-disable-apport/93467 "How do I enable or disable Apport? - Ask Ubuntu | askubuntu.com"
[3]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk"
call:
function: DisableSystemdService
parameters:
serviceName: apport
-
name: Disable participation in Apport error messaging system
recommend: standard
docs: |-
Opting out of Apport prevents it from creating crash files after a crash [1].
It can be disabled by setting `enabled=0` in `/etc/default/apport` [1] [2].
This setting comes enabled by default in a clean installation of Ubuntu and
some of its derivatives (such as Pop!_OS).
This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [1].
[1]: https://web.archive.org/web/20221029163213/https://help.ubuntu.com/community/ReportingBugs?action=recall&rev=321#Reporting_a_crash_when_no_message_shows_up_and_crash_files_not_created "ReportingBugs - Community Help Wiki | help.ubuntu.com"
[2]: https://web.archive.org/web/20221029163228/https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/1773087/comments/1 "Comment #1 : Bug #1773087 : Bugs : xorg package : Ubuntu | help.ubuntu.com"
[3]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk"
code: |-
if [ -f /etc/default/apport ]; then
sudo sed -i 's/enabled=1/enabled=0/g' /etc/default/apport
echo 'Successfully disabled apport.'
else
echo 'Skipping, apport is not configured to be enabled.'
fi
revertCode: |-
if [ -f /etc/default/apport ]; then
sudo sed -i 's/enabled=0/enabled=1/g' /etc/default/apport
echo 'Successfully enabled apport.'
else
echo 'Skipping, apport is not configured to be disabled.'
fi
-
category: Disable uploading errors (Whoopsie)
docs: |-
The software responsible for uploading crash reports is called Whoopsie [1].
It's always running on Ubuntu systems, watching the `/var/crash` directory for crash reports
(that usually Apport creates) to send over the internet to Canonical servers at `http://daisy.ubuntu.com`
for further processing [1]. Along with the crash report, it sends a unique identifier (GUID)
for your computer [1] in `/etc/default/whoopsie` [2].
Apport only uploads data if package `whoopsie` is installed; otherwise it appears
to be uploading but does not upload [3].
See also:
- [Whoopsie source code | launchpad.net](https://web.archive.org/web/20221029222205/https://code.launchpad.net/ubuntu/+source/whoopsie)
- [oops (back-end for Whoopsie) source code | launchpad.net](https://web.archive.org/web/20221029222222/https://code.launchpad.net/oops-repository)
- [Data gathered from errors | errors.ubuntu.com](https://web.archive.org/web/20221029221957/https://errors.ubuntu.com/)
[1]: https://web.archive.org/web/20221029162649/https://wiki.ubuntu.com/ErrorTracker#Anatomy_of_a_crash "ErrorTracker - Ubuntu Wiki | wiki.ubuntu.com"
[2]: https://web.archive.org/web/20221029163347/https://wiki.ubuntu.com/ErrorTracker/ServerArchitecture "ErrorTracker/ServerArchitecture - Ubuntu Wiki | wiki.ubuntu.com"
[3]: https://web.archive.org/web/20221029162829/https://help.ubuntu.com/community/ReportingBugs#A4._Collect_information_about_the_bug "ReportingBugs - Community Help Wiki | help.ubuntu.com"
children:
-
name: Remove `whoopsie` package
docs: |-
This script uninstalls the `whoopsie` package.
This package is used for error tracker submission in Ubuntu [1].
[1]: https://web.archive.org/web/20221029163609/https://packages.ubuntu.com/bionic/utils/whoopsie "Ubuntu Details of package whoopsie in bionic | package.ubuntu.com"
call:
function: UninstallAptPackage
parameters:
packageName: whoopsie
-
name: Disable Whoopsie service
recommend: standard
docs: |-
Whoopsie works through a service file created in `/lib/systemd/system/whoopsie.service` [1].
This script disables this service to immobilize the main functionality of Whoopsie.
This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [2].
[1]: https://web.archive.org/web/20221029163615/https://packages.ubuntu.com/focal/all/whoopsie/filelist "Ubuntu File list of package whoopsie/focal/all | packages.ubuntu.com"
[2]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk"
call:
function: DisableSystemdService
parameters:
serviceName: whoopsie
-
name: Disable crash report submissions
recommend: standard
docs: |-
Once opted-out Whoopsie disables the related service [1].
This script is used as part of a post-installation script by the National Cyber Security Centre in the UK [2].
[1]: https://web.archive.org/web/20221029163651/https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1390014 "Bug #1390014 “systemd is in degraded state if whoopsie is disabl...” : Bugs : whoopsie package : Ubuntu | bugs.launchpad.net"
[2]: https://web.archive.org/web/20221029163054/https://www.ncsc.gov.uk/files/ubuntu1804_post_install.sh_.txt "ubuntu1804_post_install.sh_.txt | nscs.gov.uk"
code: |-
if [ -f /etc/default/whoopsie ] ; then
sudo sed -i 's/report_crashes=true/report_crashes=false/' /etc/default/whoopsie
fi
revertCode: |-
if [ -f /etc/default/whoopsie ] ; then
sudo sed -i 's/report_crashes=false/report_crashes=true/' /etc/default/whoopsie
fi
-
category: Disable Zeitgeist activity logging
docs: |-
Zeitgeist logs files opened, websites visited, conversations, and emails and provides
this information over an API to applications [1].
It serves as a comprehensive activity log and also makes it possible to determine
relationships between items based on usage patterns [1].
It stores computer use actions such as files accessed, sites visited, and conversations held.
The data is typically used to facilitate searches and "best-fit" to your local query only.
There's no proof that it's uploading data.
It does **not** send data over the network but still makes the system more vulnerable by storing
usage information that can be used for further exploitation.
It is primarily used by desktop environments such as GNOME [2], Pantheon [3], and Unity [4].
Furthermore, it is supported by applications (typically as optional functionality) such as
Gnome Rhythmbox (as a plugin) [5], catfish (optional support) [6], and synapse [7].
Read more about Zeitgeist:
- [Official website | zeitgeist.freedesktop.org](https://web.archive.org/web/20221029222739/https://zeitgeist.freedesktop.org/)
- [Wikipedia article | en.wikipedia.org](https://web.archive.org/web/20221029222921/https://en.wikipedia.org/wiki/Zeitgeist_%28free_software%29)
- [Launchpad project page | launchpad.net](https://web.archive.org/web/20221029223026/https://launchpad.net/zeitgeist/)
- [ArchWiki article | wiki.archlinux.org](https://web.archive.org/web/20221029223033/https://wiki.archlinux.org/title/Zeitgeist)
[1]: https://web.archive.org/web/20221029163704/https://packages.debian.org/en/sid/libdevel/libzeitgeist-2.0-dev "libzeitgeist-2.0-dev | Debian Packages | packages.debian.org"
[2]: https://web.archive.org/web/20221029163817/https://gitlab.gnome.org/crvi/gnome-activity-journal "crvi / GNOME Activity Journal · GitLab | gitlab.gnome.org"
[3]: https://web.archive.org/web/20221029163813/https://github.com/elementary/files/blob/70f43e398f989ebbd8b7f2bb3e32c708f8fbdb3b/src/ZeitgeistManager.vala "files/ZeitgeistManager.vala at 70f43e398f989ebbd8b7f2bb3e32c708f8fbdb3b · elementary/files · GitHub | Pantheon Source Code | github.com"
[4]: https://web.archive.org/web/20221029164229/https://bugs.launchpad.net/unity/+bug/717338 "Bug #717338 “No items in Files and Folders place” : Bugs : Unity | bugs.launchpad.net"
[5]: https://web.archive.org/web/20221029164237/https://packages.ubuntu.com/focal/gnome/rhythmbox-plugin-zeitgeist "Ubuntu Details of package rhythmbox-plugin-zeitgeist in focal | packages.ubuntu.com"
[6]: https://web.archive.org/web/20221029164402/https://docs.xfce.org/apps/catfish/introduction "apps:catfish:introduction [Xfce Docs] | docs.xfce.org"
[7]: https://web.archive.org/web/20221029164405/https://launchpad.net/synapse-project "Synapse in Launchpad | launchpad.net"
children:
-
name: Kill Zeitgeist daemon process
docs: |-
`zeitgeist-daemon` is a daemon providing an activity log [1]. Activity logs consist of a central
database for events such as file usage, browser history, and calendar entries [1].
This script stops a currently running Zeitgeist instance, letting Zeitgeist finish any operation
it may currently be doing [1].
The Zeigeist daemon receives metadata from data sources and provides it to applications using D-Bus [2].
The datahub provides passive plugins which insert events into Zeitgeist [2].
[1]: https://web.archive.org/web/20221029164529/https://www.commandlinux.com/man-page/man1/zeitgeist-daemon.1.html "zeitgeist-daemon linux command man page | commandlinux.com"
[2]: https://web.archive.org/web/20221029164539/https://wiki.archlinux.org/title/Zeitgeist "Zeitgeist - ArchWiki | wiki.archlinux.org"
call:
function: RunIfCommandExists
parameters:
command: zeitgeist-daemon
# According to manpage:
# > Stop a currently running Zeitgeist instance and exit. This lets Zeitgeist finish any operation it
# > may currently be doing.
code: zeitgeist-daemon --quit
# According to manpage:
# > Replace any existing Zeitgeist instance if there is one already running. If this option isn't
# > used, zeitgeist-daemon will refuse to start if another running instance is found.
revertCode: zeitgeist-daemon --replace
-
name: Remove Zeitgeist startup entry
docs: |-
This script removes the Autostart entry that is used by the Zeitgeist package to start itself [1].
[The XDG Autostart specification](https://web.archive.org/web/20221029223114/https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html)
defines a method for autostarting ordinary desktop entries on desktop environment startup [2].
It is executed by desktop environments such as GNOME [3] and KDE [4].
[1]: https://web.archive.org/web/20221029164654/https://www.apt-browse.org/browse/ubuntu/xenial/main/amd64/zeitgeist-datahub/0.9.16-0ubuntu4/file/etc/xdg/autostart/zeitgeist-datahub.desktop "/etc/xdg/autostart/zeitgeist-datahub.desktop | Zeitgeist package source code | apt-browse.org"
[2]: https://web.archive.org/web/20221029164713/https://wiki.archlinux.org/title/XDG_Autostart "XDG Autostart - ArchWiki | wiki.archlinux.org"
[3]: https://web.archive.org/web/20221030195216/https://help.gnome.org/admin/system-admin-guide/stable/autostart-applications.html.en "Add an autostart application for all users | help.gnome.org"
[4]: https://web.archive.org/web/20221029164803/https://bugs.kde.org/show_bug.cgi?id=433538 "KDE bug report confirming autostart behavior | bugs.kde.org"
call:
function: RenameFile
parameters:
path: /etc/xdg/autostart/zeitgeist-datahub.desktop
-
name: Disable access to Zeitgeist database
docs: |-
Zeitgeist logs its data in the `activity.sqlite` file at `$HOME/.local/share/zeitgeist/activity.sqlite` [1].
This script tells the operating system to remove read and write rights on this file to make it immutable and inaccessible to both reads and writes.
It prevents Zeitgeist from updating its database.
This method has been used successfully by the community [2] [3].
[1]: https://web.archive.org/web/20221029164814/https://forensicswiki.xyz/wiki/index.php?title=Zeitgeist "Zeitgeist - Forensics Wiki | forensicswiki.xyz"
[2]: https://web.archive.org/web/20221029164958/https://askubuntu.com/questions/994827/why-is-zeitgeist-daemon-still-in-exitstance-how-to-remove-the-database/994837 "apt - Why is zeitgeist daemon still in exitstance? How to remove the database - Ask Ubuntu | askubuntu.com"
[3]: https://web.archive.org/web/20221029165309/https://linuxaria.com/howto/how-to-remove-zeitgeist-in-ubuntu-and-why "How to remove Zeitgeist in Ubuntu and why | Linuxaria | linuxaria.com"
code: |-
file="$HOME/.local/share/zeitgeist/activity.sqlite"
if [ -f "$file" ]; then
chmod -rw "$file"
echo "Successfully disabled read/write access to $file."
else
echo "Skipping, no action needed, file does not exist at $file."
fi
revertCode: |-
file="$HOME/.local/share/zeitgeist/activity.sqlite"
if [ -f "$file" ]; then
chmod +rw "$file"
echo "Successfully restored read/write access to $file."
else
>&2 echo "Failed to restore access, file does not exist at $file."
fi
-
name: Remove Zeitgeist package (can break integrated software)
docs: |-
The main functionality for Zeitgeist is provided by the `zeitgeist` package in Fedora [1] and Arch Linux [2],
and the `zeitgeist-core` package in Debian [3].
It was installed by default in Ubuntu 16.x [4] and 18.x [5] as `zeitgeist-core`.
It is known to be installed by default by Arch Linux [6] and Artix Linux [7] too.
Removing this package may break the Unity desktop environment and prevent you from searching for programs
by typing into the box [8].
[1]: https://web.archive.org/web/20221029165307/https://packages.fedoraproject.org/pkgs/zeitgeist/zeitgeist/index.html "zeitgeist - Fedora Packages | packages.fedoraproject.org"
[2]: https://web.archive.org/web/20221029165603/https://archlinux.org/packages/extra/x86_64/zeitgeist/ "Arch Linux - zeitgeist 1.0.4-1 (x86_64) | archlinux.org"
[3]: https://web.archive.org/web/20221029165609/https://packages.debian.org/search?keywords=zeitgeist-core "Debian -- Package Search Results -- zeitgeist-core | packages.debian.org"
[4]: https://web.archive.org/web/20221029165714/https://releases.ubuntu.com/xenial/ubuntu-16.04.6-desktop-i386.manifest "List of sofware packags shipped with Ubuntu 16.04.6 | releases.ubuntu.com"
[5]: https://web.archive.org/web/20221029165726/https://releases.ubuntu.com/18.04/ubuntu-18.04.6-desktop-amd64.manifest "List of sofware packags shipped with Ubuntu 18.04.6 | releases.ubuntu.com"
[6]: https://web.archive.org/web/20221029165821/https://bugs.archlinux.org/task/52326 "FS#52326 : [midori-gtk2] Please remove the zeitgeist dependency! | archlinux.org"
[7]: https://web.archive.org/web/20221029165914/https://forum.artixlinux.org/index.php/topic,1432.0.html "Remove Unmaintained Zeitgeist (Spyware/Telemetry) from Default MATE installation | artixlinux.org"
[8]: https://web.archive.org/web/20221029165902/https://askubuntu.com/questions/45548/disabling-zeitgeist/57487 "Disabling Zeitgeist - Ask Ubuntu | askubuntu.com"
call:
-
function: UninstallAptPackage
parameters:
packageName: zeitgeist-core
# Other related packages include (apt list *zeitgeist*):
# zeitgeist-core, zeitgeist-datahub, python3-zeitgeist among many others.
# Packages that use it include e.g. activity-log-manager, activity-log-manager-control-center..
-
function: UninstallPacmanPackage
parameters:
packageName: zeitgeist
-
function: UninstallRPMPackage
parameters:
packageName: zeitgeist
-
name: Disable connectivity checks (breaks Captive Portal detection)
docs: |-
[NetworkManager](https://web.archive.org/web/20221029223230/https://developer-old.gnome.org/NetworkManager/stable/NetworkManager.conf.html) can try
to reach a web server after connecting to a network in order to determine if it is, e.g., behind a captive portal [1].
Disabling connectivity protects against privacy leaks [1], but breaks captive portal detection.
Connectivity URLs differ depending on the Linux distribution, e.g.:
- Arch Linux: `http://ping.archlinux.org/nm-check.txt` (in `/usr/lib/NetworkManager/conf.d/20-connectivity.conf`) [1].
- Ubuntu: `http://connectivity-check.ubuntu.com` [2] (in `/usr/lib/NetworkManager/conf.d/20-connectivity-ubuntu.conf` [3]).
- Pop!_OS: `http://204.pop-os.org/` in `20-connectivity-pop.conf` [4].
- Fedora: `http://fedoraproject.org/static/hotspot.txt` [5] in `/usr/lib/NetworkManager/conf.d/20-connectivity-fedora.conf` [6].
- …
This script disables connectivity checks by adding a global rule that will override Linux distribution-specific configuration.
This is the recommended way to disable connectivity checks [1].
[1]: https://web.archive.org/web/20221029165948/https://wiki.archlinux.org/title/NetworkManager "NetworkManager - ArchWiki | wiki.archlinux.org"
[2]: https://web.archive.org/web/20221029170031/https://launchpad.net/ubuntu/jammy/+package/network-manager-config-connectivity-ubuntu "network-manager-config-connectivity-ubuntu : Jammy (22.04) : Ubuntu | launchpad.net/ubuntu"
[3]: https://web.archive.org/web/20221029170026/https://packages.ubuntu.com/bionic/all/network-manager-config-connectivity-ubuntu/filelist "Ubuntu - File list of package network-manager-config-connectivity-ubuntu/bionic/all | packages.ubuntu.com"
[4]: https://web.archive.org/web/20221029170108/https://github.com/pop-os/connectivity/blob/master/debian/20-connectivity-pop.conf "connectivity/20-connectivity-pop.conf at master · pop-os/connectivity | github.com"
[5]: https://web.archive.org/web/20221029170202/https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/contrib/fedora/rpm/20-connectivity-fedora.conf "20-connectivity-fedora.conf\rpm\fedora\contrib - NetworkManager/NetworkManager - Network connection manager and user applications | reedesktop.org"
[6]: https://web.archive.org/web/20221029170207/https://fedora.pkgs.org/35/fedora-updates-testing-x86_64/NetworkManager-config-connectivity-fedora-1.32.12-1.fc35.noarch.rpm.html "NetworkManager-config-connectivity-fedora | fedora.pkgs.org"
call:
function: RunIfCommandExists
parameters:
command: /usr/sbin/NetworkManager
code: |-
file='/etc/NetworkManager/conf.d/20-disable-connectivity-privacy-sexy.conf'
content=$'# Created by privacy.sexy\n[connectivity]\nenabled=false'
directory="${file%/*}"
mkdir -p "$directory"
if [ -f "$file" ]; then
echo "Skipping, connectivity checks are already disabled through $file."
else
echo -n "$content" | sudo tee "$file" > /dev/null
echo 'Successfully disabled connectivity checks.'
fi
if command -v 'nmcli' &> /dev/null; then
sudo nmcli general reload
echo 'Successfully reloaded configuration.'
else
echo 'It will take effect after reboot.'
fi
revertCode: |-
if [ ! -f "$file" ]; then
echo 'Skipping, connectivity checks are not disabled.'
else
sudo rm -fv "$file"
echo 'Successfully restored connectivity checks.'
fi
if command -v 'nmcli' &> /dev/null; then
sudo nmcli general reload
echo 'Successfully reloaded configuration.'
else
echo 'It will take effect after reboot.'
fi
-
category: Configure programs
docs: |-
These scripts configure third-party applications installed on Linux distributions to harden their
security and privacy to protect your data.
They scripts differ from OS level configurations as they configure applications that are not typically
native to Linux distributions, i.e., not included in the OS itself and are not known as being part of
a specific distribution.
children:
-
name: Disable Python history for future interactive commands
docs: |-
Python is a high-level, general-purpose programming language [1].
Most Python implementations (including CPython) include a [read-eval-print loop (REPL)](https://web.archive.org/web/20221029223210/https://en.wikipedia.org/wiki/Read%E2%80%93eval%E2%80%93print_loop),
permitting them to function as a command-line interpreter for which users enter statements sequentially and receive results immediately [1].
Python saves interactive commands in the `~/.python_history` file [2] [3].
This script ensures that this file is immutable by changing the file attributes [4], so Python can no
longer update the file.
[1]: https://web.archive.org/web/20221029170256/https://en.wikipedia.org/wiki/Python_%28programming_language%29 "Python (programming language) - Wikipedia | wikipedia.org"
[2]: https://web.archive.org/web/20221029170303/https://github.com/python/cpython/blob/b2499669ef2e6dc9a2cdb49b4dc498e078167e26/Lib/site.py#L430-L451 "cpython/site.py at b2499669ef2e6dc9a2cdb49b4dc498e078167e26 · python/cpython · Source code that registers it | github.com"
[3]: https://web.archive.org/web/20221029170501/https://bugs.python.org/issue20886 "Issue 20886: Disabling logging to ~/.python_history is not simple enough | Python tracker | bugs.python.org"
[4]: https://web.archive.org/web/20221029170511/https://man7.org/linux/man-pages/man1/chattr.1.html "Chattr manpage | chattr - Linux manual page | man7.org"
code: |-
history_file="$HOME/.python_history"
if [ ! -f "$history_file" ]; then
touch "$history_file"
echo "Created $history_file."
fi
sudo chattr +i "$(realpath $history_file)" # realpath in case of symlink
revertCode: |-
history_file="$HOME/.python_history"
if [ ! -f "$history_file" ]; then
echo "Skipping, $history_file does not exist."
else
sudo chattr -i "$(realpath $history_file)" # realpath in case of symlink
fi
-
category: Disable Visual Studio Code data collection
docs: |-
Visual Studio Code, also commonly referred to as VS Code, is a source-code editor made by Microsoft [1].
Visual Studio Code makes outgoing network requests to collect data in the background without users invoking
a feature that requires online access [2]. The requests include, but are not limited to, automatic extension
update checks, querying settings for A/B experiments, and fetching online data for auto-completion [2].
In addition, Visual Studio Code collects and transmits telemetry data to Microsoft servers, such as [3]:
- Diagnostic information about your system and usage is sent to Microsoft servers [3].
- Your usage data and data about feature performance [3].
[1]: https://web.archive.org/web/20221029170818/https://en.wikipedia.org/wiki/Visual_Studio_Code "Visual Studio Code - Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221029170840/https://code.visualstudio.com/updates/v1_26#_offline-mode "Visual Studio Code July 2018 | code.visualstudio.com"
[3]: https://web.archive.org/web/20221029171138/https://code.visualstudio.com/docs/getstarted/telemetry "Visual Studio Code Telemetry | code.visualstudio.com"
children:
-
name: Disable Visual Studio Code telemetry
recommend: standard
docs: |-
The `telemetry.telemetryLevel` preference can be adjusted as follows [1]:
- `default` (on): Transmits usage data, errors, and crash reports.
- `error`: Transmits general error telemetry and crash reports.
- `crash`: Transmits OS-level crash reports.
- `off`: Disables all product telemetry.
This script disables telemetry data, which includes usage data, errors, and crash reports.
The `telemetry.enableTelemetry` was the primary option to disable telemetry collection [2].
This disabled the collection of diagnostic data [3].
However, it has been deprecated and replaced by the `telemetry.telemetryLevel` setting [4] [5].
Crash reports use a unique ID to identify you [6]. They were initially controlled using the
`telemetry.enableCrashReporter` setting [7], but this setting has been deprecated and replaced by
the `telemetry.telemetryLevel` setting [7].
[1]: https://web.archive.org/web/20221029171158/https://github.com/microsoft/vscode/blob/d32b92bd7a49ce8667b954d86320cc29545fc505/src/vs/platform/telemetry/common/telemetryService.ts#L278-L294 "vscode/telemetryService.ts at d32b92bd7a49ce8667b954d86320cc29545fc505 · microsoft/vscode · GitHub | github.com"
[2]: https://web.archive.org/web/20221029171236/https://github.com/microsoft/vscode/issues/3182 "Telemetry opt-out · Issue #3182 · microsoft/vscode · GitHub | github.com"
[3]: https://web.archive.org/web/20221029171302/https://github.com/microsoft/vscode/blob/9f2d55f21247224e00e438ff0e8a080c557356dc/src/vs/platform/telemetry/common/telemetryService.ts#L247-L265 "vscode/telemetryService.ts at 9f2d55f21247224e00e438ff0e8a080c557356dc · microsoft/vscode · GitHub | github.com"
[4]: https://web.archive.org/web/20221029171313/https://github.com/microsoft/vscode/issues/132552 "Explore splitting the telemetry settings into error telemetry + all other telemetry · Issue #132552 · microsoft/vscode · GitHub | github.com"
[5]: https://web.archive.org/web/20221029171158/https://github.com/microsoft/vscode/blob/d32b92bd7a49ce8667b954d86320cc29545fc505/src/vs/platform/telemetry/common/telemetryService.ts#L302-L314 "vscode/telemetryService.ts at d32b92bd7a49ce8667b954d86320cc29545fc505 · microsoft/vscode · GitHub | github.com"
[6]: https://web.archive.org/web/20221029171339/https://github.com/microsoft/vscode/blob/1dd67592e120d916a8963903babaf0fae74440c5/src/vs/code/electron-main/app.ts#L1259 "vscode/app.ts at 1dd67592e120d916a8963903babaf0fae74440c5 · microsoft/vscode · GitHub | github.com"
[7]: https://web.archive.org/web/20221029171353/https://github.com/microsoft/vscode/blob/17fc955b4ffb1f9a0097a561291aaa5c8918eee6/src/vs/workbench/electron-sandbox/desktop.contribution.ts#L253-L267 "vscode/desktop.contribution.ts at 17fc955b4ffb1f9a0097a561291aaa5c8918eee6 · microsoft/vscode · GitHub | github.com"
call:
-
function: SetVsCodeSetting
parameters:
setting: telemetry.telemetryLevel
jsonValue: >-
"off"
-
function: SetVsCodeSetting
parameters:
setting: telemetry.enableTelemetry
jsonValue: >-
false
-
function: SetVsCodeSetting
parameters:
setting: telemetry.enableCrashReporter
jsonValue: >-
false
-
name: Disable online experiments by Microsoft in Visual Studio Code
recommend: standard
docs: |-
VS Code employs experiments to test new features or gradually roll them out [1].
The experimentation framework communicates with Microsoft servers [1].
This setting is enabled by default [1].
This script disables fetching experiments from a Microsoft online service [1].
It accomplishes this by setting `workbench.enableExperiments` to `false` [1].
[1]: https://web.archive.org/web/20221029171424/https://github.com/microsoft/vscode-docs/blob/d2dbfc5bcad0be08afca69e9253c1d5541e19d31/docs/supporting/faq.md "vscode-docs/faq.md at d2dbfc5bcad0be08afca69e9253c1d5541e19d31 · microsoft/vscode-docs · GitHub"
[2]: https://web.archive.org/web/20221029171439/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/experiments/browser/experiments.contribution.ts#L25-L34 "vscode/experiments.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub"
call:
function: SetVsCodeSetting
parameters:
setting: workbench.enableExperiments
jsonValue: >-
false
-
name: Disable Visual Studio Code automatic updates in favor of manual updates
docs: |-
By default, VS Code is configured to automatically update when new versions are released [1].
Automatic updates reduce your control over privacy by sending data to Microsoft servers.
On Linux, updates are often handled by the system package manager, rendering this
setting redundant [1].
To opt out of auto-updates, the Update: Mode (`update.mode`) setting is changed from default
to none [1]. `update.mode` has replaced the older `update.channel` setting [2] [3].
[1]: https://web.archive.org/web/20221029171537/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/supporting/faq.md#how-do-i-opt-out-of-vs-code-auto-updates "vscode-docs/faq.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com"
[2]: https://web.archive.org/web/20221029171549/https://github.com/microsoft/vscode/blob/8e2ec5a7ee1ae5500c645c05145359f2a814611c/src/vs/platform/update/common/update.config.contribution.ts#L36-L42 "vscode/update.config.contribution.ts at 8e2ec5a7ee1ae5500c645c05145359f2a814611c · microsoft/vscode · GitHub | github.com"
[3]: https://web.archive.org/web/20221029171607/https://github.com/microsoft/vscode/issues/70084 'VS Code 1.31.1 does not respect "update.channel": "none" · Issue #70084 · microsoft/vscode · GitHub | github.com'
call:
-
function: SetVsCodeSetting
parameters:
setting: update.mode
jsonValue: >-
"none"
-
function: SetVsCodeSetting
parameters:
setting: update.channel
jsonValue: >-
"none"
-
name: Disable fetching release notes from Microsoft servers after an update
docs: |-
This script prevents Visual Studio Code from displaying release notes after an update [1].
Release notes are fetched from a Microsoft online service [1] and thus expose data about you,
such as your IP address, to Microsoft.
It is enabled by default [1] and can be disabled by setting `update.showReleaseNotes` to `false` [1].
[1]: https://web.archive.org/web/20221029171549/https://github.com/microsoft/vscode/blob/8e2ec5a7ee1ae5500c645c05145359f2a814611c/src/vs/platform/update/common/update.config.contribution.ts#L51-L57 "vscode/update.config.contribution.ts at 8e2ec5a7ee1ae5500c645c05145359f2a814611c · microsoft/vscode | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: update.showReleaseNotes
jsonValue: >-
false
-
category: Configure auto-update settings for Visual Studio Code extensions
docs: |-
These scripts control the automatic update behavior of extensions.
Updates are fetched from Microsoft servers [1] [2].
Use of online Microsoft services can disclose information about you and your behavior.
[1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L135-L150 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub | github.com"
[2]: https://web.archive.org/web/20221029171719/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/extension-marketplace.md#extension-auto-update "vscode-docs/extension-marketplace.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com"
children:
-
name: Disable automatic Visual Studio Code extension updates
docs: |-
By default, Visual Studio Code automatically downloads and installs updates for all
extensions [1]. These updates are fetched from a Microsoft online service [1].
This script disables the automatic updating of installed extensions.
It accomplishes this by setting `extensions.autoUpdate` to `false` [2].
[1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L135-L150 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub | github.com"
[2]: https://web.archive.org/web/20221029171719/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/extension-marketplace.md#extension-auto-update "vscode-docs/extension-marketplace.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: extensions.autoUpdate
jsonValue: >-
false
-
name: Disable Visual Studio Code automatic extension update checks
docs: |-
By default, Visual Studio Code automatically checks extensions for updates [1].
If an update for an extension is available, it is marked as outdated in the Extensions view [1].
These updates are fetched from a Microsoft online service [1].
This script disables the automatic checking of updates for extensions.
It achieves this by setting `extensions.autoCheckUpdates` to `false` [2].
[1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L152-L158 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode | github.com"
[2]: https://web.archive.org/web/20221029171719/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/extension-marketplace.md#extension-auto-update "vscode-docs/extension-marketplace.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: extensions.autoCheckUpdates
jsonValue: >-
false
-
name: Disable automatic fetching of Microsoft recommendations in Visual Studio Code
recommend: strict
docs: |-
Visual Studio Code, by default, fetches recommendations from online Microsoft servers [1].
This script modifies that default behavior, making recommendations from Microsoft servers
available only on demand, rather than being fetched automatically [1].
Despite this setting being deprecated [1] [2], it is still respected [3] [4].
[1]: https://web.archive.org/web/20221029171704/https://github.com/microsoft/vscode/blob/b784e0514d4608cc20a0e7ce62baf7bc8131158c/src/vs/workbench/contrib/extensions/browser/extensions.contribution.ts#L164-L169 "vscode/extensions.contribution.ts at b784e0514d4608cc20a0e7ce62baf7bc8131158c · microsoft/vscode · GitHub | github.com"
[2]: https://web.archive.org/web/20221029171802/https://github.com/microsoft/vscode/issues/94416 "Combine extensions.ignoreRecommendations and extensions.showRecommendationsOnlyOnDemand · Issue #94416 · microsoft/vscode · GitHub | github.com"
[3]: https://web.archive.org/web/20221029171840/https://github.com/microsoft/vscode/blob/df0a8572e5e97ba71160c736addf171c671bb9e9/src/vs/workbench/contrib/extensions/browser/extensionsViewlet.ts#L221-L234 "vscode/extensionsViewlet.ts at df0a8572e5e97ba71160c736addf171c671bb9e9 · microsoft/vscode · GitHub | github.com"
[4]: https://web.archive.org/web/20221029171850/https://github.com/microsoft/vscode/blob/1f86576cb95925e79d92c8af04424680bb144945/src/vs/workbench/contrib/extensions/browser/extensionRecommendationNotificationService.ts#L144-L147 "vscode/extensionRecommendationNotificationService.ts at 1f86576cb95925e79d92c8af04424680bb144945 · microsoft/vscode · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: extensions.showRecommendationsOnlyOnDemand
jsonValue: >-
true
-
name: Disable automatic fetching of remote repositories in Visual Studio Code
docs: |-
Visual Studio Code (VS Code) periodically fetches changes from remote repositories [1].
This feature lets VS Code display how many changes your local repository is ahead or behind the remote [1].
This script disables the automatic fetching, providing you more control over when you
communicate with remote servers. Note that this feature shares data not with Microsoft,
but with the servers hosting the remote repositories you're working with.
As of VS Code 1.19, this feature is disabled by default [1] [3], although it was enabled by
default in earlier versions [2].
The `git.autofetch` setting controls this feature, with `true` enabling it and
`false` disabling it [2].
[1]: https://web.archive.org/web/20221029171946/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/sourcecontrol/overview.md#remotes "vscode-docs/overview.md at main · microsoft/vscode-docs · GitHub | github.com"
[2]: https://web.archive.org/web/20221029172003/https://github.com/Microsoft/vscode/issues/34684 "Set git.autofetch to disabled, by default · Issue #34684 · microsoft/vscode · GitHub | github.com"
[3]: https://web.archive.org/web/20221029172102/https://github.com/microsoft/vscode/blob/9bc43c7f8acc1d3b2d572f75ca30dccc2fed643d/extensions/git/package.json#L1929-L1945 "vscode/package.json at 9bc43c7f8acc1d3b2d572f75ca30dccc2fed643d · microsoft/vscode · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: git.autofetch
jsonValue: >-
false
-
name: Disable fetching package information from NPM and Bower in Visual Studio Code
docs: |-
Visual Studio Code fetches data from NPM and Bower to provide autocompletion and hover information
for npm dependencies [1]. By default, this feature is enabled [2] and fetches data from
`https://registry.npmjs.org` and `https://registry.bower.io` [1].
This script prevents the automatic fetching of package information.
You can disable this feature by setting `npm.fetchOnlinePackageInfo` to `false` [2].
[1]: https://web.archive.org/web/20221029172113/https://github.com/microsoft/vscode/blob/21504708043941c1e9e45b7d0892a9a8a03470d7/extensions/npm/package.nls.json#L17 "vscode/package.nls.json at 21504708043941c1e9e45b7d0892a9a8a03470d7 · microsoft/vscode · GitHub | github.com"
[2]: https://web.archive.org/web/20221029172220/https://github.com/microsoft/vscode/blob/29e985eca0713c8458ae8349c1742d6fb75719e4/extensions/npm/package.json#L293-L300 "vscode/package.json at 29e985eca0713c8458ae8349c1742d6fb75719e4 · microsoft/vscode · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: npm.fetchOnlinePackageInfo
jsonValue: >-
false
-
name: Disable sending search queries to Microsoft in Visual Studio Code
recommend: strict
docs: |-
By default, Visual Studio Code sends setting search queries to Microsoft servers [1]. This is
part of the natural language search mode, which is powered by a Microsoft online service [1].
You can disable this feature by setting `enableNaturalLanguageSettingsSearch` to `false` [1].
For more information, see [Settings search | Feature announcement](https://web.archive.org/web/20221029223417/https://github.com/microsoft/vscode-docs/blob/8f6d43a3b24d8661f25f93d5e679c3e6ee1191b6/release-notes/v1_20.md#settings-search).
[1]: https://web.archive.org/web/20221029172320/https://github.com/microsoft/vscode/blob/13ba7bb446a638d37ebccb1a7d74e31c32bb9790/src/vs/workbench/contrib/preferences/common/preferencesContribution.ts#L151-L157 "vscode/preferencesContribution.ts at 13ba7bb446a638d37ebccb1a7d74e31c32bb9790 · microsoft/vscode · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: workbench.settings.enableNaturalLanguageSearch
jsonValue: >-
false
-
name: Disable Visual Studio Code automatic type acquisition in TypeScript
docs: |-
This script disables [automatic type acquisition](https://web.archive.org/web/20221029223431/https://code.visualstudio.com/docs/nodejs/working-with-javascript#_typings-and-automatic-type-acquisition) [1],
a feature that fetches `@types` packages from npm to improve IntelliSense for external libraries [1].
Although this feature is disabled by default [2], you can ensure it's off by setting
`typescript.disableAutomaticTypeAcquisition` to `false` [2].
[1]: https://web.archive.org/web/20221029172348/https://github.com/microsoft/vscode/blob/3c37a5a8d7768ea068acf578594f9b71cfbe81e1/extensions/typescript-language-features/package.nls.json#L13 "vscode/package.nls.json at 3c37a5a8d7768ea068acf578594f9b71cfbe81e1 · microsoft/vscode · GitHub | github.com"
[2]: https://web.archive.org/web/20221029172429/https://github.com/microsoft/vscode/blob/29e985eca0713c8458ae8349c1742d6fb75719e4/extensions/typescript-language-features/package.json "vscode/package.json at 29e985eca0713c8458ae8349c1742d6fb75719e4 · microsoft/vscode · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: typescript.disableAutomaticTypeAcquisition
jsonValue: >-
false
-
name: Disable Visual Studio Code Edit Sessions
docs: |-
**Edit Sessions** is a Visual Studio Code feature that synchronizes uncommitted changes between
VS Code for the Web (e.g., GitHub Codespaces) and the Desktop version, storing data in the
Microsoft Cloud [1].
This script disables **Edit Sessions** and its more granular subsettings like
`workbench.experimental.editSessions.autoStore`, `workbench.editSessions.autoResume`, and
`workbench.editSessions.continueOn` [2].
[1]: https://web.archive.org/web/20221029172502/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/release-notes/v1_71.md#bring-your-changes-with-you-when-moving-across-development-environments "vscode-docs/v1_71.md at 9a900b380e11530376104ffc83a004b82553728e · microsoft/vscode-docs · GitHub | github.com"
[2]: https://web.archive.org/web/20221029172519/https://github.com/microsoft/vscode/blob/b891aa212a3644cc345d061c63a67ba51080cace/src/vs/workbench/contrib/editSessions/browser/editSessions.contribution.ts#L816-L877 "vscode/editSessions.contribution.ts at b891aa212a3644cc345d061c63a67ba51080cace · microsoft/vscode | github.com"
call:
-
function: SetVsCodeSetting
parameters:
setting: workbench.experimental.editSessions.enabled
jsonValue: >-
false
-
function: SetVsCodeSetting
parameters:
setting: workbench.experimental.editSessions.autoStore
jsonValue: >-
false
-
function: SetVsCodeSetting
parameters:
setting: workbench.editSessions.autoResume
jsonValue: >-
false
-
function: SetVsCodeSetting
parameters:
setting: workbench.editSessions.continueOn
jsonValue: >-
false
-
category: Disable data sharing for Visual Studio Code "Settings Sync"
docs: |-
**Settings Sync** is a Visual Studio Code feature that synchronizes settings, keybindings,
and installed extensions across different machines [1]. This data is stored in the Microsoft
Cloud [1].
[1]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com"
children:
-
name: Disable synchronization of Visual Studio Code keybindings
docs: |-
By default [1], Keyboard Shortcuts are synchronized across platforms [2].
You can disable this by setting `settingsSync.keybindingsPerPlatform` to `false` [1] [2].
[1]: https://web.archive.org/web/20221029172910/https://github.com/microsoft/vscode/blob/095ddabc52b82498ee7f718a34f9dd11d59099a8/src/vs/platform/userDataSync/common/userDataSync.ts#L58-L64 "vscode/userDataSync.ts at 095ddabc52b82498ee7f718a34f9dd11d59099a8 · microsoft/vscode · GitHub | github.com"
[2]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: settingsSync.keybindingsPerPlatform
jsonValue: >-
false
-
name: Disable synchronization of Visual Studio Code extensions
docs: |-
Visual Studio Code synchronizes all built-in and installed extensions, along with their
global enablement state, by default [1] [2].
This script prevents the synchronization of all Visual Studio Code extensions.
To disable extension synchronization, set `settingsSync.ignoredExtensions` [1],
which configures the list of extensions to be ignored during synchronization [2].
[1]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com"
[2]: https://web.archive.org/web/20221029172910/https://github.com/microsoft/vscode/blob/095ddabc52b82498ee7f718a34f9dd11d59099a8/src/vs/platform/userDataSync/common/userDataSync.ts#L65-L78 "vscode/userDataSync.ts at 095ddabc52b82498ee7f718a34f9dd11d59099a8 · microsoft/vscode · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: settingsSync.ignoredExtensions
jsonValue: >-
["*"]
-
name: Disable synchronization of Visual Studio Code settings
docs: |-
By default, Visual Studio Code synchronizes all settings, except for machine settings
(those with machine or machine-overridable scopes), as these are specific to a given machine [1] [2].
This script disables the synchronization of all settings.
You can specify settings to ignore during synchronization using the `settingsSync.ignoredSettings`
setting [1] [2].
[1]: https://web.archive.org/web/20221029172856/https://github.com/microsoft/vscode-docs/blob/9a900b380e11530376104ffc83a004b82553728e/docs/editor/settings-sync.md "vscode-docs/settings-sync.md at main · microsoft/vscode-docs · GitHub | github.com"
[2]: https://web.archive.org/web/20221029172910/https://github.com/microsoft/vscode/blob/095ddabc52b82498ee7f718a34f9dd11d59099a8/src/vs/platform/userDataSync/common/userDataSync.ts#L79-L89 "vscode/userDataSync.ts at 095ddabc52b82498ee7f718a34f9dd11d59099a8 · microsoft/vscode · GitHub | github.com"
call:
function: SetVsCodeSetting
parameters:
setting: settingsSync.ignoredSettings
jsonValue: >-
["*"]
-
name: Disable .NET telemetry
recommend: standard
docs: |-
.NET, previously known as .NET Core [1], is a free, open-source, and cross-platform developer platform
that allows the creation of various types of applications [2].
The .NET Software Development Kit (SDK) includes a telemetry feature, enabled by default [3], that
collects and sends usage data to Microsoft upon the execution of .NET Command-Line Interface (CLI)
commands. This data comprises your operating system, hardware specifics, geographic location,
and .NET usage/installation information [3]. A fraction of this collected data is made publicly
available at [.NET CLI Telemetry Data | dotnet.microsoft.com](https://web.archive.org/web/20221029211429/https://dotnet.microsoft.com/en-us/platform/telemetry).
This script sets the `DOTNET_CLI_TELEMETRY_OPTOUT` environment variable to `1`, opting you out
of the .NET telemetry collection [3]. It is crucial to establish this setting prior to the
.NET installation since the installation process also sends telemetry data [3].
[1]: https://web.archive.org/web/20220930202101/https://en.wikipedia.org/wiki/.NET ".NET - Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20221003175158/https://dotnet.microsoft.com/en-us/download "Download .NET (Linux, macOS, and Windows) | dotnet.microsoft.com"
[3]: https://web.archive.org/web/20220903043156/https://docs.microsoft.com/en-us/dotnet/core/tools/telemetry ".NET SDK and .NET CLI telemetry - .NET CLI | Microsoft Docs | docs.microsoft.com"
call:
function: PersistSystemEnvironmentVariable
parameters:
variable: DOTNET_CLI_TELEMETRY_OPTOUT
value: '1'
-
name: Disable PowerShell Core telemetry
docs: |-
PowerShell Core, a cross-platform (Windows, Linux, and macOS) automation and configuration
tool/framework, incorporates a command-line shell, a related scripting language, and a
framework for processing cmdlets [1].
It sends telemetry data to Microsoft servers, revealing your software usage,
geolocation, and additional environment data [2].
This script sets the `env:POWERSHELL_TELEMETRY_OPTOUT` environment variable to `1`,
opting you out of PowerShell Core's telemetry collection.
[1]: https://web.archive.org/web/20221011001154/https://github.com/PowerShell/PowerShell "GitHub - PowerShell/PowerShell: PowerShell for every system! | github.com"
[2]: https://web.archive.org/web/20221011165907/https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_telemetry?view=powershell-7.2 "about Telemetry - PowerShell | Microsoft Learn"
call:
function: PersistSystemEnvironmentVariable
parameters:
variable: POWERSHELL_TELEMETRY_OPTOUT
value: '1'
-
category: Configure Firefox
docs: |-
Mozilla Firefox, colloquially known as Firefox, is a free and open-source web browser created by
the Mozilla Foundation and its subsidiary, the Mozilla Corporation [1].
By default, Firefox collects telemetry data and has other features that gather information about
your downloaded files and browsed webpages [2][3].
The scripts provided here adjust your Firefox installation to prevent its data collection.
[1]: https://web.archive.org/web/20221029173029/https://en.wikipedia.org/wiki/Firefox "Firefox | Wikipedia | en.wikipedia.org"
[2]: https://web.archive.org/web/20220901045358/https://support.mozilla.org/en-US/kb/telemetry-clientid "Telemetry collection and deletion | Firefox Help | support.mozilla.org"
[3]: https://web.archive.org/web/20221008150941/https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work "How does built-in Phishing and Malware Protection work? | Firefox Help | support.mozilla.org"
children:
-
category: Harden Firefox privacy
docs: |-
The following are privacy-focused tweaks to prevent browser fingerprinting and tracking.
See also: [What is browser fingerprinting? | AmIUnique.org](https://web.archive.org/web/20221029223510/https://www.amiunique.org/faq)
children:
-
category: Enable Firefox state partitioning (Total Cookie Protection)
docs: |-
Web browsers, including Firefox, save various data types such as cookies, cache, and site-specific details.
While this data helps in providing a faster and personalized browsing experience, it can be exploited by websites to track
your activities across the internet, potentially compromising your privacy.
State partitioning, also known as "Total Cookie Protection" [1], is a feature designed to enhance user privacy in Firefox.
It works by allocating different, isolated storage spaces for every website you visit [2]. This means that each website has its own
"compartment" where it saves its data, separate from other sites [2]. This structure limits websites' capabilities to track users
across various domains.
The underlying technology for state partitioning in Firefox is termed "double-keying" [1]. In this method, when a website intends
to store data, Firefox attaches an extra identifier tied to the site's origin, ensuring unique data storage for each site [1]. For
example, if two different sites incorporate content from the same third-party source, each of these sites will have its own unique
version of the third-party's data (like cookies) due to state partitioning [1]. This impedes the third-party's tracking ability
between the sites.
This protection isn't just against known trackers [1]. Firefox applies state partitioning to all third-party content on a site,
ensuring a comprehensive privacy coverage, beyond just identifiable tracking sources [1] [3].
A notable misuse by some trackers is the creation of "supercookies" [4]. Contrary to standard cookies, which users can delete easily,
supercookies are harder to eliminate and block, posing a considerable privacy challenge. Through state partitioning, Firefox renders
supercookies ineffective for tracking users across sites [4]. As a part of this feature, Firefox not only ensures site-specific data
but also partitions multiple caches, such as HTTP cache, image cache, and favicon cache [4]. This partitioning prevents any potential
cache exploitation for tracking purposes [4].
In summary, enabling state partitioning in Firefox is a powerful privacy tool, helping to defend users from potential online tracking
and offering a more private browsing experience.
[1]: https://web.archive.org/web/20230918171957/https://hacks.mozilla.org/2021/02/introducing-state-partitioning/ "Introducing State Partitioning - Mozilla Hacks - the Web developer blog"
[2]: https://web.archive.org/web/20230918172155/https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning "State Partitioning - Privacy on the web | MDN"
[3]: https://web.archive.org/web/20230918172352/https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ "Firefox 86 Introduces Total Cookie Protection - Mozilla Security Blog"
[4]: https://web.archive.org/web/20230918172503/https://blog.mozilla.org/security/2021/01/26/supercookie-protections/ "Firefox 85 Cracks Down on Supercookies - Mozilla Security Blog"
children:
-
name: Enable dynamic First-Party Isolation (dFPI)
recommend: standard
docs: |-
Dynamic First-Party Isolation, also known as dFPI, is an advanced privacy feature in Firefox. This feature commonly
referred to as:
- Total Cookie Protection [1],
- dFPI (dynamic First-Party Isolation) [2],
- Dynamic storage partitioning [3].
Essentially, dFPI is an enhanced version of a previous privacy tool known as First-Party Isolation (FPI) [4].
The primary purpose of dFPI is to improve user privacy online. It accomplishes this by preventing third-party websites from
accessing or tracking a user's data across different websites [1] [3].
By default, this feature is activated for all Firefox desktop users [5].
Within Firefox's settings, there's an option called `network.cookie.cookieBehavior` which governs how dFPI operates.
This setting has three potential values [3]:
- `5`: The browser will block known trackers and partition storage for third-party content.
- `4`: Only known trackers will be blocked without any partitioning of third-party storage.
- `0`: All trackers and third-party content are allowed.
This script sets the value to `5`, ensuring the highest level of privacy by blocking trackers and partitioning third-party
storage. This aligns with recommended privacy practices because even if you choose the `4` value, the older First-Party
Isolation (FPI) will still be active [6].
[1]: https://web.archive.org/web/20231003094145/https://support.mozilla.org/en-US/kb/total-cookie-protection-and-website-breakage-faq "Total Cookie Protection and website breakage FAQ | Firefox Help"
[2]: https://web.archive.org/web/20231003094154/https://bugzilla.mozilla.org/show_bug.cgi?id=1746646 "1746646 - (tcp-mochitests) [meta] Make mochitests work with TCP enabled (cookieBehavior = 5) | bugzilla.mozilla.org"
[3]: https://web.archive.org/web/20230918172155/https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning#disable_dynamic_state_partitioning "State Partitioning - Privacy on the web | MDN"
[4]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
[5]: https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ "Firefox Rolls Out Total Cookie Protection By Default"
[6]: https://web.archive.org/web/20231003094350/https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25 "1631676 - Disable dfpi when privacy.firstparty.isolate=true | bugzilla.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: network.cookie.cookieBehavior
jsonValue: '5'
-
name: Enable Firefox network partitioning
recommend: standard
docs: |-
Network partitioning is a method used by Firefox to enhance user privacy [1]. When enabled, each website you visit has its own
isolated storage location, preventing it from accessing data from another website [1]. This limits the ability of websites to track
users across multiple sites [1].
Network Partitioning, formerly referred to as *cache partitioning* [2], is a subset of state partitioning [1]. While state partitioning
deals with data like cookies, network partitioning deals with networking-related components, such as caches and connection pools [1].
It ensures that these components are isolated to each website, further enhancing user privacy [1].
Firefox has enabled network partitioning by default since version 85 [1]. Once enabled, network partitioning becomes permanent,
meaning websites cannot bypass or weaken its restrictions [1].
Network partitioning can be controlled with the `privacy.partition.network_state` preference [1].
[1]: https://web.archive.org/web/20230918172155/https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning "State Partitioning - Privacy on the web | MDN"
[2]: https://web.archive.org/web/20231003094417/https://bugzilla.mozilla.org/show_bug.cgi?id=1687569 "1687569 - cache partitioning causes web page saving extensions to waste more time and data | bugzilla.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: privacy.partition.network_state
jsonValue: 'true'
-
name: Disable outdated Firefox First-Party Isolation (FPI)
recommend: strict
docs: |-
First-party isolation (FPI) helps in preventing third parties from tracking users across multiple websites [1] [2]. This is sometimes
referred to as "double keying" (double-keying) [1] or supercookies [1] [2].
This script disables FPI in favor of a newer technology called dynamic First-Party Isolation (dFPI) for the following reasons:
1. FPI and dFPI conflict with each other, and they cannot function simultaneously [3] [4]. Additionally, Mozilla doesn't plan to make
them compatible [5].
2. FPI has been marked as deprecated and is expected to be phased out [3], with dFPI set to become the standard in the future [6].
3. dFPI, when combined with network partitioning, offers broader and more effective privacy coverage than FPI, being essentially a
superset of FPI [3] [7].
[1]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#First_party_isolation "Firefox/Privacy - ArchWiki | wiki.archlinux.org"
[2]: https://web.archive.org/web/20221025200527/https://bugzilla.mozilla.org/show_bug.cgi?id=1397624#c0 "1397624 - Provide an option for first-party isolation in Private Browsing Mode | bugzilla.mozilla.org"
[3]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c0 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
[4]: https://web.archive.org/web/20231003094350/https://bugzilla.mozilla.org/show_bug.cgi?id=1631676#c25 "1631676 - Disable dfpi when privacy.firstparty.isolate=true | bugzilla.mozilla.org"
[5]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c3 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
[6]: https://web.archive.org/web/20231003094207/https://bugzilla.mozilla.org/show_bug.cgi?id=1649876#c5 "1649876 - Migrate FPI users to dFPI | bugzilla.mozilla.org"
[7]: https://web.archive.org/web/20231003094358/https://bugzilla.mozilla.org/show_bug.cgi?id=1637344#c2 "1637344 - Add message to show dFPI is incompatible with FPI | bugzilla.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: privacy.firstparty.isolate
jsonValue: 'false'
-
name: Enable Firefox tracking protection
recommend: standard
docs: |-
Firefox provides an option for Enhanced Tracking Protection [1], which blocks trackers that
gather information about your browsing behavior without disrupting site functionality [1].
This feature also includes protections against harmful scripts such as malware that drains
your battery [1].
This script enables the `privacy.resistFingerprinting` preference,
activating anti-fingerprinting [1][2].
Beyond privacy advantages; enabling tracking protection may reduce load time by 44% [3].
Note: If you are already using an ad blocker with the correct lists, tracking protection might
be redundant.
[1]: https://web.archive.org/web/20221025195851/https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop "Security/Tracking protection - MozillaWiki | support.mozilla.org"
[2]: https://web.archive.org/web/20221025195843/https://wiki.mozilla.org/Security/Tracking_protection#Prefs "Enhanced Tracking Protection in Firefox for desktop | Firefox Help | wiki.mozilla.org"
[3]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#Tracking_protection "Firefox/Privacy - ArchWiki | wiki.archlinux.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: privacy.trackingprotection.enabled
jsonValue: 'true'
-
name: Enable Firefox anti-fingerprinting (may break some websites)
recommend: strict
docs: |-
Fingerprinting Protection is a heavily developed experimental feature in Firefox [1].
As part of a project to integrate features from the Tor Browser, Mozilla launched an
anti-fingerprinting project in Firefox [2].
This script enables the `privacy.resistFingerprinting` preference, activating
anti-fingerprinting [1][2].
As an experimental feature, it might cause some website breakage [2], such as impacting web
speech functionality [3] and favicons [4].
[1]: https://web.archive.org/web/20221025201025/https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting "Firefox's protection against fingerprinting | Firefox Help | support.mozilla.org"
[2]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#Anti-fingerprinting "Firefox/Privacy - ArchWiki | wiki.archlinux.org"
[3]: https://web.archive.org/web/20221025201301/https://bugzilla.mozilla.org/show_bug.cgi?id=1636707 "1636707 - Web speech functionality disabled if privacy.resistFingerprinting is set to true | bugzilla.mozilla.org"
[4]: https://web.archive.org/web/20221025201422/https://bugzilla.mozilla.org/show_bug.cgi?id=1452391#c5 "1452391 - PNG favicons show up as white square when privacy.resistFingerprinting is enabled | bugzilla.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: privacy.resistFingerprinting
jsonValue: 'true'
-
name: Disable WebRTC exposure of your private IP address in Firefox
recommend: standard
docs: |-
Websites can obtain your local IP address through WebRTC's peer-to-peer protocol, facilitated
by JavaScript [1].
WebRTC (Web Real-Time Communication) is a free and open-source project offering real-time
communication (RTC) via application programming interfaces (APIs) to web browsers and mobile
applications [2]. It enables audio and video communication to work inside web pages by facilitating
direct peer-to-peer communication, and thereby eliminating the need for plugin installations or native
app downloads [3]. Supported by Apple, Google, Microsoft, Mozilla, and Opera, WebRTC's
specifications have been published by the World Wide Web Consortium (W3C) and the Internet
Engineering Task Force (IETF) [2].
[1]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#WebRTC_exposes_LAN_IP_address "WebRTC exposes LAN IP address | Firefox/Privacy - ArchWiki | wiki.archlinux.org"
[2]: https://web.archive.org/web/20221029173118/https://en.wikipedia.org/wiki/WebRTC "WebRTC - Wikipedia | en.wikipedia.org"
[3]: https://web.archive.org/web/20221029173306/https://blogs.trilogy-lte.com/post/77427158750/how-webrtc-is-revolutionizing-telephony "How WebRTC Is Revolutionizing Telephony | blogs.trilogy-lte.com"
call:
function: AddFirefoxPrefs
parameters:
prefName: media.peerconnection.ice.default_address_only
jsonValue: 'true'
-
category: Disable Firefox telemetry
docs: |-
By default, Firefox collects telemetry data [1]. This data comprises two main categories:
**interaction data** and **technical data** [1].
**Interaction data** includes metrics such as the number of open tabs and windows, the number of
webpages visited, the number and type of installed Firefox Add-ons, session length, and
interactions with features offered by Mozilla or third parties. These features may include
Firefox search features and search partner referrals [1].
**Technical data** provides information about your Firefox version and language, device operating
system and hardware configuration, memory, basic crash and error information, as well as the
outcome of automated processes like updates and safe browsing [1].
Note that Firefox logs your personally identifiable IP address [1].
[1]: https://web.archive.org/web/20220901045358/https://support.mozilla.org/en-US/kb/telemetry-clientid "Telemetry collection and deletion | Firefox Help | support.mozilla.org"
children:
-
name: Disable collection of technical and interaction data in Firefox
recommend: standard
docs: |-
This script alters the `datareporting.healthreport.uploadEnabled` preference, effectively
disabling it. This preference regulates whether Firefox sends telemetry data [1].
The script halts all data transmitted from Firefox to Mozilla via Telemetry [2], preventing
Firefox from sending technical and interaction data to Mozilla [3].
For reasons of military security, it's recommended by the U.S. government (NIST 800-53) that
this data collection is disabled [4].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221015103136/https://bugzilla.mozilla.org/show_bug.cgi?id=1195552#c4
[3]: https://web.archive.org/web/20221015102419/https://bugzilla.mozilla.org/show_bug.cgi?id=1422689#c1
[4]: https://web.archive.org/web/20221015103404/https://www.stigviewer.com/stig/mozilla_firefox/2019-01-02/finding/V-79053
call:
function: AddFirefoxPrefs
parameters:
prefName: datareporting.healthreport.uploadEnabled
jsonValue: 'false'
-
name: Disable detailed telemetry collection in Firefox
recommend: standard
docs: |-
This script disables the `toolkit.telemetry.enabled` preference, which controls whether the
Telemetry module is enabled [1].
It's configured to be enabled in nightly, aurora, beta, or default (developer) builds.
In release builds, however, it's set to false [1]. This setting is hard-coded into the C++
code to prevent easy disabling [2]. Developers have been approached about this issue but
have rejected proposals to unlock it [3].
Mozilla's plan is to deprecate this setting eventually, followed by removal [1].
This preference controls telemetry verbosity and configures Firefox to collect less data [3].
For reasons of military security, the U.S. government (NIST 800-53) recommends disabling this
setting [4].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221015102305/https://searchfox.org/mozilla-central/source/modules/libpref/Preferences.cpp#3213
[3]: https://web.archive.org/web/20221015102419/https://bugzilla.mozilla.org/show_bug.cgi?id=1422689#c1
[4]: https://web.archive.org/web/20221015102604/https://stigviewer.com/stig/mozilla_firefox/2020-12-10/finding/V-223170
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.enabled
jsonValue: 'false'
-
name: Disable archiving of Firefox telemetry
recommend: standard
docs: |-
This script configures the `toolkit.telemetry.archive.enabled` preference to be disabled, thus
preventing telemetry pings from being archived locally [1].
For reasons of military security, the U.S. government (NIST 800-53) recommends disabling this
setting [2].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221015104801/https://stigviewer.com/stig/mozilla_firefox/2020-12-10/finding/V-223171
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.archive.enabled
jsonValue: 'false'
-
name: Disable Firefox unified telemetry
recommend: standard
docs: |-
This script is designed to disable the `toolkit.telemetry.unified` preference.
If this preference is enabled, it results in two effects:
1. Firstly, telemetry will always be enabled and recording base data [1].
2. Secondly, additional main pings will be sent [1].
This preference is enabled by default [1].
The `toolkit.telemetry.unified` preference signifies whether the Telemetry system is operating
in Unified mode or not [2]. However, it's worth noting that this feature is planned to be phased
out and is considered as legacy by the developers [2].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221015105731/https://bugzilla.mozilla.org/show_bug.cgi?id=1406390#c2
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.unified
jsonValue: 'false'
-
category: Disable Firefox telemetry logs
docs: |-
Firefox logs telemetry information in various locations, such as the console and `stdout` [1].
This logged information reveals details about your usage pattern.
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
children:
-
name: Minimize Firefox telemetry logging verbosity
recommend: standard
docs: |-
This script sets the `toolkit.telemetry.log.level` preference to the least verbosity to minimize logs.
This preference adjusts the telemetry logging verbosity as per `Log.jsm` [1].
By default, logging is restricted to the console service [1].
It displays telemetry information in the browser console [2] and can be used to monitor telemetry activity
in the JavaScript console [3]. This process is also referred to as telemetry tracing [4].
The output can be accessed via the DevTools console [4], navigable through the menu by selecting
"Tools" => "Developer Tools" => "Error Console" (CTRL+SHIFT+J).
The available verbosity levels, in descending order, are `Trace`, `Debug`, `Config`, `Info`, `Warn` (default),
`Error`, and `Fatal` [1].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221029134403/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/start/index.html "Getting started — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[3]: https://web.archive.org/web/20221025154541/https://hg.mozilla.org/comm-central/rev/f8a6cf1ee08f8223c36bb92414e29734d8d6c9d9 "comm-central: changeset 28531:f8a6cf1ee08f8223c36bb92414e29734d8d6c9d9 | hg.mozilla.org"
[4]: https://web.archive.org/web/20221025154517/https://hg.mozilla.org/comm-central/file/tip/mail/components/telemetry/README.md#l81 "comm-central: mail/components/telemetry/README.md@a2958dfb3462eac068cb1a2c75c5213fc4808b1a | hg.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.log.level
jsonValue: >-
"Fatal"
-
name: Disable Firefox telemetry log output
recommend: standard
docs: |-
This script adjusts the `toolkit.telemetry.log.dump` setting to its most restricted value.
This preference controls whether to dump telemetry log messages to `stdout` [1].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.log.dump
jsonValue: >-
"Fatal"
-
name: Clear Firefox telemetry user ID
recommend: standard
docs: |-
Firefox uses `toolkit.telemetry.cachedClientID` as an identifier for the client and/or the user [1] [2] [3].
This ID is static and is used to identify the user [3].
[1]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy "Firefox/Privacy - ArchWiki | wiki.archlinux.org"
[2]: https://web.archive.org/web/20221025163051/https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/app/TelemetryUtils.jsm#l101 "mozilla-central: toolkit/components/telemetry/app/TelemetryUtils.jsm@41ff1810fc5e1ee4ccdea2f1f81fcfc6d04d0fa1"
[3]: https://web.archive.org/web/20221025163051/https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/app/TelemetryUtils.jsm#l29 "mozilla-central: toolkit/components/telemetry/app/TelemetryUtils.jsm@41ff1810fc5e1ee4ccdea2f1f81fcfc6d04d0fa1"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.cachedClientID
jsonValue: '""'
-
category: Disable Firefox telemetry pings
docs: |-
A telemetry ping refers to the data that Firefox transmits to Mozilla's Telemetry servers [1].
It comes in different types and includes information collected by telemetry [1].
[1]: https://web.archive.org/web/20221025163526/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/concepts/pings.html "Telemetry pings — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
children:
-
name: Disable pings to Firefox telemetry server
recommend: standard
docs: |-
This script sets `toolkit.telemetry.server` to be empty.
This preference defines the server to which Telemetry pings are sent [1].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.server
jsonValue: '""'
-
name: Disable Firefox shutdown ping
recommend: standard
docs: |-
The shutdown ping provides data about a clean shutdown [1].
This script turns off three preferences to disable shutdown pings:
1. `toolkit.telemetry.shutdownPingSender.enabled`: This preference permits the shutdown ping
to be sent when the browser is closed from the second browsing session onwards, as opposed
to on the next restart, through the ping sender [2].
2. `toolkit.telemetry.shutdownPingSender.enabledFirstSession`: This preference allows the
shutdown ping to be sent through the ping sender from the first browsing session [2].
3. `toolkit.telemetry.firstShutdownPing.enabled`: This preference permits a duplicate of
the main shutdown ping from the first browsing session to be sent as a separate
`first-shutdown` ping [2].
[1]: https://web.archive.org/web/20221030201323/https://wiki.mozilla.org/QA/Shutdown_Ping#Test_Objectives "QA/Shutdown Ping - MozillaWiki | wiki.mozilla.org"
[2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
call:
-
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.shutdownPingSender.enabled
jsonValue: 'false'
-
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.shutdownPingSender.enabledFirstSession
jsonValue: 'false'
-
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.firstShutdownPing.enabled
jsonValue: 'false'
-
name: Disable Firefox new profile ping
recommend: standard
docs: |-
This script disables the `new-profile` ping sent from Firefox Desktop.
This ping is typically sent 30 minutes after the browser starts, during the first session of
a newly created profile [1]. If the first session of a new profile is shorter than
30 minutes, the ping is sent at shutdown using the Ping Sender [1].
This script sets the `toolkit.telemetry.newProfilePing.enabled` preference to disabled,
which effectively disables the `new-profile` ping for new profiles [2].
[1]: https://web.archive.org/web/20221025172041/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/new-profile-ping.html "“new-profile” ping — Firefox Source Docs documentation"
[2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.newProfilePing.enabled
jsonValue: 'false'
-
name: Disable Firefox update ping
recommend: standard
docs: |-
This script disables the `update` ping sent from Firefox Desktop.
This ping is sent when a browser update is ready to be applied and also after the update has
been successfully applied [1].
This script sets the `toolkit.telemetry.updatePing.enabled` preference to disabled,
which turns off the "update" ping associated with browser updates [2].
[1]: https://web.archive.org/web/20221025174136/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/update-ping.html "“update” ping — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.updatePing.enabled
jsonValue: 'false'
-
name: Disable Firefox prio ping
recommend: standard
docs: |-
This script disables the `prio` ping sent from Firefox Desktop.
The ping is submitted at least once a day for sessions that last longer than 24 hours [1],
and it is enabled by default [2].
It sends **Origin Telemetry** [1], which allows Mozilla to get precise counts of how
many Firefox clients perform certain activities on specific origins without revealing
which clients were doing which things on which origins [3].
This script sets the `toolkit.telemetry.prioping.enabled` preference to disabled, which
turns off the `prio` ping [2].
[1]: https://web.archive.org/web/20221025174031/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/data/prio-ping.html "“prio” ping — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[3]: https://web.archive.org/web/20221025174037/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/collection/origin.html#origintelemetry "Origin Telemetry — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.prioping.enabled
jsonValue: 'false'
-
category: Disable Firefox Pioneer program
docs: |-
Firefox Pioneer is a system in Firefox to test new features and changes on a subset of Firefox users [1].
Pioneer program sends private/sensitive data to Mozilla [2] [3].
[1]: https://web.archive.org/web/20221025161925/https://www.ghacks.net/2017/11/15/what-is-firefox-pioneer/ "What is Firefox Pioneer? - gHacks Tech News | ghacks.net"
[2]: https://web.archive.org/web/20221025160326/https://support.mozilla.org/en-US/questions/1224660 "What is a firefox pioneer example of how data will be used and how can this lead to a better user experience? | Firefox Support Forum | Mozilla Support"
[3]: https://web.archive.org/web/20221025162028/https://medium.com/firefox-context-graph/make-firefox-better-with-pioneer-10c82d0f9301 "Make Firefox Better With Pioneer. Data is the lifeblood of any product… | by Toby Elliott | Firefox Context Graph | Medium"
children:
-
name: Disable Firefox Pioneer study monitoring
recommend: standard
docs: |-
This script configures `toolkit.telemetry.pioneer-new-studies-available` to be disabled to opt out.
Firefox Pioneer program.
This setting disables availability check for Firefox Pioneer studies [1].
[1]: https://web.archive.org/web/20221025155900/https://hg.mozilla.org/mozilla-central/rev/eed56319e02a52e465929b50cccab29e34102833 "mozilla-central: changeset 539130:eed56319e02a52e465929b50cccab29e34102833 | hg.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.pioneer-new-studies-available
jsonValue: 'false'
-
name: Clear Firefox pioneer program ID
recommend: standard
docs: |-
If a user has chosen to participate in the Pioneer program, their Pioneer ID will be stored in this
field [1]. This ID serves as a link between user data and Mozilla servers [2].
[1]: https://web.archive.org/web/20221015102124/https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html "Preferences and Defines — Firefox Source Docs documentation | firefox-source-docs.mozilla.org"
[2]: https://web.archive.org/web/20221025162028/https://medium.com/firefox-context-graph/make-firefox-better-with-pioneer-10c82d0f9301 "Make Firefox Better With Pioneer. Data is the lifeblood of any product… | by Toby Elliott | Firefox Context Graph | Medium"
call:
function: AddFirefoxPrefs
parameters:
prefName: toolkit.telemetry.pioneerId
jsonValue: '""'
-
name: Disable connection tests (breaks automatic Wi-Fi login)
docs: |-
This script turns off the Firefox Captive Portal detection feature.
Firefox uses this feature to determine if a network connection requires a login, such as a
public Wi-Fi hotspot [1]. The test involves initiating an outgoing connection to Mozilla servers [1].
By default, these connection attempts occur at regular intervals [2][3].
This functionality could potentially expose your usage habits [4]. For instance, a public venue
like a hotel or restaurant might require you to input a password for internet access. If such a
portal is in place and blocking traffic, this feature prevents all other connection attempts,
possibly revealing your usage habits.
See also: [Captive portal | Wikipedia](https://web.archive.org/web/20221029223534/https://en.wikipedia.org/wiki/Captive_portal).
This script sets `network.captive-portal-service.enabled` to 'false', thereby disabling automatic
connections [1].
[1]: https://web.archive.org/web/20221025194630/https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_network-detection "How to stop Firefox from making automatic connections | Firefox Help | support.mozilla.org"
[2]: https://web.archive.org/web/20221025201801/https://bugzilla.mozilla.org/show_bug.cgi?id=1363651 "1363651 - http://detectportal.firefox.com/ is hammering our firewalls | bugzilla.mozilla.org"
[3]: https://web.archive.org/web/20221025201846/https://bugzilla.mozilla.org/show_bug.cgi?id=1359697#c3 "1359697 - Don't poll for captive portal detection | bugzilla.mozilla.org"
[4]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy "Firefox/Privacy - ArchWiki | wiki.archlinux.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: network.captive-portal-service.enabled
jsonValue: 'false'
-
category: Disable Firefox Phishing Protection (Safe Browsing) (decreases security)
docs: |-
Firefox's Safe Browsing feature, now referred to as Phishing Protection, is still internally
recognized as "Safe Browsing" [1].
To provide protection against phishing and malware, Firefox transmits the following data:
1. Partial address information for visited webpages [2].
2. Details such as name, origin, size, and hash of contents for downloaded files [2].
This data is sent to Google Safe Browsing [2] to aid in issuing warnings for downloaded files and
visited sites [2].
While Phishing Protection bolsters your security, it may decrease your privacy as it involves
sending data about the websites you visit and files you download to Google [1][2].
There have been concerns about the potential for Google Safe Browsing to be used for censorship
in the future, although this has not occurred as of yet [3].
[1]: https://web.archive.org/web/20221025192643/https://wiki.mozilla.org/Security/Safe_Browsing "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org"
[2]: https://web.archive.org/web/20221025193000/https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-protection-work#w_what-information-is-sent-to-mozilla-or-its-partners-when-phishing-and-malware-protection-is-enabled
[3]: https://web.archive.org/web/20221025192516/https://www.usnews.com/opinion/articles/2016-06-22/google-is-the-worlds-biggest-censor-and-its-power-must-be-regulated "Google Is the World's Biggest Censor and Its Power Must Be Regulated | usnews.com"
children:
-
name: Disable blocking of unstable plugins in Firefox
docs: |-
This script sets `browser.safebrowsing.blockedURIs.enabled` to 'false', thereby disabling plugin
stability blocking [1].
Disabling this feature might have mixed implications:
- Disabling the blocking of unstable plugins can potentially expose the user to vulnerabilities associated with these plugins.
These plugins may include malware, which would compromise user privacy and data.
- It removes the need for data communication via Mozilla servers `addons.mozilla.org` for list retrieval [2]. This feature requires
frequent requests to download large amount of data.
If this blocking is removed, the user should be knowledgeable about the potential risks and will take precautions.
[1]: https://web.archive.org/web/20221025192643/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org"
[2]: https://web.archive.org/web/20230811024650/https://blog.mozilla.org/addons/2020/08/24/introducing-a-scalable-add-ons-blocklist/ "Introducing a scalable add-ons blocklist | Mozilla Add-ons Community Blog"
call:
function: AddFirefoxPrefs
parameters:
prefName: browser.safebrowsing.blockedURIs.enabled
jsonValue: 'false'
-
name: Disable Firefox application reputation checks for downloads
docs: |-
This script pertains to a feature that safeguards users from malware downloads [1].
This protective measure operates by transmitting downloaded URL and file data to
Google's servers [3].
The script modifies `browser.safebrowsing.downloads.enabled` to a disabled state.
This adjustment consequently disables application reputation checks for downloaded files [1] [2].
Inhibiting this feature concurrently disables remote lookups
(`browser.safebrowsing.downloads.remote.enabled`) [1].
Read more: [Security/Features/Application Reputation Design Doc | wiki.mozilla.org](https://web.archive.org/web/20221025204612/https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc)
[1]: https://web.archive.org/web/20221025204436/https://wiki.mozilla.org/Security/Download_Protection "Security/Download Protection - MozillaWiki | wiki.mozilla.org"
[2]: https://web.archive.org/web/20221025162743/https://wiki.archlinux.org/title/Firefox/Privacy#Disable_.27Safe_Browsing.27_service "Firefox/Privacy - ArchWiki | wiki.archlinux.org"
[3]: https://web.archive.org/web/20221025204612/https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc "Security/Features/Application Reputation Design Doc - MozillaWiki | wiki.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: browser.safebrowsing.downloads.enabled
jsonValue: 'false'
-
name: Disable Firefox malware protection
docs: |-
Mozilla Firefox maintains a list of known malware, and checks user downloads against
this list [1]. If the user downloads a file that matches an entry in the list, a warning
can be displayed [1].
This script modifies `browser.safebrowsing.malware.enabled` to a disabled state.
This preference dictates whether to enable malware checks [1].
Disabling it halts the downloading of malware blacklists and ceases checks on downloads [1].
It is active by default [1].
Note that disabling this protection disrupts application reputation checks for downloaded files,
since it relies on this feature [2].
[1]: https://web.archive.org/web/20221025211950/https://kb.mozillazine.org/Browser.safebrowsing.malware.enabled "Browser.safebrowsing.malware.enabled - MozillaZine Knowledge Base | kb.mozillazine.org"
[2]: https://web.archive.org/web/20221025204436/https://wiki.mozilla.org/Security/Download_Protection "Security/Download Protection - MozillaWiki | wiki.mozilla.org"
call:
function: AddFirefoxPrefs
parameters:
prefName: browser.safebrowsing.malware.enabled
jsonValue: 'false'
-
name: Disable Firefox phishing protection
docs: |-
This script modifies `browser.safebrowsing.phishing.enabled` to a disabled state.
This preference determines whether to enable phishing protection [1] [2].
It is active by default [2].
[1]: https://web.archive.org/web/20221025192643/https://wiki.mozilla.org/Security/Safe_Browsing#Prefs "Security/Safe Browsing - MozillaWiki | wiki.mozilla.org"
[2]: https://web.archive.org/web/20221029173442/https://github.com/mozilla/policy-templates/blob/master/README.md#preferences "policy-templates/README.md at master · mozilla/policy-templates · GitHub | github.com"
call:
function: AddFirefoxPrefs
parameters:
prefName: browser.safebrowsing.phishing.enabled
jsonValue: 'false'
functions:
-
name: RunInlineCode
parameters:
- name: code
- name: revertCode
optional: true
code: '{{ $code }}'
revertCode: '{{ with $revertCode }}{{ . }}{{ end }}'
-
name: RunIfCommandExists # Skips if command does not exist
parameters:
- name: command
- name: code
- name: revertCode
optional: true
code: |-
if ! command -v '{{ $command }}' &> /dev/null; then
echo 'Skipping because "{{ $command }}" is not found.'
else
{{ $code }}
fi
revertCode: |-
{{ with $revertCode }}
if ! command -v '{{ $command }}' &> /dev/null; then
>&2 echo 'Cannot revert because "{{ $command }}" is not found.'
else
{{ . }}
fi
{{ end }}
-
name: RunPython3Code
parameters:
- name: command
- name: code
- name: revertCode
optional: true
call:
function: RunIfCommandExists
parameters:
command: python3
code: |-
python3 <<EOF
{{ $code }}
EOF
revertCode: |-
{{ with $revertCode }}
python3 <<EOF
{{ . }}
EOF
{{ end }}
-
name: DeleteFileFromUserAndRootHome
parameters:
- name: file
code: |-
rm -fv ~/{{ $file }}
sudo rm -fv /root/{{ $file }}
-
name: SetVsCodeSetting
parameters:
- name: setting
- name: jsonValue
call:
function: RunPython3Code
parameters:
code: |-
from pathlib import Path
import os, json, sys
property_name = '{{ $setting }}'
target = json.loads('{{ $jsonValue }}')
home_dir = f'/home/{os.getenv("SUDO_USER", os.getenv("USER"))}'
settings_files = [
# Global installation (also Snap that installs with "--classic" flag)
f'{home_dir}/.config/Code/User/settings.json',
# Flatpak installation
f'{home_dir}/.var/app/com.visualstudio.code/config/Code/User/settings.json'
]
for settings_file in settings_files:
file=Path(settings_file)
if not file.is_file():
print(f'Skipping, file does not exist at "{settings_file}".')
continue
print(f'Reading file at "{settings_file}".')
file_content = file.read_text()
if not file_content.strip():
print('Settings file is empty. Treating it as default empty JSON object.')
file_content = '{}'
json_object = None
try:
json_object = json.loads(file_content)
except json.JSONDecodeError:
print(f'Error, invalid JSON format in the settings file: "{settings_file}".', file=sys.stderr)
continue
if property_name not in json_object:
print(f'Settings "{property_name}" is not configured.')
else:
existing_value = json_object[property_name]
if existing_value == target:
print(f'Skipping, "{property_name}" is already configured as {json.dumps(target)}.')
continue
print(f'Setting "{property_name}" has unexpected value {json.dumps(existing_value)} that will be changed.')
json_object[property_name] = target
new_content = json.dumps(json_object, indent=2)
file.write_text(new_content)
print(f'Successfully configured "{property_name}" to {json.dumps(target)}.')
revertCode: |-
from pathlib import Path
import os, json, sys
property_name = '{{ $setting }}'
target = json.loads('{{ $jsonValue }}')
home_dir = f'/home/{os.getenv("SUDO_USER", os.getenv("USER"))}'
settings_files = [
# Global installation (also Snap that installs with "--classic" flag)
f'{home_dir}/.config/Code/User/settings.json',
# Flatpak installation
f'{home_dir}/.var/app/com.visualstudio.code/config/Code/User/settings.json'
]
for settings_file in settings_files:
file=Path(settings_file)
if not file.is_file():
print(f'Skipping, file does not exist at "{settings_file}".')
continue
print(f'Reading file at "{settings_file}".')
file_content = file.read_text()
if not file_content.strip():
print(f'Skipping, no need to revert because settings file is empty: "{settings_file}".')
continue
try:
json_object = json.loads(file_content)
except json.JSONDecodeError:
print(f'Error, invalid JSON format in the settings file: "{settings_file}".', file=sys.stderr)
continue
if property_name not in json_object:
print(f'Skipping, "{property_name}" is not configured.')
continue
existing_value = json_object[property_name]
if existing_value != target:
print(f'Skipping, "{property_name}" is configured using {json.dumps(existing_value)} instead of {json.dumps(target)}.')
continue
del json_object[property_name]
new_content = json.dumps(json_object, indent=2)
file.write_text(new_content)
print(f'Successfully reverted "{property_name}" setting.')
-
name: UninstallPacmanPackage
parameters:
- name: packageName
call:
function: RunIfCommandExists
parameters:
command: pacman
code: |-
pkg_package_name='{{ $packageName }}'
if pacman -Qs "$pkg_package_name" > /dev/null ; then
echo "\"$pkg_package_name\" is installed and will be uninstalled."
sudo pacman -Rcns "$pkg_package_name" --noconfirm
else
echo "The package $pkg_package_name is not installed"
fi
revertCode: |-
pkg_package_name='{{ $packageName }}'
if pacman -Qs "$pkg_package_name" > /dev/null ; then
echo "Skipping, no action needed because \"$pkg_package_name\" is already installed."
else
echo "\"$pkg_package_name\" is not installed and will be reinstalled."
sudo pacman -S "$pkg_package_name" --noconfirm
fi
-
name: UninstallRPMPackage
parameters:
- name: packageName
call:
function: RunIfCommandExists
parameters:
command: dnf
code: |-
rpm_package_name='{{ $packageName }}'
sudo dnf autoremove -y --skip-broken "$rpm_package_name"
revertCode: |-
rpm_package_name='{{ $packageName }}'
sudo dnf install -y "$rpm_package_name"
-
name: UninstallAptPackage
parameters:
- name: packageName
call:
function: RunIfCommandExists
parameters:
command: apt-get
code: |-
apt_package_name='{{ $packageName }}'
if status="$(dpkg-query -W --showformat='${db:Status-Status}' "$apt_package_name" 2>&1)" \
&& [ "$status" = installed ]; then
echo "\"$apt_package_name\" is installed and will be uninstalled."
sudo apt-get purge -y "$apt_package_name"
else
echo "Skipping, no action needed, \"$apt_package_name\" is not installed."
fi
revertCode: |-
apt_package_name='{{ $packageName }}'
if status="$(dpkg-query -W --showformat='${db:Status-Status}' "$apt_package_name" 2>&1)" \
&& [ "$status" = installed ]; then
echo "Skipping, no action needed because \"$apt_package_name\" is already installed."
else
echo "\"$apt_package_name\" is not installed and will be reinstalled."
sudo apt-get install -y "$apt_package_name"
fi
-
name: DisableSystemdService
parameters:
- name: serviceName
call:
function: RunIfCommandExists
parameters:
command: systemctl
# `service` is wrapper supporting different backends such as systemctl
# However it lacks the "disable" command so we use lower level systemctl
code: |-
service='{{ $serviceName }}'
if systemctl list-units --full -all | grep --fixed-strings --quiet "$service"; then # service exists
if systemctl is-enabled --quiet "$service"; then
if systemctl is-active --quiet "$service"; then
echo "Service $service is running now, stopping it."
if ! sudo systemctl stop "$service"; then
>&2 echo "Could not stop $service."
else
echo 'Successfully stopped'
fi
fi
if sudo systemctl disable "$service"; then
echo "Successfully disabled $service."
else
>&2 echo "Failed to disable $service."
fi
else
echo "Skipping, $service is already disabled."
fi
else
echo "Skipping, $service does not exist."
fi
revertCode: |- # Not restarting/enabling service because the process/socket may need to be trigged by other hooks.
service='{{ $serviceName }}'
if systemctl list-units --full -all | grep --fixed-strings --quiet "$service"; then # service exists
if systemctl is-enabled --quiet "$service"; then
echo "Skipping, $service is already enabled."
else
if sudo systemctl enable "$service"; then
echo "Successfully enabled $service, it may require reboot to start."
else
>&2 echo "Failed to enable $service."
fi
fi
else
>&2 echo "Failed, $service does not exist."
fi
-
name: Comment
# 💡 Purpose:
# Adds a comment in the executed code for better readability and debugging.
# This function does not affect the execution flow but helps in understanding the purpose of subsequent code.
parameters:
- name: codeComment
optional: true
- name: revertCodeComment
optional: true
call:
function: RunInlineCode
parameters:
code: '{{ with $codeComment }}# {{ . }}{{ end }}'
revertCode: '{{ with $revertCodeComment }}# {{ . }}{{ end }}'
-
name: DeleteFiles
parameters:
- name: fileGlob
call:
-
function: Comment
parameters:
codeComment: >-
Delete files matching pattern: "{{ $fileGlob }}"
-
function: RunPython3Code
parameters:
code: |-
import glob
import os
path = '{{ $fileGlob }}'
expanded_path = os.path.expandvars(os.path.expanduser(path))
print(f'Deleting files matching pattern: {expanded_path}')
paths = glob.glob(expanded_path)
if not paths:
print('Skipping, no paths found.')
for path in paths:
if not os.path.isfile(path):
print(f'Skipping folder: "{path}".')
continue
os.remove(path)
print(f'Successfully delete file: "{path}".')
print(f'Successfully deleted {len(paths)} file(s).')
-
name: DeleteFilesFromFirefoxProfiles
parameters:
- name: pathGlob # file or folder in profile file
call:
- # Global installation
function: DeleteFiles
parameters:
fileGlob: ~/.mozilla/firefox/*/{{ $pathGlob }}
- # Flatpak installation
function: DeleteFiles
parameters:
fileGlob: ~/.var/app/org.mozilla.firefox/.mozilla/firefox/*/{{ $pathGlob }}
- # Snap installation
function: DeleteFiles
parameters:
fileGlob: ~/snap/firefox/common/.mozilla/firefox/*/{{ $pathGlob }}
-
name: CleanTableFromFirefoxProfileDatabase
parameters:
- name: databaseFileName
- name: tableName
call:
function: RunPython3Code
parameters:
code: |-
import os
import sqlite3
import glob
import sys
database_name = 'places.sqlite'
table_name = 'moz_inputhistory' # moz_historyvisits, moz_places
home_dir = f'/home/{os.getenv("SUDO_USER", os.getenv("USER"))}'
database_globs = [
# Global installation
f'{home_dir}/.mozilla/firefox/*/{database_name}',
# Flatpak installation
f'{home_dir}/.var/app/org.mozilla.firefox/.mozilla/firefox/*/{database_name}',
# Snap installation
f'{home_dir}/snap/firefox/common/.mozilla/firefox/*/{database_name}',
]
database_files = [file for files in [glob.glob(glob_pattern) for glob_pattern in database_globs] for file in files]
if not database_files:
print(f'Skipping, no "{database_name}" found.')
exit(0)
print(f'Total database files found: {len(database_files)}')
for file in database_files:
print(f'Cleaning "{table_name}" in: {file}')
try:
conn = sqlite3.connect(file)
cursor = conn.cursor()
cursor.execute(f'DELETE from {table_name}')
total_deleted = cursor.rowcount
print(f'Table was empty, no items were deleted.' if total_deleted == 0 else f'Total deleted items: {cursor.rowcount}')
except Exception as e:
print(f'Failed to delete: {e}', file=sys.stderr)
-
name: DeleteFileFromThunderbirdProfiles
parameters:
- name: file
code: |-
# {{ $file }}: Global installation
rm -fv ~/.thunderbird/*/{{ $file }}
# {{ $file }}: Flatpak installation
rm -fv ~/snap/thunderbird/common/.thunderbird/*/{{ $file }}
# {{ $file }}: Snap installation
rm -fv ~/.var/app/org.mozilla.Thunderbird/.thunderbird/*/{{ $file }}
-
name: DeleteFileFromGNOMEWebData
parameters:
- name: file
code: |-
# {{ $file }}: Global installation
rm -fv ~/.local/share/epiphany/{{ $file }}
# {{ $file }}: Flatpak installation
rm -fv ~/.var/app/org.gnome.Epiphany/data/epiphany/{{ $file }}
# {{ $file }}: Snap installation
rm -fv ~/snap/epiphany/*/.local/share/epiphany/{{ $file }}
-
name: ClearDirFromVsCodeUserDataDir
parameters:
- name: directory # Whitespaces must be escaped with /
code: |-
# {{ $directory }}: Global installation (also Snap with --classic)
rm -rfv ~/.config/Code/{{ $directory }}/*
# {{ $directory }}: Flatpak installation
rm -rfv ~/.var/app/com.visualstudio.code/config/Code/{{ $directory }}/*
-
name: PersistSystemEnvironmentVariable
parameters:
- name: variable
- name: value
# We can change different files:
# System-wide:
# [/etc/profile]
# Contains system wide shell initialization scripts.
# ❌ It's a configuration file of the base-files package, so it's not appropriate to edit that file directly.
# [/etc/profile.d/*.sh]
# Files with the .sh extension in the /etc/profile.d directory get executed whenever.
# a bash login shell is entered (e.g. when logging in from the console or over ssh).
# ✅ Recommended to be edited by Ubuntu.
# [/etc/environment]
# Used for system-wide environment variable settings.
# It is not a script file, but rather consists of assignment expressions, one per line..
# ✅ Owned by root, requires sudo.
# ✅ Shell agnostic.
# ✅ Recommended by Debian to edit for global environment variables.
# User-specific:
# [~/.profile]
# User-specific shell initialization scripts.
# ✅ Recomended by Debian to edit for user-specific environment variables.
# [~/.bashrc]
# User-based configuration file to set environment variables for Bash shell.
# ❌ Bash-specific.
# [~/.pam_environment]
# User-specific "/etc/environment"
# References:
# - https://web.archive.org/web/20221029173442/https://help.ubuntu.com/community/EnvironmentVariables
# - https://web.archive.org/web/20221029173630/https://wiki.archlinux.org/title/Environment_variables#Defining_variables
# - https://web.archive.org/web/20221029173825/https://wiki.debian.org/EnvironmentVariables
code: |-
variable='{{ $variable }}'
value='{{ $value }}'
declaration_file='/etc/environment'
if ! [ -f "$declaration_file" ]; then
echo "\"$declaration_file\" does not exist."
sudo touch "$declaration_file"
echo "Created $declaration_file."
fi
assignment_start="$variable="
assignment="$variable=$value"
if ! grep --quiet "^$assignment_start" "${declaration_file}"; then
echo "Variable \"$variable\" was not configured before."
echo -n $'\n'"$assignment" | sudo tee -a "$declaration_file" > /dev/null
echo "Successfully configured ($assignment)."
else
if grep --quiet "^$assignment$" "${declaration_file}"; then
echo "Skipping. Variable \"$variable\" is already set to value \"$value\"."
else
if ! sudo sed --in-place "/^$assignment_start/d" "$declaration_file"; then
>&2 echo "Failed to delete assignment starting with \"$assignment_start\"."
else
echo "Successfully deleted unexpected assignment of \"$variable\"."
if ! echo -n $'\n'"$assignment" | sudo tee -a "$declaration_file" > /dev/null; then
>&2 echo "Failed to add assignment \"$assignment\"."
else
echo "Successfully reconfigured ($assignment)."
fi
fi
fi
fi
revertCode: |-
variable='{{ $variable }}'
value='{{ $value }}'
declaration_file='/etc/environment'
if ! [ -f "$declaration_file" ]; then
echo "Skipping, \"$declaration_file\" does not exist."
else
assignment="$variable=$value"
if grep --quiet "^$assignment$" "${declaration_file}"; then
if sudo sed --in-place "/^$assignment$/d" "$declaration_file"; then
echo "Successfully deleted \"$variable\" with \"$value\"."
else
>&2 echo "Failed to delete \"$assignment\"."
fi
else
echo "Skipping, \"$variable\" with \"$value\" is not found."
fi
fi
-
name: DisableCronjob
parameters:
- name: jobName
# Cron is not restarted after changes because according to manpage:
# > …cron will then examine the modification time on all crontabs and reload those which have changed.
# > Thus cron need not be restarted whenever a crontab file is modified.
code: |-
job_name='{{ $jobName }}'
cronjob_path="/etc/cron.daily/$job_name"
if [[ -f "$cronjob_path" ]]; then
if [[ -x "$cronjob_path" ]]; then
sudo chmod -x "$cronjob_path"
echo "Succesfully disabled cronjob \"$job_name\"."
else
echo "Skipping, cronjob \"$job_name\" is already disabled."
fi
else
echo "Skipping, \"$job_name\" cronjob is not found."
fi
revertCode: |-
cronjob_path="/etc/cron.daily/$job_name"
if [[ -f "$cronjob_path" ]]; then
if [[ -x "$cronjob_path" ]]; then
echo "Skipping, cronjob \"$job_name\" is already enabled."
else
sudo chmod +x "$cronjob_path"
echo "Succesfully enabled cronjob \"$job_name\"."
fi
else
>&2 echo "Failed to enable cronjob \"$job_name\" because it's missing."
fi
-
name: AddFirefoxPrefs
parameters:
- name: prefName
- name: jsonValue
docs: |-
This script modifies the `user.js` file in Firefox profiles to set specific preferences.
The `user.js` file can be found in a Firefox profile folder [1] and its location depends on the type of installation:
- Default: `~/.mozilla/firefox/<profile-name>/user.js`
- Flatpak: `~/.var/app/org.mozilla.firefox/.mozilla/firefox/<profile-name>/user.js`
- Snap: `~/snap/firefox/common/.mozilla/firefox/<profile-name>/user.js`
While the `user.js` file is optional [2], if it's present, the Firefox will prioritize its settings over
those in `prefs.js` upon startup [1] [2]. It's recommended not to directly edit `prefs.js` to avoid profile corruption [2].
When `user.js` is modified or deleted, corresponding changes in `prefs.js` are necessary for reversion, as Firefox
doesn't automatically revert these changes [3].
This script safely modifies `user.js` and ensures changes are reflected in `prefs.js` during reversion, addressing
issues with preference persistence [3].
[1]: https://web.archive.org/web/20230811005205/https://kb.mozillazine.org/User.js_file "User.js file - MozillaZine Knowledge Base"
[2]: https://web.archive.org/web/20221029211757/https://kb.mozillazine.org/Prefs.js_file "Prefs.js file - MozillaZine Knowledge Base"
[3]: https://github.com/undergroundwires/privacy.sexy/issues/282 "[BUG]: Reverting Firefox settings do not work on Linux · Issue #282 · undergroundwires/privacy.sexy | github.com"
code: |-
pref_name='{{ $prefName }}'
pref_value='{{ $jsonValue }}'
echo "Setting preference \"$pref_name\" to \"$pref_value\"."
declare -a profile_paths=(
~/.mozilla/firefox/*/
~/.var/app/org.mozilla.firefox/.mozilla/firefox/*/
~/snap/firefox/common/.mozilla/firefox/*/
)
declare -i total_profiles_found=0
for profile_dir in "${profile_paths[@]}"; do
if [ ! -d "$profile_dir" ]; then
continue
fi
if [[ ! "$(basename "$profile_dir")" =~ ^[a-z0-9]{8}\..+ ]]; then
continue # Not a profile folder
fi
((total_profiles_found++))
user_js_file="${profile_dir}user.js"
echo "$user_js_file:"
if [ ! -f "$user_js_file" ]; then
touch "$user_js_file"
echo $'\t''Created new user.js file'
fi
pref_start="user_pref(\"$pref_name\","
pref_line="user_pref(\"$pref_name\", $pref_value);"
if ! grep --quiet "^$pref_start" "${user_js_file}"; then
echo -n $'\n'"$pref_line" >> "$user_js_file"
echo $'\t'"Successfully added a new preference in $user_js_file."
elif grep --quiet "^$pref_line$" "$user_js_file"; then
echo $'\t'"Skipping, preference is already set as expected in $user_js_file."
else
sed --in-place "/^$pref_start/c\\$pref_line" "$user_js_file"
echo $'\t'"Successfully replaced the existing incorrect preference in $user_js_file."
fi
done
if [ "$total_profiles_found" -eq 0 ]; then
echo 'No profile folders are found, no changes are made.'
else
echo "Successfully verified preferences in $total_profiles_found profiles."
fi
revertCode: |-
pref_name='{{ $prefName }}'
pref_value='{{ $jsonValue }}'
echo "Reverting preference: \"$pref_name\" to its default."
if command -v 'ps' &> /dev/null && ps aux | grep -i "[f]irefox" > /dev/null; then
>&2 echo -e "\e[33mWarning: Firefox is currently running. Please close Firefox before executing the revert script to ensure changes are applied effectively.\e[0m"
fi
declare -a files_to_modify=('prefs.js' 'user.js')
declare -a profile_paths=(
~/.mozilla/firefox/*/
~/.var/app/org.mozilla.firefox/.mozilla/firefox/*/
~/snap/firefox/common/.mozilla/firefox/*/
)
declare -i total_profiles_found=0
for profile_dir in "${profile_paths[@]}"; do
if [ ! -d "$profile_dir" ]; then
continue
fi
if [[ ! "$(basename "$profile_dir")" =~ ^[a-z0-9]{8}\..+ ]]; then
continue # Not a profile folder
fi
((total_profiles_found++))
for file_to_modify in "${files_to_modify[@]}"; do
config_file_path="${profile_dir}${file_to_modify}"
if [ ! -f "$config_file_path" ]; then
continue
fi
echo "$config_file_path:"
pref_start="user_pref(\"$pref_name\","
pref_line="user_pref(\"$pref_name\", $pref_value);"
if ! grep --quiet "^$pref_start" "${config_file_path}"; then
echo $'\t''Skipping, preference was not configured before.'
elif grep --quiet "^$pref_line$" "${config_file_path}"; then
sed --in-place "/^$pref_line/d" "$config_file_path"
echo $'\t''Successfully reverted preference to default.'
if ! grep --quiet '[^[:space:]]' "$config_file_path"; then
rm "$config_file_path"
echo $'\t'"Removed the file as it became empty."
fi
else
echo $'\t''Skipping, the preference has value that is not configured by privacy.sexy.'
fi
done
done
if [ "$total_profiles_found" -eq 0 ]; then
echo 'No reversion was necessary.'
else
echo "Successfully verified preferences in $total_profiles_found profiles."
fi
-
name: RenameFile
parameters:
- name: path
code: |-
file='{{ $path }}'
backup_file="${file}.old"
if [ -f "$file" ]; then
echo "File exists: $file."
sudo mv "$file" "$backup_file"
echo "Moved to: $backup_file."
else
echo "Skipping, no changes needed."
fi
revertCode: |-
file='{{ $path }}'
backup_file="${file}.old"
if [ -f "$backup_file" ]; then
echo "Backup file exists: $file."
sudo mv "$backup_file" "$file"
echo "Moved to: $file."
echo "Succesfully restored."
else
>&2 echo "Failed to restore, backup file could not be found at $backup_file."
>&2 echo "Was the change initially applied by privacy.sexy?"
fi
-
name: ReplaceFileContent
parameters:
- name: filePath
- name: newContent
code: |-
file='{{ $filePath }}'
new_content=$'{{ $newContent }}'
backup_file="${file}.backup"
if [ ! -f "$file" ]; then
>&2 echo "Skipping, original file missing at $file."
else
sudo mv "$file" "$backup_file"
echo "Successfully backed up existing $file"
echo -n $"$new_content" | sudo tee "$file" > /dev/null
echo "Successfully replaced $file"
fi
revertCode: |-
file='{{ $filePath }}'
backup_file="${file}.backup"
if [ ! -f "$backup_file" ]; then
>&2 echo "Failed, backup file is missing at $backup_file."
else
sudo rm -fv "$file"
sudo mv "$file.backup" "$file"
echo "Successfully restored from backup: $file"
fi
Reference in New Issue View Git Blame Copy Permalink