currently doing a fix of the code, wait for the 0.2 release!

Thunderbird is great, but very complex and possibly insecure and not private.

Threat model is an important key word here. Imagine you would write Mails over Tor/Tails only and need a secure Mail client.

(Btw I can recommend Carburetor Flatpak for that).

Because of this, the thunderbird hardening user.js, similar to the Arkenfox project exists.

But it is a bit too strict for most threat models. Also settings might change or break, and this has no automatic updating mechanism.

(I should upstream the updater)

The user.js is also just a template, so a ton of mostly not needed configs will stay there.

This project makes the setup of the hardening user.js easy.

Once setup, the script is placed in ~/.local/bin and a user systemd service runs it every once in a while.

You can comment out lines if you want to keep certain settings.

  • boredsquirrel@slrpnk.netOP
    link
    fedilink
    arrow-up
    2
    ·
    6 months ago

    In this specific case it is not how this works.

    It modifies lines searching for unique strings. If the string is not found, then it was maybe removed.

    (The user.js handles removals normally by commenting things out, so I might actually use a single command).

    If something was not found then it doesnt need to be changed, everything fine.

    The result is a user.js from a good template, with all the settings applied that I knew. Maybe something new was added and that is unchanged.

    The alternative would be not updating the config at all, which means no response to Mozilla adding weird stuff to it.

    Firefox is a more moving target here.

    I will implement a persistent GUI error message if something failed.