GitHub - boredsquirrel/Thunderbird-hardening-automation: Automatically update secure settings for Thunderbird, configure them to your needs
github.com
Automatically update secure settings for Thunderbird, configure them to your needs - boredsquirrel/Thunderbird-hardening-automation

currently doing a fix of the code, wait for the 0.2 release!

Thunderbird is great, but very complex and possibly insecure and not private.

Threat model is an important key word here. Imagine you would write Mails over Tor/Tails only and need a secure Mail client.

(Btw I can recommend Carburetor Flatpak for that).

Because of this, the thunderbird hardening user.js, similar to the Arkenfox project exists.

But it is a bit too strict for most threat models. Also settings might change or break, and this has no automatic updating mechanism.

(I should upstream the updater)

The user.js is also just a template, so a ton of mostly not needed configs will stay there.

This project makes the setup of the hardening user.js easy.

Once setup, the script is placed in ~/.local/bin and a user systemd service runs it every once in a while.

You can comment out lines if you want to keep certain settings.

  • boredsquirrelOP
    31·
    25 days ago

    Interesting, learning new things!

    I did the “git clone and use only one file” stuff a lot and it sucks having all these files in the homedir.

    I now use a subdir called “Git”, and I would recommend that too. Or I would remove the other files, that are not needed.

    The setup script can execute a lot of things, you should read it anyways. So yeah it may be a benefit to be sure that it is one git clone and then everything is local.

    I was just annoyed about all the unneeded git repos in my home dir, so I started never using the actual git stuff, and always using wget or curl.

    by building a command variable as a Bash array

    Damn this is really good. I will use that and make quite a few scripts like 99% faster XD

    Thanks!

    • thingsiplay@beehaw.org
      1·
      25 days ago

      Git clone is useful if you want actually keep the source code you downloaded originally. Also I assume people who use this command to get a program, would remove that directory manually after job is done (if they don’t want to keep it). And I am always very careful with rm commands, therefore I do not include them most of the time. It’s not like people would not know how to deal with temporary files they download, just like downloading an archive, unpacking it and removing the archive file as an analogy.

      At least this is my way of doing so. I think this transparency is good for the end user, better than “hiding” it behind a curl into bash in my opinion (opinions vary I have noticed in the forums). You could put cd Downloads right before/above git clone command, to remind them its meant to be temporary. But I guess this does not align with the values and philosophy you follow, because you want to have it as simple and distraction free as possible for your user. That’s why the curl into bash in the first place. It’s just a priority thing what you value more.