- cross-posted to:
- linux@programming.dev
currently doing a fix of the code, wait for the 0.2 release!
Thunderbird is great, but very complex and possibly insecure and not private.
Threat model is an important key word here. Imagine you would write Mails over Tor/Tails only and need a secure Mail client.
(Btw I can recommend Carburetor Flatpak for that).
Because of this, the thunderbird hardening user.js, similar to the Arkenfox project exists.
But it is a bit too strict for most threat models. Also settings might change or break, and this has no automatic updating mechanism.
(I should upstream the updater)
The user.js is also just a template, so a ton of mostly not needed configs will stay there.
This project makes the setup of the hardening user.js easy.
Once setup, the script is placed in ~/.local/bin and a user systemd service runs it every once in a while.
You can comment out lines if you want to keep certain settings.
Git clone is useful if you want actually keep the source code you downloaded originally. Also I assume people who use this command to get a program, would remove that directory manually after job is done (if they don’t want to keep it). And I am always very careful with rm commands, therefore I do not include them most of the time. It’s not like people would not know how to deal with temporary files they download, just like downloading an archive, unpacking it and removing the archive file as an analogy.
At least this is my way of doing so. I think this transparency is good for the end user, better than “hiding” it behind a curl into bash in my opinion (opinions vary I have noticed in the forums). You could put
cd Downloadsright before/abovegit clonecommand, to remind them its meant to be temporary. But I guess this does not align with the values and philosophy you follow, because you want to have it as simple and distraction free as possible for your user. That’s why the curl into bash in the first place. It’s just a priority thing what you value more.