anonymity, privacy and security settings pre-configuration
Most settings take effect for newly created user account onlys, and not for existing user accounts.
Sets timezone to UTC.
Enables Menubar in Dolphin by default.
gnupg configuration for Anonymity Distributions:
- Ships Thunderbird torbirdy configuration file
/etc/thunderbird/pref/30_whonix.jsthat allows torified keyserver access.
- Deactivates KGpg's first run wizard. Disables tip of the day. Disables KGpg's systray. Disables key server. Reference: "High-risk users should stop using the keyserver network immediately."
Double click instead of single click in KDE.
Deactivates maximize windows when moved to the top. In context of anonymity it might be better not to maximize the browser window (https://trac.torproject.org/projects/tor/ticket/7255). To prevent users from accidentally maximizing their browser window, it is better when KDE's feature to maximize windows when moved to the top is disabled.
Deactivates KDE's system sounds.
Disables KDE graphics effects. Disables some background processes.
Stream Isolation (proxy) settings for KDE apps for Anonymity Distributions Configures global proxy settings, which acts as a fallback if no other proxy settings are set, for KDE applications to socks 10.152.152.10:9122. IP HARDCODED above but no need to change since it is description only. Otherwise unconfigured KDE applications would use no proxy settings (Transparent Proxying) if the anonymity distribution features a transparent proxy. Useful to improve stream isolation. On the other hand, anonymity distributions not featuring transparent proxying should probably not install this package by default, because then unconfigured KDE applications should by default not be able to connect.
Sets Unlimited Scrollback in Konsole.
Disables klipper clipboard history.
Deactivates automatic updates for Package Manager APT and Apper Useful in context of networks with limited traffic quota, slow networks and anonymity distributions. In latter case, the default automatic updates interval would be too predictable (expectable amount of traffic every X), thus eventually be vulnerable for traffic fingerprinting. Disabling Apper automatic updates only takes effect for newly created user accounts. Not for existing user accounts. This is most useful to help Linux distribution maintainers setting divergent defaults.
Longer Timeouts for Package Manager APT Raising timeout and retries using configuration snippet. Useful in context of slow networks and anonymity distributions.
Ships a configuration file /etc/apt/apt.conf.d/90longer-timeouts to configure apt-get.
Ships a configuration file /etc/skel/.config/vlc/vlcrc to configure VLC to not ask for network policy at start and sets vout=xcb_x11 to enable VM compatibility out-of-the-box.
Disabled gajim update manager by default for better security since it does not verify software signatures by hiding file /usr/share/gajim/plugins/plugin_installer/init.py using 'config-package-dev' 'hide'.
Disables systemd-resolved during boot unless file /etc/dns-enable exists.
Disables systemd-resolved fallback DNS (which by default is set to Google).
Removes capabilities from
installed as ping doesn't work with Tor anyway and its capabilities are just
unneeded attack surface.
Create a dummy Tor binary '/home/user/.local/share/Bisq/btc_mainnet/tor/tor' to avoid Tor over Tor.
Improves HexChat Privacy Settings
- As per: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO/XChat
- Moves the following files:
/usr/share/anon-apps-config, so these plugins get disabled by default.
Due to technical limitations some settings only take effect for applications being started for the very first time, i.e. when the user config of that application in the user's home folder does not exist yet. Works best for new user accounts.
This package is most useful to help Linux distribution maintainers setting divergent defaults.
How to install
anon-apps-config using apt-get
1. Download the APT Signing Key.
Users can check the Signing Key for better security.
2. Add the APT Signing Key..
sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc
3. Add the derivative repository.
echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.whonix.org bullseye main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
4. Update your package lists.
sudo apt-get update
sudo apt-get install anon-apps-config
How to Build deb Package from Source Code
Can be build using standard Debian package build tools such as:
generic-package with the actual name of this package
anon-apps-config requires donations to stay alive!