diff --git a/etc/opt/chromium/policies/managed/README.md b/etc/opt/chromium/policies/managed/README.md
index a31a9be0..2ebf1d00 100644
--- a/etc/opt/chromium/policies/managed/README.md
+++ b/etc/opt/chromium/policies/managed/README.md
@@ -24,20 +24,27 @@
   - [Privacy Badger](#privacy-badger)
 - [`black-theme-colour.json.sample`](#black-theme-colourjsonsample)
 - [`brave-shields-disabled.json`](#brave-shields-disabledjson)
+- [`disable-brave-ipfs.json`](#disable-brave-ipfsjson)
 - [`disable-brave-rewards-wallet.json`](#disable-brave-rewards-walletjson)
 - [`disable-brave-tor.json`](#disable-brave-torjson)
 - [`disable-brave-vpn.json`](#disable-brave-vpnjson)
 - [`disable-floc.json`](#disable-flocjson)
 - [`disable-incognito.json.badidea`](#disable-incognitojsonbadidea)
+- [`doh-adguard-dns0.json`](#doh-adguard-dns0json)
+- [`dph-adguard.json`](#dph-adguardjson)
+- [`doh-adguard-unfiltered.json`](#doh-adguard-unfilteredjson)
 - [`doh-cloudflare-secure.json`](#doh-cloudflare-securejson)
-- [`doh-unlocked-unset.json`](#doh-unlocked-unsetjson)
+- [`doh-disabled`](#doh-disabled)
 - [`doh-dns0.json`](#doh-dns0json)
+- [`doh-dns0-kids.json`](#doh-dns0-kidsjson)
+- [`doh-dns0-open.json`](#doh-dns0-openjson)
+- [`doh-dns0-zero.json`](#doh-dns0-zerojson)
+- [`doh-google64.json`](#doh-google64json)
+- [`doh-google.json`](#doh-googlejson)
 - [`doh-mullvad-base.json`](#doh-mullvad-basejson)
 - [`doh-quad9-ecs.json`](#doh-quad9-ecsjson)
-- [`doh-quad9-insecure-ecs.json.badidea`](#doh-quad9-insecure-ecsjsonbadidea)
-- [`doh-quad9-insecure.json.badidea`](#doh-quad9-insecurejsonbadidea)
 - [`doh-quad9.json`](#doh-quad9json)
-- [`doh-unlocked-unset.json`](#doh-unlocked-unsetjson-1)
+- [`doh-unlocked-unset.json`](#doh-unlocked-unsetjson)
 - [`edge-appsfavorites.json`](#edge-appsfavoritesjson)
 - [`edge-newtabapps.json`](#edge-newtabappsjson)
 - [`edge-screenshots.json`](#edge-screenshotsjson)
@@ -46,7 +53,6 @@
 - [`enable-passwordleakdetection.json`](#enable-passwordleakdetectionjson)
 - [`enable-tab-suspend.json`](#enable-tab-suspendjson)
 - [`fix-edge-search.json`](#fix-edge-searchjson)
-- [`force-incognito.json.badidea`](#force-incognitojsonbadidea)
 - [`generative-ai.json`](#generative-aijson)
 - [`https-everywhere.json`](#https-everywherejson)
 - [`README.md`](#readmemd)
@@ -178,6 +184,10 @@ disabling GTK/Qt themes.
 Allowlist for sites where I think Brave Shields may be breaking things. Similar is also in
 `aminda-extensions.json` for Privacy Badger.
 
+## `disable-brave-ipfs.json`
+
+Disables Brave integrated IPFS node.
+
 ## `disable-brave-rewards-wallet.json`
 
 Disables Brave rewards and wallet.
@@ -202,24 +212,32 @@ Manifest v2 extensions (as v3 is kind of floc too).
 
 Disables incognito mode. I don't recommend this.
 
+## `doh-adguard-dns0.json`
+
+## `dph-adguard.json`
+
+## `doh-adguard-unfiltered.json`
+
 ## `doh-cloudflare-secure.json`
 
 Sets Cloudflare with malware protection as the forced DNS-over-HTTPS server.
 
-## `doh-unlocked-unset.json`
-
-If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
-
-My other `doh-*.json` set this as well, because `secure` doesn't allow
-downgrade to system resolver and Chromium seems somewhat unreliable with it often reporting
-`DNS_PROBE_POSSIBLE` and while this occassionally disables ECH, it works and
-my system resolvers are encrypted. I hope they will implement ECH with system
-resolver soon to fix this.
+## `doh-disabled`
 
 ## `doh-dns0.json`
 
 Simply forces DNS-over-HTTPS with DNS0.eu.
 
+## `doh-dns0-kids.json`
+
+## `doh-dns0-open.json`
+
+## `doh-dns0-zero.json`
+
+## `doh-google64.json`
+
+## `doh-google.json`
+
 ## `doh-mullvad-base.json`
 
 Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking.
@@ -231,16 +249,6 @@ Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker bl
 Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains
 their alternative port.
 
-## `doh-quad9-insecure-ecs.json.badidea`
-
-Forces DNS over HTTPS with Quad9 ECS enabled unfiltered server and also contains
-their alternative port. **No DNSSEC either.**
-
-## `doh-quad9-insecure.json.badidea`
-
-Forces DNS over HTTPS with Quad9 unfiltered server and also contains
-their alternative port. **No DNSSEC either.**
-
 ## `doh-quad9.json`
 
 Forces DNS over HTTPS with Quad9 threat-blocking server and also contains
@@ -250,6 +258,14 @@ their alternative port.
 
 Allows configuring DoH even with managed policies present (unless another DoH rule is in force) since enabling any managed policy will otherwise gray out the option.
 
+If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
+
+My other `doh-*.json` set this as well, because `secure` doesn't allow
+downgrade to system resolver and Chromium seems somewhat unreliable with it often reporting
+`DNS_PROBE_POSSIBLE` and while this occassionally disables ECH, it works and
+my system resolvers are encrypted. I hope they will implement ECH with system
+resolver soon to fix this.
+
 ## `edge-appsfavorites.json`
 
 Edge apps in favorites bar.
@@ -284,10 +300,6 @@ Tells Microsoft Edge to redirect queries from new tab search box to URL bar
 effectively forcing it to respect user configured search engine instead of
 stealthily sending those queries to Bing.
 
-## `force-incognito.json.badidea`
-
-Forces incognito mode. I don't recommend this.
-
 ## `generative-ai.json`
 
 Allows using the AI features that I am not seeing anyway, but won't send data
diff --git a/etc/opt/chromium/policies/managed/dns-over-https.json.badidea b/etc/opt/chromium/policies/managed/dns-over-https.json.badidea
deleted file mode 100644
index 2931dbf5..00000000
--- a/etc/opt/chromium/policies/managed/dns-over-https.json.badidea
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "comment": "This is a bad idea, because I don't know other DNS servers that
-  perform DNSSEC in addition to DNS-over-HTTPS, I just know these two do and
-  Quad9 doesn't. This would otherwise be the unbound.conf.d/dns-over-tls.conf
-  equivalent.",
-  "DnsOverHttpsMode": "automatic",
-  "DnsOverHttpsTemplates": "https://open.dns0.eu/
-  https://doh.applied-privacy.net/query"
-}
diff --git a/etc/opt/chromium/policies/managed/doh-quad9-insecure-ecs.json.badidea b/etc/opt/chromium/policies/managed/doh-quad9-insecure-ecs.json.badidea
deleted file mode 100644
index 55f63115..00000000
--- a/etc/opt/chromium/policies/managed/doh-quad9-insecure-ecs.json.badidea
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "DnsOverHttpsMode": "automatic",
-  "DnsOverHttpsTemplates": "https://dns12.quad9.net/dns-query https://dns12.quad9.net:5053/dns-query"
-}
diff --git a/etc/opt/chromium/policies/managed/doh-quad9-insecure.json.badidea b/etc/opt/chromium/policies/managed/doh-quad9-insecure.json.badidea
deleted file mode 100644
index 651098de..00000000
--- a/etc/opt/chromium/policies/managed/doh-quad9-insecure.json.badidea
+++ /dev/null
@@ -1,4 +0,0 @@
-{
-  "DnsOverHttpsMode": "automatic",
-  "DnsOverHttpsTemplates": "https://dns10.quad9.net/dns-query https://dns10.quad9.net:5053/dns-query"
-}
diff --git a/etc/opt/chromium/policies/managed/force-incognito.json.badidea b/etc/opt/chromium/policies/managed/force-incognito.json.badidea
deleted file mode 100644
index 42b151cf..00000000
--- a/etc/opt/chromium/policies/managed/force-incognito.json.badidea
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "IncognitoModeAvailability": "Forced"
-}
diff --git a/etc/opt/chromium/policies/managed/prefetch.json b/etc/opt/chromium/policies/managed/prefetch.json
new file mode 100644
index 00000000..012c3920
--- /dev/null
+++ b/etc/opt/chromium/policies/managed/prefetch.json
@@ -0,0 +1,3 @@
+{
+  "NetworkPredictionOptions": 0
+}
diff --git a/etc/opt/chromium/policies/managed/profilemanager.json b/etc/opt/chromium/policies/managed/profilemanager.json
new file mode 100644
index 00000000..99956e3e
--- /dev/null
+++ b/etc/opt/chromium/policies/managed/profilemanager.json
@@ -0,0 +1,3 @@
+{
+  "ProfilePickerOnStartupAvailability": 2
+}