{systemd-resolved,unbound}: utilize unfiltered dns0 since nordvpn is unlikely to filter either

firefox/policies.json: fix DDG Start Description & Method
LibreAwoo: yet another take on privacy.resistFingerprinting
2025-08-20 21:37:24 +02:00 · 2024-02-11 13:37:32 +02:00 · 2024-02-11 13:33:27 +02:00 · 2024-02-11 13:32:11 +02:00 · 2024-02-11 13:23:04 +02:00 · 2024-02-11 13:13:13 +02:00
6 changed files with 51 additions and 12 deletions
--- a/conf/librewolf.overrides.cfg.js
+++ b/conf/librewolf.overrides.cfg.js
@ -32,10 +32,13 @@ defaultPref("privacy.donottrackheader.value", 1);
 // (floaters), UTC makes Mobilizon difficult, Privacy Badger blocks 3rd party
 // canvas and I want to appear as a Finnish Linux user rather than English
 // Windows NT one (telemetry, voting vs spying).
-defaultPref("privacy.resistFingerprinting", false);
+defaultPref("privacy.resistFingerprinting", true);
 // Or I could excempt things from it? Other than it not overriding timezone.
-//defaultPref("privacy.resistFingerprinting.testGranularityMask", 4);
+defaultPref("privacy.resistFingerprinting.testGranularityMask", 4);
-//defaultPref("privacy.resistFingerprinting.exemptedDomains", "jarkkaa.fi,*.element.io,*.google.com");
+defaultPref(
 	"privacy.resistFingerprinting.exemptedDomains",
 	"jarkkaa.fi,*.element.io,*.google.com,*.pikaviestin.fi,*.envs.net,*.wikimedia.org,*.wikipedia.org,*.duckduckgo.com",
 );
 // Enable letterboxing
 defaultPref("privacy.resistFingerprinting.letterboxing", true);
--- a/etc/firefox/policies/README.md
+++ b/etc/firefox/policies/README.md
@ -47,8 +47,8 @@ See also:
 > Policy SearchEngines is only allowed on ESR.
-Thus DuckDuckGo extension is installed by default so when testing this policy
+But who cares? Anyway thus DuckDuckGo extension is installed by default so
-I won't have to see Google.
+when testing this policy I won't have to see Google.
 ## See also
--- a/etc/firefox/policies/policies.json
+++ b/etc/firefox/policies/policies.json
@ -14,6 +14,7 @@
      "Locked": false,
      "ProviderURL": "https://dns0.eu"
    },
    "DisablePocket": false,
    "EnableTrackingProtection": {
      "Cryptomining": true,
      "Fingerprinting": true,
@ -74,6 +75,27 @@
      "SponsoredSuggestions": false,
      "WebSuggestions": false
    },
    "SearchEngines": {
      "Add": [
        {
          "Alias": "",
          "Description": "Minimal, ad-free version of DuckDuckGo",
          "Method": "POST",
          "Name": "DuckDuckGo Lite",
          "PostData": "q={searchTerms}",
          "URLTemplate": "https://duckduckgo.com/lite/?q={searchTerms}"
        },
        {
          "Alias": "",
          "Description": "DuckDuckGo Start page version",
          "Method": "GET",
          "Name": "DuckDuckGo Start",
          "PostData": "q={searchTerms}",
          "URLTemplate": "https://start.duckduckgo.com/?q={searchTerms}"
        }
      ],
      "Default": "DuckDuckGo Start"
    },
    "SearchSuggestEnabled": false
  }
 }
--- a/etc/opt/chromium/policies/managed/README.md
+++ b/etc/opt/chromium/policies/managed/README.md
@ -9,6 +9,7 @@
 - [`aminda-extensions.json`](#aminda-extensionsjson)
  - [Silk - Privacy Pass Client for the browser](#silk---privacy-pass-client-for-the-browser)
  - [DuckDuckGo Privacy Essentials](#duckduckgo-privacy-essentials)
  - [NoScript](#noscript)
  - [Dark Reader](#dark-reader)
  - [Privacy Manager](#privacy-manager)
  - [Fedora User Agent](#fedora-user-agent)
@ -45,12 +46,25 @@ uninstallation.
 Silk or Privacy Pass has a chance of decreasing the amount of captchas
 especially from Cloudflare when "suspicious" traffic is detected.
 To intentionally trigger it and what should be allowed in NoScript:
 - https://captcha.website
 - https://issuance.privacypass.cloudflare.com
 ### DuckDuckGo Privacy Essentials
 - `bkdgflcldnnnapblkhphbgpggdiikppg`
 Installed by default so Google won't be the default search engine.
 ### NoScript
 - `doojmbjmlfjjnbmnoijecmcbfeoakpjm`
 Appears to make the internet much more pleasant and less distracting in 2024
 eliminating the cookie banners and all, while not trusting lists generated by
 other people.
 ### Dark Reader
 - `eimadpbcbfnmbkopoojfekhnkhdbieeh`
--- a/etc/systemd/resolved.conf.d/nordvpn.conf
+++ b/etc/systemd/resolved.conf.d/nordvpn.conf
@ -4,7 +4,7 @@ DNSOverTLS=no
 Cache=yes
 DNS=2400:bb40:4444::103 2400:bb40:8888::103 ::1
 DNS=103.86.96.100 103.86.99.100 127.0.0.1
-# DNS0 since I am unsure of the above working without NordVPN with the
+# DNS0.eu/open since I am unsure of the above working without NordVPN with the
 # exception of Unbound
-DNS=2a0f:fc80:: 2a0f:fc81:: 193.110.81.0 185.253.5.0
+DNS=2a0f:fc80::ffff 2a0f:fc81::ffff 193.110.81.254 185.253.5.254
 Domains=~.
--- a/etc/unbound/unbound.conf.d/nordvpn.conf
+++ b/etc/unbound/unbound.conf.d/nordvpn.conf
@ -6,9 +6,9 @@ forward-zone:
 	forward-addr: 2400:bb40:8888::103
 	forward-addr: 103.86.96.100
 	forward-addr: 103.86.99.100
-	# DNS0.eu since I am unsure of whether the above works outside of NordVPN
+	# DNS0.eu/open since I am unsure of whether the above works outside of NordVPN
 	# connection and I seem to have issues with automatic connection.
-	forward-addr: 2a0f:fc80::
+	forward-addr: 2a0f:fc80::ffff
-	forward-addr: 193.110.81.0
+	forward-addr: 2a0f:fc81::ffff
-	forward-addr: 2a0f:fc81::
+	forward-addr: 193.110.81.254
-	forward-addr: 185.253.5.0
+	forward-addr: 185.253.5.254
Author	SHA1	Message	Date
Aminda Suomalainen	c55b2a6aed	{systemd-resolved,unbound}: utilize unfiltered dns0 since nordvpn is unlikely to filter either	2024-02-11 13:37:32 +02:00
Aminda Suomalainen	75d8833b03	firefox/policies.json: fix DDG Start Description & Method	2024-02-11 13:33:27 +02:00
Aminda Suomalainen	ca143a190b	LibreAwoo: yet another take on privacy.resistFingerprinting	2024-02-11 13:32:11 +02:00
Aminda Suomalainen	75b938f3ce	firefox policies: restore pocket, searchengines	2024-02-11 13:23:04 +02:00
Aminda Suomalainen	3b99fd30b7	Chromium policy README.md: note the PrivacyPass domains	2024-02-11 13:13:13 +02:00
Aminda Suomalainen	2b45c13960	Chromium policy README.md: add forgotten NoScript	2024-02-11 13:11:37 +02:00