LibreAwoo: move most important notes to self onto top

conf/librewolf.overrides.cfg.js

@@ -4,25 +4,8 @@
 // https://librewolf.net/docs/settings/
 // Also incorporates some of https://aminda.eu/browser-extensions#firefox-aboutconfig
 
-// Disable privacy.resistFingerprinting, use CanvasBlocker
+// -----
-// as requested to consider by LibreWolf documentation. Alternatively I think
+// I often need to refer to these options which aren't yet remembered by heart
-// PrivacyBadger is enough considering it blocks canvas from third party sites.
-// I consider Telemetry closer to voting than spying and I have no desire to
-// vote for Windows NT as the universal operating system to be supported by
-// everyone or English to be the only language in the world.
-// Additionally I get migraines and suffer from floaters when staring at
-// bright light screen so much and it's just easier to disable this than
-// continuously click around Midnight Lizard or similar.
-// Note that this also BREAKS Mobilizon through enforced UTC and thus all
-// timezones will be three hours off unless caution is exercised. I am not
-// sure if this also caused weird developery seeming errors about timezones.
-defaultPref("privacy.resistFingerprinting", false);
-
-// Disable strict tracking protection for Ad Nauseam, don't use this without
-// it. Via https://github.com/dhowe/AdNauseam/issues/1747#issuecomment-1397068835
-// https://addons.mozilla.org/firefox/addon/adnauseam/
-// DO NOT DO THIS! https://codeberg.org/librewolf/issues/issues/1439
-//defaultPref("browser.contentblocking.category", "standard");
 
 // Note to self on disabling protection of Mozilla pages. This may be a
 // LibreWolf default so thus commented:
@@ -30,15 +13,30 @@ defaultPref("privacy.resistFingerprinting", false);
 //defaultPref("extensions.webextensions.restrictedDomains", "");
 //defaultPref("privacy.resistFingerprinting.block_mozAddonManage", true);
 
+// Block cookie banners. Warning: may result to auto-accepting cookies.
+// https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/
+defaultPref("cookiebanners.service.mode", 2);
+defaultPref("cookiebanners.service.mode.privateBrowsing", 2);
+defaultPref("cookiebanners.bannerClicking.enabled", true);
+
+// https://globalprivacycontrol.org/ the successor of DNT
+defaultPref("privacy.globalprivacycontrol.enabled", true);
+defaultPref("privacy.globalprivacycontrol.functionality.enabled", true);
+// and DNT itself
+defaultPref("privacy.donottrackheader.enabled", true);
+defaultPref("privacy.donottrackheader.value", 1);
+
+// -----
+
+// I would like to use this, but forced light mode is a dealbreaker
+// (floaters), UTC makes Mobilizon difficult, Privacy Badger blocks 3rd party
+// canvas and I want to appear as a Finnish Linux user rather than English
+// Windows NT one (telemetry, voting vs spying).
+defaultPref("privacy.resistFingerprinting", false);
+
 // Enable letterboxing
 defaultPref("privacy.resistFingerprinting.letterboxing", true);
 
-// Stricter cross-origin policy.
-//defaultPref("network.http.referer.XOriginPolicy", 2);
-
-// Enable WebGL
-//defaultPref("webgl.disabled", false);
-
 // Enable Firefox accounts
 defaultPref("identity.fxaccounts.enabled", true);
 
@@ -46,8 +44,6 @@ defaultPref("identity.fxaccounts.enabled", true);
 // - Goal: let Element Web & co stay logged in
 defaultPref("privacy.clearOnShutdown.cache", false);
 defaultPref("privacy.clearOnShutdown.cookies", false);
-//defaultPref("privacy.clearOnShutdown.downloads", false);
-//defaultPref("privacy.clearOnShutdown.formdata", false);
 defaultPref("privacy.clearOnShutdown.history", false);
 defaultPref("privacy.clearOnShutdown.offlineApps", false);
 defaultPref("privacy.clearOnShutdown.openWindows", false);
@@ -74,11 +70,11 @@ defaultPref("reader.parse-on-load.force-enabled", true);
 
 // TRR & ECH
 // Mode 2 allows fallback to system resolver, 3 is TTR-only
-defaultPref("network.trr.mode", 3);
 //defaultPref("network.trr.mode", 2);
+defaultPref("network.trr.mode", 3);
 defaultPref("network.trr.early-AAAA", true);
-//defaultPref("network.trr.uri", "https://dns0.eu");
+defaultPref("network.trr.uri", "https://dns0.eu");
-defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
+//defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
 // NOTE: ECH requires TRR, so mode 2 may not use it.
 defaultPref("network.trr.disable-ECS", false);
 defaultPref("network.dns.echconfig.enabled", true);
@@ -97,22 +93,9 @@ defaultPref("layout.css.devPixelsPerPx", "1.5");
 defaultPref("browser.cache.disk.enable", true);
 defaultPref("browser.cache.memory.enable", true);
 
-// Block cookie banners. Warning: may result to auto-accepting cookies.
-// https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/
-defaultPref("cookiebanners.service.mode", 2);
-defaultPref("cookiebanners.service.mode.privateBrowsing", 2);
-defaultPref("cookiebanners.bannerClicking.enabled", true);
-
 // Start from homepage, don't restore the previous session (excluding pinned tabs)'
 defaultPref("browser.startup.page", 1);
 // Simplified DDG experience without prompts for extension and all
 defaultPref("browser.startup.homepage", "https://start.duckduckgo.com");
 
-// https://globalprivacycontrol.org/ the successor of DNT
-defaultPref("privacy.globalprivacycontrol.enabled", true);
-defaultPref("privacy.globalprivacycontrol.functionality.enabled", true);
-// and DNT itself
-defaultPref("privacy.donottrackheader.enabled", true);
-defaultPref("privacy.donottrackheader.value", 1);
-
 // vim: filetype=javascript

etc/opt/chromium/policies/managed/README.md

@@ -7,11 +7,18 @@
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
 - [`aminda-extensions.json`](#aminda-extensionsjson)
-  - [Privacy Badger](#privacy-badger)
   - [Dark Reader](#dark-reader)
-  - [Bitwarden](#bitwarden)
+  - [Privacy Manager](#privacy-manager)
   - [Fedora User Agent](#fedora-user-agent)
-- [`dns0.json`](#dns0json)
+  - [Bitwarden](#bitwarden)
+  - [Privacy Badger](#privacy-badger)
+- [`disable-floc.json`](#disable-flocjson)
+- [`disable-incognito.json`](#disable-incognitojson)
+- [`doh-automatic.json`](#doh-automaticjson)
+- [`doh-dns0.json`](#doh-dns0json)
+- [`enable-ech-ocsp.json`](#enable-ech-ocspjson)
+- [`enable-home-labs.json`](#enable-home-labsjson)
+- [`force-incognito.json`](#force-incognitojson)
 - [`https-everywhere.json`](#https-everywherejson)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -28,6 +35,32 @@ to overlap with someone else.
 Changing `normal_installed` to `force_installed` would also prevent
 uninstallation.
 
+### Dark Reader
+
+- `eimadpbcbfnmbkopoojfekhnkhdbieeh`
+
+As playing around with these policies and constantly removing the profile directory doesn't help my migraine.
+
+### Privacy Manager
+
+- `giccehglhacakcfemddmfhdkahamfcmd`
+
+Quick browser options and data removal on _startup_. Maybe beneficial if
+incognito is disabled (which again is not great idea for quick guest access?)
+
+### Fedora User Agent
+
+- `hojggiaghnldpcknpbciehjcaoafceil`
+
+Communicates websites that Ubuntu isn't the only Linux distribution and makes
+some offer rpm packages directly.
+
+### Bitwarden
+
+- `nngceckbapebfimnlniiiahkandclblb`
+
+The password manager of my choice.
+
 ### Privacy Badger
 
 - `pkehgijcmpdhfbdbbnkijodmdjhbjlgp`
@@ -40,29 +73,38 @@ See also:
 - https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md
 - https://github.com/EFForg/privacybadger/blob/master/src/data/schema.json
 
-### Dark Reader
+## `disable-floc.json`
 
-- `eimadpbcbfnmbkopoojfekhnkhdbieeh`
+Disables floc or ad topics that are against privacy.
 
-As playing around with these policies and constantly removing the profile directory doesn't help my migraine.
+- https://start.duckduckgo.com/?q=google+floc+privacy+topics
 
-### Bitwarden
+## `disable-incognito.json`
 
-- `nngceckbapebfimnlniiiahkandclblb`
+Disables incognito mode. I don't recommend this.
 
-The password manager of my choice.
+## `doh-automatic.json`
 
-### Fedora User Agent
+If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
 
-Communicates websites that Ubuntu isn't the only Linux distribution and makes
+Incompatible with any actual DoH policy.
-some offer rpm packages directly.
 
-- `hojggiaghnldpcknpbciehjcaoafceil`
+## `doh-dns0.json`
-
-## `dns0.json`
 
 Simply enables DNS-over-HTTPS with DNS0.eu
 
+## `enable-ech-ocsp.json`
+
+Enables encrypted client hello and OCSP (or CRL?) checks.
+
+## `enable-home-labs.json`
+
+Enables home button and access to labs by default.
+
+## `force-incognito.json`
+
+Forces incognito mode. I don't recommend this.
+
 ## `https-everywhere.json`
 
 Enforces https and attempts to upgrade http to https.

etc/opt/chromium/policies/managed/aminda-extensions.json

@@ -15,6 +15,12 @@
       "toolbar_pin": "force_pinned",
       "update_url": "https://clients2.google.com/service/update2/crx"
     },
+    "giccehglhacakcfemddmfhdkahamfcmd": {
+      "installation_mode": "normal_installed",
+      "override_update_url": true,
+      "toolbar_pin": "force_pinned",
+      "update_url": "https://clients2.google.com/service/update2/crx"
+    },
     "hojggiaghnldpcknpbciehjcaoafceil": {
       "installation_mode": "normal_installed",
       "override_update_url": true,