2025-08-21 05:47:23 +02:00
5 changed files with 59 additions and 90 deletions
--- a/conf/librewolf.overrides.cfg.js
+++ b/conf/librewolf.overrides.cfg.js
@ -4,8 +4,25 @@
 // https://librewolf.net/docs/settings/
 // Also incorporates some of https://aminda.eu/browser-extensions#firefox-aboutconfig
-// -----
+// Disable privacy.resistFingerprinting, use CanvasBlocker
-// I often need to refer to these options which aren't yet remembered by heart
+// as requested to consider by LibreWolf documentation. Alternatively I think
 // PrivacyBadger is enough considering it blocks canvas from third party sites.
 // I consider Telemetry closer to voting than spying and I have no desire to
 // vote for Windows NT as the universal operating system to be supported by
 // everyone or English to be the only language in the world.
 // Additionally I get migraines and suffer from floaters when staring at
 // bright light screen so much and it's just easier to disable this than
 // continuously click around Midnight Lizard or similar.
 // Note that this also BREAKS Mobilizon through enforced UTC and thus all
 // timezones will be three hours off unless caution is exercised. I am not
 // sure if this also caused weird developery seeming errors about timezones.
 defaultPref("privacy.resistFingerprinting", false);
 // Disable strict tracking protection for Ad Nauseam, don't use this without
 // it. Via https://github.com/dhowe/AdNauseam/issues/1747#issuecomment-1397068835
 // https://addons.mozilla.org/firefox/addon/adnauseam/
 // DO NOT DO THIS! https://codeberg.org/librewolf/issues/issues/1439
 //defaultPref("browser.contentblocking.category", "standard");
 // Note to self on disabling protection of Mozilla pages. This may be a
 // LibreWolf default so thus commented:
@ -13,30 +30,15 @@
 //defaultPref("extensions.webextensions.restrictedDomains", "");
 //defaultPref("privacy.resistFingerprinting.block_mozAddonManage", true);
 // Block cookie banners. Warning: may result to auto-accepting cookies.
 // https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/
 defaultPref("cookiebanners.service.mode", 2);
 defaultPref("cookiebanners.service.mode.privateBrowsing", 2);
 defaultPref("cookiebanners.bannerClicking.enabled", true);
 // https://globalprivacycontrol.org/ the successor of DNT
 defaultPref("privacy.globalprivacycontrol.enabled", true);
 defaultPref("privacy.globalprivacycontrol.functionality.enabled", true);
 // and DNT itself
 defaultPref("privacy.donottrackheader.enabled", true);
 defaultPref("privacy.donottrackheader.value", 1);
 // -----
 // I would like to use this, but forced light mode is a dealbreaker
 // (floaters), UTC makes Mobilizon difficult, Privacy Badger blocks 3rd party
 // canvas and I want to appear as a Finnish Linux user rather than English
 // Windows NT one (telemetry, voting vs spying).
 defaultPref("privacy.resistFingerprinting", false);
 // Enable letterboxing
 defaultPref("privacy.resistFingerprinting.letterboxing", true);
 // Stricter cross-origin policy.
 //defaultPref("network.http.referer.XOriginPolicy", 2);
 // Enable WebGL
 //defaultPref("webgl.disabled", false);
 // Enable Firefox accounts
 defaultPref("identity.fxaccounts.enabled", true);
@ -44,6 +46,8 @@ defaultPref("identity.fxaccounts.enabled", true);
 // - Goal: let Element Web & co stay logged in
 defaultPref("privacy.clearOnShutdown.cache", false);
 defaultPref("privacy.clearOnShutdown.cookies", false);
 //defaultPref("privacy.clearOnShutdown.downloads", false);
 //defaultPref("privacy.clearOnShutdown.formdata", false);
 defaultPref("privacy.clearOnShutdown.history", false);
 defaultPref("privacy.clearOnShutdown.offlineApps", false);
 defaultPref("privacy.clearOnShutdown.openWindows", false);
@ -70,11 +74,11 @@ defaultPref("reader.parse-on-load.force-enabled", true);
 // TRR & ECH
 // Mode 2 allows fallback to system resolver, 3 is TTR-only
 //defaultPref("network.trr.mode", 2);
 defaultPref("network.trr.mode", 3);
 //defaultPref("network.trr.mode", 2);
 defaultPref("network.trr.early-AAAA", true);
-defaultPref("network.trr.uri", "https://dns0.eu");
+//defaultPref("network.trr.uri", "https://dns0.eu");
-//defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
+defaultPref("network.trr.uri", "https://dns.adguard-dns.com/dns-query");
 // NOTE: ECH requires TRR, so mode 2 may not use it.
 defaultPref("network.trr.disable-ECS", false);
 defaultPref("network.dns.echconfig.enabled", true);
@ -93,9 +97,22 @@ defaultPref("layout.css.devPixelsPerPx", "1.5");
 defaultPref("browser.cache.disk.enable", true);
 defaultPref("browser.cache.memory.enable", true);
 // Block cookie banners. Warning: may result to auto-accepting cookies.
 // https://www.ghacks.net/2022/12/24/configure-firefox-to-reject-cookie-banners-automatically/
 defaultPref("cookiebanners.service.mode", 2);
 defaultPref("cookiebanners.service.mode.privateBrowsing", 2);
 defaultPref("cookiebanners.bannerClicking.enabled", true);
 // Start from homepage, don't restore the previous session (excluding pinned tabs)'
 defaultPref("browser.startup.page", 1);
 // Simplified DDG experience without prompts for extension and all
 defaultPref("browser.startup.homepage", "https://start.duckduckgo.com");
 // https://globalprivacycontrol.org/ the successor of DNT
 defaultPref("privacy.globalprivacycontrol.enabled", true);
 defaultPref("privacy.globalprivacycontrol.functionality.enabled", true);
 // and DNT itself
 defaultPref("privacy.donottrackheader.enabled", true);
 defaultPref("privacy.donottrackheader.value", 1);
 // vim: filetype=javascript
--- a/etc/opt/chromium/policies/managed/README.md
+++ b/etc/opt/chromium/policies/managed/README.md
@ -7,18 +7,11 @@
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 - [`aminda-extensions.json`](#aminda-extensionsjson)
  - [Dark Reader](#dark-reader)
  - [Privacy Manager](#privacy-manager)
  - [Fedora User Agent](#fedora-user-agent)
  - [Bitwarden](#bitwarden)
  - [Privacy Badger](#privacy-badger)
- [`disable-floc.json`](#disable-flocjson)
+  - [Dark Reader](#dark-reader)
- [`disable-incognito.json`](#disable-incognitojson)
+  - [Bitwarden](#bitwarden)
- [`doh-automatic.json`](#doh-automaticjson)
+  - [Fedora User Agent](#fedora-user-agent)
- [`doh-dns0.json`](#doh-dns0json)
+- [`dns0.json`](#dns0json)
 - [`enable-ech-ocsp.json`](#enable-ech-ocspjson)
 - [`enable-home-labs.json`](#enable-home-labsjson)
 - [`force-incognito.json`](#force-incognitojson)
 - [`https-everywhere.json`](#https-everywherejson)
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@ -35,32 +28,6 @@ to overlap with someone else.
 Changing `normal_installed` to `force_installed` would also prevent
 uninstallation.
 ### Dark Reader
 - `eimadpbcbfnmbkopoojfekhnkhdbieeh`
 As playing around with these policies and constantly removing the profile directory doesn't help my migraine.
 ### Privacy Manager
 - `giccehglhacakcfemddmfhdkahamfcmd`
 Quick browser options and data removal on _startup_. Maybe beneficial if
 incognito is disabled (which again is not great idea for quick guest access?)
 ### Fedora User Agent
 - `hojggiaghnldpcknpbciehjcaoafceil`
 Communicates websites that Ubuntu isn't the only Linux distribution and makes
 some offer rpm packages directly.
 ### Bitwarden
 - `nngceckbapebfimnlniiiahkandclblb`
 The password manager of my choice.
 ### Privacy Badger
 - `pkehgijcmpdhfbdbbnkijodmdjhbjlgp`
@ -73,38 +40,29 @@ See also:
 - https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md
 - https://github.com/EFForg/privacybadger/blob/master/src/data/schema.json
-## `disable-floc.json`
+### Dark Reader
-Disables floc or ad topics that are against privacy.
+- `eimadpbcbfnmbkopoojfekhnkhdbieeh`
- https://start.duckduckgo.com/?q=google+floc+privacy+topics
+As playing around with these policies and constantly removing the profile directory doesn't help my migraine.
-## `disable-incognito.json`
+### Bitwarden
-Disables incognito mode. I don't recommend this.
+- `nngceckbapebfimnlniiiahkandclblb`
-## `doh-automatic.json`
+The password manager of my choice.
-If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
+### Fedora User Agent
-Incompatible with any actual DoH policy.
+Communicates websites that Ubuntu isn't the only Linux distribution and makes
 some offer rpm packages directly.
-## `doh-dns0.json`
+- `hojggiaghnldpcknpbciehjcaoafceil`
 ## `dns0.json`
 Simply enables DNS-over-HTTPS with DNS0.eu
 ## `enable-ech-ocsp.json`
 Enables encrypted client hello and OCSP (or CRL?) checks.
 ## `enable-home-labs.json`
 Enables home button and access to labs by default.
 ## `force-incognito.json`
 Forces incognito mode. I don't recommend this.
 ## `https-everywhere.json`
 Enforces https and attempts to upgrade http to https.
--- a/etc/opt/chromium/policies/managed/aminda-extensions.json
+++ b/etc/opt/chromium/policies/managed/aminda-extensions.json
@ -15,12 +15,6 @@
      "toolbar_pin": "force_pinned",
      "update_url": "https://clients2.google.com/service/update2/crx"
    },
    "giccehglhacakcfemddmfhdkahamfcmd": {
      "installation_mode": "normal_installed",
      "override_update_url": true,
      "toolbar_pin": "force_pinned",
      "update_url": "https://clients2.google.com/service/update2/crx"
    },
    "hojggiaghnldpcknpbciehjcaoafceil": {
      "installation_mode": "normal_installed",
      "override_update_url": true,
--- a/etc/opt/chromium/policies/managed/doh-dns0.json
+++ b/etc/opt/chromium/policies/managed/doh-dns0.json
--- a/etc/opt/chromium/policies/managed/doh-automatic.json
+++ b/etc/opt/chromium/policies/managed/doh-automatic.json