shell-things/etc/opt/chromium/policies/managed/README.md

172 lines
5.9 KiB
Markdown

# Chromium policies
- https://chromeenterprise.google/policies/
<!-- editorconfig-checker-disable -->
<!-- prettier-ignore-start -->
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [`aminda-extensions.json`](#aminda-extensionsjson)
- [Silk - Privacy Pass Client for the browser](#silk---privacy-pass-client-for-the-browser)
- [DuckDuckGo Privacy Essentials](#duckduckgo-privacy-essentials)
- [NoScript](#noscript)
- [Dark Reader](#dark-reader)
- [Indiewiki Buddy](#indiewiki-buddy)
- [Privacy Manager](#privacy-manager)
- [Fedora User Agent](#fedora-user-agent)
- [Snowflake](#snowflake)
- [Bitwarden](#bitwarden)
- [Privacy Badger](#privacy-badger)
- [TODO/Inconsistencies](#todoinconsistencies)
- [`disable-floc.json`](#disable-flocjson)
- [`disable-incognito.json`](#disable-incognitojson)
- [`doh-automatic.json`](#doh-automaticjson)
- [`doh-dns0.json`](#doh-dns0json)
- [`enable-ech-ocsp.json`](#enable-ech-ocspjson)
- [`enable-home-labs.json`](#enable-home-labsjson)
- [`force-incognito.json`](#force-incognitojson)
- [`https-everywhere.json`](#https-everywherejson)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
<!-- prettier-ignore-end -->
<!-- editorconfig-checker-enable -->
## `aminda-extensions.json`
As I cannot separate the keys to multiple files I am forced to keep them in
one and separate by what the file does, `aminda-extensions.json` is unlikely
to overlap with someone else.
Changing `normal_installed` to `force_installed` would also prevent
uninstallation.
### [Silk - Privacy Pass Client for the browser](https://chrome.google.com/webstore/detail/ajhmfdgkijocedmfjonnpjfojldioehi)
- `ajhmfdgkijocedmfjonnpjfojldioehi`
Silk or Privacy Pass has a chance of decreasing the amount of captchas
especially from Cloudflare when "suspicious" traffic is detected.
To intentionally trigger it and what should be allowed in NoScript:
- https://captcha.website
- https://issuance.privacypass.cloudflare.com
### [DuckDuckGo Privacy Essentials](https://chrome.google.com/webstore/detail/bkdgflcldnnnapblkhphbgpggdiikppg)
- `bkdgflcldnnnapblkhphbgpggdiikppg`
Installed by default so Google won't be the default search engine, or that
would be the idea, but Chromium doesn't seem to allow that.
Additionally it's restricted only to `google.com` and `duckduckgo.com` domains
so it won't interfere with other extensions.
### [NoScript](https://chrome.google.com/webstore/detail/doojmbjmlfjjnbmnoijecmcbfeoakpjm)
- `doojmbjmlfjjnbmnoijecmcbfeoakpjm`
Appears to make the internet much more pleasant and less distracting in 2024
eliminating the cookie banners and all, while not trusting lists generated by
other people.
### [Dark Reader](https://chrome.google.com/webstore/detail/eimadpbcbfnmbkopoojfekhnkhdbieeh)
- `eimadpbcbfnmbkopoojfekhnkhdbieeh`
As playing around with these policies and constantly removing the profile directory doesn't help my migraine.
### [Indiewiki Buddy](https://chrome.google.com/webstore/detail/fkagelmloambgokoeokbpihmgpkbgbfm)
- `fkagelmloambgokoeokbpihmgpkbgbfm`
I am spoilt by how nice Breezewiki is to use and wikis existing outside of
Fandom is good to be reminded about occassionally. And I just happened to stay
in not so hardened Chromium for a bit due to hardened Firefox being too much
for my task and there is no reason occassionally needed Chromium shouldn't be
tolerable for a few minutes.
### [Privacy Manager](https://chrome.google.com/webstore/detail/giccehglhacakcfemddmfhdkahamfcmd)
- `giccehglhacakcfemddmfhdkahamfcmd`
Quick browser options and data removal on _startup_. Maybe beneficial if
incognito is disabled (which again is not great idea for quick guest access?)
### [Fedora User Agent](https://chrome.google.com/webstore/detail/hojggiaghnldpcknpbciehjcaoafceil)
- `hojggiaghnldpcknpbciehjcaoafceil`
Communicates websites that Ubuntu isn't the only Linux distribution and makes
some offer rpm packages directly.
### [Snowflake](https://chrome.google.com/webstore/detail/mafpmfcccpbjnhfhjnllmmalhifmlcie)
- `mafpmfcccpbjnhfhjnllmmalhifmlcie`
Helps bridge traffic to Tor by looking like WebRTC call.
### [Bitwarden](https://chrome.google.com/webstore/detail/nngceckbapebfimnlniiiahkandclblb)
- `nngceckbapebfimnlniiiahkandclblb`
The password manager of my choice.
### [Privacy Badger](https://chrome.google.com/webstore/detail/pkehgijcmpdhfbdbbnkijodmdjhbjlgp)
- `pkehgijcmpdhfbdbbnkijodmdjhbjlgp`
Configured to learn locally and also in incognito as opposed to only relying
on vendor list. Also not display the "Welcome to Privacy Badger screen".
See also:
- https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md
- https://github.com/EFForg/privacybadger/blob/master/src/data/schema.json
### TODO/Inconsistencies
- I am not aware of any _New Tab Suspender_ equivalents, but it might be an
integrated feature on some Chromiums.
- [Peertubeify doesn't support Chromium yet.](https://codeberg.org/Booteille/peertube-companion/issues/15)
## `disable-floc.json`
Disables floc or ad topics that are against privacy.
- https://start.duckduckgo.com/?q=google+floc+privacy+topics
## `disable-incognito.json`
Disables incognito mode. I don't recommend this.
## `doh-automatic.json`
If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
Incompatible with any actual DoH policy.
## `doh-dns0.json`
Simply enables DNS-over-HTTPS with DNS0.eu. `automatic` means downgrade is
allowed (the system resolver is encrypted), `secure` would lock it.
## `enable-ech-ocsp.json`
Enables encrypted client hello and OCSP (or CRL?) checks.
## `enable-home-labs.json`
Enables home button and access to labs by default.
## `force-incognito.json`
Forces incognito mode. I don't recommend this.
## `https-everywhere.json`
Enforces https and attempts to upgrade http to https.