shell-things/etc/firefox/policies
2024-05-14 10:10:50 +03:00
..
policies.json firefox: actually trr.mode 3 may be nice for the ECH 2024-05-14 10:10:50 +03:00
README.md firefox/policies/README: note WebsiteFilter as not that useful for me 2024-05-14 08:49:45 +03:00

Firefox policies.json

The file is pretty self-explanatory, but I prefer Chromium way of handling enterprise policies since it allows me to cut them to multiple different files per whatever I am doing.

WARNING TO LIBREWOLF USERS

This file takes priority over /usr/share/librewolf/distribution/policies.json so dont apply this or a lot of LibreWolf specific customizations stops being in force.

WARNING TO TRR/ENCRYPTED DNS USERS!

If policies.json locks DNS over HTTPS, trr.mode gets locked into 2 which means fallback to system resolver.

Extensions

They are mostly self-explanatory.

Privacy Badger

  • jid1-MnnxcxisBPnSXQ-eff@jetpack - Downloaded directly from EFF.

Configured to learn locally and also in incognito as opposed to only relying on vendor list. Also not display the “Welcome to Privacy Badger screen”.

See also:

Search engines

Policy SearchEngines is only allowed on ESR.

But who cares? Anyway thus DuckDuckGo extension is installed by default so when testing this policy I wont have to see Google.

Additionally its a lie since at least Nightly reads it too without complaining.

Useful looking things for the future

Certificate installations

In the certificates section

{
  "Install": ["my_certificate_here.pem"]
}

Things that look useful, but arent

WebSiteFilter

{
  "policies": {
    "WebsiteFilter": {
      "Block": ["<all_urls>"],
      "Exceptions": ["http://example.org/*"]
    }
  }
}

Ok, nice, but my policy is already forcing AdNauseam which enforces my blocklist which is more practical.

Granted users can use private browsing mode to get past it, but I am not blocking actively malicious domains.