shell-things/etc/opt/chromium/policies/managed
Aminda Suomalainen 6afb099d1c
chromium: don't enable the labs button
It has nothing that interesting and is just distraction.
2024-02-21 09:52:00 +02:00
..
aminda-extensions.json Chromium: restrict DuckDuckGo to itself and google.com 2024-02-20 14:59:56 +02:00
disable-floc.json chromium: add multiple mutually incompatible policy files 2024-02-04 10:21:10 +02:00
disable-incognito.json chromium: add multiple mutually incompatible policy files 2024-02-04 10:21:10 +02:00
doh-automatic.json chromium: rename policies to be in line with my unbound/resolved naming 2024-02-07 10:51:12 +02:00
doh-dns0.json chromium/doh-dns0: allow fallback to system dns 2024-02-21 09:51:20 +02:00
enable-ech-ocsp.json chromium/enable-ech-ocsp.json: additionally enable AdditionalDnsQueryTypesEnabled & BuiltInDnsClientEnabled 2024-02-04 10:29:41 +02:00
enable-home.json chromium: don't enable the labs button 2024-02-21 09:52:00 +02:00
force-incognito.json chromium: add multiple mutually incompatible policy files 2024-02-04 10:21:10 +02:00
https-everywhere.json chrome policies: force_enable HttpsOnlyMode 2024-01-31 14:12:21 +02:00
README.md chromium/doh-dns0: allow fallback to system dns 2024-02-21 09:51:20 +02:00

Chromium policies

aminda-extensions.json

As I cannot separate the keys to multiple files I am forced to keep them in one and separate by what the file does, aminda-extensions.json is unlikely to overlap with someone else.

Changing normal_installed to force_installed would also prevent uninstallation.

Silk - Privacy Pass Client for the browser

  • ajhmfdgkijocedmfjonnpjfojldioehi

Silk or Privacy Pass has a chance of decreasing the amount of captchas especially from Cloudflare when “suspicious” traffic is detected.

To intentionally trigger it and what should be allowed in NoScript:

DuckDuckGo Privacy Essentials

  • bkdgflcldnnnapblkhphbgpggdiikppg

Installed by default so Google wont be the default search engine, or that would be the idea, but Chromium doesnt seem to allow that.

Additionally its restricted only to google.com and duckduckgo.com domains so it wont interfere with other extensions.

NoScript

  • doojmbjmlfjjnbmnoijecmcbfeoakpjm

Appears to make the internet much more pleasant and less distracting in 2024 eliminating the cookie banners and all, while not trusting lists generated by other people.

Dark Reader

  • eimadpbcbfnmbkopoojfekhnkhdbieeh

As playing around with these policies and constantly removing the profile directory doesnt help my migraine.

Indiewiki Buddy

  • fkagelmloambgokoeokbpihmgpkbgbfm

I am spoilt by how nice Breezewiki is to use and wikis existing outside of Fandom is good to be reminded about occassionally. And I just happened to stay in not so hardened Chromium for a bit due to hardened Firefox being too much for my task and there is no reason occassionally needed Chromium shouldnt be tolerable for a few minutes.

Privacy Manager

  • giccehglhacakcfemddmfhdkahamfcmd

Quick browser options and data removal on startup. Maybe beneficial if incognito is disabled (which again is not great idea for quick guest access?)

Fedora User Agent

  • hojggiaghnldpcknpbciehjcaoafceil

Communicates websites that Ubuntu isnt the only Linux distribution and makes some offer rpm packages directly.

Snowflake

  • mafpmfcccpbjnhfhjnllmmalhifmlcie

Helps bridge traffic to Tor by looking like WebRTC call.

Bitwarden

  • nngceckbapebfimnlniiiahkandclblb

The password manager of my choice.

Privacy Badger

  • pkehgijcmpdhfbdbbnkijodmdjhbjlgp

Configured to learn locally and also in incognito as opposed to only relying on vendor list. Also not display the “Welcome to Privacy Badger screen”.

See also:

TODO/Inconsistencies

disable-floc.json

Disables floc or ad topics that are against privacy.

disable-incognito.json

Disables incognito mode. I dont recommend this.

doh-automatic.json

If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.

Incompatible with any actual DoH policy.

doh-dns0.json

Simply enables DNS-over-HTTPS with DNS0.eu. automatic means downgrade is allowed (the system resolver is encrypted), secure would lock it.

enable-ech-ocsp.json

Enables encrypted client hello and OCSP (or CRL?) checks.

enable-home-labs.json

Enables home button and access to labs by default.

force-incognito.json

Forces incognito mode. I dont recommend this.

https-everywhere.json

Enforces https and attempts to upgrade http to https.