12 KiB
Chromium policies
aminda-extensions.json- Silk - Privacy Pass Client for the browser
- NoScript
- OpenDyslexic
- IPvFoo
- Dark Reader
- Indiewiki Buddy
- Floccus bookmarks sync
- Wayback Machine
- Privacy Manager
- Terms of Service; Didn’t Read
- Fedora User Agent
- IPvFooBar
- Chrome Remote Desktop
- Bias Finder
- Snowflake
- AdNauseam
- IPFS Companion
- Bitwarden
- UpdateSWH
- Privacy Badger
- TODO/Inconsistencies
black-theme-colour.jsonbrave-shields-disabled.jsondisable-brave-rewards-wallet.jsondisable-brave-tor.jsondisable-brave-vpn.jsondisable-floc.jsondisable-incognito.json.badideadoh-cloudflare-secure.jsondoh-unlocked-unset.jsondoh-dns0.jsondoh-mullvad-base.jsondoh-quad9-ecs.jsondoh-quad9-insecure-ecs.json.badideadoh-quad9-insecure.json.badideadoh-quad9.jsonenable-ech-ocsp.jsonenable-labs.jsonfix-edge-search.jsonforce-incognito.json.badideahttps-everywhere.jsonREADME.md
aminda-extensions.json
As I cannot separate the keys to multiple files I am forced to keep
them in one and separate by what the file does,
aminda-extensions.json is unlikely to overlap with someone
else.
Changing normal_installed to
force_installed would also prevent uninstallation.
This does contain some bloat or something not necessary in all
situations or even overlapping extensions, but there is an important
side goal of teaching users to disable extraneous extensions they
don’t need (unless I decide they do need something and thus it’s
force_installed.
Silk - Privacy Pass Client for the browser
ajhmfdgkijocedmfjonnpjfojldioehi
Silk or Privacy Pass has a chance of decreasing the amount of captchas especially from Cloudflare when “suspicious” traffic is detected.
To intentionally trigger it and what should be allowed in NoScript:
NoScript
doojmbjmlfjjnbmnoijecmcbfeoakpjm
Not actually installed by
aminda-extensions.json anymore due to self-reflection and
deciding it’s a bit much to push on unsuspecting family
members.
Appears to make the internet much more pleasant and less distracting in 2024 eliminating the cookie banners and all, while not trusting lists generated by other people.
OpenDyslexic
cdnapgfjopgaggbmfgbiinmmbdcglnam
OpenDyslexic font + highlighting for currently pointed paragraph. Improves my reading especially with more busy articles, even without dyslexia.
IPvFoo
ecanpcehffngcegjmadlcijfolapggal
Dark Reader
eimadpbcbfnmbkopoojfekhnkhdbieeh
As playing around with these policies and constantly removing the profile directory doesn’t help my migraine.
Indiewiki Buddy
fkagelmloambgokoeokbpihmgpkbgbfm
I am spoilt by how nice Breezewiki is to use and wikis existing outside of Fandom is good to be reminded about occassionally. And I just happened to stay in not so hardened Chromium for a bit due to hardened Firefox being too much for my task and there is no reason occassionally needed Chromium shouldn’t be tolerable for a few minutes.
Floccus bookmarks sync
fnaicdffflnofjppbagibeoednhnbjhg
Bookmarks sync either through selfhosted webdav or Google Drive working even across different web browsers.
Wayback Machine
fpnmgdkabkmnadcjpehmlllkndpkmiak
web.archive.org saving and discovering.
Privacy Manager
giccehglhacakcfemddmfhdkahamfcmd
Quick browser options and data removal on startup. Maybe beneficial if incognito is disabled (which again is not great idea for quick guest access?)
Terms of Service; Didn’t Read
hjdoplcnndgiblooccencgcggcoihigg
Fedora User Agent
hojggiaghnldpcknpbciehjcaoafceil
Communicates websites that Ubuntu isn’t the only Linux distribution and makes some offer rpm packages directly.
IPvFooBar
iimpkhokkfekbpmoamlmcndclohnehhk
Chrome Remote Desktop
inomeogfingihgjfjlpeplalcfajhgai
Remote support integrated to Chrome.
The additional component is:
- Debian:
https://dl.google.com/linux/direct/chrome-remote-desktop_current_amd64.deb - Others: unsupported
Bias Finder
Political bias of English language media sites powered by allsides.com
Snowflake
mafpmfcccpbjnhfhjnllmmalhifmlcie
Helps bridge traffic to Tor by looking like WebRTC call.
AdNauseam
mlojlfildnehdpnlmpkeiiglhhkofhpb
Complementing PrivacyBadger with an adblocker so first profile runs have at least something to block Malvertising now that I no longer enable NoScript out of the box.
IPFS Companion
nibjojkomfdiaoajekhjakgkdhaomnch
IPFS integration for web browsers.
Bitwarden
nngceckbapebfimnlniiiahkandclblb
The password manager of my choice.
UpdateSWH
palihjnakafgffnompkdfgbgdbcagbko
Adds a floating coloured button to source code forges reflecting the status of it being in Software Heritage Archive and allows quick archiving requests to be made.
Privacy Badger
pkehgijcmpdhfbdbbnkijodmdjhbjlgp
Configured to learn locally and also in incognito as opposed to only relying on vendor list. Also not display the “Welcome to Privacy Badger screen”.
See also:
- https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md
- https://github.com/EFForg/privacybadger/blob/master/src/data/schema.json
TODO/Inconsistencies
- I am not aware of any New Tab Suspender equivalents, but it might be an integrated feature on some Chromiums.
- Peertubeify doesn’t support Chromium yet.
black-theme-colour.json
Sets the theme colour as black. This is managed instead of recommended, because even the recommended policy seems to block theme changing.
brave-shields-disabled.json
Allowlist for sites where I think Brave Shields may be breaking
things. Similar is also in aminda-extensions.json for
Privacy Badger.
disable-brave-rewards-wallet.json
Disables Brave rewards and wallet.
disable-brave-tor.json
Disables Tor in Brave as I recommend using Tor Browser instead.
disable-brave-vpn.json
Disables Brave VPN, which is the most annoying feature that has group policy that I can see.
disable-floc.json
Disables floc or ad topics that are against privacy.
disable-incognito.json.badidea
Disables incognito mode. I don’t recommend this.
doh-cloudflare-secure.json
Sets Cloudflare with malware protection as the forced DNS-over-HTTPS server.
doh-unlocked-unset.json
If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.
My other doh-*.json set this as well, because
secure doesn’t allow downgrade to system resolver and
Chromium seems somewhat unreliable with it often reporting
DNS_PROBE_POSSIBLE and while this occassionally disables
ECH, it works and my system resolvers are encrypted. I hope they will
implement ECH with system resolver soon to fix this.
doh-dns0.json
Simply forces DNS-over-HTTPS with DNS0.eu.
doh-mullvad-base.json
Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking.
doh-quad9-ecs.json
Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains their alternative port.
doh-quad9-insecure-ecs.json.badidea
Forces DNS over HTTPS with Quad9 ECS enabled unfiltered server and also contains their alternative port. No DNSSEC either.
doh-quad9-insecure.json.badidea
Forces DNS over HTTPS with Quad9 unfiltered server and also contains their alternative port. No DNSSEC either.
doh-quad9.json
Forces DNS over HTTPS with Quad9 threat-blocking server and also contains their alternative port.
enable-ech-ocsp.json
Enables encrypted client hello (ECH) and Online Certificate Status Protocol (OCSP)/Certificate Revocation List (CRL) checks.
However ECH requires "DnsOverHttpsMode": "secure" which
will break things (and thus my files don’t enable it), or it will
occassionally get disabled (I hope they implement it with system
resolver soon).
enable-labs.json
Enables the beaker button “Experiments” for easier management than
about:flags.
fix-edge-search.json
Tells Microsoft Edge to redirect queries from new tab search box to URL bar effectively forcing it to respect user configured search engine instead of stealthily sending those queries to Bing.
force-incognito.json.badidea
Forces incognito mode. I don’t recommend this.
https-everywhere.json
Enforces https and attempts to upgrade http to https.
README.md
You are reading this file, are you not?