shell-things/etc/opt/chromium/policies/managed
2024-06-13 20:24:09 +03:00
..
.editorconfig chromium: declare more things as .badidea 2024-04-25 14:01:54 +03:00
.gitattributes pre-commit run --all-files 2024-06-11 21:15:40 +03:00
.gitignore {chromium,unbound}: experimental dot-private-ecs.conf 2024-05-18 16:08:17 +03:00
amber-theme-colour.json.sample chromium/managed: add amber-theme-colour.json.sample 2024-05-12 18:34:10 +03:00
aminda-extensions.json {chromium,firefox}: uBOL noFiltering works, just takes two restarts 2024-06-05 12:38:38 +03:00
black-theme-colour.json.sample chromium: rename black-theme-colour.json -> black-theme-colour.json.sample to stop me accidentally applying it 2024-05-11 20:36:08 +03:00
brave-shields-disabled.json more microsoft login domains + I am not touching browser ETP without a good reason. 2024-05-19 21:12:14 +03:00
disable-brave-ipfs.json chromium: add brave IPFS disabling policy 2024-04-22 10:03:53 +03:00
disable-brave-rewards-wallet.json chromium: move brave feature disabling from recommended to managed for actual effect 2024-04-16 07:11:55 +03:00
disable-brave-tor.json chromium: move brave feature disabling from recommended to managed for actual effect 2024-04-16 07:11:55 +03:00
disable-brave-vpn.json brave: use boolean for disabling vpn 2024-04-10 11:16:55 +03:00
disable-driveby-downloads.json {firefox,chromium}: ask for download directory to make drive-by attempts more obvious 2024-05-20 19:42:19 +03:00
disable-floc.json chromium: move manifestv2 from disable-floc to aminda-extensions 2024-05-19 06:45:40 +03:00
doh-adguard-dns0.json {chromium,unbound}: experimental dot-private-ecs.conf 2024-05-18 16:08:17 +03:00
doh-adguard-family.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-adguard-unfiltered.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-adguard.json chromium: protest ManifestV3 by secure DoH adblocking policies 2024-06-04 22:06:43 +03:00
doh-cloudflare-secure.json chromium policy: fix doh-cloudflare-secure.json name inconsistency 2024-05-09 17:11:17 +03:00
doh-cloudflare-security.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-disabled.json chromium/policies: add doh-{disabled,google}.json 2024-04-27 16:18:40 +03:00
doh-dns0-kids.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-dns0-open.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-dns0-zero.json chromium: allow DoH downgrade to at least work. Breaks ECH :( 2024-04-25 08:15:28 +03:00
doh-dns0.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-google64.json chromium/doh-google{,64}.json: use get requests 2024-05-18 15:35:36 +03:00
doh-google.json chromium/doh-google{,64}.json: use get requests 2024-05-18 15:35:36 +03:00
doh-mullvad-base.json chromium: protest ManifestV3 by secure DoH adblocking policies 2024-06-04 22:06:43 +03:00
doh-private-ecs.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-quad9-ecs.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-quad9.json {firefox,chromium}: use GET requests with DoH for caching and speed 2024-05-21 11:07:09 +03:00
doh-unlocked-unset.json chromium: merge doh-forced to the doh files due to it being required anyway, update documentation, rename doh-allowed → doh-unlocked-unset 2024-04-21 14:00:39 +03:00
edge-appsfavorites.json chromium/policies/managed: add non-functional Edge policies 2024-05-07 11:23:30 +03:00
edge-newtabapps.json chromium/policies/managed: add non-functional Edge policies 2024-05-07 11:23:30 +03:00
edge-screenshots.json chromium/policies/managed: add non-functional Edge policies 2024-05-07 11:23:30 +03:00
enable-chromecast.json chromium: allow manifestv2, enable chromecast, safebrowsing, passwordleakdetection, efficiencymode, suggest disabling bookmarks bar and document previously forgotten policies 2024-05-11 19:44:16 +03:00
enable-labs.json chromium/managed: add enable-labs.json 2024-04-15 21:08:56 +03:00
enable-passwordleakdetection.json chromium: allow manifestv2, enable chromecast, safebrowsing, passwordleakdetection, efficiencymode, suggest disabling bookmarks bar and document previously forgotten policies 2024-05-11 19:44:16 +03:00
enable-tab-suspend.json chromium: allow manifestv2, enable chromecast, safebrowsing, passwordleakdetection, efficiencymode, suggest disabling bookmarks bar and document previously forgotten policies 2024-05-11 19:44:16 +03:00
english.json {firefox,chromium}: mess up locales once again 2024-06-13 20:24:09 +03:00
finnish.json {firefox,chromium}: mess up locales once again 2024-06-13 20:24:09 +03:00
fix-edge-search.json chromium: move edge policy from recommended searches to managed/fix-edge-search.json 2024-03-28 18:53:15 +02:00
generative-ai.json chromium/managed: add generative-ai.json 2024-05-12 18:40:48 +03:00
https-everywhere.json chromium/managed: merge enable-ech-ocsp.json into https-everywhere.json 2024-05-17 16:15:34 +03:00
prefetch.json chromium policy & documentation: cleanup 2024-05-18 18:22:54 +03:00
profilemanager.json chromium policy & documentation: cleanup 2024-05-18 18:22:54 +03:00
README.md {firefox,chromium}: restore QR code extensions as they are never around when needed 2024-06-05 10:10:35 +03:00

Chromium policies

amber-theme-colour.json.sample

Automatically generated theme colour based on “amber” (#ffb700), it looks kind of fancy, but doesnt feel like its for me.

aminda-extensions.json

As I cannot separate the keys to multiple files I am forced to keep them in one and separate by what the file does, aminda-extensions.json is unlikely to overlap with someone else.

Changing normal_installed to force_installed would also prevent uninstallation.

This does contain some bloat or something not necessary in all situations or even overlapping extensions, but there is an important side goal of teaching users to disable extraneous extensions they dont need (unless I decide they do need something and thus its force_installed.

3rdparty

  • bkdgflcldnnnapblkhphbgpggdiikppg - DuckDuckGo
  • caoacbimdbbljakfhgikoodekdnlcgpk - DuckDuckGo
  • cjpalhdlnbpafiamejdnhcphjbkeiagm - uBlock Origin
  • ddkjiahejlhfcafbddmgiahcphecmpfh - uBlock Origin Lite
  • mlojlfildnehdpnlmpkeiiglhhkofhpb - AdNauseam
  • pkehgijcmpdhfbdbbnkijodmdjhbjlgp - PrivacyBadger

Silk - Privacy Pass Client for the browser

  • ajhmfdgkijocedmfjonnpjfojldioehi

Silk or Privacy Pass has a chance of decreasing the amount of captchas especially from Cloudflare when “suspicious” traffic is detected.

To intentionally trigger it and what should be allowed in NoScript:

QR Code

  • cbimgpnbgalffiohilfglgkkhpegpjlo

Plasma Integration

  • cimiefiiaegbelhefglklhhakcgmhkai

Does a lot of small things on KDE Plasma which my family uses (and me too, when I am not on Sway). For example media player integration to Plasma, downloads indicator/control, KDE Connect, alt-f2, etc.

uBlock Origin

  • cjpalhdlnbpafiamejdnhcphjbkeiagm

Blocked for Ad Nauseam

LocalCDN

  • njdfdhgcmkocbgbhcioffdbicglldapd

Ruffle

HTTP Indicator

  • hgcomhbcacfkpffiphlmnlhpppcjgmbl

Displays whether a web page was loaded over HTTP/2 or HTTP/3 etc.

Fedora User Agent

  • hojggiaghnldpcknpbciehjcaoafceil

Communicates websites that Ubuntu isnt the only Linux distribution and makes some offer rpm packages directly.

Snowflake

  • mafpmfcccpbjnhfhjnllmmalhifmlcie

IPvFooBar

  • iimpkhokkfekbpmoamlmcndclohnehhk

uBlock Origin Lite

  • ddkjiahejlhfcafbddmgiahcphecmpfh

AdNauseam

  • mlojlfildnehdpnlmpkeiiglhhkofhpb

Complementing PrivacyBadger with an adblocker so first profile runs have at least something to block Malvertising now that I no longer enable NoScript out of the box.

uBlock Origin

  • odfafepnkmbhccpbejgmiehpchacaeak

yes, its the second time ,one is edge, one is chrome

Bitwarden

  • nngceckbapebfimnlniiiahkandclblb

The password manager of my choice. For the managed settings see here, although that only applies to self-hosters.

Privacy Badger

  • pkehgijcmpdhfbdbbnkijodmdjhbjlgp

Configured to learn locally and also in incognito as opposed to only relying on vendor list. Also not display the “Welcome to Privacy Badger screen”.

See also:

black-theme-colour.json.sample

Sets the theme colour as black. This is managed instead of recommended, because even the recommended policy seems to block theme changing.

.sample suffix is there so maybe I will stop applying this policy and thus disabling GTK/Qt themes.

brave-shields-disabled.json

Allowlist for sites where I think Brave Shields may be breaking things. Similar is also in aminda-extensions.json for Privacy Badger.

disable-brave-ipfs.json

Disables Brave integrated IPFS node.

disable-brave-rewards-wallet.json

Disables Brave rewards and wallet.

disable-brave-tor.json

Disables Tor in Brave as I recommend using Tor Browser instead.

disable-brave-vpn.json

Disables Brave VPN, which is the most annoying feature that has group policy that I can see.

disable-floc.json

Disables floc or ad topics that are against privacy.

doh-adguard-dns0.json

dph-adguard.json

doh-adguard-unfiltered.json

doh-cloudflare-secure.json

Sets Cloudflare with malware protection as the forced DNS-over-HTTPS server.

doh-disabled

doh-dns0.json

Simply forces DNS-over-HTTPS with DNS0.eu.

doh-dns0-kids.json

doh-dns0-open.json

doh-dns0-zero.json

doh-google64.json

doh-google.json

doh-mullvad-base.json

Forces DNS-over-HTTPS with Mullvad Base, which features ad, malware & tracker blocking.

doh-quad9-ecs.json

Forces DNS over HTTPS with Quad9 ECS enabled threat-blocking server and also contains their alternative port.

doh-quad9.json

Forces DNS over HTTPS with Quad9 threat-blocking server and also contains their alternative port.

doh-unlocked-unset.json

Allows configuring DoH even with managed policies present (unless another DoH rule is in force) since enabling any managed policy will otherwise gray out the option.

If no DNS over HTTPS policy is used, this unlocks the setting. Enabling managed policies disable it by default.

My other doh-*.json set this as well, because secure doesnt allow downgrade to system resolver and Chromium seems somewhat unreliable with it often reporting DNS_PROBE_POSSIBLE and while this occassionally disables ECH, it works and my system resolvers are encrypted. I hope they will implement ECH with system resolver soon to fix this.

edge-appsfavorites.json

Edge apps in favorites bar.

edge-newtabapps.json

Should enable apps in new tab page, although I am not seeing it.

edge-screenshots.json

Explicitly enables screenshotting-

enable-chromecast.json

Explicitly enables Chromecast support.

enable-labs.json

Enables the beaker button “Experiments” for easier management than about:flags.

enable-passwordleakdetection.json

Warns about password reuse, although that may only be with Google account.

enable-tab-suspend.json

Enables the efficiency mode which suspends background tabs.

fix-edge-search.json

Tells Microsoft Edge to redirect queries from new tab search box to URL bar effectively forcing it to respect user configured search engine instead of stealthily sending those queries to Bing.

generative-ai.json

Allows using the AI features that I am not seeing anyway, but wont send data back to Google about them.

https-everywhere.json

This file evolved to merge another one, so now it:

  • Online Certificate Status Protocol (OCSP), and Certivicate Revokation List (CRL) checks.
  • Enables Encrypted Client-Hello (ECH), which however requires DNS-Over-HTTPS to be used.
  • Forces HTTPS-only mode to be enabled.
  • Attempts to upgrade http:// queries to https://

prefetch.json

Enables prefetching. Will make sites very speedy, but decreases privacy and may conflict with uBlock Origin. However AdNauseam is already clicking those ads, so maybe its not that big of an issue.

profilemanager.json

Forces the profile screen even with only one profile. I love the feature in Firefox and want to see it here too, now that I accidentally noticed it.

README.md

You are reading this file, are you not?