diff options
author | tilpner | 2020-04-05 22:03:29 +0200 |
---|---|---|
committer | tilpner | 2020-04-05 22:03:29 +0200 |
commit | 9e60a30afa8aef1fd2258a0217b02cdb3bd123a5 (patch) | |
tree | 9aca4a945d45ac0239ac951bee271a3f08672085 /profiles/noTunnels.nix | |
parent | d8aa4a201e5c78ccfa5b61aee603b665f8d36e40 (diff) | |
download | firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.tar.gz firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.tar.xz firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.zip |
no{Clutter,Pocket,Studies,Tunnels,Updates}: document
Diffstat (limited to 'profiles/noTunnels.nix')
-rw-r--r-- | profiles/noTunnels.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/profiles/noTunnels.nix b/profiles/noTunnels.nix index f8f5154..292b034 100644 --- a/profiles/noTunnels.nix +++ b/profiles/noTunnels.nix @@ -1,4 +1,14 @@ { }: { + meta.description = '' + Take reasonable precautions against the use of a proxy, or an encrypted DNS tunnel. + + This can make sense if we do DNS-level filtering, and the user does not have full control + over the device they're using. + + If a motivated user has local write and execution privileges, it is unlikely that we can prevent + them from circumventing these restrictions. + ''; + policies = { DNSOverHTTPS = { Enabled = false; |