no{Clutter,Pocket,Studies,Tunnels,Updates}: document

author: tilpner 2020-04-05 22:03:29 +0200
committer: tilpner 2020-04-05 22:03:29 +0200
commit: 9e60a30afa8aef1fd2258a0217b02cdb3bd123a5 (patch)
tree: 9aca4a945d45ac0239ac951bee271a3f08672085 /profiles/noTunnels.nix
parent: d8aa4a201e5c78ccfa5b61aee603b665f8d36e40 (diff)
download: firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.tar.gz
firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.tar.xz
firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/profiles/noTunnels.nix b/profiles/noTunnels.nix
index f8f5154..292b034 100644
--- a/profiles/noTunnels.nix
+++ b/profiles/noTunnels.nix
@@ -1,4 +1,14 @@
 { }: {
+  meta.description = ''
+    Take reasonable precautions against the use of a proxy, or an encrypted DNS tunnel.
+
+    This can make sense if we do DNS-level filtering, and the user does not have full control
+    over the device they're using.
+
+    If a motivated user has local write and execution privileges, it is unlikely that we can prevent
+    them from circumventing these restrictions.
+  '';
+
   policies = {
     DNSOverHTTPS = {
       Enabled = false;
author	tilpner	2020-04-05 22:03:29 +0200
committer	tilpner	2020-04-05 22:03:29 +0200
commit	9e60a30afa8aef1fd2258a0217b02cdb3bd123a5 (patch)
tree	9aca4a945d45ac0239ac951bee271a3f08672085 /profiles/noTunnels.nix
parent	d8aa4a201e5c78ccfa5b61aee603b665f8d36e40 (diff)
download	firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.tar.gz firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.tar.xz firefox-profiles-9e60a30afa8aef1fd2258a0217b02cdb3bd123a5.zip