> This change caused my chromium browser to report that it's being managed by
my "organization". I thought that my machine was somehow compromised. This
is terrifying! I wound up deleting my entire chromium profile before I
discovered that the root cause was this DuckDuckGo config change.
Yeah, that was alarming. Figuring out that it was innocuous took me 15-30 minutes of urgent, drop-everything-else work.
I should've thought to post a Debian bug report after that (especially since the Debian bugs database was one of the first things I checked). I'd reported the cause informally to some colleagues, and then must've gotten distracted with what I was trying to do before I saw the suspicious message.
Putting even more identifying information into User Agent strings seems completely insane, who's interests is that meant to serve? The number of people in any town with Fedora in their UA must be minuscule, that blows a huge number of 'privacy bits', and for what?
I think it's for installation tracking to some degree -- they do this by the browser user agents but _also_ machine-ids sent with DNF (the package manager)
I love the project, I really dislike this 'gather things that might be useful to someone' behavior and having to MITM my system to see what it's actually doing
I'm on a fresh install of Fedora 36 (KDE Spin) and my Firefox UA is currently showing as "Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0".
Uh, no?
This is managed policy, and this is a 100% good way of letting the user know that someone else has control of their settings
Just because Debian thinks that they are doing the right thing, they are in fact, controlling the user's settings through a policy
It's just telling you that, as it should.
The notion that it has anything to do with keeping search the default or not is like, such a silly assumption i don't know where to begin.
The feature overall came from a desire of enterprises to manage browser settings. Back then, Google was one of the first to tell you someone was doing that to you so that you knew your organization could see and control your settings.
IE had a deployment kit that let you deploy managed browser settings, but you didn't get told (this changed, eventually, i think, it's been a while)
Letting orgs change the default search engine was an explicit, designed goal, since some wanted to redirect people to their internal searches by default, etc.
There is in fact, another way to do this that is easy and doesn't give the user the same warning, and is meant for software distributors
You can just use master preferences here for this kind of thing and it is meant for this use case.
Google in fact, made this easy and officially supported, despite your claim.
It would likely be pretty silly to make this hard - end users aren't using these interfaces or tools, and distributors always know how to change this stuff .
As HN as grown in popularity, the sheer number of kneejerk reaction comments has unfortunately kept pace (IE the overall percent has not dropped. Even sadder, nobody ever goes back and edits it or replies and was like "you know what, i was probably wrong".
They feel comfortable moving on and doing it again.
It says "Managed by your organization." every time you click the menu button. It's even in a different background color and bigger margins.
If you click it, it says "Your administrator can change your browser setup remotely. Activity on this device may also be managed outside of Chromium. Learn more"
I made the policy myself and copied it myself. The remote part is purely conjecture on part of Google. The second part about further management also feels out of place.
Then on every setting that's been changed by policy there's a building icon that says "This setting has been changed by your administrator." That's probably the only message that needs to be there.
On its own it seems innocent and useful, but compare this to the number of steps you have to take to eg.: delete Google cookies.
> The remote part is purely conjecture on part of Google
Accurate conjecture nonetheless. If a 3rd party has dropped a managed policy file onto your install, it's reasonable to assume they can drop an updated one which does all the scary stuff at any time. It's a waste of effort for Chrome to parse the current profile when the mere presence of one can compromise security.
More along the lines of "printer on fire" due to the perceived urgency. But yes, this message follows in a long tradition of make-the-message-as-scary-as-possible going back literally decades.
Because those are the default browser settings. As explained, there is another more appropriate way to change default settings for distributions. The way Debian did it is more for enterprise management.
"Just because Debian thinks that they are doing the right thing, they are in fact, controlling the user's settings through a policy It's just telling you that, as it should."
But by default isn't Google controlling the user's setting through a policy. The policy includes, among other things, the rule that Google is the default search engine. (Needless to say, that setting is a cash cow.)
And in fact, the user that manually changes the default policy herself, i.e., changes the default search engine to something other than Google, versus delegating the decision to a third party such as Debian or Google, cannot remove Google as a search engine choice! It is greyed out. Permanent. Chrome binary allows users to delete all the other choices, except Google.
Probably was not specific enough here. Chrome binary on ChromeOS. The anticompetitive, manipulative tactics are reminiscientof Microsoft's including Internet Explorer in Windows.
If you read the thread linked in the comment you replied to [1], the Debian folks added a JSON file to `/etc/chromium/policies/managed` when they should have edited `/etc/chromium/master_preferences` (a different JSON file). If they had done that, there would be no message.
Everyone on the thread agrees that's a better solution.
Reporting that there is a policy is no bug, but maybe there should be a way to signify that it's customized by your software vendor (i.e. signed and keys are compiled in) and that it just sets the default search engine.
Chromium does change the message to "This device is managed by <google workspaces domain>" if attached to Chrome Enterprise.
The policy config is designed for enterprises, not software distributors. It's Debian that's taking an unnecessary shortcut here. They could've patched the source code to change the default search engine.
No, preconfigured profiles are not the right way to solve this, as the message clearly indicates, pre-configured profiles are designed to be managed by the owner of the computer, not the software distributor. The right way to solve this would be to change the built-in default that applies before any profile is processed. This also would allow any other profile to override it if they wanted.
They are referring to the fact that Firefox does the exact same thing as Chromium if certain settings are changed via enterprise policy. Here's a screenshot from my browser: https://i.imgur.com/pNMMKUC.png
I really don't understand why Debian wouldn't just patch the source code to change the default search engine rather than shipping an enterprise policy like this.
People sometimes absentmindedly misspeak. Either that happened and you can politely s/Firefox/browser/ so that the comment reads as a reasonable, even insightful contribution to the discussion, or the comment is utter nonsense and you can feel smug that you’re not as stupid as they must be. Granting the former interpretation is the more charitable option.
You should also understand that “Surely…” doesn’t mean the same thing as “I am sure”. “Surely…” is a plea for sanity.
> This change caused my chromium browser to report that it's being managed by my "organization". I thought that my machine was somehow compromised. This is terrifying! I wound up deleting my entire chromium profile before I discovered that the root cause was this DuckDuckGo config change.
https://bugs.debian.org/956012