enhancement: lock down google chrome

[kristovatlas]

• [x] perform checks for each Chrome profile
• [x] Chrome is the default browser (recommended)
• [ ] Chrome is installed (recommended) fix via homebrew? (recommended)
• [x] For all Chrome checks, test passes if Chrome not installed
• [ ] Default search engine set to DuckDuckGo (recommended)
• [ ] Guest browsing not enabled (or ought it be?) (recommended)
• [ ] Disable "Let anyone add a person to Chrome" (required)
• [x] Disable "use a web service to resolve errors" (required)
• [x] Disable "use a prediction service to help complete..." (required)
• [x] Disable "use a prediction service to load pages more quickly" (required)
• [x] Disable "Automatically report issues..." (required)
• [x] Enable "Protect you and your device from dangerous sites" -- recommended level since likely privacy tradeoff
• [x] Disable "Use a web service to help resolve..." (required)
• [x] Disable "Automatically send usage statistics" (Required)
• [x] Enable Do-Not-Track (recommended)
• [x] Disable auto-fill forms (recommended)
• [x] Disable offer to save your web passwords (recommended)
• [ ] Disable Google CloudPrint (Recommended)
• Content Settings
  • [ ] Key generation: disable (recommended)
  • [ ] Do not allow any protocol handlers (recommended)
  • [ ] Plugins: Let me choose when to run plugin content (required)
  • [x] Do not allow popups (required)
  • [x] Do not allow any site to track physical location (required)
  • [x] Do not allow unsandboxed plugins (recommended)
  • Plugins
  • [x] Disable flash (recommended)
  • [x] Disable native client (recommended)
  • [x] Disable widevine DRM thingy (Recommended)
• Extensions
  • [x] Check for uBlock Origin (recommended)
  • [x] Check for Ghostery (Recommended)
  • [x] ScriptSafe (experimental)

[kristovatlas]

Some Chromium docs here: https://www.chromium.org/administrators

[kristovatlas]

I've made some good progress with this in the new-configs branch. I now have a script that can read and write the JSON files that Chrome uses for configuration. It appears that there is one preference file for each Chrome profile or "person"; it is simple to find them all with a find command and apply the reads and writes iterative with xargs. The first config I've implemented is the do-not-track header.

[kristovatlas]

Based on my research so far, it's not feasible to install Chrome extensions from the command line, which is arguably a good thing for security reasons. Consequently, if I want to detect the presence of helpful security extensions, the fix will have to be to tell the user to install them manually. I'm considering different ways to make this simple for the user.

[kristovatlas]

It's possible to install Google Chrome with homebrew cask, but I'm still a bit iffy about making users install home brew to fix things, and also I've noticed there is no checksum defined for this brew, increasing MITM vulnerability:

$ brew cask install google-chrome
==> Tapping caskroom/cask
Cloning into '/usr/local/Library/Taps/caskroom/homebrew-cask'...
remote: Counting objects: 3723, done.
remote: Compressing objects: 100% (3668/3668), done.
remote: Total 3723 (delta 68), reused 629 (delta 35), pack-reused 0
Receiving objects: 100% (3723/3723), 6.48 MiB | 4.45 MiB/s, done.
Resolving deltas: 100% (68/68), done.
Checking connectivity... done.
Tapped 1 formula (3,690 files, 15.3M)
==> Creating Caskroom at /usr/local/Caskroom
==> Downloading https://dl.google.com/chrome/mac/stable/GGRO/googlechrome.dmg
######################################################################## 100.0%
==> No checksum defined for Cask google-chrome, skipping verification

[kristovatlas]

Haven't found setting to disable sending usage statistics to Google yet. Edit: Found it, state stored in another file that is profile-agnostic.

[kristovatlas]

There are a few settings that I'm not sure how to handle yet. For example, users probably do not need protocol handlers enabled most of the time, but may occasionally. I think the best way to handle this is to create multiple Chrome profiles ("people") and configure them for specific purposes, such as the use of protocol handlers. However, that means that I don't want to mandate that people disable this feature for all of their Chrome profiles, necessarily.

Perhaps I will create a way to iterate the Chrome profiles and ask the user for input on what profiles are suited for which purposes, but it's not easy.

The configurations I plan to skip for now are not critical, so I'll just leave them as open to-do items for now.

[kristovatlas]

More good reasons to block Flash: https://www.reddit.com/r/netsec/comments/4rf8my/firefox_sameorigin_policy_bypass_cve20157188/

[kristovatlas]

After looking more at guest browsing mode, I think it should be disabled; there doesn't appear to be any GUI support for configuring the guest profile to use security-friendly extensions or otherwise configure guest browsing mode.