Update Chromium-Edge "3-Browser-Profiles" Solution

  • Thread starter ForgottenSeer 85179
  • Start date
F

ForgottenSeer 85179

In the top right in ChromiumEdge you can click the avatar and switching between profiles is possible without problems. So why i say that?
Because of this easy solution, you can isolate Websites in a own, real Container and Websites can't read your private data!

I make 3 different profiles:
# Default - which is the default ones obviously and only used for Surfing
# Banking - which is only used for Banking and Shopping
# Local - which is only for local sites like Router, PiHole, NAS, ...

Based on some threads and own research, here how i set it up:
Default:
# Addons: ClearURLs + ublock Origin + uMatrix (all from Google Store because of faster updates and i don't know the WindowsStore uBlock Origin dev)
# Strict Privacy in Edge settings
# DnT header in Edge settings
# Cache cleaning in Edge settings
# no website navigation error help in Edge settings
# PuP & SmartScreen enabled in Edge settings
# block 3th party cookies in Edge settings
# block plug-ins outside of sandbox in Edge settings
# block payment provider in Edge settings
# block USB access in Edge settings

Banking:
# uBlock Origin from Google (from Google Store because of faster updates and i don't know the WindowsStore uBlock Origin dev)
# Strict Privacy in Edge settings
# DnT header in Edge settings
# Cache & history cleaning in Edge settings
# no website navigation error help in Edge settings
# PuP & SmartScreen enabled in Edge settings
# block 3th party cookies in Edge settings
# JavaScript disabled by default in Edge settings
# block automatic downloads in Edge settings
# block plug-ins outside of sandbox in Edge settings
# block payment provider in Edge settings
# block USB access in Edge settings
# blocking all HTTP content (not even JavaScript) with uBlock Origin

Local:
# no addons
# Strict Privacy in Edge settings
# No DnT header in Edge settings
# no browser cleaning in Edge settings
# no website navigation error help in Edge settings
# PuP & SmartScreen enabled in Edge settings
# block 3th party cookies in Edge settings
# JavaScript disabled by default in Edge settings
# block automatic downloads in Edge settings
# block plug-ins outside of sandbox in Edge settings
# block payment provider in Edge settings
# block USB access in Edge settings

Also all profiles use the same configured Edge flags, which you can read about at Microsoft Edge - Chromium-Edge Flags

Now you maybe wonder what happend if you open a site in a "wrong" profile. Well, we can block whole sites in uBlock Origin ;)
For that, we just need to add own uBlock Origin filter like:
www.blizzard.com/*
In the my-ublock-backup_DEFAULT.txt attachment you will find that as example and you need to change it to your needs.

Also in Banking profile i use the following uBlock Origin filter (remember that you need my config as this doesn't work with default uBlock Origin config!):
HTTP://*^$all
which block every HTTP content (not even JavaScript) which you can see in the my-ublock-backup_BANKING.txt attachment.

The my-umatrix-backup_DEFAULT.txt is builded for maximum web compatibility while provide maximum privacy and security.

In the Local profile no addons are needed, as only very few sites are needed and JavaScript is disabled by default with nativ management so even open "wrong" sites isn't a problem as scripts are not enabled.

TL;DR:
This is a very easy and native solution if the config is once done, but of course user's still need to watch what they're doing - even if such a solution is very hardened and should defend against common attacks.
Have fun!
 

Attachments

  • my-ublock-backup_BANKING.txt
    2.8 KB · Views: 598
  • my-umatrix-backup_DEFAULT.txt
    4 KB · Views: 591
  • my-ublock-backup_DEFAULT.txt
    3 KB · Views: 645

gonza

Level 1
Sep 10, 2019
20
I use my browsers like this. Firefox with containers and Edge with profiles. With Edge, you can pin different profiles to the taskbar or create shortcuts to open a profile.

Shortcut example:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default or if you want to open a different profile "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Profile 1"

With Vivaldi, you can create a shortcut from the profile menu.
 

Attachments

  • Example.png
    Example.png
    22.2 KB · Views: 357
F

ForgottenSeer 85179

Here a big update with less hassle!:
Important: This setup is build for using NextDNS as DNS provider!

Changes to Default:
# Addons: AdGuard from Microsoft Store
# in Edge permissions -> Popups and redirection add http://* to block list
# in Edge permissions -> Serial ports: disable
# in Edge permissions -> JavaScript: enable + add http://* to black list
[only if external PDF reader is used!] # in Edge permissions -> PDF documents: enable "Always open PDF files externally"

Changes to Banking:
# Addons: none
# Privacy in Edge settings to: balanced
# block all cookies by default and allow only needed sites
# blocking all HTTP content: not needed anymore

Local:
# DnT header in Edge settings: enable


My AdGuard config is added below as attachment.
It has the following settings (all other are disabled or not changed!):
- Update interval of the filters: 1 hours
- Filter: AdGuard Base filter & AdGuard Tracking Protection filter & Top3000 & Top500 from Kees1958
- Tarn mode: "on", "Hide your search queries", "Remove Tracking Parameters"
- Other: "Activate integration mode", "Send statistics on the use of ad filters", "Display the number of blocked ads on the AdGuard extension icon", "Notify me of extension updates"
Also in Edge extension settings (edge://extensions/) allow AdGuard running in InPrivate sessions

20200807_195931_adg_ext_settings_3.4.31.json.txt (remove .txt at the end!)
 

Attachments

  • 20200807_195931_adg_ext_settings_3.4.31.json.txt
    1.1 KB · Views: 538

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
@security123 Nice setup (y)

I run a default Edge profile for banking & buying and a nearly all deny or bock for searching & surfing. The banking & buying only uses the extensions
Blank new tab and Trustpilot, the Searching & surfing Blank New Tab, Adblock for Youtube and uBlock with Kees1958 top3000 and My Filters simular to yours and dynamic filtering allowing 3p-scripts and frames only from nl, uk, com, io, org and net top level domains.

I really like the concept of applying differnt profiles for different browsing purposes.
 
Last edited:
F

ForgottenSeer 85179

Trustpilot, the Searching & surfing Blank New Tab, Adblock for Youtube and uBlock with Kees1958 top3000 and My Filters simular to yours and dynamic filtering allowing 3p-scripts and frames only from nl, uk, com, io, org and net top level domains.
Can't find Trustpilot in Edge Store.

I reduce my setup from uBlock Origin & uMatrix in past to AdGuard and also use now NextDNS which block most stuff and also can block whole TLD's. Much less hassle :)
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
Trustpilot from chrome store. I also switch from Adguard (with stealth mode) and uBlock (with block popunders = block cresting new tabs for some bad behaving websites using script based popups)
 
  • Like
Reactions: Protomartyr

Vitali Ortzi

Level 21
Verified
Dec 12, 2016
1,057
In the top right in ChromiumEdge you can click the avatar and switching between profiles is possible without problems. So why i say that?
Because of this easy solution, you can isolate Websites in a own, real Container and Websites can't read your private data!

I make 3 different profiles:
# Default - which is the default ones obviously and only used for Surfing
# Banking - which is only used for Banking and Shopping
# Local - which is only for local sites like Router, PiHole, NAS, ...

Based on some threads and own research, here how i set it up:
Default:
# Addons: ClearURLs + ublock Origin + uMatrix (all from Google Store because of faster updates and i don't know the WindowsStore uBlock Origin dev)
# Strict Privacy in Edge settings
# DnT header in Edge settings
# Cache cleaning in Edge settings
# no website navigation error help in Edge settings
# PuP & SmartScreen enabled in Edge settings
# block 3th party cookies in Edge settings
# block plug-ins outside of sandbox in Edge settings
# block payment provider in Edge settings
# block USB access in Edge settings

Banking:
# uBlock Origin from Google (from Google Store because of faster updates and i don't know the WindowsStore uBlock Origin dev)
# Strict Privacy in Edge settings
# DnT header in Edge settings
# Cache & history cleaning in Edge settings
# no website navigation error help in Edge settings
# PuP & SmartScreen enabled in Edge settings
# block 3th party cookies in Edge settings
# JavaScript disabled by default in Edge settings
# block automatic downloads in Edge settings
# block plug-ins outside of sandbox in Edge settings
# block payment provider in Edge settings
# block USB access in Edge settings
# blocking all HTTP content (not even JavaScript) with uBlock Origin

Local:
# no addons
# Strict Privacy in Edge settings
# No DnT header in Edge settings
# no browser cleaning in Edge settings
# no website navigation error help in Edge settings
# PuP & SmartScreen enabled in Edge settings
# block 3th party cookies in Edge settings
# JavaScript disabled by default in Edge settings
# block automatic downloads in Edge settings
# block plug-ins outside of sandbox in Edge settings
# block payment provider in Edge settings
# block USB access in Edge settings

Also all profiles use the same configured Edge flags, which you can read about at Microsoft Edge - Chromium-Edge Flags

Now you maybe wonder what happend if you open a site in a "wrong" profile. Well, we can block whole sites in uBlock Origin ;)
For that, we just need to add own uBlock Origin filter like:
www.blizzard.com/*
In the my-ublock-backup_DEFAULT.txt attachment you will find that as example and you need to change it to your needs.

Also in Banking profile i use the following uBlock Origin filter (remember that you need my config as this doesn't work with default uBlock Origin config!):
HTTP://*^$all
which block every HTTP content (not even JavaScript) which you can see in the my-ublock-backup_BANKING.txt attachment.

The my-umatrix-backup_DEFAULT.txt is builded for maximum web compatibility while provide maximum privacy and security.

In the Local profile no addons are needed, as only very few sites are needed and JavaScript is disabled by default with nativ management so even open "wrong" sites isn't a problem as scripts are not enabled.

TL;DR:
This is a very easy and native solution if the config is once done, but of course user's still need to watch what they're doing - even if such a solution is very hardened and should defend against common attacks.
Have fun!
For banking don't use any extension even a trusted one like ublock origin .
Since you can't defend your machine in case the dev gets hacked somehow and updates a malicious extension or a user mistakingly installs a fake copycat extension bundled with spyware with similar name .
 
F

ForgottenSeer 85179

For banking don't use any extension even a trusted one like ublock origin .
Since you can't defend your machine in case the dev gets hacked somehow and updates a malicious extension or a user mistakingly installs a fake copycat extension bundled with spyware with similar name .
You quote my old guide. Look at the new one ;)
 

Amahl Farouk

Level 1
Jan 11, 2021
34
Thanks for the guide! I like the idea of separation from extensions that might be compromised for the Banking profile.

I do wonder if a malicious extension installed in the Default profile can still access a tab from the Banking profile provided you have both tabs open.

I'm pretty sure the sandbox specs cover for this exact scenario but the profiles docs seem to suggest otherwise; they need to be preloaded regardless of the user profile active, this might not be the case. :unsure:
Chromium docs (check out "Security" and "Background Apps and Extensions")
 
F

ForgottenSeer 85179

Thanks for the guide! I like the idea of separation from extensions that might be compromised for the Banking profile.

I do wonder if a malicious extension installed in the Default profile can still access a tab from the Banking profile provided you have both tabs open.

I'm pretty sure the sandbox specs cover for this exact scenario but the profiles docs seem to suggest otherwise; they need to be preloaded regardless of the user profile active, this might not be the case. :unsure:
Chromium docs (check out "Security" and "Background Apps and Extensions")
My guide isn't for security but privacy.
With different profiles and data/ sites separation the privacy is higher because:
  • Site A doesn't get any info that you visit Shop Z
  • Shop Z doesn't tell site A or B any data
  • Phishing is less possible in e.g. Banking profile if Bookmarks are used and/ or if non-bookmarked sites are blocked
  • non-Default profile can be used with different setup for Cookies, Extensions, Anti-Tracking, ..
That's the whole reason using different profiles for different tasks :)
 

mkoundo

Level 5
Verified
Jul 21, 2017
239
I do wonder if a malicious extension installed in the Default profile can still access a tab from the Banking profile provided you have both tabs open.

I'm pretty sure the sandbox specs cover for this exact scenario but the profiles docs seem to suggest otherwise; they need to be preloaded regardless of the user profile active, this might not be the case.


As per Andy's suggestion, a separate user account for banking only is more secure. See the following:

 

Amahl Farouk

Level 1
Jan 11, 2021
34
As per Andy's suggestion, a separate user account for banking only is more secure. See the following:

Indeed, simple Edge profiles don't seem to provide any major security benefits. A whole separate windows user account just for banking in this case would be preferable. Still, for privacy I think Edge's profiles provide some nice features.
 

Lenny_Fox

Level 22
Verified
Oct 1, 2019
1,125
Everyone on Windows10 Pro with 8 GB RAM and higher has easy access to VM-sandboxed Edge using Application Guard (link). I think it was @harlan4096 who made a nice setup guide (which I followed, forgot the link). Only thing I did was enabling keeping data (persistent between sessions) in Group Policy. I also have three profiles
1. Strict (the Ninja icon) - with most settings maxed out for security (nearly all site permissions on block except content related permission) with uBlockOrigin and Blank New Tab as extensions
2. Default (Panda icon) - with everything on default without extensions
3. Sandbox (Cactus icon) - same settings as strict only this one runs in VM-Sandbox of Application Guard
 
Top