Re: Icecat and ungoogled chromium in a container

[Wojtek Kosior via <help-guix@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 5417 bytes --]

> Hi,
> 
> thank you.
> 
> I downloaded this file with wget.
> 
> But how can I now use it? What do I have to do?
> 
> Is it only for icecat? or can I use it also for chromium?
> 
> Kind regards
> 
> Gottfried

It seems the file Arne showed you is a shell script (well, bash
script). This script can be used to configure a Firefox-based browser
to access a peer-to-peer filesharing network called "Freenet".

I believe Arne didn't want you to run this script as-it-is (it's not
a Freenet-related thread, after all). He probably wanted you to take
inspiration from a part of it that creates and configures an actual
Firefox profile and starts the browser with it. Here's the relevant part

#+BEGIN_SRC shell-script
# if the profile does not exist yet, create it
if ! test -d ${PROFILE_DIR}; then
    mkdir -p ${PROFILE_DIR}
    # setup freenet as proxy and optimize settings
    cat > ${PROFILE_DIR}/prefs.js <<EOF
//Firefox Default Settings
//set proxy server settings
user_pref("network.proxy.http", "$IP");
user_pref("network.proxy.http_port", $PORT);
user_pref("network.proxy.ssl", "$IP");
user_pref("network.proxy.ssl_port", $PORT);
user_pref("network.proxy.gopher", "$IP");
user_pref("network.proxy.gopher_port", $PORT);
user_pref("network.proxy.ftp", "$IP");
user_pref("network.proxy.ftp_port", $PORT);
user_pref("network.proxy.socks", "$IP");
user_pref("network.proxy.socks_port", $PORT);
user_pref("network.proxy.no_proxies_on", "127.0.0.1:8080"); // allow FMS
user_pref("network.proxy.type", 1);
user_pref("network.proxy.socks_remote_dns", true);
// optimize settings for Freenet
user_pref("browser.urlbar.showSearchSuggestionsFirst", false);
user_pref("network.http.max-persistent-connections-per-proxy", 640);
user_pref("network.http.max-persistent-connections-per-server", 240);
user_pref("network.http.max-urgent-start-excessive-connections-per-host", 100);
user_pref("network.http.tcp_keepalive.long_lived_connections", false);
user_pref("network.http.tcp_keepalive.short_lived_connections", false);
user_pref("network.proxy.share_proxy_settings", true);
EOF
fi

BROWSER=$(command -v icecat || command -v waterfox || command -v firefox)

# actually start the browser
# if the first argument is zero, start the default page.
if test -z $@; then
    $BROWSER --profile ${PROFILE_DIR} --no-remote --new-instance http://freenet.local
elif test x"${1:0:4}" = x"USK@" || test x"${1:0:4}" = x"SSK@" || test x"${1:0:4}" = x"CHK@"; then
    $BROWSER --profile ${PROFILE_DIR} --no-remote --new-instance http://freenet.local/$1
else
    $BROWSER --profile ${PROFILE_DIR} --no-remote --new-instance $@
fi
#+END_SRC


In case you don't know: profiles are a feature that allows you to have
multiple browsing environments with just one browser. For example, if
multiple family members are using a single user account on a single
computer, you can have each of them use a separate browser profile.
This way each person can have a separate set of bookmarks, browser
extensions, remembered passwords, browsing history, etc. Independently
of other users.

Probably the more common way of utilizing browser profiles is for one
person to isolate different tasks for better security and privacy. For
example, I have one browser profile with some privacy-enhancing flags
turned off so that I can develop webgl animations in it. And separate
from that, I have another profile for normal browsing.

Although Chromium-based browsers also allow you to use profiles, this
script from Arne is Firefox-specific.

I hope I clarified things a bit :) In case you want to experiment with
profiles, you can navigate to about:profiles in your browser. Shell
scripts are not necessary unless you desire to automate something ;)

Wojtek

P.S. Arne, this looks pretty useful. Do you also happen to know ways to
install Firefox extensions and configure per-site cookie settings from
a script? I'd be very happy to have a way to do it without having to
run Selenium ;)

-- (sig_start)
website: https://koszko.org/koszko.html
PGP: https://koszko.org/key.gpg
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)


On Thu,  2 Mar 2023 14:27:41 +0000
Gottfried <gottfried@posteo.de> wrote:

> Hi,
> 
> thank you.
> 
> I downloaded this file with wget.
> 
> But how can I now use it? What do I have to do?
> 
> Is it only for icecat? or can I use it also for chromium?
> 
> Kind regards
> 
> Gottfried
> 
> 
> Am 01.03.23 um 18:04 schrieb Dr. Arne Babenhauserheide:
> > 
> > Gottfried <gottfried@posteo.de> writes:  
> >> would it be a significant improvement for security if I used
> >> Icecat and ungoogled chromium always in a container?
> >> (I am using Icecat with the Tor browser)  
> > 
> > I’m not sure about security of a container there — it could help if
> > there’s an unpatched vulnerability in icecat, but not so much otherwise.
> > 
> > But what can already help a lot is having a separate profile. Here’s an
> > example script that creates a locked-down profile on the fly:
> > 
> > https://github.com/hyphanet/browser/blob/main/freenetbrowser.in#L177
> > 
> > Best wishes,
> > Arne  
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]