Standard web browser management

[Kreyren]

As discussed before we need to standardize a web browser to use within the infrastructure as we are deploying a lot of services that are expected to be used by the users where currently i worked on a firefox hardening configuration in my home-manager module in https://github.com/NiXium-org/NiXium/blob/1ea34b7fb732012a48b71d877e5973abd69e3f99/src/nixos/users/kreyren/home/modules/web-browsers/firefox/firefox.nix

Which works well, but some extensions are impossible to make work in a declarative setup as noted in libredirect/browser_extension#905 and libredirect/browser_extension#872

Additionally there is a problem with management as maintaining our own web browser is a lot of work that is difficult to allocate in a reasonable way that doesn't interfiere with my other projects and maintanance

Thus the proposed management is to certify shizofox as the standard web browser once we integrate features from my setup as it's it's own independent flake.

Same approach should be used for all other web browsers so that the end-user is not limited on the selection.

CC @TanvirOnGH for opinion.

[Tanvir1337x]

While standardizing on Shizofox has potential it comes with many challenges:

• Beta Software: Shizofox is still in beta, and breaking changes are to be expected. (Although way better than ladybird but still quite meh)
• Site Compatibility: Shizofox can (most likely will) break (many if not most) sites and cause various (UB) issues.
• Fingerprinting Risks: Any "super ultra privacy friendly Firefox config" will make you stick out and won't protect you from fingerprinting. If security is the main concern, consider the Tor browser instead (suggested/recommended by them).
• Update and Maintenance Issues: Shizofox isn't receiving regular updates and is maintained by someone who is not an expert in web browsers and security.
• Config Issues: Most if not all of the configurations are (randomly) collected and added without much practicality. The overall setup is overly complex and (somewhat) misguided.

[Tanvir1337x]

https://github.com/SpitFire-666/Firefox-Stuff

[Kreyren]

Revisited ladybird which seems to got much more stable, but still far from usable in our environment, though so far it's positive progress.

[Tanvir1337x]

@Kreyren https://www.zen-browser.app

[Kreyren]

@Kreyren https://www.zen-browser.app -- @TanvirOnGH (#83 (comment))

Seems to be proprietary judging by the lack of source code on their github that they link?

CC @mauro-balades Can you elaborate on what zen browser is?

[mauro-balades]

It's a Firefox fork

[Kreyren]

It's a Firefox fork -- @mauro-balades (#83 (comment))

Care to elaborate? We have firefox fork that might benefit from some of the features

[mauro-balades]

Sorry, I just don't really know what's going on here. What's this issue about?

[Kreyren]

Sorry, I just don't really know what's going on here. What's this issue about? -- @mauro-balades (#83 (comment))

NiXium is open-source code as infrastructure solution for mission critical and high security environment designed to provide public services as a libre hoster while managing ~68 systems and multiple users. For management this issue discussed declaring a standardized web browser which is to be provided by default.

[Kreyren]

Alternative option https://github.com/versotile-org/verso

Appealing option considering that it's written in rust and uses servo, but currently seems to have issues versotile-org/verso#149

[mauro-balades]

@Kreyren https://www.zen-browser.app -- @TanvirOnGH (#83 (comment))

Seems to be proprietary judging by the lack of source code on their github that they link?

CC @mauro-balades Can you elaborate on what zen browser is?

It is open source but due to some accidents, some of the code is not visible on the repo (not closed sourced). But if you want, I can grant you view access

[denjell-crabnebula]

Verso is absolutely not ready yet, give us a few months. :)

[Kreyren]

It is open source but due to some accidents, some of the code is not visible on the repo (not closed sourced). But if you want, I can grant you view access -- @mauro-balades (#83 (comment))

I am rather trying to figure out what you do on top of stock firefox to better understand the implementation tbh.. What accidents?

Verso is absolutely not ready yet, give us a few months. :) -- @denjell-crabnebula (#83 (comment))

I am aware, but thanks for warning :)

[mauro-balades]

I basically add patches to firefox's source code, other browsers started using my code for core components

[Kreyren]

I basically add patches to firefox's source code, other browsers started using my code for core components -- @mauro-balades (#83 (comment))

But if you want, I can grant you view access -- @mauro-balades (#83 (comment))

I guess give me view access? if you have something useful i would like to add that to our firefox configuration.

[Kreyren]

Verso is absolutely not ready yet, give us a few months. :) -- @denjell-crabnebula (#83 (comment))

Can you elaborate on what's not ready? Custom rust-based browser that integrates servo would be worth the effort for me to stabilize and use a pinned commit and if it fails in production we can always fallback to firefox.

Minimal expected functionality:

• M.1. PAC integration / using system proxy configured with PAC -- https://github.com/NiXium-org/NiXium/blob/35dc1a258134234f1601c6124bd4881ef1ba7567/src/nixos/users/kreyren/home/modules/system/pac/kreyren-pac.es
• M.2. Decent adblock ideally ublock origin or alike (hosts.txt and DNS blocking is not enough to get through some websites, but would be tolerable)
• M.3. Declarative configuration -- Overall major problem on firefox as it uses sqlite database that is hard to reproduce in a functional way e.g. ublock origin can be configured via https://github.com/NiXium-org/NiXium/blob/central/src/nixos/users/kreyren/home/modules/web-browsers/firefox/firefox.nix#L140-L178 which uses firefox enterprise policies that are also used to configure the whole browser.
• M.4. Websites working -- Seems that servo has decent-ish conformance or is there anything known that could break website functionality?
• M.5. Letterboxing -- https://fingerprint.com/blog/can-letterboxing-prevent-browser-fingerprinting
  • Complicated by Tracking: implementing Flexbox in Layout 2020 servo/servo#26639

Ideal expected functionality;

• I.1. User Agent Randomization e.g. Random User Agent Switcher
• I.2. DarkReader-like functionality for websites that do not respect system theme
• I.3. SponsorBlock
• I.4. DeArrow
• I.5. LibRedirect-like functionality mainly using the search engine to load searx instances
• I.6. ClearURLs-like functionality to strip tracking bits from hyperlinks e.g. brave has this built-in
• I.7. JumpCutter -- Extension that speeds up the silent parts in videos
• I.8. Refined Github
• I.9. Eye-candy e.g. https://github.com/Godiesc/firefox-gx as some nixium users are ricers.