Do we all see the same thing on the internet?

The ABC used to only hire people with an Oxford “received pronunciation” accent for voice work - up till the mid 1970’s or so…
My mum was an actress and auditioned for lots of voice work and television - and was told her accent to too Australian for the ABC - WTF? She doesn’t talk like an “ocker” (e.g lower working class / blue collar [now mostly hi-viz tradesman or “tradie”]) either - I guess more like Kylie Minogue’s accent maybe?

BTW - something in ITSFOSS discourse reset my preference to the glaring white - I had to hunt around in my forum settings to put it back to “Dark Mode” - so - a few of us see different things on the internet - where I can - I have websites appear in “dark mode” - also - I’m colour blind - so I don’t necessarily see what everybody else does

Mine too.
I reset it to dark, and then the pulldown under my icon with the activities in it became very confusing so I switched back to glaring white.
I think there must be a new version of discourse?
I had a half dark setting with green and orange, but it does not seem to be available now.?

What a load of rubbish.

I haven’t seen any difference.
Which browser do you mainly use?

Mainly Samsung browser in Android, but also Firefox in Linux.
Come to think of it, nothing changed in Firefox… but I had a white setting there anyway.

Correction
I can change to dark mode in Szmsung browser… thst is OK.
Whst I tried before was high-contrast mode… that was strange

What I haspd up until yesterday was a half-dark mode with orange snd green colors on a cream background. That seems to have disappeared.

This seems to be browser related rather than site?

I cant see any dark/light adjustments here but have known it on other sites.

Yes. I think I must have had a Samsung browser update.

I really like the 10 inch tablet for itsfoss… except when I need to check something in a Linux.

Hi Neville,

Absolutely. You get a pristine browser this way which has never seen any page on the internet before.

Where are those cookies stored
I always wanted to ask this question.

Many greetings from Rosika

I suppose inside ~/.mozille
but what is of concern is info that the cookies send back to Mozilla or wherever.

You can turn off cookies in firefox. Some websites object if you do that. Maybe you could get away with that for banking?

Thanks, Neville,

Ah, I see.
So running:

• firejail --private --dns=1.1.1.1 --dns=9.9.9.9 firefox -no-remote # (1)
• firejail --private=[PATH-TO-TEMP-WORK-DIRECTORY] --dns=1.1.1.1 --dns=9.9.9.9 firefox -no-remote # (2)

would be o.k. for most cases.

In (1) cookies are discarded anyway upon closing the browser.
In (2) it´s the same if you delete the working directory afterwards.

However:

that´s something different then.

Cheers from Rosika

Hi Rosika,
So we should run firefox inside firejail with cookies disallowed.
I wonder if you can do that on the firefox command with an option?.. then I could just do it in my script… dont let the cookies operate in the first place.

We may have solved this
Regards
Neville

Hi Neville,

A quick search (with ChatGPT) led me to this:

firefox --private-window --no-remote --safe-mode

Explanation:

• --private-window : Launches Firefox in private browsing mode, which does not store cookies after you close the browser.
• --no-remote : Allows opening multiple instances of Firefox without affecting the existing ones.
• --safe-mode : Starts Firefox in safe mode, which disables extensions and some settings that could allow cookies to be stored.

If you specifically want to disable cookies through Firefox settings without affecting your overall setup, you can also configure the preferences directly in Firefox:

Type about:config in the Firefox address bar.

Search for the setting network.cookie.cookieBehavior.
Set the value to 2 (Block all cookies).
You can add this as a preference when launching Firefox from the terminal as well with a new profile or an existing one.

I haven´t tried it myself yet, but a look at:

suggests that those command line options exist.

Many greetings from Rosika

@nevj :

Hi Neville,

It might get even better:

My question:

Linux: Is there a terminal-command for running any application within thefirejail sandbox with cookies disallowed?

Perplexity suggested the following:

Yes, you can use a terminal command to run an application within Firejail with cookies disallowed. Here’s how you can do it:

firejail --private-tmp --disable-mnt --nodbus --no-u2f --nodvd --nogroups --nonewprivs --noroot --notv --nou2f --novideo --private-cache --private-dev APPLICATION_NAME

Replace APPLICATION_NAME with the name of the application you want to run.

This command does the following:

–private-tmp: Creates a new /tmp directory
–disable-mnt: Disables /mnt, /media, /run/mount and /run/media
–nodbus: Disables D-Bus
–no-u2f: Disables U2F devices
–nodvd: Disables DVD and audio CD devices
–nogroups: Disables supplementary groups
–nonewprivs: Sets the NO_NEW_PRIVS prctl
–noroot: Prevents the user from using sudo or su
–notv: Disables TV devices
–nou2f: Disables U2F devices
–novideo: Disables video devices
–private-cache: Creates a new browser cache
–private-dev: Creates a new /dev directory

These options create a very restrictive environment that should prevent the application from storing or accessing cookies. The --private-cache option in particular creates a new, empty browser cache, which is where cookies are typically stored.

Perhaps it´s worth giving it a try… .

Cheers from Rosika

P.S.:

For even more cookie-specific restrictions, you could add:

--env=MOZ_DISABLE_CONTENT_SANDBOX=1 --env=MOZ_DISABLE_GMP_SANDBOX=1 --env=MOZ_DISABLE_RDD_SANDBOX=1

These environment variables disable various Firefox sandboxes that might interfere with cookie restrictions.

Remember that this is a very restrictive setup and may cause some applications to malfunction. You may need to adjust the options depending on the specific application and your requirements.

Jeeze, you guys dig deep.
Keep going, it’s very interesting.

Hi Rosika,
That is an understatement. it is a perfect solution.
Thank you.I will be trying it tonight
I might also shift to Waterfox

You are way ahead of me with this AI help business.
It is proving useful for linux howto’s
Regards
Neville.

I’m a light side user. I try to stay away from the dark side.

I have dabbled with Palemoon and Waterfox for a browser, but it’s been a long time.

I’ve started to use Copilot more and more. I notice most on here tend to mention ChatGPT. Is there a reason not to use Copilot? I spread it around to Gemini sometimes. I did download an AI model and run it locally via LM Studio.

Hi Rosika,
I tried it

$ cat safefox2
#!/usr/bin/bash
firejail --private-tmp --disable-mnt --nodbus --no-u2f --nodvd --nogroups --nonewprivs --noroot --notv --nou2f --novideo --private-cache --private-dev --dns=1.1.1.1 --dns=9.9.9.9 firefox -no-remote

There was an error

Error: invalid --no-u2f command line option

So I removed --no-u2f
and it works, with a few messages

$ ./safefox2
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Error: Cannot relax dbus-user policy, it is already set to block
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-proc.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Ignoring "dbus-user.own org.mozilla.*" and 1 other dbus-user filter rule.
Parent pid 7095, child pid 7098

DNS server 1.1.1.1
DNS server 9.9.9.9

Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Warning: cleaning all supplementary groups
Warning: Replacing profile instead of stacking it. It is a legacy behavior that can result in relaxation of the protection. It is here as a temporary measure to unbreak the software that has been broken by switching to the stacking behavior.
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 205.02 ms
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
[Parent 10, Main Thread] WARNING: Failed to create DBus proxy for org.a11y.Bus: Could not connect: Permission denied
: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:201

** (firefox:10): WARNING **: 21:30:51.088: Failed to create DBus proxy for org.a11y.Bus: Could not connect: Permission denied


Parent is shutting down, bye...


nevj@trinity:~
$ ./safefox2
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Error: Cannot relax dbus-user policy, it is already set to block
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-proc.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Ignoring "dbus-user.own org.mozilla.*" and 1 other dbus-user filter rule.
Parent pid 7266, child pid 7267

DNS server 1.1.1.1
DNS server 9.9.9.9

Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Seccomp list in: !chroot, check list: @default-keep, prelist: unknown,
Warning: cleaning all supplementary groups
Warning: Replacing profile instead of stacking it. It is a legacy behavior that can result in relaxation of the protection. It is here as a temporary measure to unbreak the software that has been broken by switching to the stacking behavior.
Warning: Cannot confine the application using AppArmor.
Maybe firejail-default AppArmor profile is not loaded into the kernel.
As root, run "aa-enforce firejail-default" to load it.
Child process initialized in 185.67 ms
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
[Parent 9, Main Thread] WARNING: Failed to create DBus proxy for org.a11y.Bus: Could not connect: Permission denied
: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:201

** (firefox:9): WARNING **: 21:32:07.285: Failed to create DBus proxy for org.a11y.Bus: Could not connect: Permission denied

[Parent 9, Main Thread] WARNING: Failed to create DBus proxy for org.freedesktop.UPower: Could not connect: Permission denied
: 'glib warning', file /builds/worker/checkouts/gecko/toolkit/xre/nsSigHandlers.cpp:201

** (firefox:9): WARNING **: 21:32:09.995: Failed to create DBus proxy for org.freedesktop.UPower: Could not connect: Permission denied


Parent is shutting down, bye...

During the session I logged into my bank successfully, so I has not interfered with access.

Now I have to check your cookie-specific restrictions

For even more cookie-specific restrictions, you could add:

--env=MOZ_DISABLE_CONTENT_SANDBOX=1 --env=MOZ_DISABLE_GMP_SANDBOX=1 --env=MOZ_DISABLE_RDD_SANDBOX=1

These environment variables disable various Firefox sandboxes that might interfere with cookie restrictions.

So the new script is

#!/usr/bin/bash
firejail --private-tmp --disable-mnt --nodbus --nodvd --nogroups --nonewprivs --noroot --notv --nou2f --novideo --private-cache --private-dev --dns=1.1.1.1 --dns=9.9.9.9 firefox -no-remote --env=MOZ_DISABLE_CONTENT_SANDBOX=1 --env=MOZ_DISABLE_GMP_SANDBOX=1 --env=MOZ_DISABLE_RDD_SANDBOX=1

and it works too, I can access the bank site.
My bank has 2FA and that still works.

So I think we have a new more secure method.
Dont know how I can check if cookies are still being used.?
I might try Waterfox instead of Firefox next.

Regards
Neville

Hi again to all,

sorry for my belated reply.

@pdecker :

No reason whatsoever.

It´s just that I´ve never used either Copilot nor Gemini so far.
I might try them out. Thanks for the suggestion.

So far my experience is just with ChatGPT and a little bit with Perplexity.

@nevj :

Thanks a lot for trying it out.

I was already wondering about that option.
But it does exist. I just looked it up in the man-pages:

--nou2f
              Disable U2F devices.

But the syntax is different:

No hyphen between. Just one expression. That must be it.

Perhaps the syntax has changed with firejail´s versions.
Or perhaps perplexity just made a mistake.

BTW:
My firejail version is: 0.9.72

But you got in running after all. Great success, Neville.

Hmm. Good question. Off the top of my head I can´t think on any method.
I´ll have to investigate.

Cheers from Rosika

It had both --nou2f and --no-u2f
That has to be a mistake , probably from mixing different sources.

Hi Neville,

Hmm, I wonder. As this option really is available (the man-pages say so)…
… is your firejail-verion 0.9.72, like mine is

Cheers from Rosika

Will have to check tomorrow.
It is in MX23. So will be the same version as Debian 12.

Distribution 	Debian 12 (Bookworm)
Repository 	Debian Main amd64 Official
Package filename 	firejail_0.9.72-2_amd64.deb
Package name 	firejail
Package version 	0.9.72

Why is that important?