Jammy update

I don't know if 256M is too big. However, I have confirmed that 128M is
not enough( still crashes ).

reference: https://github.com/pytorch/pytorch/issues/2244

.gitignore

@@ -1,3 +1,3 @@
 openvpn
-local
+shared
 *~

Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:bionic
+FROM ubuntu:jammy
 
 RUN apt-get update && apt-get install -y firefox \
   curl sudo openvpn transmission \
@@ -24,3 +24,4 @@ COPY files/start-openvpn-blocking.sh /home/user/
 
 ENV HOME /home/user
 ENTRYPOINT ["/bin/bash", "/home/user/start.sh"]
+CMD ['firefox']

README.md

@@ -10,10 +10,10 @@ without any cookies, history or such.
  2. (optional) Create a directory `openvpn` and put your `openvpn.conf` there.
     Make sure it's called `openvpn.conf` and all extra files it may need are
     also in the `openvpn/` directory (this will be mounted in the container)
- 3. Start container `./run.sh`
+ 3. Start container `./run.sh firefox`
 
- Also `ASSERT_COUNTRY=Finland ./run.sh` to check that ifconfig.co thinks that
+Also `ASSERT_COUNTRY=Finland ./run.sh firefox` to check that ifconfig.co thinks
- the your IP address is in a given country before starting Firefox.
+that the your IP address is in a given country before starting Firefox.
 
 ### Disclaimer
 

files/start.sh

@@ -1,12 +1,7 @@
 #!/bin/bash
 set -e
-
+COMMAND="$1"
-# If no profile ...
+echo "$COMMAND"
-if [ ! -d "$HOME/.mozilla" ]; then
-  # create the default Firefox profile and put some settings there
-  firefox -CreateProfile default
-  mv $HOME/user.js `find $HOME/.mozilla/firefox -type d | grep .default`
-fi
 
 OPENVPN_CONF='/etc/openvpn/openvpn.conf'
 if [ -f "$OPENVPN_CONF" ]; then
@@ -29,5 +24,24 @@ if [ ! -z ${ASSERT_COUNTRY+x} ]; then
   fi
 fi
 
-# Start firefox
+# If no profile ...
-firefox
+if [ $COMMAND == "firefox" ]; then
+  # create the default Firefox profile and put some settings there
+  firefox &
+  FIREFOX_PID=$!
+  # Since some recent Firefox version, calling CreateProfile and copying
+  # user.js stopped working on the first use for reasons I could not find on
+  # Google and do not frankly care about. This is the workaround
+  set +e
+  while [ `find $HOME/.mozilla/firefox -type f | grep prefs.js | wc -l` == "0" ];
+  do
+    echo "... waiting for Firefox to start the first time"
+    sleep 1
+  done
+  set -e
+  echo "killing Firefox and copying settings"
+  kill $FIREFOX_PID
+  mv $HOME/user.js `find $HOME/.mozilla/firefox -maxdepth 1 -type d | grep .default-release`
+fi
+
+$COMMAND

files/user.js.d/user.js

@@ -9,3 +9,38 @@ user_pref("browser.onboarding.enabled", false);
 
 // no tracking protection intro
 user_pref("privacy.trackingprotection.introCount", 100);
+
+// use FF's fingeprinting blocker (spoofs various attributes and restricts canvas usage)
+user_pref("privacy.resistFingerprinting", true);
+
+// FF's tracking protection
+user_pref("privacy.trackingprotection.enabled", true);
+
+// Disable PDF's
+user_pref("pdfjs.disabled", true);
+
+// Disable various suspicious telemetry things (from pyllyukko's user.js)
+user_pref("browser.safebrowsing.downloads.remote.enabled", false);
+user_pref("browser.selfsupport.url", "");
+user_pref("dom.flyweb.enabled",	false);
+user_pref("toolkit.telemetry.enabled", false);
+user_pref("toolkit.telemetry.unified", false);
+user_pref("experiments.supported", false);
+user_pref("experiments.enabled", false);
+user_pref("experiments.manifest.uri", "");
+user_pref("network.allow-experiments", false);
+user_pref("breakpad.reportURL",	"");
+user_pref("browser.tabs.crashReporting.sendReport", false);
+user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
+user_pref("devtools.webide.enabled", false);
+user_pref("devtools.webide.autoinstallADBHelper", false);
+user_pref("devtools.webide.autoinstallFxdtAdapters", false);
+user_pref("devtools.debugger.remote-enabled", false);
+user_pref("devtools.chrome.enabled", false);
+user_pref("devtools.debugger.force-local", true);
+user_pref("loop.logDomains", false);
+user_pref("browser.pocket.enabled", false);
+user_pref("extensions.pocket.enabled", false);
+user_pref("extensions.shield-recipe-client.enabled", false);
+user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);

run.sh

@@ -2,8 +2,12 @@
 set -eux
 docker run -ti --rm -e DISPLAY \
   --cap-add=NET_ADMIN --device /dev/net/tun \
+  --shm-size 256M \
   -v /tmp/.X11-unix:/tmp/.X11-unix \
   -v `pwd`/openvpn:/etc/openvpn \
+  -v `pwd`/shared:/home/user/Downloads \
   -e ASSERT_COUNTRY \
+  --name docker-vpn-browser-container \
   --dns 1.1.1.1 \
-  docker-vpn-browser
+  docker-vpn-browser \
+  "$@"