Michael Altfield's gravatar

Ephemeral Firefox in Ubuntu (1/3)

This post will describe how to create an Ephemeral Firefox session. The ultimate goal of an Ephemeral Firefox session is to unlink your browsing sessions day-to-day and reduce tracking via fingerprinting.

ephemeral firefox

This technique can also be used to compartmentalize your internet activity by using the Ephemeral Firefox session as a Site Specific Browser. This can be especially useful for websites that are infamous for tracking users across the internet and selling the data they collect. For example, you can blacklist all facebook domains in your main browser and only use Ephemeral Firefox sessions that have been whitelisted exclusively for facebook domains--effectively compartmentalizing your facebook activity from the rest of your internet activity.

Another great use-case for an Ephemeral Firefox is for public access computers such as those at libraries, hotels, and printing shops.

Install Prereqs

We utilize a few tools such as firejail to create an Ephemeral Firefox session that must be installed.

user@host:~$ sudo apt-get install firejail secure-delete

Note that firejail can break many apps by replacing several app's binaries with symlinks to prefix their binary with `firejail`. If you don't want to use it for anything other than Ephemeral Firefox, then it may be a good idea to change this behaviour with the following commmnd:

user@host:~$ sudo firecfg --clean

Ephemeral Firefox Script

Copy the following script into '$HOME/bin/ephemeralFirefox.sh', make it executable, and make sure '$HOME/bin' is in your $PATH

user@host:~$ [ ! -d $HOME/bin/ ] && mkdir $HOME/bin
user@host:~$ cat > $HOME/bin/ephemeralFirefox.sh <<'EOF'
#!/bin/bash
################################################################################
# Author:  Michael Altfield <michael@michaelaltfield.net>
# Created: 2019-03-03
# Updated: 2019-03-03
# Version: 0.1
# Purpose: Start an Ephemeral Firefox session
################################################################################

############
# SETTINGS #
############

TMP_PATH="$HOME/tmp/ephemeralFirefox"

###############################
# CLEANUP OLD ORPHAN TMP DATA #
###############################

# loop through all the Ephemeral Firefox temp dirs
for tmpDir in $(find "${TMP_PATH}" -mindepth 1 -maxdepth 1 -type d); do
	# is this temp dir for an Ephemeral Firefox that's still running? Or is it no longer needed?
	if [[ -z `firejail --list | grep "${tmpDir}"` ]]; then
		# this temp dir is no longer needed; delete it
		echo "INFO: shredding data from old Ephemeral Firefox temp dir = ${tmpDir}"
		srm -rfll "${tmpDir}"
	fi
done

###################
# CREATE TEMP DIR #
###################

# first create a temp dir in our (hopefully encrypted) $HOME dir, if first run
[ ! -d "${TMP_PATH}" ] && mkdir -p "${TMP_PATH}"

# create temp dir for ephemeral session
tmpDir=`/bin/mktemp -p "$TMP_PATH" -d`
tmpProfileDir="${tmpDir}/firefoxProfile"
mkdir -p "${tmpProfileDir}"

echo "INFO: created Ephemeral Firefox temp profile dir = ${tmpProfileDir}"

###########################
# START EPHEMERAL FIREFOX #
###########################

# what should the homepage be?
url="${1}"
if [[ -z ${url} ]]; then
	url="https://start.duckduckgo.com"
fi

# try disabling 'seccomp' if you encounter issues
#firejail --ignore=seccomp --whitelist="${tmpProfileDir}" firefox -no-remote -new-instance -profile "${tmpProfileDir}" "${url}"

firejail --whitelist="${tmpProfileDir}" firefox -no-remote -new-instance -profile "${tmpProfileDir}" "${url}"

###########
# CLEANUP #
###########

# fast (secure enough) wipe of tmp dir 
srm -vrfll "${tmpDir}"

# clean exit
exit 0
EOF
user@host:~$ chmod +x $HOME/bin/ephemeralFirefox.sh
user@host:~$ PATH=$PATH:$HOME/bin

As you can see, the above script simply creates a temporary sandbox directory in the user's home directory. The location of this directory is important -- we don't use '/tmp/' as our temp dir because '/tmp/' is often 777 = anyone can read/write/execute inside of '/tmp/'. Instead, we create the tmp directory in the user's '$HOME/tmp' directory. Another benefit of this is that most Ubuntu installs since 2009's Ubuntu 9.04 (Jaunty Jackalope) will at least have the user's home directory encrypted with encryptfs -- if not using Full Disk Encryption, available since 2012 in Ubuntu 12.10 (Quantal Quetzal).

This temporary directory is then used to store the profile data for the Ephemeral Firefox session. Note that this temp directory's data is entirely distinct from any existing Firefox's profiles dirs.

After the Ephemeral Firefox window is closed, the script shreds this temporary directory's data with pseudorandom bits.

We also use firejail to lock the Ephemeral Firefox session in a security sandbox at the kernel-level. This, for example, prevents our Ephemeral Firefox from being able to access most of the user's disk -- including '$HOME/.mozilla/firefox' -- which may store information about the user's activity with their everyday Firefox browser. By default, the only directories that the Ephemeral Firefox will be able to access on your machine other than the temp profile dir are the Desktop and Downloads directories.

ⓘ Note: If you have issues with firejail, you may have an issue with your firejail firefox profile. For example, I had an issue on Ubuntu 18.04 where firefox would start, but it would not have internet access. To debug the firefox profile, I iteratively commented-out the lines in the /etc/firejail/firefox.profile until the issue went away when I commented out the 'seccomp' line.

Desktop shortcut

Now we create an xdg desktop entry and create a symlink to it for a shortcut on the desktop.

user@host:~$ [ ! -d $HOME/.local/share/ ] && mkdir $HOME/.local/share/
user@host:~$ cat << EOF > $HOME/.local/share/ephemeralFirefox.desktop
[Desktop Entry]
Type=Application
Name=Ephemeral Firefox
Icon=firefox
Exec="$HOME/bin/ephemeralFirefox.sh"
EOF
user@host:~$ ln -s $HOME/.local/share/ephemeralFirefox.desktop $HOME/Desktop/
user@host:~$ chmod +x $HOME/Desktop/ephemeralFirefox.desktop
user@host:~$ 

Limitations

Note that this Ephemeral Firefox solution does not (attempt to) achieve anonymity. While an Ephemeral Firefox session may help you avoid websites tracking your internet history via fingerprinting, there are other techniques that can be employed to track your activity other than fingerprinting. One obvious example is your geolocation, ISP, or IP Address. To further avoid tracking via these metrics, consider getting a VPN provider. After getting a VPN, consider setting-up a Whole House VPN.

If you are an investigative journalist, activist, or political dissident looking to safely browse the internet without being tracked by an oppressive regime, this solution is not for you. If you're concerned that an adversary having access to your Internet activity could cause pain, suffering, or loss-of-life, then you should not trust this system to protect you. Instead, you should use TAILS.

If you like the idea of compartmentalization of your firefox activity into an Ephemeral Firefox, you may want to checkout QubesOS. Qubes is an entire OS designed with the principle of security through compartmentalization. Instead of merely creating a disposable Ephemeral Firefox, you can quickly & easily create a Disposable Virtual Machine.

Further Reading

This articles is part 1 of a 3-part series on Ephemeral Firefox. The other parts can be found here:

Related Posts

4 comments to Ephemeral Firefox in Ubuntu (1/3)

  • Max Lambda

    Quick suggestion why not load 'tmp' directory in RAM with tmpfs? It will be more quick and it leaves no residue on the hard drive

    • @Max I like the idea of using tmpfs! But firefox is quite a memory hog, and I could quickly see someone exhausting all their RAM on a machine with just a few Gigs of RAM -- at least doing so with the type of browsing I do: dozens of tabs open on each firefox window and several distinct ephemeral firefox sessions open for compartmentalization of distinct browsing activities (ie: banking, work, personal email, research, etc)

      I also did some experimentation with first creating an encrypted LUKS file volume with a huge random & ephemeral key, mounting that, and then using it as the TMP_PATH (`dd … of=file`, `cryptsetup luksFormat file`, `…luksOpen…`, `mkfs…file`, `mount…`) -- which you may be interested in.

      • I tried to do that but with veracrypt an that didn't work
        I'm always getting this error in a firefox window, it the same thing when I tried with tmpfs.

        "
        What is the problem?

        https://pastebin.com/apBZZRWZ

        My tmpfs config:

      • Sorry I had problems with the HTML tags, and I can't delete or edit my last comment.

        I tried to do that but with veracrypt an that didn’t work
        I’m always getting this error in a firefox window, it the same thing when I tried with tmpfs.

        What is the problem?

        https://pastebin.com/apBZZRWZ

        My tmpfs config:

        tmpfs /mnt/ramdisk2 tmpfs ,size=128M,noauto,user,exec,uid=1000,gid=1000 0 0

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>