We could use i2pbrowser for any kind of local web interface access that requires browser changes such as ZeroNet: Decentralized Censorship-resistant Network.
These changes in git are not too thoroughly tested.
Hopefully not breaking anything.
Related:
- Tor Browser Essentials
- Tor Browser Hardening (hardened malloc, firejail, apparmor) vs Web Fingerprint
What does not work yet is speedy startup in Qubes DispVMs using mount rather than copy. That works for Tor Browser and SecBrowser but not for i2pbrowser. Related source code:
- tb-updater/tb-updater-dispvm.service at master · Kicksecure/tb-updater · GitHub
- https://github.com/Whonix/tb-updater/blob/master/usr/lib/tb-updater/dispvm
We can’t have more folders in /var/cache/tb-binary (disk space waste) and also not use too many mounts.
Tor Browser / SecBrowser work because only one or the other is expected per VM. Tor Browser in Whonix VMs and Tor Browser or SecBrowser in non-Whonix VMs.
/usr/lib/tb-updater/dispvm does essentially:
mount --bind "/var/cache/tb-binary/.tb" "/home/user/.tb"
But there is no /var/cache/tb-binary/.i2pb folder. And we cannot at the same time…
mount --bind "/var/cache/tb-binary/.tb/torbrowser" "/home/user/.i2pb/i2p-browser"
…since that would make the two browser profiles conflict with each other.
A solution could be to abolish an unconditional systemd unit file /lib/systemd/system/tb-updater-dispvm.service and to have /usr/bin/torbrowser run sudo /usr/lib/tb-updater/dispvm with an /etc/sudoers.d exception. Thereby the extra mount in Qubes DispVM would only be created when actually starting any Tor Browser based browser.