Run Chrome (Spot) as root

[amethyst]

Most browsers offered here are offered as running as spot. So this is if you do not want to run as spot. Note that this example here worked for me without linking anything but it may not work as easily for you and also note that there may be another way to do it. Anyways the example is for a Chrome portable I've downloaded. Method: Open the Chrome (portable folder) > look for the chrome executable, mine is in the chrome subfolder. The browser should be started running this executable with the following command (do not run it from the "LAUNCH" script):

Code: Select all

/mnt/sda2/Google_Chrome-portable64/chrome/chrome --no-sandbox --user-data-dir=/mnt/sda2/chrome/user --disk-cache-dir=/mnt/sda2/chrome/cache --disk-cache-size=10000000 --media-cache-size=10000000

Note that this is an example. Change the paths accordingly. This also has entries for your configuration/profile and caches.

[fredx181]

The browser should be started running this executable with the following command (do not run it from the "LAUNCH" script):

Code: Select all

/mnt/sda2/Google_Chrome-portable64/chrome/chrome --no-sandbox --user-data-dir=/mnt/sda2/chrome/user --disk-cache-dir=/mnt/sda2/chrome/cache --disk-cache-size=10000000 --media-cache-size=10000000

Note that this is an example. Change the paths accordingly. This also has entries for your configuration/profile and caches.

Here's a modification of the "LAUNCH" script : "LAUNCH-as-root"
In fact the only difference with LAUNCH is that it runs Chrome as root (btw, it doesn't show the annoying message about running with no-sandbox)
EDIT: This is for to use with the Chrome Portable from @mikewalsh viewtopic.php?t=146

LAUNCH-as-root.gz

Remove fake .gz extension, make executable and run from Chrome-portable64 dir

(2.51 KiB) Downloaded 26 times

[williwaw]

Here's a modification of the "LAUNCH" script : "LAUNCH-as-root"
In fact the only difference with LAUNCH is that it runs Chrome as root (btw, it doesn't show the annoying message about running with no-sandbox)

What are the risks of running without sandbox? from what I read a while back sandbox was isolating each tab to prevent cross site scripting. ie maybe a site in one tab compromising the security in another. Seems like good pratice would alleviate these sort of problems, (not logging into your bank with other tabs open). but perhaps the sandboxing offers more?
can you comment on what
--test-type
and
--disable-features =OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints
do?

[fredx181]

Here's a modification of the "LAUNCH" script : "LAUNCH-as-root"
In fact the only difference with LAUNCH is that it runs Chrome as root (btw, it doesn't show the annoying message about running with no-sandbox)

What are the risks of running without sandbox? from what I read a while back sandbox was isolating each tab to prevent cross site scripting. ie maybe a site in one tab compromising the security in another. Seems like good pratice would alleviate these sort of problems, (not logging into your bank with other tabs open). but perhaps the sandboxing offers more?
can you comment on what
--test-type
and
--disable-features =OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints
do?

Well, some security expert might answer, I don't know much about all that, I just took over mostly from what's in LAUNCH from @mikewalsh and added --no-sandbox and --test-type .
The --test-type prevents the warning message that you are running without sandbox.

[mikewalsh]

@fredx181 / @williwaw :-

Me no "security expert", for sure.....but the reason I added all those "Optimization blah blah" switches was simple. I forget what it was called now - it was all over the tech news feeds at the time - but a while back Google were running some huge experiment through their AdSense AI servers. Rather than targeting users individually, depending on the sort of websites you frequented, Google were instead lumping you in with a large, disparate group of people from around the world who had the same "tastes" as you.....and then the AdSense servers would send everybody in that group a similar stream of adverts.

As they always do, the "experiment" was enabled by default. You had to consciously "opt out" to stop getting adverts that might be targeting users in Bombay, Argentina, Alaska, Russia, Finland.....wherever. This sparked a global outcry, with tons of very heated exchanges on the Google mailing lists from a host of extremely pissed-off users. 3 or 4 months later, they quietly dropped the experiment....and to the best of my knowledge, it hasn't been heard of since.

==================================

There were two ways to disable the experiment. I was reading about this on a tech blog I frequent at the time. You could either go to the 'internal' URL at

Code: Select all

chrome://flags

....and scroll all the way through an enormously long list - and this list gets bigger & bigger as time passes, believe me! - to find & individually disable each of the "features" that controlled this stuff.......or, you could enter them directly on the exec line of the wrapper script under the "--disable-features" switch. Which was a whole heap simpler.

You can see which option I chose, can't you?

Mike.

[williwaw]

@fredx181 / @williwaw :-

Me no "security expert", for sure.....

Mike. ;)

Thanks Mike, I thought you might weigh in on the implications of running as root with --no sandbox.

getting adverts that might be targeting users in Bombay, Argentina, Alaska, Russia, Finland.....wherever.

I wonder if Chrome talks to Google search before your search results are served?
seems like political affiliations, class, or racial, etc categorizations might be useful and of more interest to deep pockets of $$ that Google might be interested in.