Classic confinement request for Gologin

Hello, I would like to request classic confinement for the Snap package of Gologin, an anti-detect browser application. Gologin is used to manage multiple browser profiles with separate digital fingerprints, ensuring privacy and anonymity for users across different platforms.

About Gologin: Gologin consists of two main components:

1. The main application: This part manages user profiles, fingerprint settings, and overall application configuration.
2. The Orbita browsers: These browsers are downloaded and launched directly by the application to provide an isolated browsing environment for each profile.

Why Classic Confinement is Needed: To function effectively, Gologin requires access to directories that are outside of the strict confinement sandbox. Specifically:

• The application must download and manage external browser binaries, which are stored and executed outside of the standard Snap directories.
• Since the Orbita browsers are launched directly by the Gologin application, strict confinement causes several issues, particularly requiring the browsers to run in --no-sandbox mode, which is insecure and undermines user safety.

I have attempted to make the application work under strict confinement by granting all relevant permissions. However, this still leads to errors, including:

• Browser launch errors.
• Errors within the main application.
• Persistent permission issues despite providing necessary permissions.

I have screenshots of these errors, including:

1. A browser startup error.
2. Errors from the main application.
3. The list of granted permissions, despite which errors continue to occur.

These screenshots can be provided upon request to demonstrate the issues encountered and the limitations of using strict confinement in this case.

Due to these requirements, strict confinement is not feasible for this application, as it limits the ability to manage and execute the browsers securely and effectively. Classic confinement is therefore essential to allow Gologin to perform its intended functions without restriction.

Developer Verification: To confirm that I am an official developer of Gologin, I am ready to verify ownership of the domain https://gologin.com or provide other forms of verification as needed. Additionally, the Snapcraft team is welcome to contact Gologin directly to verify my association and authorization to publish this application.

Thank you for considering this request. Please let me know if further information is required to proceed.

Best regards, Ivan

orbita_crash1645×448 67.3 KB

gologin_app_errors1571×383 193 KB

gologin_permissions1086×385 65.8 KB

Hey @gologin

I don’t clearly see which supported category for classic (as defined in Process for reviewing classic confinement snaps) gologin fits in. Could you please point that out?

Have you looked at apparmor denials or used snappy-debug to get insights about needed interfaces?

Thanks

Thank you for you reply.

The GoLogin application can indeed fit under the category “tools for local, non-root user driven configuration of/switching to development workspaces/environments”. GoLogin acts as a tool for managing browser environments for various use cases like testing, development, and privacy-focused browsing. Here’s why this category is suitable:

1. Browser Download and Installation: GoLogin autonomously downloads a browser and installs it in a specific user directory, enabling developers or users to create isolated environments without requiring root access. This process requires the flexibility to manage files and execute scripts within user-controlled directories.
2. Profile Configuration: GoLogin sets up and manages user profiles, which involves saving configuration data and applying it when launching browsers. These configurations could include environment variables, extensions, and settings.
3. Process Management: GoLogin launches and controls browser processes, handling multiple concurrent sessions. This behavior aligns with tools that manage workspaces, where users switch between different configurations and environments without root-level changes.
4. User-Controlled Operations: The application is used in a non-root capacity, aligning with the requirement for development environments that are user-driven. Classic confinement would allow GoLogin to operate more effectively, ensuring it has the necessary file system access and execution privileges needed to manage its functionality smoothly.
5. Browser Subprocesses and Sandbox Limitations: GoLogin launches a browser that initiates various subprocesses operating within its own sandbox environment. This sandbox is designed to enhance security and isolation during browser operation. However, running such a sandbox within the strict confinement of Snap can lead to compatibility issues and malfunctions. The isolated nature of Snap’s strict confinement restricts certain system-level interactions required by the browser’s sandbox, potentially resulting in errors or limited functionality.

I provided some screenshots in the above message and would like to highlight that the issue itself is in browser environment. Gologin operates with various versions of Orbita, it means that it could be few Orbita browsers on the same PC at the same time. Moreover a user can run as many browser sessions as needed, and each session is a separate process.

AppArmor shows that we need to add Orbita (browser) to apps. But we can’t add all Orbita versions here:

1. By current moment there are 21 versions of Orbita browsers that downloaded separately and stored in different folders. it means that we need describe each folder with their own interfaces. it is not a big problem for our developers, but see 2.
2. browser releasing does not depend on Gologin app version. It means that we can (and do this) release new Orbita browser which will be downloaded by current Gologin app version. And of course this version does not contain new Orbita in apps description and therefore new browser won’t be able to be started by Gologin app

image1331×171 38.7 KB