Sometimes the new tab's container is replaced with the addon's "I2P Browser" container

[mpeter50]

I have recently experienced this when trying to open a website in a temporary container of this addon. It was happening every time I tried to do so.

After restarting the browser, it does not do that for now.

[eyedeekay]

Hm, it's possible we're conflicting somehow since this extension is designed to identify, then automatically isolate and the other is triggered manually. What information about the site you were attempting to temporarily containerize can you safely share with me? Was it an I2P site? did it include .i2p anywhere in the hostname?

[mpeter50]

This did not happen right now, I had a note for a few days now to look after this, and unfortunately I dont remember the websites this was happening with.

However, I can reproduce this with .i2p URLs, for example with http://idk.i2p/I2P-in-Private-Browsing-Mode-Firefox/

[eyedeekay]

Yeah that is the intended behavior, if it sees an I2P hostname it automatically forces it into an I2P tab where all the proxy rules are set up. I could make it say "not my problem" if it sees an I2P hostname in a container tab that doesn't belong to it, but I don't see that as very useful compared to the vulnerabilities that it may open up. The reason I question it's utility is that I2P tabs are also temporary and represent the meaningful boundary of "identity" within the I2P network for http-like activity. The reason I question it's vulnerability is that temporary containers will obey the proxy settings and configuration of the host browser, so in all likelihood it's a vector for proxy escapes. So unless the original issue recurs, for now, I don't intend to change this behavior.

OTOH, playing nice with other containerizer extensions is an express goal of this extension. So if there's a viable solution, we should use it. From the extension side we can see containers created by other extensions, so we could:

• Identify temporary containers and provide an option in the UI to include or exclude them from I2P Proxy rules
• Switch temporary containers to obey I2P proxy automatically/permanently the first time they have to reach an I2P URL
• Something else?

Open to ideas. How do you think it should work?

[mpeter50]

Yeah that is the intended behavior, if it sees an I2P hostname it automatically forces it into an I2P tab where all the proxy rules are set up.

Oh. I was using the browser settings (General > Network Settings > Manual proxy configuration) to set up my I2P router as the proxy. Actually, if I turn that off by switching it to "No proxy", it does not always work, that is why I was setting it up in the browser level, in a dedicated browser profile.

However, this is a different issue as in the title. Would you like if I opened a new issue for that? I think it is not a configuration issue, but I'll tell the details later because its lengthy.

I could make it say "not my problem" if it sees an I2P hostname in a container tab that doesn't belong to it, but I don't see that as very useful compared to the vulnerabilities that it may open up.

Yeah, now that I see how it should work, I agree that it wouldn't be an improvement in this form.

The reason I question it's utility is that I2P tabs are also temporary

Hmm, when does their data get deleted? I like temporary containers (and use it a lot in my regular internet browser) because I can have more than one of them at the same time, and a new one is a single click to create.

How do you think it should work?

Identify temporary containers and provide an option in the UI to include or exclude them from I2P Proxy rules

This would be good for other addons that rely on a container's name (or ID if they have one) for some kind of categorization, like Simple Tab Groups (which uses that for automatic grouping). But later on, when the tab has been open for some time, without any indication this may become confusing about which tabs are proxied through I2P.

Switch temporary containers to obey I2P proxy automatically/permanently the first time they have to reach an I2P URL

I think we should be careful with automaticly changing the proxy setting. Partly because multiple tabs can have the same container, and all of them would be affected with a change. And partly because I think its best to either only touch the proxy settings immediately when the first tab for the container is opened (independently of the first URL the user navigates to) or only on explicit user request from a menu, simply for clarity. Because otherwise if the container was not created as something for I2P, but the user navigated to an eepsite from an internet site (perhaps unknown to them because they clicked a link), then its ambiguous whether the addon will keep the proxy setting or remove it when navigating back to an internet site from the eppsite e.g. by clicking on a link.

Another idea is to have the current way with a spin: when the I2P addon detects that an eepsite is being loaded in a tab, and when that tab is already in a container, then create a new container with the color of the "I2P Browser" container and a name like "I2P Browser - <original container's name>", and set the proxy settings on it. So if I try to open an eepsite in a container that is called "tmp5", the addon would replace the container with an "I2P Browser - tmp5" container that will get the right proxy settings.