Subject: Tutorial: DIY build your own lightweight chromium-based privacy web browser

This tutorial walks you through creating a DIY Chromium-based
privacy browser using Brave and Ungoogled Chromium.

This was written for the benefit of the team, off the cuff.
Please improve so that everyone benefits from your every post.

I've been using Epic as my lightweight privacy browser for years,
but it recently went south, so I needed a new lightweight privacy
browser (other than Opera & Tor, which have their own pros & cons).

Here's how to roll your own DIY chromium-based privacy browser.
The assumption is that you want your base to be Ungoogled Chromium.

Since Ungoogled Chromium can't easily access Chrome Web Extensions,
you'll need "some other chromium-based browser" where Edge isn't a good
idea due to the fact that the extensions may be modified by Edge.

Hence, I picked Brave as the chromium-based web browser to temporarily
fetch extensions, but the final lightweight privacy browser was UC.

1. Download the latest Brave full offline installer into your archive.
https://github.com/brave/brave-browser/
https://github.com/brave/brave-browser/releases/tag/v1.80.124
BraveBrowserSetup.exe ==> stub
<https://github.com/brave/brave-browser/releases/download/v1.80.124/BraveBrowserSetup.exe>
BraveBrowserStandaloneSetup.exe ==> interactive installer
<https://github.com/brave/brave-browser/releases/download/v1.80.124/BraveBrowserStandaloneSetup.exe>
<BraveBrowserStandaloneSilentSetup.exe == batch installer>

2. Doubleclick on the desired installer to install (I chose silent).
It's a brain-dead dumb installer that doesn't ask where to go.
Mine installed Brave into
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
%LOCALAPPDATA%\BraveSoftware\Brave-Browser\Application\

3. Start Brave and install your desired privacy-based extensions.
I chose the following privacy-based extensions (YMMV).

hidemevpn 1.3.0_0
Unblocks websites and hides your IP using hide.me proxy.
<https://chromewebstore.google.com/detail/hideme-proxy/ohjocgmpmlfahafbipehkhbaacoemojp>

ublockorigin 1.65.0_0
Efficient wide-spectrum content blocker for ads, trackers, etc.
<https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm>

canvasblocker 0.2.2_0
Prevents canvas fingerprinting by injecting noise into canvas data.
<https://chromewebstore.google.com/detail/canvas-blocker-fingerprin/nomnklagbgmgghhjidfhnoelnjfndfpd>

skipredirect 2.3.6_0
Skips intermediary redirect pages to reach final URLs directly.
<https://chromewebstore.google.com/detail/skip-redirect/jaoafjdoijdconemdmodhbfpianehlon>

privacybadger 2025.5.30_0
Learns and blocks invisible trackers that ignore Do Not Track.
<https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp>

clearurls 1.26.0_0
Removes tracking parameters from URLs to protect your privacy.
<https://chromewebstore.google.com/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk>

localcdn 2.6.79_0
Replaces CDN-hosted libraries with local copies to prevent tracking.
<https://chromewebstore.google.com/detail/localcdn/njdfdhgcmkocbgbhcioffdbicglldapd>

cookieautodelete 3.8.2_0
Auto-deletes cookies from closed tabs unless whitelisted.
<https://chromewebstore.google.com/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh>

4. Copy the numbered folder (containing manifest.json) to your archives.
cd %LOCALAPPDATA%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\

For hidemevpn 1.3.0_0 ...
Copy "ohjocgmpmlfahafbipehkhbaacoemojp" to your hidemevpn archive
Rename "ohjocgmpmlfahafbipehkhbaacoemojp" to "hidemevpn"
C:\archive\browser\chromium\extensions\hidemevpn\1.3.0_0\

ublockorigin 1.65.0_0 ...
Copy "cjpalhdlnbpafiamejdnhcphjbkeiagm" to your ublockorigin archive
Rename "cjpalhdlnbpafiamejdnhcphjbkeiagm" to "ublockorigin"
C:\archive\browser\chromium\extensions\ublockorigin\1.65.0_0\

canvasblocker 0.2.2_0 ...
Copy "nomnklagbgmgghhjidfhnoelnjfndfpd" to your canvasblocker archive
Rename "nomnklagbgmgghhjidfhnoelnjfndfpd" to "canvasblocker"
C:\archive\browser\chromium\extensions\canvasblocker\0.2.2_0\

skipredirect 2.3.6_0 ...
Copy "jaoafjdoijdconemdmodhbfpianehlon" to your skipredirect archive
Rename "jaoafjdoijdconemdmodhbfpianehlon" to "skipredirect"
C:\archive\browser\chromium\extensions\skipredirect\2.3.6_0\

privacybadger 2025.5.30_0 ...
Copy "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" to your privacybadger archive
Rename "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" to "privacybadger"
C:\archive\browser\chromium\extensions\privacybadger\2025.5.30_0\

clearurls 1.26.0_0 ...
Copy "lckanjgmijmafbedllaakclkaicjfmnk" to your clearurls archive
Rename "lckanjgmijmafbedllaakclkaicjfmnk" to "clearurls"
C:\archive\browser\chromium\extensions\clearurls\1.26.0_0\

localcdn 2.6.79_0 ...
Copy "njdfdhgcmkocbgbhcioffdbicglldapd" to your localcdn archive
Rename "njdfdhgcmkocbgbhcioffdbicglldapd" to "localcdn"
C:\archive\browser\chromium\extensions\localcdn\2.6.79_0\

cookieautodelete 3.8.2_0 ...
Copy "fhcgjolkccmbidfldomjliifgaodjagh" to your cookieautodelete archive
Rename "fhcgjolkccmbidfldomjliifgaodjagh" to "cookieautodelete"
C:\archive\browser\chromium\extensions\cookieautodelete\3.8.2_0\

5. Download the latest Ungoogled Chromium offline installer
<https://github.com/ungoogled-software/ungoogled-chromium-windows/
Click on the green "Latest" button.
<https://github.com/ungoogled-software/ungoogled-chromium-windows/releases/tag/138.0.7204.168-1.1>
Select "ungoogled-chromium_138.0.7204.168-1.1_installer_x64.exe"
https://github.com/ungoogled-software/ungoogled-chromium-windows/releases/download/138.0.7204.168-1.1/ungoogled-chromium_138.0.7204.168-1.1_installer_x64.exe>
Or select the zip archive so you can install it where you like.
ungoogled-chromium_138.0.7204.168-1.1_windows_x86.zip
<https://github.com/ungoogled-software/ungoogled-chromium-windows/releases/download/138.0.7204.168-1.1/ungoogled-chromium_138.0.7204.168-1.1_windows_x86.zip>

6. Doubleclick on the saved executable to install ungoogled chromium

7. Now install each of the extensions into Ungoogled Chromium.
a. In Ungoogled Chromium, go to chrome://extensions/
b. Enable Developer mode in the top right (if not already enabled).
c. Click the "Load unpacked" button in the top left.
d. Select a numbered archived extension folder containing manifest.json
C:\archive\browser\chromium\extensions\hidemevpn\1.3.0_0\
C:\archive\browser\chromium\extensions\ublockorigin\1.65.0_0\
C:\archive\browser\chromium\extensions\canvasblocker\0.2.2_0\
C:\archive\browser\chromium\extensions\skipredirect\2.3.6_0\
C:\archive\browser\chromium\extensions\privacybadger\2025.5.30_0\
C:\archive\browser\chromium\extensions\clearurls\1.26.0_0\
C:\archive\browser\chromium\extensions\localcdn\2.6.79_0\
C:\archive\browser\chromium\extensions\cookieautodelete\3.8.2_0\
e. The extension should now be installed & running
If an extension fails to load, double-check that the
manifest.json is in the root of the selected folder.
f. To "pin" it to Ungoogled Chromium select the puzzle icon at top right
g. A dropdown will appear showing all installed extensions
h. Click the pin icon next to uBlock Origin in the list

8. Set your extensions up as desired in Ungoogled Chromium.

9. At this point you can keep Brave as is, or wipe it out for
a fresh installation, depending on what you want to do with it.

You now have a customized Chromium browser with privacy extensions,
(and archived for portability & reuse on any chromium browser).

Tested only once as I was doing the task and writing up the steps taken.
As always, please add value to improve the tribal knowledge for the team.

Note extensions installed this way into Ungoogled Chromium won't update.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy
web browser

On Mon, 28 Jul 2025 21:25:51 -0500, Marion <marion@facts.com> wrote:

This tutorial walks you through creating a DIY Chromium-based
privacy browser using Brave and Ungoogled Chromium.

This was written for the benefit of the team, off the cuff.
Please improve so that everyone benefits from your every post.

I've been using Epic as my lightweight privacy browser for years,
but it recently went south, so I needed a new lightweight privacy
browser (other than Opera & Tor, which have their own pros & cons).

Here's how to roll your own DIY chromium-based privacy browser.
The assumption is that you want your base to be Ungoogled Chromium.

Since Ungoogled Chromium can't easily access Chrome Web Extensions,
you'll need "some other chromium-based browser" where Edge isn't a good
idea due to the fact that the extensions may be modified by Edge.

Hence, I picked Brave as the chromium-based web browser to temporarily
fetch extensions, but the final lightweight privacy browser was UC.

1. Download the latest Brave full offline installer into your archive.
https://github.com/brave/brave-browser/
https://github.com/brave/brave-browser/releases/tag/v1.80.124
BraveBrowserSetup.exe ==> stub
<https://github.com/brave/brave-browser/releases/download/v1.80.124/BraveBrowserSetup.exe>
BraveBrowserStandaloneSetup.exe ==> interactive installer
<https://github.com/brave/brave-browser/releases/download/v1.80.124/BraveBrowserStandaloneSetup.exe>
<BraveBrowserStandaloneSilentSetup.exe == batch installer>

2. Doubleclick on the desired installer to install (I chose silent).
It's a brain-dead dumb installer that doesn't ask where to go.
Mine installed Brave into
C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
%LOCALAPPDATA%\BraveSoftware\Brave-Browser\Application\

3. Start Brave and install your desired privacy-based extensions.
I chose the following privacy-based extensions (YMMV).

hidemevpn 1.3.0_0
Unblocks websites and hides your IP using hide.me proxy.
<https://chromewebstore.google.com/detail/hideme-proxy/ohjocgmpmlfahafbipehkhbaacoemojp>

This extension did not work for me.
With the default setting of Automatic, web sites won't display everything much of the time.
That's only if it displays at all.
Changing the setting to Netherlands was much better, but that setting does not stick.
It reverts to Automatic after a few hours for whatever reason.

This problem did not happen when using it with Firefox.
The Netherlands setting works as it should.

ublockorigin 1.65.0_0
Efficient wide-spectrum content blocker for ads, trackers, etc.
<https://chromewebstore.google.com/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm>

canvasblocker 0.2.2_0
Prevents canvas fingerprinting by injecting noise into canvas data.
<https://chromewebstore.google.com/detail/canvas-blocker-fingerprin/nomnklagbgmgghhjidfhnoelnjfndfpd>

skipredirect 2.3.6_0
Skips intermediary redirect pages to reach final URLs directly.
<https://chromewebstore.google.com/detail/skip-redirect/jaoafjdoijdconemdmodhbfpianehlon>

privacybadger 2025.5.30_0
Learns and blocks invisible trackers that ignore Do Not Track.
<https://chromewebstore.google.com/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp>

clearurls 1.26.0_0
Removes tracking parameters from URLs to protect your privacy.
<https://chromewebstore.google.com/detail/clearurls/lckanjgmijmafbedllaakclkaicjfmnk>

localcdn 2.6.79_0
Replaces CDN-hosted libraries with local copies to prevent tracking.
<https://chromewebstore.google.com/detail/localcdn/njdfdhgcmkocbgbhcioffdbicglldapd>

cookieautodelete 3.8.2_0
Auto-deletes cookies from closed tabs unless whitelisted.
<https://chromewebstore.google.com/detail/cookie-autodelete/fhcgjolkccmbidfldomjliifgaodjagh>

4. Copy the numbered folder (containing manifest.json) to your archives.
cd %LOCALAPPDATA%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\

For hidemevpn 1.3.0_0 ...
Copy "ohjocgmpmlfahafbipehkhbaacoemojp" to your hidemevpn archive
Rename "ohjocgmpmlfahafbipehkhbaacoemojp" to "hidemevpn"
C:\archive\browser\chromium\extensions\hidemevpn\1.3.0_0\

ublockorigin 1.65.0_0 ...
Copy "cjpalhdlnbpafiamejdnhcphjbkeiagm" to your ublockorigin archive
Rename "cjpalhdlnbpafiamejdnhcphjbkeiagm" to "ublockorigin"
C:\archive\browser\chromium\extensions\ublockorigin\1.65.0_0\

canvasblocker 0.2.2_0 ...
Copy "nomnklagbgmgghhjidfhnoelnjfndfpd" to your canvasblocker archive
Rename "nomnklagbgmgghhjidfhnoelnjfndfpd" to "canvasblocker"
C:\archive\browser\chromium\extensions\canvasblocker\0.2.2_0\

skipredirect 2.3.6_0 ...
Copy "jaoafjdoijdconemdmodhbfpianehlon" to your skipredirect archive
Rename "jaoafjdoijdconemdmodhbfpianehlon" to "skipredirect"
C:\archive\browser\chromium\extensions\skipredirect\2.3.6_0\

privacybadger 2025.5.30_0 ...
Copy "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" to your privacybadger archive
Rename "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" to "privacybadger"
C:\archive\browser\chromium\extensions\privacybadger\2025.5.30_0\

clearurls 1.26.0_0 ...
Copy "lckanjgmijmafbedllaakclkaicjfmnk" to your clearurls archive
Rename "lckanjgmijmafbedllaakclkaicjfmnk" to "clearurls"
C:\archive\browser\chromium\extensions\clearurls\1.26.0_0\

localcdn 2.6.79_0 ...
Copy "njdfdhgcmkocbgbhcioffdbicglldapd" to your localcdn archive
Rename "njdfdhgcmkocbgbhcioffdbicglldapd" to "localcdn"
C:\archive\browser\chromium\extensions\localcdn\2.6.79_0\

cookieautodelete 3.8.2_0 ...
Copy "fhcgjolkccmbidfldomjliifgaodjagh" to your cookieautodelete archive
Rename "fhcgjolkccmbidfldomjliifgaodjagh" to "cookieautodelete"
C:\archive\browser\chromium\extensions\cookieautodelete\3.8.2_0\

5. Download the latest Ungoogled Chromium offline installer
<https://github.com/ungoogled-software/ungoogled-chromium-windows/
Click on the green "Latest" button.
<https://github.com/ungoogled-software/ungoogled-chromium-windows/releases/tag/138.0.7204.168-1.1>
Select "ungoogled-chromium_138.0.7204.168-1.1_installer_x64.exe"
https://github.com/ungoogled-software/ungoogled-chromium-windows/releases/download/138.0.7204.168-1.1/ungoogled-chromium_138.0.7204.168-1.1_installer_x64.exe>
Or select the zip archive so you can install it where you like.
ungoogled-chromium_138.0.7204.168-1.1_windows_x86.zip
<https://github.com/ungoogled-software/ungoogled-chromium-windows/releases/download/138.0.7204.168-1.1/ungoogled-chromium_138.0.7204.168-1.1_windows_x86.zip>

6. Doubleclick on the saved executable to install ungoogled chromium

7. Now install each of the extensions into Ungoogled Chromium.
a. In Ungoogled Chromium, go to chrome://extensions/
b. Enable Developer mode in the top right (if not already enabled).
c. Click the "Load unpacked" button in the top left.
d. Select a numbered archived extension folder containing manifest.json
C:\archive\browser\chromium\extensions\hidemevpn\1.3.0_0\
C:\archive\browser\chromium\extensions\ublockorigin\1.65.0_0\
C:\archive\browser\chromium\extensions\canvasblocker\0.2.2_0\
C:\archive\browser\chromium\extensions\skipredirect\2.3.6_0\
C:\archive\browser\chromium\extensions\privacybadger\2025.5.30_0\
C:\archive\browser\chromium\extensions\clearurls\1.26.0_0\
C:\archive\browser\chromium\extensions\localcdn\2.6.79_0\
C:\archive\browser\chromium\extensions\cookieautodelete\3.8.2_0\
e. The extension should now be installed & running
If an extension fails to load, double-check that the
manifest.json is in the root of the selected folder.
f. To "pin" it to Ungoogled Chromium select the puzzle icon at top right
g. A dropdown will appear showing all installed extensions
h. Click the pin icon next to uBlock Origin in the list

8. Set your extensions up as desired in Ungoogled Chromium.

9. At this point you can keep Brave as is, or wipe it out for
a fresh installation, depending on what you want to do with it.

You now have a customized Chromium browser with privacy extensions,
(and archived for portability & reuse on any chromium browser).

Tested only once as I was doing the task and writing up the steps taken.
As always, please add value to improve the tribal knowledge for the team. Note extensions installed this way into Ungoogled Chromium won't update.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: To protect and to server (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 29 Jul 2025 08:38:56 -0500, Allan Higdon wrote :

hidemevpn 1.3.0_0
Unblocks websites and hides your IP using hide.me proxy.
<https://chromewebstore.google.com/detail/hideme-proxy/ohjocgmpmlfahafbipehkhbaacoemojp>

This extension did not work for me.
With the default setting of Automatic, web sites won't display everything much of the time.
That's only if it displays at all.
Changing the setting to Netherlands was much better, but that setting does not stick.
It reverts to Automatic after a few hours for whatever reason.

This problem did not happen when using it with Firefox.
The Netherlands setting works as it should.

I feel your pain.
I have a separate thread on the Firefox newsgroup for the same task.
[Message-ID: <1061qe9$29dl$1@nnrp.usenet.blueworldhosting.com>]

It's even harder to DIY a privacy browser on Mozilla than it is on
Chromium, mainly because an Ungoogled Chromium analog doesn't exist.

I've tried MullVad and LibreFox so far.
But both have been a disaster.

Both *hate* the VPN.ME proxy like you can't believe.
They don't like me disabling OCSP in particular.
security.OCSP.require = false
security.OCSP.enabled = 0 (off)

Then I tried proxies instead of full-blown VPN extensions.
There are proxy extensions such as FoxyProxy which should help.

For two days I tried to get FoxyProxy to work with proxies,
but I learned (the hard way) proxies are for coders only.
[Message-ID: <10650vq$2ioi$1@nnrp.usenet.blueworldhosting.com>]

A mere human can't keep up with how fast perfectly good proxies
will suddenly fail without warning. Only a robot can keep up.

Although I have yet to explore the Arkenfox project.
<https://github.com/arkenfox/user.js>

Back to your problem, I don't like *any* VPN extenstion tested.
Not a single one.

The hardest extension to choose was the VPN extension.

I tried many before I ended up with Hide.ME VPN (& I'm not happy with it).
I also tried them on Mozilla-based browsers (e.g., Mullvad & LibreWolf).

It's not easy to get any VPN extension to work properly in a browser.
It's easier to get VPN to work *outside* the browser but not inside of it.

Since I was reproducing what Opera & Epic do, I needed a "no registration"
VPN extension - which makes success immensely more difficult to achieve.

Bear in mind I'm a privacy advocate. And a freeware advocate.
Put it together and it means I never register an account for *anything*.

And no, a "throwaway email address" is no longer a viable option simply
because even they require phone verification and/or a second email address.

Worse, "throwaway emails" almost never work for "registration" anyway.
Ask me how I know this (yes, even with protonvpn email addresses).

What we need is a *better* free no-registration VPN extension.
I tried a bunch. I won't recommend any, but Hide.ME worked best.

That's not saying much. I feel your pain. I believe your results.
What we need is for the team to help suggest a better VPN extension.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 29 Jul 2025 22:41:42 -0000 (UTC), Marion wrote :

What we need is for the team to help suggest a better VPN extension.

As always, to further help the team by being adding useful value...

I dug deeper and found more registration free browser extension VPNs.
I've installed each of them but I haven't fully tested them yet.
It will take a while to come up with what is the "best" extension VPN.

Here's a quick off-the-cuff summary that saves others tons (and tons)
of time digging up the URLs and running the rudimentary working tests.

These 8 installed directly into Brave (will move to Chromium later).
hidemevpn (this is the first one I had tested)
<https://chromewebstore.google.com/detail/hideme-proxy/ohjocgmpmlfahafbipehkhbaacoemojp>

urbanvpn (I'm currently testing this one now)
<https://chromewebstore.google.com/detail/urban-vpn-proxy/eppiocemhmnlbhjplcgkofciiegomcon>

hiddenbatvpn
<https://chromewebstore.google.com/detail/hiddenbatvpn-no-sign-up/bbmdbddokjkdlcicblahoeofpjkbeneo>

xvpn
<https://chromewebstore.google.com/detail/x-vpn-free-vpn-chrome-ext/flaeifplnkmoagonpbjmedjcadegiigl>

tunnelbearvpn
<https://chromewebstore.google.com/detail/tunnelbear-vpn/omdakjcmkglenbhjadbccaookpfjihpa>

vpnly
<https://chromewebstore.google.com/detail/free-vpn-proxy-vpnly/lneaocagcijjdpkcabeanfpdbmapcjjg>

1clickvpn
<https://chromewebstore.google.com/detail/1clickvpn-proxy-for-chrom/pphgdbgldlmicfdkhondlafkiomnelnk>

1vpn
<https://chromewebstore.google.com/detail/free-vpn-proxy-1vpn/akcocjjpkmlniicdeemdceeajlmoabhg>

This one would only install into Edge & then into Brave. Go figure. securefreeedgevpn
<https://microsoftedge.microsoft.com/addons/detail/secure-free-vpn-for-edge/mikenegoldghfdcmpchhobaabgkaikdj>

This has bandwidth limits for the no-registration VPN extension.
windscribe (note that the download is huge)
<https://chromewebstore.google.com/detail/windscribe-free-proxy-and/hnmpcagpplmpfojmgmnngilcnanddlhb>

These fail for one reason or another & are not worth testing.
hotspotshield (not in chrome store anymore)
<https://chromewebstore.google.com/detail/hotspot-shield-free-vpn/likpkejjhpbpmejmejjcobcijcehbhjl>

itopvpn (was removed from the chrome store)
<https://chrome-stats.com/d/imikkmafgbjjghjeelijedabggogfdgo/download>

protonvpn (Requres registration, so it fails the most basic test)
<https://chromewebstore.google.com/detail/proton-vpn-fast-secure/jplgfhpmjnbigmhklmmbgecoobifkmpa>

I first tested the Chromium Hide.ME VPN extension, but it's flaky.
So now I'm testing urbanvpn & I will try to test all those above.

The minimum criteria is that it works in Brave & Ungoogled Chromium
and that there is no registration and that it's free with no ads.

If you know of any VPN extensions I've missed, please let us all know.
The goal is to create our own DIY lightweight privacy browsers.

--- MBSE BBS v1.1.1 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Wed, 30 Jul 2025 05:42:35 -0000 (UTC), Marion wrote :

I dug deeper and found more registration free browser extension VPNs.
I've installed each of them but I haven't fully tested them yet.
It will take a while to come up with what is the "best" extension VPN.

Update.

I've been testing Urban VPN extension which is working better than Hide.Me
did in both the Brave and in the Ungoogled Chromium browsers on Windows.

I also added a few more privacy extensions to the DIY privacy browser.
I'm starting to like it much better than even the Epic Privacy Browser.

1. urban VPN - Encrypts traffic & hides IP from sites, ISPs & trackers
2. ublockorigin - Blocks ads, trackers & malware
3. noscript - Blocks scripts from running, preventing tracking & exploits
4. canvasblocker - Spoofs or blocks canvas data to prevent fingerprinting
5. webrtccontrol - Disables WebRTC leaks that reveal real IP behind VPN
6. trace - Mitigates multiple tracking techniques across websites
7. privacybadger - Auto-blocks trackers based on observed behavior
8. cookieautodelete - Stops cookie tracking between visits
9. clearurls - Removes tracking parameters from URLs automatically
10. decentraleyes- Replaces CDN files with local copies to block calls
11. noscript - Blocks scripts from unknown domains to prevent data access
12. referercontrol - Limits referer header to protect browsing history
13. useragentswitcher - Randomizes user-agent string to foil fingerprinting
14. fontfingerprintdefender - Blocks font-based fingerprint techniques
15. skipredirect - Bypasses tracking redirects to reach final destinations
16. localcdn - Loads libraries from local cache instead of external servers
17. httpseverywhere - Forces HTTPS connections for secure browsing
18. disablehtml5autoplay - Stops autoplaying media leaking usage patterns

By following this tutorial you can set up a DIY chromium-based privacy web browser in one billionth the time it took me to figure all this out.

If you have suggestions for further privacy-oriented extensions, please
let the team know as we all can do more together than any one of us alone.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Wed, 30 Jul 2025 21:01:41 -0000 (UTC), Marion wrote :

I've been testing Urban VPN extension which is working better than Hide.Me did in both the Brave and in the Ungoogled Chromium browsers on Windows.

The hardest problem in replacing Epic/Opera privacy browsers is the VPN.
It has to be a no-registration VPN extension to replace what they did.

First I tried Hide.ME VPN and that worked for a while but became flaky.
Then, I tried Urban VPN, which, interestingly, did the same thing.

Both worked fine - and then - after a day or two - they became flaky.
So now I'm trying Browsec VPN - which is working fine all day (so far).

Just in case, I've archived unpacked files for the following free ad free no-registration chromium-based browser VPNs (most work for Mozilla too).

for /d %i in (*) do @for /d %j in ("%i\*") do @echo %j

hidemevpn\ohjocgmpmlfahafbipehkhbaacoemojp
hiddenbatvpn\bbmdbddokjkdlcicblahoeofpjkbeneo
xvpn\flaeifplnkmoagonpbjmedjcadegiigl
tunnelbearvpn\omdakjcmkglenbhjadbccaookpfjihpa
securefreeedgevpn\mikenegoldghfdcmpchhobaabgkaikdj
urbanvpn\eppiocemhmnlbhjplcgkofciiegomcon
vpnly\lneaocagcijjdpkcabeanfpdbmapcjjg
fail_bandwidth_limits\windscribevpn
fail_registration\hotspotshieldvpn
fail_registration\itopvpn
fail_registration\protonvpn
1clickvpn\pphgdbgldlmicfdkhondlafkiomnelnk
1vpn\akcocjjpkmlniicdeemdceeajlmoabhg
browsec\omghfjlpggmjjaagoclmmobgdodcjboh
setupvpn\oofgbpoabipfcfjapgnbbjjaenockbdp

Note that hotspotshiled, itovpn and protonvpn failed miserably.
Windscribe VPN will only be used if nothing else works (not likely).

Caveat: I've used system-wide free public VPN for so many years I can't
count, and I used Opera/Epic VPN (actually) proxy for as many years too.

But this is my first time using these free VPN extensions, which are flaky.

As always, if you know more than I do about building a DIY privacy web
browser, please add value so that every post extends our tribal knowledge.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Fri, 1 Aug 2025 02:42:19 -0000 (UTC), Marion wrote :

The hardest problem in replacing Epic/Opera privacy browsers is the VPN.
It has to be a no-registration VPN extension to replace what they did.

BUILD-YOUR-OWN DIY PRIVACY BROWSER - TESTING UPDATE:

Every day I test more free no-registration no-ad privacy extensions.
I'm focusing mostly on Brave for now because it's easier to update than UC.

Luckily, archiving browser extensions is really simple & straightforward.
%localappdata%\BraveSoftware\Brave-Browser\User Data\Default\Extensions\.

With Brave, you can trick tabs into loading in the foreground to speed them
up where most people will NOT want this trick - but it's useful to know. "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-renderer-backgrounding

With Brave you can go to brave://system to list the most important three things about all your extensions, namely the name, identity & version.

These are the score of browser extensions I have been testing for a while.
mnojpmjdmbbfmejpflffifhffcmidifd : Brave : version 1_0_0
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager : version 0_6_4
cafckninonjkogajnihihlnnimmkndgf : Disable HTML5 Autoplay (Reloaded) : version 0_9_3
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin : version 1_65_0
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete : version 3_8_2
fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender : version 0_1_6
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control : version 0_3_3
hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3) : version 3_0_0
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control : version 1_35
ikclbgejgcbdlhjmckecmdljlpbhmbmf : HTTPS Everywhere : version 1_0
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect : version 2_3_6
jjbikklopibeimjelkohlldbjcdnofei : StayInTab : version 1_0
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs : version 1_26_0
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes : version 3_0_0
mhjfbmdgcfjbbpaeojofohoefgiehjai : Chrome PDF Viewer : version 1
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN : version 2_6_79
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection : version 3_0_6
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect : version 0_2_2
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger : version 2025_5_30

Here's a quick summary of how those free no-registration extensions
impact your privacy when loaded into a chromium-based web browser.
Brave: Privacy-focused browser with built-in ad and tracker blocking.
User-Agent Switcher: Masks browser identity to reduce tracking.
Disable HTML5 Autoplay: Prevents media from auto-playing, reducing fingerprinting.
uBlock Origin: Blocks ads, trackers, and malicious domains.
Cookie AutoDelete: Deletes cookies automatically after tabs close.
Font Fingerprint Defender: Randomizes font data to prevent fingerprinting.
WebRTC Control: Disables WebRTC leaks that expose your IP address.
Location Guard: Spoofs or obfuscates your geolocation data.
Referer Control: Limits or removes referer headers to prevent tracking.
HTTPS Everywhere: Forces secure HTTPS connections when available.
Skip Redirect: Bypasses tracking redirects to go straight to the destination.
StayInTab: Prevents unwanted tab switching, reducing behavioral tracking.
ClearURLs: Removes tracking elements from URLs automatically.
Decentraleyes: Serves local resources to block CDN-based tracking.
Chrome PDF Viewer: Displays PDFs without sending data to external viewers.
LocalCDN: Replaces CDN resources locally to avoid third-party requests.
Trace: Blocks various tracking techniques and fingerprinting methods.
Canvas Blocker: Prevents canvas fingerprinting used for tracking.
Privacy Badger: Learns and blocks invisible trackers automatically.

As for VPN/Proxy extensions, they're more problematic where my tests
are whether you can use YouTube without needing to log in, and, of
course, whether or not testing sites show that the iP is obfuscated.

These VPN extensions all failed my tests for one reason or another.
hotspotshieldvpn (No longer in the chrome web store as of 20250804)
itopvpn (Removed from Chrome Web Store on 20221209)
protonvpn (Requires registration which is forbidden for privacy reasons)
urbanvpn (Works only a short time & then says "Registration needed")
hidemevpn (Works only a short time & then turns into PITA flakiness)
hiddenbatvpn (Holy cow! This actually exposes your IP address!)
tunnelbearvpn (Requires registration which is forbidden for privacy reasons)
windscribevpn (Requires registration which is forbidden for privacy reasons)

These VPN extensions all obfuscated the IP address & all passed the
free login-free & no ad requirement but failed the YouTube test.
xvpn: Encrypts traffic, hides IP, may log some metadata.
1clickvpn: Encrypts traffic, hides IP, claims no logs.
1vpn: SSL encryption, blocks WebRTC leaks, enforces no-logs policy.
setupvpn: Encrypts traffic but collects user and usage info.
vpnly: Swiss-based, uses AES-256 encryption, strict no-logs policy.
securefreeedgevpn: Encrypts traffic and hides IP without login.
browsec: Encrypts traffic, hides IP, claims no logs, unclear policy.

Note that Browsec was the only VPN extension that also passed
the YouTube test (as it didn't require you to log into Google).

If someone wished to follow in my footsteps these are the steps:
1. Install the privacy extensions in Brave
2. Copy the unpacked folders to your software archive
3. In Ungoogled Chromium enable "Developer mode"
4. Click "Load unpacked" to sideload each extension
5. Compare with Opera/Epic privacy browsers.

Contributions welcome to refine these test findings.



--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Thu, 7 Aug 2025 03:31:40 -0000 (UTC), Marion wrote :

Contributions welcome to refine these test findings.

In the firefox newsgroup s|b suggested we add anti-fingerprinting
extensions to the DIY privacy browser, and he suggested we remove the HTTPS-Everywhere as having been deprecated, so here's the new list.

brave://system/ > extensions > Expand
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager : version 0_6_4
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin : version 1_65_0
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete : version 3_8_2
fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender : version 0_1_6
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control : version 0_3_3
hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3) : version 3_0_0
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control : version 1_35
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect : version 2_3_6
jjbikklopibeimjelkohlldbjcdnofei : StayInTab : version 1_0
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs : version 1_26_0
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes : version 3_0_0
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN : version 2_6_79
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection : version 3_0_6
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect : version 0_2_2
omghfjlpggmjjaagoclmmobgdodcjboh : Browsec VPN - Free VPN for Chrome : version 3_92_2
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger : version 2025_5_30
pmcpffnpjncfplinfnjebjoonbncnjfl : CthulhuJs (Anti-Fingerprint) : version 8_0_6

It would be nice to compile all the test sites together so others
can benefit when they want to test their browsers for privacy holes.

=== Privacy Test Sites ===

== Header & Request Inspection ==
<https://requestbin.com/>
<https://httpbin.org/headers>
<https://http_test.php/> (custom/local test)

== Fingerprint & Tracking Tests ==
<https://amiunique.org/>
<https://coveryourtracks.eff.org/>
<https://panopticlick.eff.org/>(legacy version of Cover Your Tracks)
<https://fingerprintjs.com/demo/>
<https://webkay.robinlinus.com/>
<https://privacy.net/analyzer/>

== Browser Privacy Audits ==
<https://privacytests.org/>

== IP & DNS Leak Tests ==
<https://ipleak.net/>
<https://dnsleaktest.com/>
<https://browserleaks.com/ip>
<https://browserleaks.com/dns>

== WebRTC Leak Tests ==
<https://browserleaks.com/webrtc>
<https://www.expressvpn.com/webrtc-leak-test>

== General IP & Location Check ==
<https://whatismyipaddress.com/>
<https://iplocation.net/>
<https://ipinfo.io/>

== VPN Leak & Privacy Tests ==
<https://vpntesting.com/> (Comprehensive VPN leak tests)
<https://www.cloudwards.net/vpn-test-guide/> (DNS, IP, WebRTC leak guide)
<https://proxyar.com/vpn-ip-geolocation-tester/> (Geolocation & VPN detection)

== Miscellaneous Privacy Tools ==
<https://whoer.net/>
<https://www.deviceinfo.me/>
<https://www.doileak.com/>

Any others?

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Sat, 9 Aug 2025 02:57:54 -0000 (UTC), Marion wrote :

In the firefox newsgroup s|b suggested we add anti-fingerprinting
extensions to the DIY privacy browser, and he suggested we remove the HTTPS-Everywhere as having been deprecated, so here's the new list.

Yikes! I mistook s|b's suggestion. He was asking if adding these 18
extensions were making our browsing even more unique, to which Andy Burns responded as shown below to which I responded to the both of them.

Since it's apropos to Windows, and to the DIY project for both ecosystems (i.e., Chromium & Mozilla), below is the discussion we had earlier today.

On Fri, 08 Aug 2025 16:56:49 +0200, s|b wrote :

I already stated this in another posting: what about fingerprinting?

On Sat, 9 Aug 2025 01:45:35 -0000 (UTC), Marion wrote :

Thanks for that suggestion, where I don't know if there's a single
well-known commonly suggested "fingerprinting prevention" extension.

On Sat, 09 Aug 2025 12:28:54 +0200, s|b wrote :

What I actually meant was: aren't you making your browser more and more
/unique/ by using all those add-ons? I feel like it's only going to make
your browser more and more unique and recognizable, so it would make
fingerprinting easier.
I've read Brave Browser is a good browser for users concerned about
fingerprinting. And IIRC Tor Browser opens in the same size windows
every time to remain 'less unique'.

On Sat, 9 Aug 2025 11:49:31 +0100, Andy Burns wrote :

Websites can't [directly] tell which add-ons you have installed.
IME it's almost impossible to not show a unique fingerprint ID.
I've tried making changes, such as finding the "most unique" identifiers and getting my FF to use "less unique" alternatives, such as a popular Chrome version user-agent, making my language preference and location
USA rather than UK

Ah, my mistake. Mea culpa. Duh. I missed the point completely. Sorry.

I apologize for not understanding that s|b was suggesting that these anti-privacy extensions could making us even more fingerprint unique.

It's a valid concern, especially considering the adversaries we're up
against are crafty, data-hungry giants like Google, Amazon, Apple,
Microsoft, Meta, Cloudflare, Tiktok/Bytedance, Palantir, Oracle, etc.

It's a concern if adding these 18 well-intentioned extension inadvertently
make us stand out more, much like a camouflage pattern that's too custom.
1. User-Agent Switcher and Manager : version 0_6_4
2. uBlock Origin : version 1_65_0
3. NoScript : version 13_0_8
4. Cookie AutoDelete : version 3_8_2
5. Font Fingerprint Defender : version 0_1_6
6. WebRTC Control : version 0_3_3
7. Location Guard (V3) : version 3_0_0
8. Referer Control : version 1_35
9. Skip Redirect : version 2_3_6
10. StayInTab : version 1_0
11. ClearURLs : version 1_26_0
12. Decentraleyes : version 3_0_0
13. LocalCDN : version 2_6_79
14. Trace - Online Tracking Protection : version 3_0_6
15. Canvas Blocker - Fingerprint Protect : version 0_2_2
16. Browsec VPN - Free VPN for Chrome : version 3_92_2
17. Privacy Badger : version 2025_5_30
18. CthulhuJs (Anti-Fingerprint) : version 8_0_6

We probably all agree the browser problem to overcome isn't just
fingerprinting as it's the ecosystem of surveillance capitalism that
thrives on any sliver of uniqueness, much of which starts with an account.

Remember the golden rule was never to create an account on the Internet if
you don't have to, and never pay for anything if you don't have to.

So all they have for fingerprinting is what we give them, much of which is
from the browser itself but a lot is from our computers (like time zones
and dates and IP addresses and screen sizes, etc.).

Herbert Kleebauer long ago wrote a script for me to change my time zone
every few minutes, but I noticed some of these extensions do it for me. Likewise I've removed all my special fonts (like Frutiger & RoadGeek), but again, I noticed some of these extensions do that for me also.

Similarly I've messed with my browser header, but again, some of these extensions do it for me. I always open up to delete cookies, and again,
some of these extensions delete cookies dynamically, while browsing.

That said, I think the goal should be strategic opacity. Blending in where
it matters, and standing out only when it serves a purpose (like logging
into your Google Mail using only 1 browser, used for no other purpose).

Privacy isn't just about hiding. It's about choosing when and how to be
seen. To that end, I think that's critical to use one browser per account
that you actually have to log into something. This is a golden rule also.

Part of the problem with privacy is shown with VPN where Google & Apple
hate VPN, so they force you to prove who you are when you use VPN. Hence,
you really can't have privacy extensions on a browser that logs into
anything.

This is a critical point I haven't mentioned but it needs stating:
A. The browser that logs into things, can't be a privacy browser.
B. So the privacy browser is what is used for everything else.

I'm sorry I hadn't made this distinction before, as it's just natural to me
to (a) not log into anything, but, if I must (b) use a separate browser!

Luckily, there are so many web browsers that it's easy pick one and only
one browser that is used to log into any given account you must log into.
<https://i.postimg.cc/fT2J40RD/windows-cascade-menu.jpg>

To Andy's point, I have been testing this DIY privacy-based browser only
for a week or two where previously I never used extensions (since I used
Epic as my daily driver), but I think, so far, every test shows me as
DIFFERENT (which is the point after all). No two tests show me as the same.

Hence, I'm not sure if we've achieved our goal of being DIFFERENT every
time (even if we're unique!) or not. Does it matter? I don't know.

Of course you want to look like everyone else - but that's difficult to do
as you've already noted. And Tor, while I use it when I must, is never
gonna be the general purpose browser even as it makes you look like
everyone else.

I'm not sure if this DIY build your own privacy browser project is worth it
or not, but I'm still working on it as it has only been a couple of weeks.

In summary though, I've modified the "golden rules" to the following...
a. Never create an account you don't have to
b. Never pay for anything you don't have to
c. Use only one browser only for each account you must log into
d. Use a DIFFERENT (privacy-based) browser for general browsing

This thread is about DIY building that general-purpose privacy browser.
Any other ideas?

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

1. User-Agent Switcher and Manager : version 0_6_4
2. uBlock Origin : version 1_65_0
3. NoScript : version 13_0_8
4. Cookie AutoDelete : version 3_8_2
5. Font Fingerprint Defender : version 0_1_6
6. WebRTC Control : version 0_3_3
7. Location Guard (V3) : version 3_0_0
8. Referer Control : version 1_35
9. Skip Redirect : version 2_3_6
10. StayInTab : version 1_0
11. ClearURLs : version 1_26_0
12. Decentraleyes : version 3_0_0
13. LocalCDN : version 2_6_79
14. Trace - Online Tracking Protection : version 3_0_6
15. Canvas Blocker - Fingerprint Protect : version 0_2_2
16. Browsec VPN - Free VPN for Chrome : version 3_92_2
17. Privacy Badger : version 2025_5_30
18. CthulhuJs (Anti-Fingerprint) : version 8_0_6

UPDATE.

It's ironic that I needed to add an "extension manager" to this list, as I
test each and every extension above in detail against privacy test sites.

I tested a few free, ad free, no-registration privacy-aware extension
managers, and the one I like most so far is this on Mozilla & Chromium.

Extension Manager by HongYuanCao for Mozilla-based browsers:
<https://addons.mozilla.org/en-US/firefox/addon/extensions-manager/>
Extension Manager by HongYuanCao for Chromium-based browsers:
<https://chromewebstore.google.com/detail/extension-manager/gjldcdngmdknpinoemndlidpcabkggco>

a. It's available on both Chrome & Firefox, which is rare for EMs.
b. It's ad-free, registration-free, and privacy-respecting.
c. It has batch actions, grouping, and a clean UI.
d. The developer appears to be transparent and responsive.

Meanwhile, I've been testing the VPN extensions which passed the initial
tests, where my fungible test-rating system puts them in this order:
1_browsec
2_1clickvpn
3_1vpn
4_vpnly
5_xvpn
6_securefreeedgevpn
7_setupvpn

Bearing in mind these all failed the most basic initial VPN tests.
hotspotshieldvpn
itopvpn
protonvpn
urbanvpn
hidemevpn
hiddenbatvpn
tunnelbearvpn
windscribevpn

In summary, we're pretty close to making a DIY browser, in both
Mozilla-land and Chromium land, that is distinct from the mothership
browser in terms of inherent privacy as tested against privacy test sites.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 12 Aug 2025 20:13:42 -0000 (UTC), Marion wrote :

Meanwhile, I've been testing the VPN extensions which passed the initial tests, where my fungible test-rating system puts them in this order:
browsec
1clickvpn
1vpn
vpnly
xvpn
securefreeedgevpn
setupvpn

Bearing in mind these all failed the most basic initial VPN tests.
hotspotshieldvpn
itopvpn
protonvpn
urbanvpn
hidemevpn
hiddenbatvpn
tunnelbearvpn
windscribevpn

UPDATE:

I ditched the VPN extensions in order to test a SOCKS5 proxy tunnel.
browsec ==> the best, but it slows down drastically in a week
1clickvpn ==> seems to slow down drastically in just days
1vpn ==> seems to slow down drastically in just days
vpnly ==> seems to slow down drastically in just days
xvpn ==> seems to slow down drastically in just days
securefreeedgevpn ==> seems to slow down drastically in just days
setupvpn ==> seems to slow down drastically in just days
hoxx ==> seems to slow down drastically in just days

hotspotshieldvpn ==> fails the initial VPN extension test conditions
itopvpn ==> fails the initial VPN extension test conditions
protonvpn ==> fails the initial VPN extension test conditions
urbanvpn ==> fails the initial VPN extension test conditions
hidemevpn ==> fails the initial VPN extension test conditions
hiddenbatvpn ==> fails the initial VPN extension test conditions
tunnelbearvpn ==> fails the initial VPN extension test conditions
windscribevpnv ==> fails the initial VPN extension test conditions

Bad news. Very bad news. All the VPN extensions slow down tremendously, it seems, within a few days of using them. So I tried something else that is
free, login free and hopefully, much faster than VPN extensions are.
a. Psiphon (Socks5 proxy)
b. Freecap (Socks5 redirector)
c. Brave browser (with a score of privacy extensions)

A. Psiphon is not a traditional VPN but rather a circumvention tool that
uses a mix of VPN, SSH, and HTTP proxy technologies to bypass censorship.

B. Freecap (or Proxifier) is used to route app traffic (such as that of a browser) through a SOCKS5 proxy to achieve selective traffic tunneling.

C. Brave + Privacy Extensions for fingerprinting and tracking protection.

I also uninstalled NoScript as it was a royal pita to manage.
I also removed the non-privacy extension disablehtml5autoplay.

Here's what I'm currently testing (where IP obfuscation & speed are key).
Psiphon + Freecap + Brave privacy browser + privacy extensions

https://psiphon.ca/
Name: psiphon3.exe
Size: 10402576 bytes (10158 KiB)
SHA256: DB1BAF76F0333F4743919A86F35037559F9E7DA7DF14982DFC16FB8DC0BE6BE2

https://freecap.apponic.com/download/
Name: freecap_setup_eng.exe
Size: 1644848 bytes (1606 KiB)
SHA256: C3D4929AB5A5867A6BE9914FF94DEFEFED6762748EDB1E351C86EBC5A02D46EC

Here are the current set of privacy extensions (many for fingerprinting):
brave://system/ > extensions > Expand
bhchdcejhohfmigjafbampogmaanbfkg : User-Agent Switcher and Manager
cjpalhdlnbpafiamejdnhcphjbkeiagm : uBlock Origin
fhcgjolkccmbidfldomjliifgaodjagh : Cookie AutoDelete
fhkphphbadjkepgfljndicmgdlndmoke : Font Fingerprint Defender
fjkmabmdepjfammlpliljpnbhleegehm : WebRTC Control
gjldcdngmdknpinoemndlidpcabkggco : Extension Manager
hhnhplojcganfmfimkeboiipphklcbih : Location Guard (V3)
hnkcfpcejkafcihlgbojoidoihckciin : Referer Control
jaoafjdoijdconemdmodhbfpianehlon : Skip Redirect
jjbikklopibeimjelkohlldbjcdnofei : StayInTab
lckanjgmijmafbedllaakclkaicjfmnk : ClearURLs
ldpochfccmkkmhdbclfhpagapcfdljkj : Decentraleyes
njdfdhgcmkocbgbhcioffdbicglldapd : LocalCDN
njkmjblmcfiobddjgebnoeldkjcplfjb : Trace - Online Tracking Protection
nomnklagbgmgghhjidfhnoelnjfndfpd : Canvas Blocker - Fingerprint Protect
pkehgijcmpdhfbdbbnkijodmdjhbjlgp : Privacy Badger
pmcpffnpjncfplinfnjebjoonbncnjfl : CthulhuJs (Anti-Fingerprint)

And this is what I'm currently testing in the DIY browser where SPEED
(and IP obfuscation) turn out to be the hardest things to get this way.

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for Brave into the settings
3. Add Brave (or any browser) into the Freecap settings
4. In Freecap, add any command-line performance flags for the application:
--disable-background-timer-throttling
--disable-backgrounding-occluded-windows
--disable-renderer-backgrounding

Voila!

This setup routes only selected web browser traffic via FreeCap through Psiphon, offering selective IP obfuscation & hopefully maintaining speed.

If this works, we can ditch the problematic VPN extensions, all of which
seem to either fail the initial tests or severely slow down in just days.

I just started testing it, but I post this so that others who actually
know what they're doing can add value to how they do Socks5 tunneling!

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Mon, 18 Aug 2025 00:20:15 -0000 (UTC), Marion wrote :

How to add Socks5 to your Windows 10 browser sessions:
1. Start Psiphon & make a note of the SocksV5 port in the log output
2. Start Freecap & add the Socks5 port for Brave into the settings
3. Add Brave (or any browser) into the Freecap settings
4. In Freecap, add any command-line performance flags for the application

OMG. Everything I touch in Windows has needlessly unnecessary complexity.

I should note that you'd think we could just set the proxy inside the
browser, and, well, um, er, we can, in some browsers. Like in Firefox.

However, Brave doesn't have native proxy settings inside of it.
Neither does Ungoogled Chromium. Bummer.

For the three browsers, things have to be done different ways:
a. Firefox has its own manual proxy settings native to the browser
b. Ungoogled Chromium can use Windows command-line proxy settings
c. But Brave has to use Windows proxy settings (or FreeCap to proxify it)

Psiphon dynamically assigns proxy ports for each session, for example...
SOCKS5: 127.0.0.1:1080 (the port changes each instance)
HTTP/HTTPS: 127.0.0.1:8080 (the port changes each instance)

Once you have those ports, here's the manual Firefox setup:
Firefox:Settings > General > Network Settings > [Settings]
Configure Proxy Access to the Internet > Manual proxy configuration
SOCKS Host = 127.0.0.1
Port = 1080
(o) SOCKS v5
[x] Proxy DNS when using SOCKS v5
Note: Firefox can also make use of the FoxyProxy Extension.
Firefox handles DNS via SOCKS5 if the box is checked,
but other apps may leak DNS unless proxified.

Ungoogled Chromium can be launched directly using those proxy flags.

ungoogled-chromium --proxy-server="socks5://127.0.0.1:1080" ungoogled-chromium --proxy-server="http=127.0.0.1:8080"

Brave is easiest to set up with a proxifier such as FreeCap.
Freecap3.18:File > Settings > Default proxy > Proxy settings
Default proxy > Server = 127.0.0.1 Port: = 1080
Protocol (o) Socks v5
This sets Psiphon'[s SOCKS5 proxy for apps launched through FreeCap.

Or we can set up Windows globally to use Psiphon's SOCKS5 proxy.
But Windows 10 does not natively support SOCKS5 in its GUI proxy settings. Windows 10 only supports HTTP/HTTPS proxies directly. Aurgh.

Here's one way to set up SOCKS5 proxy globally in Windows 10.
Win+R > control
Internet Options
Click the "Connections" tab on that "Internet Properties" dialog
Click the "LAN Settings" button near the bottom of that display
This brings up the "Local Area Network (LAN) Settings" form
[x] Use a proxy server for your LAN
Click the [Advanced] button in that LAN Settings form
Uncheck [_]Use the same proxy for all protocols
Socks = 127.0.0.1 Port = 1080
[OK][OK][OK]

In summary, once you have the SOCKS5 proxy ports defined, you can set up
your web browser to use it, but each browser does it differently.

Sigh.

And if you think that's confusing, guess what else is confusing?

The Windows 10 LAN Settings method let you enter SOCKS5, but Windows
doesn't actually honor SOCKS5 in that dialog.

Windows 10 only applies HTTP/HTTPS proxies.

So while you can enter the SOCKS5 values into that Windows 10 dialog,
Windows 10 won't use the values for most apps unless those apps explicitly support SOCKS5 via system proxy (which is rare - but which is what Brave
does).

Oh, and if you think Windows 11 is "better", guess again!
You cannot select SOCKS5 in the Windows 11 built-in proxy GUI.

Even if you enter a SOCKS5 address in the Windows 11 Manual proxy setup, Windows 11 will treat it as an HTTP proxy and fail to route traffic
properly. OMG.

Did I mention everything I touch in Windows is unnecessarily complex?

Here's the summary (and yes, I'm still confused, but I think it's right).
Windows 10 GUI limitations:
You can enter SOCKS5, but Windows doesn't honor it
Only HTTP/HTTPS proxies are applied system-wide
Windows 11:
No SOCKS5 support
SOCKS5 entries are treated as HTTP proxies and fail

That's why you essentially need a proxifier, such as FreeCap is.
(Or Proxifier, WideCap, SocksEscort, ProxyCap, etc.)

So now we're back to Brave, which natively supports a system proxy, but
Windows doesn't support SOCKS5 system-wide, so Brave actually can't use
SOCKS5 unless proxified (which is where FreeCap came into play).

Sigh. Why is privacy so hard to achieve. :)

I'm just beginning to learn this stuff, so if anyone out there is familiar
with using SOCKS5 for IP-address obfuscation, please add your value.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Mon, 18 Aug 2025 16:42:08 -0000 (UTC), Marion wrote :

However, Brave doesn't have native proxy settings inside of it.

I decided to test the latest Brave version which turned out not to be as
easily figured out how to get the offline installer as you'd think.

A. If you go to the Brave download page, all you get is a web stub.
<https://brave.com/>
<https://brave.com/download/>
But then that's useless for your software archives.
Especially if you're uninstalling & installing repeatedly as I am.

B. You can get the latest stable release from "someone's" archives, e.g.,
<https://techviral.net/download-brave-browser/>
But then you are trusting that they're reputable.
They probably are - and you can check hashes - but there's a better way.

C. You would think you could get the latest release from GitHub, right?
<https://github.com/brave/brave-browser/releases>
a. Find the latest stable version
b. Expand the Assets section
c. Download BraveBrowserStandaloneSetup.exe for Windows
But there are a billion releases there, which are confusing to navigate.

D. A "trick" is to go to this GitHub repo Brave Release Tracker site:
<https://github.com/release-monitoring-project/brave-release-tracker>
This project automatically monitors Brave's official releases
and posts only the latest stable builds for Windows, macOS & Linux.

It updates hourly and includes direct download links to the
offline installers, but even then, you have to know how to find it.
a. Go to the Releases section of that tracker repo
b. Click the latest release (e.g., v1.81.135)
<https://github.com/release-monitoring-project/brave-release-tracker/releases>
c. That takes you to a page with a text json file
<https://github.com/release-monitoring-project/brave-release-tracker/releases/download/v1.81.135/brave_download_links.json>
Open that json file in a text editor & it tells you where the zip is.

With that in mind, here's how to get the latest stable Brave zip archive.
1. Go to the Brave Release Tracker:
<https://github.com/release-monitoring-project/brave-release-tracker/releases>
2. Click the latest stable release (e.g., v1.81.135)
3. Save and then open the text file in any text editor.
brave_download_links.json
4. Find the Windows 64-bit offline installer link listed in that file:
<https://github.com/brave/brave-browser/releases/download/v1.81.135/brave-v1.81.135-win32-x64.zip>
5. Download the specified ZIP file.
6. Extract the contents (e.g., C:\Software\Chrome-Based\Brave\.)
7. Run the executable or installer executable inside that zip file.
8. (Optional) Verify the file integrity using the SHA-256 checksum:
<https://github.com/brave/brave-browser/releases/download/v1.81.135/brave-v1.81.135-win32-x64.zip.sha256>

Note that this is useful when you're constantly testing software.
Especially when you need to start fresh with the latest release.
And yet you want to be able to archive the release you tested.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

ANOTHER USEFUL UPDATE

Doubling up the protection (like adding layers to an onion)!

I was checking tracert test outputs when something strange revealed itself.
I had forgotten to turn off the randomized system-wide VPN connections.

It only then occurred to me that I could layer a system-wide VPN over the SOCKS5 proxy for apps (for an added layer of obfuscating protection).

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up apps to use that port using FreeCap settings set to that port.

Now, when you run apps in Windows such as torrents or web browsers...
1. Your ISP sees only your activity on the system-wide VPN IP address
2. Your VPN server only sees your real IP address & the Psiphon IP address
3. Psiphon only sees your VPN IP address & the ultimate server IP address
4. The ultimate server only sees the Psiphon IP address
5. Your web fingerprint is protected by your privacy protecting extensions

All this is done using a score of registration-free ad-free privacy tools.
a. Free no-registration public VPN servers
b. Free no-registration Psiphon SOCKS5 servers
c. Free no-registration FreeCap app proxifier
d. Free no-registration browser privacy extensions
1. allfingerprintdefender
2. canvasblocker
3. clearurls
4. cookieautodelete
5. cthulhujs
6. decentraleyes
7. fontfingerprintdefender
8. localcdn
9. locationguard
10. privacybadger
11. privacypossum
12. referercontrol
13. skipredirect
14. stayintab
15. trace
16. ublockorigin
17. useragentswitcher
18. webrtccontrol

Remember the golden privacy rule is never register for anything on the net.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 19 Aug 2025 11:00:40 -0000 (UTC), Marion wrote :

Here's the fundamental process:
A. Start any free no-registration system-wide VPN.
B. Start the FOSS Psiphon tools to connect to a SOCKS5 proxifier port.
C. Set up apps to use that port using FreeCap settings set to that port.

If it takes two button clicks, that's one too many, and if a click exposes your privacy, then we have to think about how to protect our privacy.

To both those ends, I improved the process this morning of running a
free no-registration system-wide random VPN first, and then running
Psiphon with a static SOCKS5 port of 1080 so that when I run the
privacy web browser from FreeCap, I now don't need to set the SOCKS5
port each time.

One "privacy" problem, albeit minor, with Psiphon, is that it brings
up an advertisement on your default web browser during startup.

Drat. That sucks. It's not harmful, but it exposes your privacy.
Needlessly.

So let's fix that pronto using basic Windows tricks of setting
the default web browser to a batch file that does whatever I want.

Besides, even with a random system-wide no-registration free VPN running,
it's still bad form for Psiphon to be bringing up a default browser to
an advertisement which can, for all we know, rot privacy in some way.

That browser session unilaterally launched by Psiphon isn't yet proxified.
As I said many times, privacy is like hygiene. It's a billion things.

Removing that initial privacy flaw at Psiphon startup needed to be done.

Unfortunately, the free Psiphon doesn't have switches to turn that off.

psiphon3.exe -mode=socks <== this doesn't exist... bummer

We might like to set up the Tor browser as the default because it can
open up unconnected, but it's problematic to set a Tor browser as
the default (since Tor doesn't register itself as a Windows browser).

So let's just create a dummy web browser for Psiphon to invoke.
@echo off
REM C:\path\to\dummybrowser.bat 20250819 revision 1.0
set LOGFILE=C:\path\to\dummybrowser.log
echo [%date% %time%] Attempted launch: %* >> %LOGFILE%
start "" "C:\path\to\gvim.exe" "%LOGFILE%"
exit

Since Windows won't set the default web browser to a batch
file, let's convert that dummybrowser.bat to dummybrowser.exe
using any of a number of batch-to-executable converters.

<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases>
<https://github.com/l-urk/Bat-To-Exe-Converter-64-Bit/releases/download/3.2/Bat_To_Exe_Converter_x64.exe>
1. Open that "Bat To Exe Converter v3.2" executable.
2. Select your .bat file using the folder icon.
3. At the right, in Options, there is "Exe-Format" with these choices
32-bit | Console (Visible)
32-bit | Windows (Invisible)
64-bit | Console (Visible)
64-bit | Windows (Invisible) <== Use this to compile a batch file
as a 64-bit GUI-style exe that runs silently with no console window.
4. Click the "Convert" button to convert batch to exe.
5. Choose your output path in the "Save as" field.
(Optional) Add an icon or version info.

But you still can't select the dummy browser yet as it's not registered.
Win+I > Apps > Default apps > Web browser >
Choose default apps by file type
Choose default apps by protocol
Set defaults by app
Recommended browser settings

You first need to register your exe as a web browser in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet

To do that, right-click "merge" this registry file:

gvim C:\path\to\register_dummy_browser.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser]
@="Dummy Browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities]
"ApplicationName"="Dummy Browser"
"ApplicationDescription"="A privacy-preserving dummy browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\FileAssociations]
".htm"="DummyBrowserHTML"
".html"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\DummyBrowser\Capabilities\URLAssociations]
"http"="DummyBrowserHTML"
"https"="DummyBrowserHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DummyBrowserHTML\shell\open\command]
@="\"C:\\path\\to\\dummybrowser.exe\" \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Dummy Browser"="Software\\Clients\\StartMenuInternet\\DummyBrowser\\Capabilities"

Now you can select the dummy browser as your default web browser.
Win+I > Apps > Default apps > Web browser > dummybrowser.exe

Voila!

Now, when you start Psiphon, it tries to launch the advertisement
using the default browser, which happens to simply log the attempt.

As always, privacy, like hygiene, is a billion things done every day.

If you have improvements to share, please let the team know so
we all benefit from every effort at improving privacy on Windows.

In summary, two improvements were made in today's progress:

1. Psiphon & FreeCap were set to a static SOCKS5 port of 1080
2. Psiphon's advertisement web browser session was annulled

Please improve if you also need privacy in web browser sessions.


--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Tue, 19 Aug 2025 15:17:17 -0000 (UTC), Marion wrote :

To both those ends, I improved the process this morning of running a
free no-registration system-wide random VPN first, and then running
Psiphon with a static SOCKS5 port of 1080 so that when I run the
privacy web browser from FreeCap, I now don't need to set the SOCKS5
port each time.

UPDATE:

Since we're layering free no-registration VPNs onto open source proxies
onto free no-registration proxifiers onto free no-registration privacy extensions, it behooves us to be able to check proxy settings dynamically.

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

Below is a script which simplifies visibility and control over what turns
out to be a devilishly fragmented system of how Windows defines proxies.
a. WinINET: Used by Internet Explorer, Chrome, and many apps;
b. WinHTTP: Used by system services and background tasks;
c. PAC/AutoDetect: Dynamic proxy configuration via commands.

Unfortunately, I've run into this proxy setup complexity due to using
A. VPN, which encrypts traffic and changes routing;
B. Psiphon, which tunnels & encrypts SOCKS5 & HTTPS traffic;
C. FreeCap, which redirects app traffic through SOCKS proxies.

The proxy.bat script included below checks all three methods at once
which gives us a clear snapshot of what the Windows proxy setup is.

To that end, we add a new command to run in your Win+R taskbar Runbox:
Win+R/Runbox > proxy
Which executes this added registry "App Paths" key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
Which runs this proxy checking tool (see the tool below in its entirety):
C:\sys\bat\proxy.bat

===< cut here for proxy.bat >===
@echo off
REM proxy.bat 20250820 v1.0 �X Unified Windows check-proxy diagnostic tool
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM 20250820 rev 1.0
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\bat\proxy.bat ==> creates "Win+R > proxy" command
setlocal

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION CHECK
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Check complete.
echo ==============================================

endlocal
pause
===< cut here for proxy.bat >===

As always, this is posted to help others copy & paste
(where wasbit's kind and helpful advice is appreciated)
this script as part of their addition of privacy to Windows.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Wed, 20 Aug 2025 18:27:08 -0000 (UTC), Marion wrote :

I never messed with proxies before, but darn'it, Windows splatters proxy settings all over the place, such that I needed a quick testing script.

UPDATE

Turns out I didn't need to use FreeCap to proxify Chromium web browsers.

Mozilla'based browsers (Firefox, Thunderbird, etc.) have their own internal proxy settings and, by default, ignore the Windows proxy unless you
explicitly tell them to use it.

Unlike Mozilla-based browsers which have those proxy GUIs, Chromium-based browsers do not have built-in proxy configuration GUIs.

So I thought I needed to proxify Chromium-based web browsers with FreeCap.
But I was wrong.

Turns out it's the other way around.

Chromium-based browsers apparently directly inherit proxy settings from the operating system, including:
a. From WinINET (used by most desktop apps)
b. Or from PAC scripts and AutoDetect
c. Or from manual proxy entries like that which Psiphon3 sets.
Win+I > Settings > Network & Internet > Proxy > Manual proxy settings
[http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080]

Also Chromium-based browsers can also be proxified at the command line:

brave.exe --proxy-server="http=127.0.0.1:30884;https=127.0.0.1:30884;socks=127.0.0.1:1080"

So I don't think we need FreeCap to proxify our DIY Chromium-based privacy browsers but we can still use FreeCap to proxify the Mozilla browsers.

However, we could also configure Firefox's own proxy settings (Preferences

Network Settings) to point directly to Psiphon's SOCKS5 port, skipping

FreeCap entirely. If we want this to persist across profiles or installs, LibreWolf even lets us set it in a librewolf.overrides.cfg file.

Mullvad's own help docs describe doing this for their own SOCKS5 proxy, but
the steps are identical for Psiphon's proxy ports.

FreeCap is still useful for apps that don't have built-in proxy support,
but apparently all web browsers have it - they just do it differently.

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

Who knew? Not me. The more I try to build a DIY privacy browser, the more I learn how different the two main web browser platforms are from each other.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :

Chromium ==> respects Windows proxy settings (which Psiphon sets for you)
Mozilla ==> ignores Windows proxy settings (but has their own settings)

UPDATE:

Aurgh. There are layers to this Windows socks5 stuff such that some apps
use one layer while other apps use a different layer. Who knew? Not me!

Everything in Windows having to do with privacy seems to have more layers.

I started checking whether non-browser apps used Windows proxy settings,
where it turns out pgms like Telegram & CoPilot are different than
browsers are (which themselves are different in how each handle proxy).

Running the previously posted "proxy.bat" showed that Psiphon modified the WinINET (user apps, browsers) proxy (127.0.0.1:17561 / socks at 127.0.0.1:1080) but not the WinHTTP (system/background services) proxy.

Sigh. Half a solution is not a full solution.
In fact, even with Psiphon, WinHTTP was was set to direct access (no proxy).

The fix is to always copy the WinINET proxy config into WinHTTP.
Win+R > cmd {ctrl+shift+enter}

netsh winhttp import proxy source=ie

Now system services (which often ignore WinINET) will use
Psiphon's proxy as well. It also set a bypass list so that
local/private subnets avoid the proxy.

This is needed so that any Windows component that uses WinHTTP (like parts
of Copilot, Windows Update, some Microsoft Store traffic) will respect the Psiphon proxy, matching the existing Psiphon browser/app proxy settings.

To test:
a. Temporarily clear WinHTTP proxy:
C:\> netsh winhttp reset proxy

b. Run Win+R > proxy
The proxy.bat script should detect 'No WinHTTP proxy set'
and it should then import settings from WinINET automatically.
c. Set a custom WinHTTP proxy:
C:\> netsh winhttp set proxy proxy-server="http=1.2.3.4:8080"

d. Run Win+R > proxy
The proxy.bat script should detect an existing WinHTTP proxy
and therefore it should NOT overwrite it.

Below is the improved proxy.bat script to accomplish the sync above.

===< cut here for improved proxy.bat which handles more programs >===
@echo off
REM proxy.bat 20250820 v1.2
REM Use model: "Win+R > proxy" (diagnostic + proxy import if WinHTTP is unset)
REM Unified Windows proxy diagnostic tool with WinHTTP sync safeguard
REM "Win+R > proxy /sync imports WinINET proxy directly into WinHTTP
REM Reports: WinINET manual proxy, WinHTTP proxy, PAC/AutoDetect
REM HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\proxy.exe
REM Default=C:\sys\batch\proxy.bat
REM That App Paths key creates the convenient "Win+R > proxy" command
REM
setlocal

:: --- Quick /sync mode ---
if /i "%~1"=="/sync" (
echo Syncing WinINET proxy into WinHTTP...
netsh winhttp import proxy source=ie
echo Done.
pause
exit /b
)

set KEY="HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings"

echo ==============================================
echo WINDOWS PROXY CONFIGURATION SET/CHECK/FIX
echo ==============================================

REM --- WinINET (manual proxy) ---
echo.
echo [1] WinINET / Internet Settings
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyEnable 2^>nul') do set ProxyEnable=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v ProxyServer 2^>nul') do set ProxyServer=%%B
if "%ProxyEnable%"=="0x1" (
echo Proxy is ENABLED
echo Proxy server: %ProxyServer%
) else (
echo Proxy is DISABLED
)

REM --- WinHTTP proxy ---
echo.
echo [2] WinHTTP proxy (system/background services)

REM Get current WinHTTP proxy setting
for /f "tokens=1,* delims=:" %%A in ('netsh winhttp show proxy ^| findstr /R /C:"Proxy Server(s)"') do set curWinHTTP=%%B

REM Trim leading/trailing spaces
set curWinHTTP=%curWinHTTP:~1%

if "%curWinHTTP%"=="" (
echo No WinHTTP proxy set - importing from WinINET...
netsh winhttp import proxy source=ie >nul 2>&1
) else (
echo WinHTTP proxy already set - leaving as is.
)

REM Show current WinHTTP proxy after check/import
netsh winhttp show proxy

REM --- PAC (Proxy Auto-Config) & AutoDetect ---
echo.
echo [3] PAC / AutoDetect
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoConfigURL 2^>nul') do set PACurl=%%B
for /f "tokens=2,* skip=2" %%A in ('reg query %KEY% /v AutoDetect 2^>nul') do set AutoDetect=%%B

if defined PACurl (
echo PAC script set: %PACurl%
) else (
echo No PAC script URL found.
)

if "%AutoDetect%"=="0x1" (
echo Auto-detect is ENABLED
) else (
echo Auto-detect is DISABLED
)

echo.
echo ==============================================
echo Windows proxy set/check/fix complete.
echo ==============================================

endlocal
pause

===< cut here for improved proxy.bat which handles more programs >===

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Thu, 21 Aug 2025 04:11:10 -0000 (UTC), Marion wrote :

Turns out I didn't need to use FreeCap to proxify Chromium web browsers.

UPDATE ON FREE REGISTRATION-FREE AD-FREE PROXIFIERS:

Some programs need proxifiers (like FreeCap, which I used for a week).
a. Mozilla browsers have their own proxy controls
b. Chromium browsers use the Windows proxy defaults
c. But many programs use neither

For those programs which need proxifiers, I found a better proxifier.
A. FreeeCap
B. SocksCap64

FreeCap is lightweight and still works for basic SOCKS4/5 or HTTP proxying,
but it's frozen in time while SocksCap64 has been updated more recently.
<https://sourceforge.net/projects/sockscap64/>
Actively maintained (though updates are infrequent)
SOCKS4, SOCKS5, HTTP, and Shadowsocks; supports both TCP & UDP
"SocksCap64 is an easy and a beautiful way to let the programs
you want to work through a specific SOCKS proxy server,
even if your applications don't have such an option."

SocksCap64 is the more modern, feature-rich choice, with broader protocol support, UDP handling, and better compatibility with current Windows.
<https://netactuate.dl.sourceforge.net/project/sockscap64/SocksCap64-setup-3.6.exe>
Name: SocksCap64-setup-3.6.exe
Size: 6193115 bytes (6047 KiB)
SHA256: B2DA49EC9A2702CFD7625D3F152AF98A4C8E3E155DAB78686962BB3DF1F76825

Having only used proxies for a short time, my current advice is:
1. For Chromium browsers, use the script I wrote to sync to Windows
2. For Mozilla browsers, use their own GUIs (or FoxyProxy's GUI)
3. For most other apps, use a proxifier such as SocksCap64/FreeCap are

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)

Subject: Re: Tutorial: DIY build your own lightweight chromium-based privacy web browser

On Sun, 24 Aug 2025 09:48:33 +0100, Jim the Geordie wrote :

On 24/8/2025 2:28 am, D wrote:

best browser extension ever invented by man . . .

Firefox 142.0
Tools > Extensions and Themes [Ctrl+Shift+A]

Switched to it from Adblock for many years... couldn't quite remember
why. Something to do with Firefox changing its add-on mechanism.

Adblock started allowing certain ads through:

"Starting with version 2.0, Adblock Plus started allowing "acceptable
ads" by default,[72] with acceptable ad standards being set by The
Acceptable Ads Committee.[73] They charge large institutions fees to
become whitelisted and marked as "acceptable", stating "[Adblock Plus]
only charge large entities a license fee so that we can offer the same
whitelisting services to everyone and maintain our resources to develop
the best software for our users." on their about page.[74]"

From https://en.wikipedia.org/wiki/Adblock_Plus

uBlock Origin doesn't play that game.

If you use Brave Browser, no adblocking add-on is needed.

My two cents... bearing in mind I never used extensions until early July
when Epic Privacy Browser went bust... I'm building two sets of DIY privacy browsers where I've settled (currently) on almost a score of extensions
(not counting VPN extensions) which are the following currently for the Chromium side of the family (given it was easier than the Mozilla side).

Browser: Brave and/or Ungoogled Chromium (LibreFox and/or MullVad)
1. Canvas Blocker - Fingerprint Protect : version 0_2_2
2. ClearURLs : version 1_26_0
3. Cookie AutoDelete : version 3_8_2
4. CthulhuJs (Anti-Fingerprint) : version 8_0_6
5. Decentraleyes : version 3_0_0
6. Extension Manager : version 9_5_2
7. Font Fingerprint Defender : version 0_1_6
8. LocalCDN : version 2_6_79
9. Location Guard (V3) : version 3_0_0
10. Privacy Badger : version 2025_5_30
11. Referer Control : version 1_35
12. Skip Redirect : version 2_3_6
13. StayInTab : version 1_0
14. Trace - Online Tracking Protection : version 3_0_6
15. uBlock Origin : version 1_65_0
16. User-Agent Switcher and Manager : version 0_6_4
17. WebRTC Control : version 0_3_3
18. NoScript is useful, but I find it a PITA so it's disabled for now.

The question came up from Mr. Man-wai Chang about Adblock Plus.

While there will always be overlap when you have a score of extensions,
a. uBlock Origin is more efficient (apparently)
b. It's said to be more powerful in supporting advanced rule creation
c. It's said to support dynamic & cosmetic filtering
c. Critically, it doesn't have an "acceptable ads" program
d. And it's often considered more actively maintained

Since there is a large amount of overlap, I left AdBlock Plus out of the
mix of privacy extensions that I'm testing for the DIY privacy browser(s).

But I could be wrong as I must state openly I never touched extensions
until being forced to give up on my daily driver privacy browser in July.

Side Note: The VPN extension test covering a score of supposedly free, ad
free, registration free VPN extensions is still a work in progress
covering, so far, the following successful & failed VPN extensions:

These passed initial testing criteria (free, account free, ad free):
1. browsec
2. hoxx
3. securefreeedgevpn
4. setupvpn
5. vpnly
6. xvpn
7. 1clickvpn
8. 1vpn

These failed initial testing criteria (free, account free, ad free):
a. hiddenbatvpn
b. hidemevpn
c. hotspotshieldvpn
d. itopvpn
e. protonvpn
f. tunnelbearvpn
g. urbanvpn
h. windscribevpn

Correction: I correct an earlier assessment that all the VPN extensions
"slow down" drastically within days; I think some of that is due to the plethora of privacy-baswed extensions - so I switched the testing over to testing instead the free,adfree,registrationfree system-wide VPNs with a free-adfree-regfree socks5 proxy (Psiphon) and, for non-browser
applications, a free-adfree-regfree proxifier such as ProxyCAp64/FreeCap.

Note I found out the hard way that Mozilla browsers handle proxies very differently than do Chromium browsers, which themselves handle proxies differently than most programs do where Windows has three layers of proxies that I had to write scripts (e.g., proxy.bat which morphed yesterday to proxy.cmd due to Windows quirks) to synchronize manually the three proxy mechanisms what Windows should have synchronized automatically. Sigh.

Note also that there are too many free/regfree/adfree system-wide
openvpn.exe free public VPN servers out there to list (many thousands!) so
it will take a while before I test them all sufficiently to declare which
free system-wide VPN server set is the easiest & fastest as all require additional software (e.g., softether or openvpn.exe) and scripts (due to changing passwords mostly).

Lastly, I wasted days testing proxy servers, of which there are so many thousands out there that you'd go nuts trying them all, but they're all apparently abysmal in terms of reliability compared to the acceptable reliability of the free public no-registration openVPN services that I'm currently testing. After days of a miserable existence testing them,
writing script after script after script to deal with their ephemeral
nature, I gave up concluding that you'd have to have TLA-like resources to
keep up with the few proxy services which stay alive long enough to be
useful.

Apologies for the long-winded response but that's the status of my testing
in a nutshell, in the fewest words that still convey accurate assessment.

--- MBSE BBS v1.1.2 (Linux-x86_64)
* Origin: BWH Usenet Archive (https://usenet.blueworldho (3:633/280.2@fidonet)