browser choice
< Dev
Donate
This page describes the concept, design, and implementation details of the browser selection interface. It includes user interface elements, plugin architecture, and eligibility criteria for browsers to be included in the selection tool.
example[edit]
- https://upload.wikimedia.org/wikipedia/en/e/e2/BrowserChoice.gif
- https://en.wikipedia.org/wiki/BrowserChoice.eu
GUI elements[edit]
- Anytime: The wizard can be started any time during the lifetime of Kicksecure. (Not only as a first boot wizard.)
- Structure as a wizard for ease-of-understanding.
- Page 1: Offer a selection of applications (currently web browsers are our primary target)
- intro text:
- "Select Application": Main prompt for user interaction.
- "web browsers" as a variable: May be extended in the future to include options like "e-mail client". A tabbed interface can be used to allow the user to select what "class" of application they wish to choose from (browser, email, etc).
- alphabetic order: Browsers are displayed in alphabetic order to avoid preferential treatment.
- header text: Indicate number of applications available. Mention that they are listed in alphabetical order.
- logo 1: Primary logo representing the browser.
- logo 2: Possibly represents the installation method(s).
- browser name: For example "Firefox".
- linked browser: Link to browser homepage.
- subline: name of the developer. For example: "by Mozilla"
- linked subline: Link to for example "Mozilla".
- text: Best omitted to reduce bias and maintenance.
- text / advantages / disadvantages: Excluded to reduce maintenance effort and avoid potential legal issues. Instead, provide such comparisons in the wiki where updates and citations are easier.
- outro text:
- "Further information" section at the bottom of the interface.
- No user freedom restrictions: browser-choice simplifies installation of eligible browsers according to the criteria for inclusion into browser choice. There are No Intentional User Freedom Restrictions. Users are free to install any browser, with or without the help of browser choice.
- intro text:
- Page 2: Offer available installation and uninstallation methods
- intro text:
- "Choose Installation Options": Main prompt for user interaction.
- All installation methods listed in alphabetical order.
- Installation method icons shown next to each available method with cards.
- "install, remove, purge": Buttons for each installation method.
- Example: Firefox...
- packages.debian.org package version
- flatpak version (may offer weaker sandboxing)
- Mozilla Debian repository version
- Show the user a confirmation screen before allowing them to proceed to the next page
- intro text:
- Page 3: Show (un)installation progress and logs
- intro text:
- "modifying software": Informs the user what is happening.
- Progress bar: gives the user a rough idea of how close the process is to completion.
- Progress bar implementation difficulty: Progress bar is optional. Some installation methods (APT, flatpak, tb-updater) might not output machine readable progress percentage numbers?
- Skip progress bar in initial implementation, would too much plugin-specific code.
- Log view: terminal-like window showing the user what is being done, useful for bug reports or to allow power users to diagnose issues themselves.
- intro text:
- Page 4: Offer launching a newly installed application
- intro text:
- "software changes complete": Informs the user what has happened.
- "click done to close the wizard": button for the user to exit the wizard
- If any new browser packages were installed, offer a "launch now" checkbox
- If the user installed the same browser in multiple ways, offer a combo box for selecting the installation type to launch
- intro text:
- Page 1: Offer a selection of applications (currently web browsers are our primary target)
Browser Visibility[edit]
- Installed vs not installed: Differentiate between already installed and not yet installed browsers.
- No hidden browsers: Gray out uninstallable browsers due to unavailability (many browsers are unavailable on ARM64 and other architectures) for transparency and avoidance of impression of bias.
- Mark unavailable browsers: "Unavailable on the
ARM64architecture."
No Randomized Order[edit]
It has been considered to show browsers in a random order to avoid preferential treatment and decided against it. Reasons:
- bad user experience: Randomizing visible elements creates a sense of inconsistency for users who repeat the process. Even for first-time users, the perceived "random" order appears to be just a "normal static" order. The idea of randomization might appeal to lawyers or engineers, but most users would see it as excessive and a reduction in usability due to its inconsistency, especially when it's only intended to solve the simple issue of demonstrating neutrality.
- automated testing issues: Randomization would also introduce problems for automated (CI) testing.
- no legal requirement: BrowserChoice.eu by Microsoft might have had a legal requirement or legal advice to randomize the order of browsers due to its dominant market position. However, that does not apply to Kicksecure. While Kicksecure aims to be as objective as possible, there is no legal requirement to do so. Kicksecure is permitted to editorialize.
Internal Design[edit]
- plugin based:
- Drop a file into
/usr/share/choice/browser: Enables modular addition of browsers./usr/share/choice/browser/firefox.txt/usr/share/choice/browser/chromium.txt
- Drop a file into
/usr/share/choice/e-mail(probably not important): May support e-mail clients in the future. May be expandable to cover any kind of application type for which multiple alternatives are available and choosing a default is difficult./usr/share/choice/browser/thunderbird.txt/usr/share/choice/browser/evolution.txt
- Drop a file into
- Installation type icons and descriptions for common installation types are included by default (i.e. for "install from Debian repository", "install from Flatpak", "install from Snap Store", "install from Kicksecure repository" if applicable in the future, etc.
- Simple code for common installation types included by default, plugins can use these functions to simplify installation code. Should only be used when it's very simple to implement and likely to be widely duplicated (i.e.
apt install,flatpak install, etc.). - logging: All commands run by browser-choice and their outputs should be logged to a file to avoid undue blame for system issues on browser choice.
plugin structure[edit]
- logo file name: Image file representing the browser.
- name: Display name of the browser.
- text: Optional short description.
- install script(s): Script used to install the browser, one script per installation method.
- uninstall script(s): Script to remove the browser, one script per installation method.
- purge script(s): Script for complete removal including configuration files and user data, one script per installation method.
- custom installation types: For installation types unique to a particular browser (i.e. Mozilla repository, Brave repository), provide an icon and description for that installation type
- capability: Checks that the Kicksecure installation is capable of running the browser, and reports this information to the frontend which can hide or show the browser as a result. For instance, if a browser is only available on x86_64, it should be hidden on arm64 machines.
- running plugin scripts: Plugin installation, removal, and precheck/postcheck code is run inside a terminal-wrapper, which monitors the exit status of the script(s) that is/are run. The "final" exit status is written to a well-defined location (
$TMPDIR/browser-choice-plugin-exit-code?) whichbrowser-choicereads when the terminal-wrapper is closed. This is then used to determine whether the process succeeded or failed.
Plugin Examples[edit]
Draft.
/usr/share/choice/browser/firefox.txt
product-name=Firefox product-website=https://www.mozilla.org/en-US/firefox/new/ product-logo=firefox.svg vendor-name=Mozilla vendor-website=https://www.mozilla.org vendor-logo=mozilla.svg wiki=https://www.kicksecure.com/wiki/Firefox official-plugin=yes [action-install-debian] method-name=Firefox ESR (Extended Stable Release) from Debian stable repository method-name-short=Repo (Debian) method-subtext=Firefox ESR from packages.debian.org repository. Managed by apt. method-logo=debian.svg update-script=apt-get update install-script=apt-get-noninteractive install firefox-esr uninstall-script=apt-get-noninteractive remove firefox-esr purge-script=apt-get-noninteractive purge firefox-esr install-status=package-installed-check firefox-esr precheck=apt-get-sanity-test postcheck=apt-get-sanity-test capability=architecture-support-check amd64 arm64 ppc64el [action-install-mozilla] method-name=Firefox Stable from Mozilla official repository method-name-short=Repo (Mozilla) method-subtext=Firefox Stable from packages.mozilla.org repository. Managed by apt. method-logo=debian.svg ## included in install-script update-script=false install-script=... uninstall-script=todo purge-script=todo install-status=package-installed-check firefox capability=architecture-support-check amd64 [action-install-flathub] method-name=Firefox Stable from Flathub repository method-name-short=Flatpak (Mozilla) method-subtext=Firefox Stable from flathub.org repository. Managed by Flatpak. method-logo=flatpak.svg update-script=false install-script=flatpak install flathub org.mozilla.firefox uninstall-script=flatpak uninstall flathub org.mozilla.firefox purge-script=false install-status=flatpak info flathub org.mozilla.firefox precheck=todo postcheck=todo capability=architecture-support-check amd64 arm64
/usr/share/choice/browser/chromium.txt
product-name=Chromium product-website= product-logo=chromium.svg vendor-name=Google vendor-website= vendor-logo=google.svg wiki=https://www.kicksecure.com/wiki/Chromium official-plugin=yes [action-install-debian] method-name=Chromium from Debian stable repository method-name-short=Repo (Debian) method-subtext=Chromium from packages.debian.org repository. Managed by apt. method-logo=debian.svg update-script=apt-get update install-script=apt-get-noninteractive install chromium uninstall-script=apt-get-noninteractive remove chromium purge-script=apt-get-noninteractive purge chromium install-status=package-installed-check Chromium precheck=apt-get-sanity-test postcheck=apt-get-sanity-test capability=architecture-support-check amd64 arm64 ppc64el [action-install-flathub] method-name=Chromium from Flathub repository (Community) method-name-short=Flatpak method-subtext=Chromium from flathub.org repository. Unofficial. Managed by Flatpak. method-logo=unofficial.svg install-script=flatpak install flathub org.chromium.Chromium uninstall-script=flatpak uninstall flathub org.chromium.Chromium purge-script=false install-status=flatpak info flathub org.chromium.Chromium precheck=todo postcheck=todo capability=architecture-support-check amd64 arm64
/usr/share/choice/browser/torbrowser.txt
product-name=Tor Browser product-website=https://www.torproject.org/download/ product-logo=torbrowser.svg vendor-name=The Tor Project vendor-website=https://www.torproject.org vendor-logo=torproject.svg wiki=https://www.kicksecure.com/wiki/Tor_Browser official-plugin=yes [action-install-tb-updater] method-name=Official Tor Browser tarball method-name-short=Tarball (TPO) method-subtext=Tor Browser from torproject.org repository. Managed by Tor Browser Downloader (by Kicksecure developers). method-logo=torbrowser.svg install-script=update-torbrowser --gui uninstall-script=false purge-script=false install-status=todo precheck=? postcheck=? capability=architecture-support-check amd64 #capability=architecture-support-check amd64 arm64
Not something we will provide ourselves due to being closed-source, but a third party might create something like this: /usr/share/choice/browser/vivaldi.txt, note that this will cause browser-choice to display a warning about unofficial plugins due to official-plugin=no and this example only exists to illustrate that:
product-name=Vivaldi product-website=... product-logo=vivaldi.svg vendor-name=Vivaldi Technologies vendor-website=... vendor-logo=vivaldi.svg wiki=https://www.example.com/vivaldi official-plugin=no [action-install-vivaldi-repo] method-name=Official Vivaldi DEB repository method-name-short=Deb (Vivaldi) method-subtext=Vivaldi from ... repository. Managed by Vivaldi Technologies. method-logo=vivaldi.svg install-script=... uninstall-script=... purge-script=... install-status=... precheck=? postcheck=? capability=architecture-support-check amd64
Editorialized Installation Methods[edit]
For example, Firefox can be installed using, and there are good arguments to make for.
Table: Installation Methods Comparison Example
| Option | Method | Description |
|---|---|---|
| A | Debian packages.debian.org repository | ESR (Extended Support Release) - trusting binary builds by Debian |
| B | Mozilla repository | Rapid release - presumably as fast as possible directly from Mozilla |
| C | flatpak (system-wide installation) | Same as above; compatible with /home noexec
|
| E | flatpak (per-user installation) | Same as above; no administrative ("root") rights required for installation; incompatible with /home noexec
|
| F | snap | Might be superfluous due to other available options |
| G | tarball | Same as above |
Kicksecure developers will only implement major installation options. It is an explicit non-goal to offer all installation methods solely for the sake of completeness. Feature requests and contributions by upstream or the community might result in additional installation methods.
apt-get[edit]
apt-get-noninteractive- require confirmation: Do not use
apt-getwith parameter--yes. - use terminal wrapper
- rationale:
- debconf questions
- configuration files questions
- broken system dependencies by the user getting worse (FrankenDebian)
command line options[edit]
--noupdate: Do not require operating system upgrades ("sudo apt-get dist-upgrade") already being installed.
split GUI vs CLI[edit]
- Python library with shared code used by plugins and frontends, includes features such as plugin enumeration and loading, getting paths to image files, getting descriptive text, getting documentation links, installing and removing software in common ways, getting installation status, etc.
- Shim that runs as root for handling installation and uninstallation when root privileges are needed, uses the library's code
- GUI version calls the library directly
- should there be a (minimal) CLI version?
criteria for inclusion into browser choice[edit]
- Open Source: Must be fully open-source.
- availability of binary builds for Debian Linux Intel/AMD64: Must have precompiled versions compatible with Debian on Intel/AMD64.
- Kicksecure compatibility: Installation and execution must be functional on Kicksecure. It usually is but hypothetically some security settings by Kicksecure might break a browser and upstream might not fix it.
- stable: Functionally stable. A stable version that has a 0.x version number or is called alpha or beta is not an exclusion criterion, as these version schemes and qualifiers are used inflationarily.
- browser has a minimum of X users and/or market share or other noteworthiness: Should be recognized or widely used, possibly included in major Linux distributions.
- project exists for a minimum of X years: Ensures sustainability and maturity.
- must have X amount of developers: Indicates active development and maintenance.
- security: Must not be majorly outdated or regularly lag behind in patches.
- no obscenities: Must not have offensive or inappropriate project names.
- No malware: No malware: must not be malware. This is difficult to define in the context of many browsers, which come with a lot of anti-features. So the bar for this is unfortunately pretty low. It must not be malware in the sense that it searches for files on the user's computer and uploads them to third parties.
- Plugin availability: A plugin for browser choice must be contributed and maintained by the vendor or community.
- TBD: Additional criteria may be defined.
UI mockups[edit]
Page 1: Application selection[edit]
+-----------------------------------------------------------------------+
| Application Chooser v ^ X |
+-----------------------------------------------------------------------+
| |
| ================================== |
| == Step 1/4: Select Application == |
| ================================== |
| |
| Select the application to install or remove. |
| |
| +----------+ |
| | Browsers +---------------+---------------+ |
| | | Email Clients | Whatever else | |
| +-------------------------------------------------------------------+ |
| | 7 option(s) available. Applications shown in alphabetical order. | |
| +-------------------------------------------------------------------+ |
| | | |
| | +------------------+ +------------------+ +------------------+ | |
| | | {Icon} ( ) | | {Icon} (*) | | {Icon} (-) | | |
| | | ==Chromium== | | ==Firefox== | | ==Tor Browser== | | |
| | | | | | | | | |
| | | by [Google] | | by [Mozilla] | | by [TPO] | | |
| | | [Wiki] | | [Wiki] | | [Wiki...] | | |
| | | | | | | | | |
| | | Available as: | | Available as: | | Unavailable on | | |
| | | * Repo (Debian) | | * Repo (Debian) | | ARM64. | | |
| | | * Flatpak | | * Flatpak (Moz.) | | | | |
| | | | | | | | | |
| | | Installed as: | | Not installed. | | | | |
| | | * Repo (Debian) | | | | | | |
| | +------------------+ +------------------+ +------------------+ | |
| | | |
| +-------------------------------------------------------------------+ |
| | <=> | |
| +-------------------------------------------------------------------+ |
| |
| This tool is provided solely for convenience. Users are free to use |
| any applications they choose, installed with or without the help of |
| this tool. |
| |
| All applications displayed by this tool are open-source software. For |
| more information on the inclusion criteria for applications listed |
| above, see [Link]. |
| |
| For more information about this tool, see [Link]. |
| |
| +-----------+ +-------------+ |
| | X Cancel | | > Continue | |
| +-----------+ +-------------+ |
| |
+-----------------------------------------------------------------------+
- Note, if someone installs an unofficial plugin for an application such as (for instance) Vivaldi, the inclusion criteria notice will change to:
| Unofficial plugins for Application Chooser have been installed. The | | applications above may not be open-source or may be otherwise | | non-compliant with the inclusion criteria listed at [Link]. Proceed | | with caution. |
- Obviously, a plugin developer could work around this limitation rather trivially by specifying their plugin as official, there is nothing we can do or should do about that. Downstreams who want to offer non-FOSS browsers without showing a warning or lying to the user will have to fork browser-choice.
Page 2: Installation options[edit]
+-----------------------------------------------------------------------------+
| Application Chooser v ^ X |
+-----------------------------------------------------------------------------+
| |
| =========================================== |
| == Step 2/4: Choose Installation Options == |
| =========================================== |
| |
| Choose the package for "Firefox" to install or remove. |
| |
| +-------------------------------------------------------------------------+ |
| | | |
| | +---------------------------------+ +---------------------------------+ | |
| | | {Icon} (*) | | {Icon} ( ) | | |
| | | ==Firefox ESR (Extended Stable | | ==Firefox Stable from Flathub | | |
| | | Release) from Debian stable | | repository== | | |
| | | repository (Installed)== | | | | |
| | | | | Firefox Stable from | | |
| | | Firefox ESR from | | flathub.org repository. Managed | | |
| | | packages.debian.org Repository. | | by Flatpak. | | |
| | | Managed by apt. | | | | |
| | +---------------------------------+ +---------------------------------+ | |
| | | |
| +-------------------------------------------------------------------------+ |
| | <=> | |
| +-------------------------------------------------------------------------+ |
| |
| Choose which action to take with the selected package: |
| |
| ( ) Install |
| [ ] Don't update software databases before installation |
| ( ) Remove |
| ( ) Purge |
| |
| +---------+ +-------------+ |
| | < Back | | > Continue | |
| +---------+ +-------------+ |
| |
+-----------------------------------------------------------------------------+
* Note, gray out "remove" and/or "purge" if the application isn't installed or if there is no remove or purge script in the plugin
Page 2: Installation options (confirmation screen)[edit]
+-------------------------------------------------------------+ | Confirm Installation Options - Application Chooser v ^ X | +-------------------------------------------------------------+ | | | The application "Firefox" will be installed via "Repo | | (Debian)". The following command will be executed to | | install the application: | | | | <apt-get update && apt-get-noninteractive install | | firefox-esr> | | | | Click "Continue" to proceed with these changes, or "Back" | | to return to the "Choose Installation Options" page. | | | | +---------+ +-------------+ | | | < Back | | > Continue | | | +---------+ +-------------+ | | | +-------------------------------------------------------------+
Page 3: Installation progress[edit]
+-------------------------------------------+ | Application Chooser v ^ X | +-------------------------------------------+ | | | ========================================= | | == Step 3/4: Applying Software Changes == | | ========================================= | | | | A terminal window has been opened for | | finishing the installation or removal | | process. Please finish installing or | | removing your selected application there. | | | | +-------------+ | | | > Continue | | | +-------------+ | | | +-------------------------------------------+
- Note, "continue" button will be grayed out until the installation/removal terminal window is closed.
Page 4: Finish[edit]
+---------------------------------------------+ | Application Chooser v ^ X | +---------------------------------------------+ | | | ========================================= | | == Step 4/4: Software Changes Complete == | | ========================================= | | | | The application "Firefox" has been | | installed via "Repo (Debian). Click "Done" | | to exit the wizard. | | | | [ ] Launch "Firefox" | | | | +---------+ | | | + Done | | | +---------+ | | | +---------------------------------------------+
- Note, if software was removed, the checkbox will be missing.
- Note, if installation or removal fails, this screen will warn about that.
Source Code[edit]
Boilerplate. Development has not started at time of writing: https://github.com/Kicksecure/browser-choice
Footnotes[edit]
Kicksecure
A secure by default operating system with the latest security research in place.
A secure by default operating system with the latest security research in place.
Follow us on social media
Supported by Power Up Privacy
Kicksecure is proudly supported until 2025 by
Power Up Privacy,
a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place.
(Strictly subject to our sponsorship policy.)
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements:
Terms of Service,
Privacy Policy,
Cookie Policy,
E-Sign Consent,
DMCA,
Imprint
2012-
2025 ENCRYPTED SUPPORT LLC
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!