Reduce leaked information when streaming - UnixDaemon: In search of (a) life

Lock down removing my need to commute to work each day gave me a few extra hours back and last year I decided to try streaming some small coding sessions on Twitch. I only did a few, as I discovered how much I hate the sound of my own voice, but when watching one of the streams I realised how much information I was leaking from my normal shell and web browser workflows. I’ve removed my old videos but if i were to start again there are at least two ways I’d change my development environment to help keep certain things private.

Shell history

Until I watched a recording I had no idea how much I relied on shell history when I’m working on the command line. Every time I pressed Ctrl- r I was showing commands, directory paths, and URLs I’d previously used, and as I have a long history retention set it was showing a lot. If I were to start streaming again now I’d ensure I started off with a clean terminal history to help keep the focus on what I’m doing in that session. You can do this with a short command but it’s not an intuitive one.

bash --rcfile <(echo '. ~/.bashrc; unset HISTFILE')

It starts a new shell without any existing history

$ history  | wc -l
1000

$ bash --rcfile <(echo '. ~/.bashrc; unset HISTFILE')

$ history  | wc -l
1

Your old history is restored when you exit the shell back to your previous one but commands typed in that shell are not preserved. I’ve wrapped this command, along with a few more in a start-streaming script. You can also pre-seed a history file with a focused set of commands to avoid the awkwardness of typing everything out by hand when you’re live.

$ cat ~/.fake_history
dig -t caa puppetcookbook.com
dig -t caa puppetcookbook.com | grep ';; ANSWER' -A 2

$ bash --rcfile <(echo '. ~/.bashrc; HISTFILE=~/.fake_history')

$ history
    1  dig -t caa puppetcookbook.com
    2  dig -t caa puppetcookbook.com | grep ';; ANSWER' -A 2
    3  history

Websites and web browsers

After realising how much my shell history gave away I jumped to the part where I opened a browser tab and was horrified at the amount of details you could see with some quick pausing/playing. The address bar shows sites visited going back years. Order numbers, where I’ve bought food from, LAN specific services etc.

I’m still mainly a FireFox user so I was hopeful I’d be able to use the Firefox Multi-Account Containers extension and simply open a new container, with my cookies present so I was still logged in, but without my history in the address bar. Unfortunately this isn’t possible. There is a five year old Make History aware of userContextId bug that addresses some of this requirement but if it’s open after five years, it’s never going to be fixed.

My second attempt was Private Browsing, but this is the worst of both worlds as it still shows your history but doesn’t bring over cookies so you have to log into sites each time.

The third attempt was more successful but added some manual steps. I created a new FireFox profile, which does not come with your history, and manually copied my cookies over so I was logged into sites when I visited them. You can do most of the steps on the command line, firefox -P shows you the profiles, firefox -P $name starts a profile etc. Copying the cookies over is as easy as cp $main_profile/cookies.sqlite $new_profile/ but it’s more fiddly than it needs to be. Still, it does allow you to have a profile that’s logged into GitHub but doesn’t show my ComiXology history so it’s a step in the right direction.

If I start streaming again I will do both of these, and probably make a script for it after the third manual run through. I’d also make much heavier use of the two approaches if I were remote pairing or recording internal training material again. It’s very easy to leak information you’re not even aware of so why not remove the risk and start with a clean slate?