this post was submitted on 06 Dec 2023
8 points (59.1% liked)

Privacy

32165 readers
133 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

My main browser is Librewolf but I keep a chromium browser just in case. Previously used brave but their flatpak is shit. Ungoogled chromium seems ok but it looks like they don't change much from upstream chromium. Any good chromium browsers which harden their browsers like librewolf does for more privacy?

(page 2) 43 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 11 months ago (1 children)
[–] [email protected] 0 points 11 months ago (1 children)

Maybe not up to date enough, degoogled but not fingerprinting improved.

load more comments (1 replies)
[–] [email protected] -3 points 11 months ago* (last edited 11 months ago) (3 children)

Ironically for Browser you shouldnt use Flatpaks if you trust the browser and you care about security.

https://madaidans-insecurities.github.io/firefox-chromium.html

What Distro are you on? I use Firefox and Brave, both as RPM now. I actually switched for convenience (keepassxc extension works, plasma extension works etc) but they are actually more secure.

Native Chromium is poorly way more secure than Firefox. When using the Browsers through Flatpak you need to remove the sandbox, so process isolation and memory stuff is gone, and replace the specific sandbox with bubblewrap.

Bubblewrap is good, but doesnt support isolated Tabs.

There are CSS exploits, but to my understanding just using Noscript in "block all by default" mode is best for security AND privacy.

I would like to like Brave, as it is more secure, but it sucks a lot. Very bloated, tab management worse, missing extensions, damn Chromium webstore and the addon not working so no updates. It is not bad, and I want to write a hardening config soon, to remove and disable all that bloat permanently.

I would not recommend Librewolf if you are advanced. For one it is a Flatpak, ironically (didnt know this a few weeks ago too) less secure. Also it lacks behind in updates a bit, not much, but this may become a problem.

https://github.com/trytomakeyouprivate/Arkenfox-softening

I am working on this tool, should work, that keeps your Arkenfox config up to date and sets a few switches to soften it. So you add that to Firefox and dont need Librewolf anymore.

On Fedora all you need is libavcodec-freworld from rpmfusion to get everything working. But ublue.it images work best out of the box.

Edit

Why are you downvoting this? Doesnt it fit your opinion? I also dont like Chromium, but its more secure. I also didnt know that Flatpak browsers are less secure, but thats a fact.

[–] [email protected] 1 points 11 months ago (1 children)

Can you say more or provide a source on why you shouldn't use a browser as a Flatpak? Is it just because the sandboxing is potentially weaker?

[–] [email protected] 0 points 11 months ago (2 children)

The Chromium sandbox needs to be removed and something like Zypak needs to be used.

This means that the internal Browser sandbox is weaker and tab isolation. I could not find the source for that yet.

https://flatkill.org

Even though pretty old and probably outdated, some points are for sure true. Some apps like Onionshare are horribly outdated, and unless every app has at least one packager responsible for it, best official and paid, its a total mess.

Chromium on Flatpak stable for the first time - GNOME blog post

Firefox Snap vs. Flatpak

Flatpak Browser Sandbox Challenges

These where not the sources I refer to, and it is pretty complex. Secureblue disables user namespaces and uses bubblewrap-suid for security, but after madaidans statement that would mean a hole in bubblewrap allows the app root privileges.

load more comments (2 replies)
load more comments (2 replies)
[–] [email protected] -3 points 11 months ago (1 children)

Why bother with such micro optimisations when the purpose is to be used extremely infrequently for compatibility reasons?

load more comments (1 replies)
load more comments
view more: ‹ prev next ›