If you want to use the PI as a router you'll probably end up with a double NAT situation which isn't ideal

Just don't do NAT on the Pi then...

Yeah, with articles about batteries the attributes they don't talk about are usually pretty bad.

I'm looking for a VPN that auto-discovers other devices on the same network.

What does that mean? What are you actually trying to do?

Nobody here said it would let them see your authentication details, so I’m not sure why you’re so vigorously fighting that straw man.

Your session ID is stored in a cookie. That is what a website uses to know that you're logged in. With a XSS attack one can steal your session and use the site as though they were you. So yes - it is "authentication details".

Nobody here mentioned it because nobody here seems to know what they're talking about...

Third-party cookies absolutely let them know which other sites you’ve visited. That’s their main purpose.

And they are not stopped by using a separate VM with a web browser. So....

What? No. Just... No. My god - the misunderstanding around cookies is ridiculous. I blame the EU - they put a 'warning label' on them an now eveyone thinks they're just evil.

Firstly - Cookies are only allowed to be read/written by the site you requested from. If they could read all cookies that would be a MASSIVE security problem and the internet would be fundamentally unusable for business.

Secondly - This has nothing to do with tabs. Nothing. ... Nothing.

Thirdly - There are "third party" cookies which happen when a site coordinates with a third party for things like advertising and allows them to track hits when their ads are displayed. This requires both sites to cooperate. But also see "firstly" as it won't allow that third party access to, say, your authentication information.

Lastly - This still has nothing to do with tabs.

I can't tell if you're being facetious or not...

XSS is an attack within a site. For example - if I were to embed JavaScript in this post, and your lemmy website didn't properly sanitize it, then it would be executed by your browser. This would let me run code on lemmy with your credentials. I could then rewrite posts, delete your account, maybe send your data to another site where I could capture your session or credentials.

It has nothing to do with any other tabs and it would be limited to lemmy and the page that executed the script. I couldn't have that script read data from your bank on another tab, for example.

They can't "see out" of their own tab either. Websites can only access data in the browser that they create.

This does absolutely nothing to defend against XSS.

This is the problem with paranoia-based security. You create needless overhead thinking you're "more secure," but you're not. Not in any way that really matters, at least.

So it's just paranoia then... Which makes sense as it's way over the top.

Heck, even just creating separate system accounts and doing 'sudo -u social firefox' would be easier than spinning and maintaining VMs...

Seriously. Do people think the president literally keeps the country running?

But he debated well that one time! 🤬

Just use tabs they can't access each other's data. Or use a tab session manager. Or separate Firefox profiles.