qwert230839265026494

joined 1 year ago
[–] qwert230839265026494@sh.itjust.works 2 points 1 year ago* (last edited 1 year ago)

Thanks for chiming in! I do think that Vivaldi is excellent in some regards. However, it seems that they don't apply all security related updates every release, which obviously affects security negatively. Thus, making me less enthusiastic to use it. I was about to install it when I read up on that...

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago (2 children)

Just a few days ago I tried to pay for flight tickets on flypgs.com. Multiple attempts on Firefox didn’t work, while the first attempt on a Chromium-based one did. It might have been a fluke, but every so often issues like these do happen. And for some reason switching the browser does bear a positive result. YMMV though.

[–] qwert230839265026494@sh.itjust.works 2 points 1 year ago (1 children)

You've made my day. Thank you so much!

All you really need to do is run a single application within a container, not a whole distro!/os Why do I say this? Well resource consumption for one and why replicate an entire distro/os when an app can be run inside a container: https://bacchi.org/posts/brave-in-docker/

Mind-blown. I was already thinking for such a long time that the distrobox approach just didn't seem right at all for the purpose of security. But somehow my limited search never bear any results on how I should go about it. Perhaps I didn't do a good job on googling or somehow missed a (couple of) keywords to be effective at searching for this. And I seem to have finally found 'the holy-grail'; for which all credits obviously go to you!

Additionally I spoke about attack vectors, running another distro/OS inside a docker may well have samba, ssh running by default, If the container for that is not firewalled that is is an attack vector that will allow RCE and exploits be run inside that container!

Exactly!

The first minute of that video talks of nginx webserver image, That is a webserver running inside a container, with distrobox you have the rest of the OS inside the container as well as nginx. Do you get what I say now?

Yup (or at least I hope so :P ). And I would have loved to share the feeling of my head/brains right now. Just bliss for finally finding the missing piece that has been (somehow) absent all this time.

I suggest you use the above link I gave to look into running just a browser within a container, drop distrobox (unless you need to test drive distros) and learn about running a single application within a container, when you can do that find a container framework that provides the security you want/like then run your “untrusted” applications in containers and rejoice with a slightly faster machine.

I will definitely! Are there any keywords beyond the ones mentioned in your excellent comments that I would need for an endeavor as such?

EDIT: Additionally wolfi is based on Alpine, This is a popular server distro, If you want to install wolfi you’ll need to know how to install alpine, which is similar to installing gentoo as it uses bootstrap images, don’t be surprised if the desktop experience is a bit …erm lacking as that is not the focus of alpine or wolfi ! Good luck

Wolfi was only mentioned as a 'safer' distrobox-container. It's the only one accessible through Distrobox that I'm okay with using 😅.

Words can't describe the epiphany I'm currently experiencing! Thanks again so much! I wish you and your loved ones the best! Heck, I would be fine with buying you a beer (or a cup of coffee :P ) or whatever. Please feel free to make use of 'these services' :P .

[–] qwert230839265026494@sh.itjust.works -2 points 1 year ago (8 children)

firefox is a real alternative

“Just use Firefox/Librewolf or any other privacy-conscious browser that isn’t Chromium-based.” I already do, but some websites/platforms don’t play nice on non-Chromium-based browsers due to Google’s monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.

Thanks for chiming in 😅.

Most distro repositories don’t work that way, they build the binaries themselves.

Interesting. Is this a matter of trust?

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (3 children)

I've been enjoying your responses a lot! I just wanted to express my gratitude one more time!

Uhmm..., but I think that somewhat of a misunderstanding might have happened somewhere.

Valid response, but why do you need to protect the OS from the browser when the browser (Brave) is already sandboxing and the browser is not an attack vector that can be directly exploited to gain access/root on your OS?

Just to be clear. I acknowledge Brave's (or rather Chromium's for that matter) sandbox capabilities. I'm not necessarily afraid of whatever I'm doing inside to break out of the sandbox. Sure, the 'risk' (if at all) can be further circumvented with the use of VMs and whatnot and for some people this approach is justified. But me lamenting on using something like Qubes (eventually) is more about having an OS that actually has sane security defaults. And having browsers run in VMs is just part of that. Currently, I just want a secure and private browser to use on desktop. So far, it seems that Brave is superior over Chromium due to added features like fingerprint-spoofing, the inevitable discontinuation of Manifest v2 etc.

What I am afraid of is how secure (continued) operation within containers would be. So even if Brave (or whichever browser for that matter) is not the culprit, the rest of the container environment might endanger the rest of my system. Of course, I'm a total noob so I might be talkin' outta my A$$. So please correct me if my understanding is faulty.

So unless you are downloading files from very questionable locations I can’t see the need for a containerised browser.

Hehe, I guess if I would be forced to do a thing like that I would do so within a VM 😅.

Containers are good and yes have flaws but the main purpose of them is to add another layer between the application and the OS so if application is exploited the attacker has to break another wall/layer to get to the real root.

So I've mostly been using well-integrated 'pet-containers' like the ones known from Distrobox (with a relevant recent feature). Aside from those I've been exposed to the earlier article and to this video. These 'expositions' have made me go from a Distrobox-enjoyer to a pessimist that doesn't dare to come close to them until I've better educated myself on them 🤣.

[–] qwert230839265026494@sh.itjust.works 0 points 1 year ago* (last edited 1 year ago)

Thanks for chiming in. Has there ever been definitive proof that it's inferior to say Chromium (or any other Chromium-based browser for that matter)?

Brave is a buggy browser

Honestly my experience on Brave (on Fedora) hasn't been great 😅. So I can definitely attest to that. I'm willing to deal with it as long as its merits are substantial, which so far seem to be the case 😭. But thank you for confirming that I'm not the only that has experienced difficulties while using it!

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago (5 children)

Your help is much appreciated!

Question: Why do you think need such high security for a browser?

Good prompt! I actually started questioning my own motivations from this. And I'd say that the best I could come up with was that it's required in order to attain the "peace of mind" from having properly secured my browser activity; which happens to be the primary activity on my device anyways.

Just a few days ago I tried to pay for flight tickets on flypgs.com. Multiple attempts on Firefox didn't work, while the first attempt on a Chromium-based one did. It might have been a fluke, but every so often issues like these do happen. And for some reason switching the browser does bear a positive result. YMMV though.

[–] qwert230839265026494@sh.itjust.works 3 points 1 year ago (3 children)

Aight, I'll look into it. Much appreciated!

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago (7 children)

Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.

Hahaha 🤣. Honestly I would, if my device could handle.

Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.

Madaidan strikes (yet) again. F*ck my paranoia...

The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.

Very interesting insights! Thank you so much! Would you happen to know of resources that I might refer to for this?

25
Chromium vs Brave (sh.itjust.works)
submitted 1 year ago* (last edited 1 year ago) by qwert230839265026494@sh.itjust.works to c/privacyguides@lemmy.one
 

cross-posted from: https://sh.itjust.works/post/5572424

This might have been discussed to death by now, unfortunately I couldn't find any discussion on it on Lemmy. Though I would love to be corrected on that!


How does an always on incognito Chromium with uBlock Origin on medium mode (and other hardening/privacy settings enabled) compare to Brave (with e.g. Privacy Guides' recommended settings) with respect to security and privacy on Linux^[1]^?

Commonly heard whataboutisms:

  • "With the looming advent of Manifest v3, this discussion might not be very relevant for long." I'm aware.
  • "Just use Firefox/Librewolf or any other privacy-conscious browser that isn't Chromium-based." I already do, but some websites/platforms don't play nice on non-Chromium-based browsers due to Google's monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.
  • "Brave's [insert controversy] makes them unreliable to take services from." Honestly, I think that if both solutions are as effective that a reason like this might be sufficient to tip the balance in favor of one. Because ultimately this all comes down to trust.
  • "Just use Ungoogled Chromium." Some more knowledgeable people than me advice against it. Though, I'd say I'm open to hear different opinions on this as long as they're somewhat sophisticated.
  • "Just use [insert another Chromium-based browser]." If it has merits beyond Brave and Chromium with respect to security and privacy, I'll consider it.

Thanks in advance!


  1. I can be more specific about which distro I prefer using, but I don't think it matters. I might be wrong though*.
8
Chromium vs Brave (sh.itjust.works)
submitted 1 year ago* (last edited 1 year ago) by qwert230839265026494@sh.itjust.works to c/privacy@lemmy.ml
 

This might have been discussed to death by now, unfortunately I couldn't find any discussion on it on Lemmy. Though I would love to be corrected on that!


How does an always on incognito Chromium with uBlock Origin on medium mode (and other hardening/privacy settings enabled) compare to Brave (with e.g. Privacy Guides' recommended settings) with respect to security and privacy on Linux^[1]^?

Commonly heard whataboutisms:

  • "With the looming advent of Manifest v3, this discussion might not be very relevant for long." I'm aware.
  • "Just use Firefox/Librewolf or any other privacy-conscious browser that isn't Chromium-based." I already do, but some websites/platforms don't play nice on non-Chromium-based browsers due to Google's monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.
  • "Brave's [insert controversy] makes them unreliable to take services from." Honestly, I think that if both solutions are as effective that a reason like this might be sufficient to tip the balance in favor of one. Because ultimately this all comes down to trust.
  • "Just use Ungoogled Chromium." Some more knowledgeable people than me advice against it. Though, I'd say I'm open to hear different opinions on this as long as they're somewhat sophisticated.
  • "Just use [insert another Chromium-based browser]." If it has merits beyond Brave and Chromium with respect to security and privacy, I'll consider it.

Thanks in advance!


  1. I can be more specific about which distro I prefer using, but I don't think it matters. I might be wrong though*.
view more: next ›