this post was submitted on 21 Sep 2023
27 points (100.0% liked)

Privacy Guides

16749 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS
 

cross-posted from: https://sh.itjust.works/post/5572424

This might have been discussed to death by now, unfortunately I couldn't find any discussion on it on Lemmy. Though I would love to be corrected on that!


How does an always on incognito Chromium with uBlock Origin on medium mode (and other hardening/privacy settings enabled) compare to Brave (with e.g. Privacy Guides' recommended settings) with respect to security and privacy on Linux^[1]^?

Commonly heard whataboutisms:

  • "With the looming advent of Manifest v3, this discussion might not be very relevant for long." I'm aware.
  • "Just use Firefox/Librewolf or any other privacy-conscious browser that isn't Chromium-based." I already do, but some websites/platforms don't play nice on non-Chromium-based browsers due to Google's monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.
  • "Brave's [insert controversy] makes them unreliable to take services from." Honestly, I think that if both solutions are as effective that a reason like this might be sufficient to tip the balance in favor of one. Because ultimately this all comes down to trust.
  • "Just use Ungoogled Chromium." Some more knowledgeable people than me advice against it. Though, I'd say I'm open to hear different opinions on this as long as they're somewhat sophisticated.
  • "Just use [insert another Chromium-based browser]." If it has merits beyond Brave and Chromium with respect to security and privacy, I'll consider it.

Thanks in advance!


  1. I can be more specific about which distro I prefer using, but I don't think it matters. I might be wrong though*.
you are viewing a single comment's thread
view the rest of the comments
[–] qwert230839265026494@sh.itjust.works 8 points 1 year ago (4 children)

Bounce tracking

TIL.

Fingerprinting

Gosh, I can't believe I forgot about Brave's excellent implementation of fingerprint-spoofing.

Also Brave announced on X/Twitter that they will continue supporting MV2, Chromium won’t.

This is a big thing. Thank you for mentioning that!

if you rly don’t like Brave

I've actually for the longest time used Brave as my go-to Chromium-based browser, but it seems as if the support on Linux leaves a lot to be desired. I don't understand for example why it just isn't included in the repos of Arch, Debian, Fedora, openSUSE, Ubuntu etc. Sure; the AUR has it -also available as a not up to date nixpkg-, but the others have to either download the .deb or rpm package (which is undesirable due to inability to keep it updated at all times) OR rely on Brave's own repos, that somehow borks itself every once in a while. Which actually just happened a couple of days ago on my device*. I'm on Fedora Silverblue, so it was already quite hacky to get Brave from its own repos. But due to the repos borking themselves, I didn't get any automatic system updates at all for the last couple of days. I only noticed it yesterday when I did my weekly manual update. Perhaps I should setup something that notifies me when the automatic system update fails, but I'll prefer if the repos I rely on don't call it quits whenever they feel like it. Apologies for my rant*.

Vivaldi would be a good alternative, but is weaker than Brave, since it includes not all the protections or alternatives which Brave has.

Would you say that Vivaldi is (at least) better than Chromium for security and privacy?

[–] t0m5k1@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

I use arch-btw so I get brave from aur, on other Linux distros the way to get brave is via flatpak if the provided repos are borked for you.

[–] qwert230839265026494@sh.itjust.works 4 points 1 year ago (1 children)

on other Linux distros the way to get brave is via flatpak if the provided repos are borked for you.

I would love to use the flatpak if it was endorsed. Privacy Guides says the following about it:

"We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc."

[–] t0m5k1@lemmy.world 2 points 1 year ago (1 children)

Yes, I could say come to arch but you seem happy in fedora 😉

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago (1 children)

Hehe :P . True dat. Maybe one day ;) . Perhaps I'll just spin up a distrobox in order to get access to Brave through the AUR, but this (excellent) article has worsened my already bad paranoia to clearly unhealthy levels 🤣. So, it seems out of question for now 😅. Though I might be able to spin it up in a Wolfi container. Pessimism doesn't help though 🤣.

[–] t0m5k1@lemmy.world 3 points 1 year ago (1 children)

Man you've gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.

Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.

The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago (1 children)

Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.

Hahaha 🤣. Honestly I would, if my device could handle.

Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.

Madaidan strikes (yet) again. F*ck my paranoia...

The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.

Very interesting insights! Thank you so much! Would you happen to know of resources that I might refer to for this?

[–] t0m5k1@lemmy.world 1 points 1 year ago (1 children)

Question: Why do you think need such high security for a browser?

Clam av on access scan: https://wiki.archlinux.org/title/ClamAV#OnAccessScan

ClamFS: https://github.com/burghardt/clamfs

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago (1 children)

Your help is much appreciated!

Question: Why do you think need such high security for a browser?

Good prompt! I actually started questioning my own motivations from this. And I'd say that the best I could come up with was that it's required in order to attain the "peace of mind" from having properly secured my browser activity; which happens to be the primary activity on my device anyways.

[–] t0m5k1@lemmy.world 2 points 1 year ago (1 children)

Valid response, but why do you need to protect the OS from the browser when the browser (Brave) is already sandboxing and the browser is not an attack vector that can be directly exploited to gain access/root on your OS?

What I mean is that the tabs themselves are sandboxed to protect accounts that are opened in each from being breached, the bowser itself is obfuscating your fingerprint and blocking known bad actor sites etc so this leaves only what you manually download and here the browser will warn you if a given download has the potential to harm.

So unless you are downloading files from very questionable locations I can't see the need for a containerised browser.

Containers are good and yes have flaws but the main purpose of them is to add another layer between the application and the OS so if application is exploited the attacker has to break another wall/layer to get to the real root.

I know in April 2021 the was a PoC that used JavaScript to reverse the effect of a patch which allowed an attacker to break out of the chromium sandbox, but that was never used and if it was the attacker would first need to breach a site to deploy the code that you would then execute by visiting the site or it would be fed to you via a phishing attempt. Both of these delivery methods would need to be very stealthy and fast. currently there are 4 known CVEs for brave: (sorry for long link)

https://www.cvedetails.com/vulnerability-list.php?vendor_id=16266&product_id=36540&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=3&sha=74c1df28c6d85bd121726a90109559ec94ea3549

None of these provide an attack vector that will allow access.

[–] qwert230839265026494@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (1 children)

I've been enjoying your responses a lot! I just wanted to express my gratitude one more time!

Uhmm..., but I think that somewhat of a misunderstanding might have happened somewhere.

Valid response, but why do you need to protect the OS from the browser when the browser (Brave) is already sandboxing and the browser is not an attack vector that can be directly exploited to gain access/root on your OS?

Just to be clear. I acknowledge Brave's (or rather Chromium's for that matter) sandbox capabilities. I'm not necessarily afraid of whatever I'm doing inside to break out of the sandbox. Sure, the 'risk' (if at all) can be further circumvented with the use of VMs and whatnot and for some people this approach is justified. But me lamenting on using something like Qubes (eventually) is more about having an OS that actually has sane security defaults. And having browsers run in VMs is just part of that. Currently, I just want a secure and private browser to use on desktop. So far, it seems that Brave is superior over Chromium due to added features like fingerprint-spoofing, the inevitable discontinuation of Manifest v2 etc.

What I am afraid of is how secure (continued) operation within containers would be. So even if Brave (or whichever browser for that matter) is not the culprit, the rest of the container environment might endanger the rest of my system. Of course, I'm a total noob so I might be talkin' outta my A$$. So please correct me if my understanding is faulty.

So unless you are downloading files from very questionable locations I can’t see the need for a containerised browser.

Hehe, I guess if I would be forced to do a thing like that I would do so within a VM 😅.

Containers are good and yes have flaws but the main purpose of them is to add another layer between the application and the OS so if application is exploited the attacker has to break another wall/layer to get to the real root.

So I've mostly been using well-integrated 'pet-containers' like the ones known from Distrobox (with a relevant recent feature). Aside from those I've been exposed to the earlier article and to this video. These 'expositions' have made me go from a Distrobox-enjoyer to a pessimist that doesn't dare to come close to them until I've better educated myself on them 🤣.

[–] t0m5k1@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

I've been enjoying your responses a lot! I just wanted to express my gratitude one more time!

Thanks man, means a lot these days.

What I am afraid of is how secure (continued) operation within containers would be. So even if Brave (or whichever browser for that matter) is not the culprit, the rest of the container environment might endanger the rest of my system.

If your container for brave is running but the browser itself is closed, there is no way for to happen within the container because the software that would be connected to the internet is closed/quit/stopped. In fact that container should be reported as down by whichever management subsystem is provided by said container (portainer, lxd, systemd-namespaces, etc)

So I've mostly been using well-integrated 'pet-containers' like the ones known from Distrobox (with a relevant recent feature). Aside from those I've been exposed to the earlier article and to this video. These 'expositions' have made me go from a Distrobox-enjoyer to a pessimist that doesn't dare to come close to them until I've better educated myself on them

I think you should look more into what containers are and can do, You previously said that your system is low power but distrobox is making loads of of full OS/distro containers which for the most part act like a VM. Distrobox is a good way to test drive a distro OR allow a dev to ensure the app they've made works on their target distro's for chosen use case.

All you really need to do is run a single application within a container, not a whole distro!/os Why do I say this? Well resource consumption for one and why replicate an entire distro/os when an app can be run inside a container: https://bacchi.org/posts/brave-in-docker/

Additionally I spoke about attack vectors, running another distro/OS inside a docker may well have samba, ssh running by default, If the container for that is not firewalled that is is an attack vector that will allow RCE and exploits be run inside that container!

Aside from those I've been exposed to the earlier article and to this video.

The first minute of that video talks of nginx webserver image, That is a webserver running inside a container, with distrobox you have the rest of the OS inside the container as well as nginx. Do you get what I say now?

I suggest you use the above link I gave to look into running just a browser within a container, drop distrobox (unless you need to test drive distros) and learn about running a single application within a container, when you can do that find a container framework that provides the security you want/like then run your "untrusted" applications in containers and rejoice with a slightly faster machine.

EDIT: Additionally wolfi is based on Alpine, This is a popular server distro, If you want to install wolfi you'll need to know how to install alpine, which is similar to installing gentoo as it uses bootstrap images, don't be surprised if the desktop experience is a bit ...erm lacking as that is not the focus of alpine or wolfi ! Good luck

[–] qwert230839265026494@sh.itjust.works 2 points 1 year ago (1 children)

You've made my day. Thank you so much!

All you really need to do is run a single application within a container, not a whole distro!/os Why do I say this? Well resource consumption for one and why replicate an entire distro/os when an app can be run inside a container: https://bacchi.org/posts/brave-in-docker/

Mind-blown. I was already thinking for such a long time that the distrobox approach just didn't seem right at all for the purpose of security. But somehow my limited search never bear any results on how I should go about it. Perhaps I didn't do a good job on googling or somehow missed a (couple of) keywords to be effective at searching for this. And I seem to have finally found 'the holy-grail'; for which all credits obviously go to you!

Additionally I spoke about attack vectors, running another distro/OS inside a docker may well have samba, ssh running by default, If the container for that is not firewalled that is is an attack vector that will allow RCE and exploits be run inside that container!

Exactly!

The first minute of that video talks of nginx webserver image, That is a webserver running inside a container, with distrobox you have the rest of the OS inside the container as well as nginx. Do you get what I say now?

Yup (or at least I hope so :P ). And I would have loved to share the feeling of my head/brains right now. Just bliss for finally finding the missing piece that has been (somehow) absent all this time.

I suggest you use the above link I gave to look into running just a browser within a container, drop distrobox (unless you need to test drive distros) and learn about running a single application within a container, when you can do that find a container framework that provides the security you want/like then run your “untrusted” applications in containers and rejoice with a slightly faster machine.

I will definitely! Are there any keywords beyond the ones mentioned in your excellent comments that I would need for an endeavor as such?

EDIT: Additionally wolfi is based on Alpine, This is a popular server distro, If you want to install wolfi you’ll need to know how to install alpine, which is similar to installing gentoo as it uses bootstrap images, don’t be surprised if the desktop experience is a bit …erm lacking as that is not the focus of alpine or wolfi ! Good luck

Wolfi was only mentioned as a 'safer' distrobox-container. It's the only one accessible through Distrobox that I'm okay with using 😅.

Words can't describe the epiphany I'm currently experiencing! Thanks again so much! I wish you and your loved ones the best! Heck, I would be fine with buying you a beer (or a cup of coffee :P ) or whatever. Please feel free to make use of 'these services' :P .

[–] t0m5k1@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

Mind-blown. I was already thinking for such a long time that the distrobox approach just didn't seem right at all for the purpose of security. But somehow my limited search never bear any results on how I should go about it. Perhaps I didn't do a good job on googling or somehow missed a (couple of) keywords to be effective at searching for this. And I seem to have finally found 'the holy-grail'; for which all credits obviously go to you!

TBH I don't use google search as all the results are there by SEO and algorithms, If I need a file type on a site ...then it's a different matter lol. I use DDG mainly and all I searched for was "brave browser in a container"

For more take a peak here: https://hub.docker.com/

I will definitely! Are there any keywords beyond the ones mentioned in your excellent comments that I would need for an endeavor as such?

I'd suggest following a good guide for your OS to get a container framework running say docker (seeing as I linked to the hub there): https://docs.docker.com/engine/install/fedora/

Once the "Engine" is installed move on to the next sections to learn how to use it, bear in mind you really don't need to make your own repo or pay a subscription as what you want is already out there provided by others.

Once you get things working and you have an application working in docker go check out the sites for the apps you use, check their github repos and you might find links to "Docker image" and then that means you can plonk it in a container, job done. For the applications you can't easily find an image for consider going deeper and making your own, just follow the other examples you've used and to share them open a repo on github or gitlab.

Words can't describe the epiphany I'm currently experiencing! Thanks again so much! I wish you and your loved ones the best! Heck, I would be fine with buying you a beer (or a cup of coffee :P ) or whatever. Please feel free to make use of 'these services' :P .

Thanks for the kind words, I try to share what I know with as many as possible to make things easier as at the end of the day we all wanting the same things really. Might have to take you up on the beer offer lol ...Cheers.

[–] Bitrot@lemmy.sdf.org 2 points 1 year ago (1 children)

Aur is just repackaging the official Debian package, that’s a very straightforward process. Most distro repositories don’t work that way, they build the binaries themselves. Some interested party would need to put in the work.

Most distro repositories don’t work that way, they build the binaries themselves.

Interesting. Is this a matter of trust?

[–] chenxiaolong@lemm.ee 1 points 1 year ago

I don't understand for example why it just isn't included in the repos of Arch, Debian, Fedora, openSUSE, Ubuntu etc.

For the most part, these distros all require that packages are built from source vs. repackaging prebuilt binaries. While Brave is open source, if you compile it yourself, you'll be missing tons of API keys for accessing Brave's services: https://github.com/brave/brave-browser/wiki/Build-configuration. While I suspect most folks wouldn't care if eg. the cryptocurrency things stopped working, other things that break include Brave Sync and the downloading of the adblocker filter lists.

Brave currently does not provide a way for 3rd parties to generate API keys to access these services: https://community.brave.com/t/does-brave-allow-the-distribution-of-self-compiled-or-distro-compiled-binaries/457833. Outside of reverse engineering their prebuilt binaries to extract the API keys, you're pretty much out of luck (if you care about these features working).

For websites that only work in Chromium, I've switched to just using plain old Chromium from Fedora's repos. Being able to build the browser from source without losing features is pretty important to me (eg. I rebuild Fedora's Chromium with the patches for enabling hardware video decoding on Wayland).