Hello! I’m someone who got into the FOSS/Linux/privacy world a few years ago. I still have a tremendous amount to learn; one of the things I’m hoping to learn more about here is browser isolation as it relates to privacy.
I’ve used FireFox for years, because, although I didn’t know much about privacy, I knew Google was bad. Growing discontent with Mozilla’s direction away from privacy and towards political activism & discovering that they’re funded 80%+ by Google, I started looking for better options. That lead me to “privacy hardened” browsers like Mullvad and Librewolf. However, Rob Braxman brought to my attention how alarmingly little these browsers actually improve privacy by themselves. It was then that I was introduced to the concept of browser isolation.
For reference:
The basic concept makes sense, but I still have a lot of questions:
Does it even matter without a VPN? (I know how much these help is controversial).
Does it matter on mobile if my phone isn’t rooted/de-Googled yet?
Is there still a use for “private” browsers like Mullvad, Librewolf, or Tor? Do they just make you easier to fingerprint?
Are there other precautions to take when using this method? I’d like to attempt setting up a pi-hole server, but I don’t know how feasible that would be in my situation.
You can put any browser in firejail.
Something like this
firejail --private firefox
Then each startup of the browser will be a fresh instance, with no memory of previous cached material or tabs.
That stops any persistant data snooping, or any malware leaks from the running browser into your system.
It does not stop cookies running it the current browser instance. You have to disable cookies in the browser settings to defeat that.
I’m new to this concept as well. That alone wouldn’t stop fingerprinting, would it? I would think your screen resolution, OS, etc. would still appear the same without other measures (though I can see how it would be useful from a security perspective).
Wouldn’t these things make you stand out more in terms of fingerprinting? The impression I got from the few videos I’ve found on browser isolation was that you want to use as close to a vanilla browser as possible. Ones that have ad-blocking extensions, disable Javascript, etc. make you more unique (aka identifiable) per Braxman.
Also, sorry if I put this in the wrong category (though I wouldn’t have thought of this as a Linux-specific discussion) or if my title wasn’t descriptive enough. I just thought that since I didn’t see any topics focused on the subject, having one broad thread for discussing it in general was fine.
Yes they make you more unique.
That helps with malware… nobody bothers to build malware for uncommon OS’s
but
if having an unusual fingerprint is a disadvantage that may work against you. Do you think one may be better off being lost in the crowd?
Dont worry about that. The moderator will fix it if it needs a different category.
Use the browser in firejail. That solves most of the issues.
I found this
“To counter digital fingerprinting, limit the information your browser shares by using privacy-focused browsers like Tor or Brave, disabling JavaScript and Flash, using VPNs, and employing anti-fingerprinting extensions like Privacy Badger or uBlock Origin.”
Do you think one may be better off being lost in the crowd?
That is a component in Braxman’s method of browser isolation. It’s not unheard of, as some privacy-focused browsers set their language, theme, etc. to be uniform when you turn on fingerprinting resistance (i.e. Librewolf and Mullvad make everyone using their browsers appear more similar). However, the other guide I found didn’t mention it. I personally don’t see how it helps/hurts your privacy if utilizing browser isolation actually prevents big tech from being able to identify you even with a fingerprint.
With browser isolation, you’re basically assuming that all sites you visit on each browser will track you, so you’re only searching for things on that browser that won’t tell any website/3rd party anything significant enough to identify you. Don’t log into Google or FB, and supposedly sites can’t identify you…unless you provide that info? That’s another section of this I want to know more about. Rob says that sites like PayPal and Amazon are fine to use all on one browser, so long as you haven’t logged into Google or FB on it. But with how much big tech has embedded themselves into everything cough Google analytics cough, I’m a little hazy on how creating an account on a website (that requires name, address, phone no. etc) won’t lead to connecting that profile to my Google account.
I honestly feel like I’m so out of my depth when it comes to tech that I’ll never really understand what I’m doing without getting a master’s degree in computer science. I’m really working toward having as little tech in my life as possible, but it would be nice to be as private as possible when I do want/need to use it. I guess some increase in privacy is better than none, and I’m glad I’ve taken the time to learn Linux & explore FOSS enough to use them daily for my basic purposes.