[Brmlab] most secure web browser for a laptop/desktop computer

Mario Lombardo mario at alienscience.com
Fri Mar 14 13:04:10 CET 2014


Wow!  Impressive discussion, everybody.  Thanks!  I had no idea links and elinks were children of the CZ.  And elinks grown in our very own lab a-la pasky??  Sweet! :)

So Tom, when you refer to Chromium, you are not referring to Google's Chrome, rather the FOSS browser?

My usecase isn't so high-profile although it probably should be mine and everyone's regular practice like using GPG.  I've just read some security reviews, and I'm becoming increasingly tired of Google, Inc.  That's what started my inquiry.  I'm interested in hearing more.  I'm going to check out netcat as mrkva mentioned to see how far I can get with it.

/mario

On  14 Mar 14, at 10:19, <sachy at lainspira.net> <sachy at lainspira.net> wrote:

> Hi,
> you can actually run the browser in virtual machine. No need for complicated setup, liveCD should be fine. If you would like to configure it deeply, install the virtual system and make a clear ready-to-use snapshot.
> 
> The network communication can be even obfuscated by proxies/TOR as needed without any knowledge/influence of the hosting system.
> 
> sachy
> 
> 
> ---------- Původní zpráva ----------
> Od: timothyhobbs at seznam.cz
> Komu: Brmlab: Hackerspace Prague (main discussion) <brmlab at brmlab.cz>
> Datum: 14. 3. 2014 9:44:03
> Předmět: Re: [Brmlab] most secure web browser for a laptop/desktop computer
> 
> 
> Hey!
> 
> <snark>
> 
> Tell me more about your usecase.  One can get pretty far, by installing chromium on the raspberri pi, setting the "read only" physical switch on your SD card to true, connecting to the PI via VNC, and rebooting the pi on every page refresh.  If you want to do "tabbed browsing" you can have a stack of 5 or six Pi's on your desk, with one Pi per tab.  How secure do you need?
> 
> </snark>
> 
> Joking aside,  chromium has a security model of putting each tab in it's own user namespace.  This should be pretty secure, though privilege escalation attacks on Linux are far from unheard of.  Firefox, on the other hand, has many more security options in terms of "limiting attack surfaces".  On firefox you can "lock the browser down" by dissabling scripts, images, multimedia, ect.
> 
> <snark>
> Other good browsers, for the extremely paranoid, are the text based ones.  This comes from the ease with which one can do a practical version of my previous Raspberi pi stacking joke, throw links or elinks(both browsers of Czech heritage) into a VM running something light like busybox, and ssh in to browse the web.  Make sure your VMs are stateless(the same as having that physical read only switch turned on on the raspberry pi) and that you restart them every couple of minutes while web browsing.  These text based browsers have an advantage, for us brmlab members.  If you choose to use, say elinks, then you can personally go and beat the shit out of pasky if you find a security flaw in it.  This should motivate him to ensure high coding standards, and not to waste time doing useless biolab research and other time-wasters like sleeping.
> 
> While we're dealing with security, we have yet to discuss such security methods as proxies and tor.  Of course you don't want an attacker to gain access to your system.  One of the greatest threats is physical access.  If the police come to your house, break down your door, and steal your laptop they may be able to access your bank account information.  To limit these risks, of course encrypted memory, and writing nothing to disk can help.  I like to make it an integral part of my houses alarm system, that if the door is opened unexpectedly, my computer restarts, thus ensuring all my data(which is held in an encrypted ram disk, is safely lost).  However, there is still risk.  So in order to escape that risk, we use TOR and other services.  My recommendation is to not use TOR directly but through several layers of proxy.
> 
> </snark>
> 
> Timothy
> ---------- Původní zpráva ----------
> Od: Mario Lombardo <mario at alienscience.com>
> Komu: Brmlab: Hackerspace Prague (main discussion) <brmlab at brmlab.cz>
> Datum: 14. 3. 2014 0:14:30
> Předmět: [Brmlab] most secure web browser for a laptop/desktop computer
> 
> 
> Hi everybody. 
> I don't want to start a holy war, but what do you consider the most secure web browser for a laptop/desktop OS? Academic replies are also welcome.
> zatím
> /mario
> 
> _______________________________________________
> Brmlab mailing list
> Brmlab at brmlab.cz
> http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab
> _______________________________________________
> Brmlab mailing list
> Brmlab at brmlab.cz
> http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab
> _______________________________________________
> Brmlab mailing list
> Brmlab at brmlab.cz
> http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://brmlab.cz/pipermail/brmlab/attachments/20140314/31f88b25/attachment.html>


More information about the Brmlab mailing list