[Brmlab] most secure web browser for a laptop/desktop computer

Ondrej Mikle ondrej.mikle at gmail.com
Fri Mar 14 13:27:58 CET 2014


Also, check out the Tails live distro - https://tails.boum.org/

It's specifically designed to be secure, anonymous and not leaving trace anywhere.

OM

On 03/14/2014 01:04 PM, Mario Lombardo wrote:
> Wow!  Impressive discussion, everybody.  Thanks!  I had no idea links and elinks
> were children of the CZ.  And elinks grown in our very own lab a-la pasky??
>  Sweet! :)
> 
> So Tom, when you refer to Chromium, you are not referring to Google's Chrome,
> rather the FOSS browser?
> 
> My usecase isn't so high-profile although it probably should be mine and
> everyone's regular practice like using GPG.  I've just read some security
> reviews, and I'm becoming increasingly tired of Google, Inc.  That's what
> started my inquiry.  I'm interested in hearing more.  I'm going to check out
> netcat as mrkva mentioned to see how far I can get with it.
> 
> /mario
> 
> On  14 Mar 14, at 10:19, <sachy at lainspira.net <mailto:sachy at lainspira.net>>
> <sachy at lainspira.net <mailto:sachy at lainspira.net>> wrote:
> 
>> Hi,
>> you can actually run the browser in virtual machine. No need for complicated
>> setup, liveCD should be fine. If you would like to configure it deeply,
>> install the virtual system and make a clear ready-to-use snapshot.
>>
>> The network communication can be even obfuscated by proxies/TOR as needed
>> without any knowledge/influence of the hosting system.
>>
>> sachy
>>
>>
>> ---------- Původní zpráva ----------
>> Od: timothyhobbs at seznam.cz <mailto:timothyhobbs at seznam.cz>
>> Komu: Brmlab: Hackerspace Prague (main discussion) <brmlab at brmlab.cz
>> <mailto:brmlab at brmlab.cz>>
>> Datum: 14. 3. 2014 9:44:03
>> Předmět: Re: [Brmlab] most secure web browser for a laptop/desktop computer
>>
>>
>>     Hey!
>>
>>     <snark>
>>
>>     Tell me more about your usecase.  One can get pretty far, by installing
>>     chromium on the raspberri pi, setting the "read only" physical switch on
>>     your SD card to true, connecting to the PI via VNC, and rebooting the pi
>>     on every page refresh.  If you want to do "tabbed browsing" you can have a
>>     stack of 5 or six Pi's on your desk, with one Pi per tab.  How secure do
>>     you need?
>>
>>     </snark>
>>
>>     Joking aside,  chromium has a security model of putting each tab in it's
>>     own user namespace.  This should be pretty secure, though privilege
>>     escalation attacks on Linux are far from unheard of.  Firefox, on the
>>     other hand, has many more security options in terms of "limiting attack
>>     surfaces".  On firefox you can "lock the browser down" by dissabling
>>     scripts, images, multimedia, ect.
>>
>>     <snark>
>>     Other good browsers, for the extremely paranoid, are the text based ones. 
>>     This comes from the ease with which one can do a practical version of my
>>     previous Raspberi pi stacking joke, throw links or elinks(both browsers of
>>     Czech heritage) into a VM running something light like busybox, and ssh in
>>     to browse the web.  Make sure your VMs are stateless(the same as having
>>     that physical read only switch turned on on the raspberry pi) and that you
>>     restart them every couple of minutes while web browsing.  These text based
>>     browsers have an advantage, for us brmlab members.  If you choose to use,
>>     say elinks, then you can personally go and beat the shit out of pasky if
>>     you find a security flaw in it.  This should motivate him to ensure high
>>     coding standards, and not to waste time doing useless biolab research and
>>     other time-wasters like sleeping.
>>
>>     While we're dealing with security, we have yet to discuss such security
>>     methods as proxies and tor.  Of course you don't want an attacker to gain
>>     access to your system.  One of the greatest threats is physical access. 
>>     If the police come to your house, break down your door, and steal your
>>     laptop they may be able to access your bank account information.  To limit
>>     these risks, of course encrypted memory, and writing nothing to disk can
>>     help.  I like to make it an integral part of my houses alarm system, that
>>     if the door is opened unexpectedly, my computer restarts, thus ensuring
>>     all my data(which is held in an encrypted ram disk, is safely lost). 
>>     However, there is still risk.  So in order to escape that risk, we use TOR
>>     and other services.  My recommendation is to not use TOR directly but
>>     through several layers of proxy.
>>
>>     </snark>
>>
>>     Timothy
>>
>>     ---------- Původní zpráva ----------
>>     Od: Mario Lombardo <mario at alienscience.com <mailto:mario at alienscience.com>>
>>     Komu: Brmlab: Hackerspace Prague (main discussion) <brmlab at brmlab.cz
>>     <mailto:brmlab at brmlab.cz>>
>>     Datum: 14. 3. 2014 0:14:30
>>     Předmět: [Brmlab] most secure web browser for a laptop/desktop computer
>>
>>
>>         Hi everybody.
>>         I don't want to start a holy war, but what do you consider the most
>>         secure web browser for a laptop/desktop OS? Academic replies are also
>>         welcome.
>>         zatím
>>         /mario
>>
>>         _______________________________________________
>>         Brmlab mailing list
>>         Brmlab at brmlab.cz <mailto:Brmlab at brmlab.cz>
>>         http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab
>>
>>     _______________________________________________
>>     Brmlab mailing list
>>     Brmlab at brmlab.cz <mailto:Brmlab at brmlab.cz>
>>     http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab
>>
>> _______________________________________________
>> Brmlab mailing list
>> Brmlab at brmlab.cz <mailto:Brmlab at brmlab.cz>
>> http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab
> 
> 
> 
> _______________________________________________
> Brmlab mailing list
> Brmlab at brmlab.cz
> http://brmlab.cz/cgi-bin/mailman/listinfo/brmlab
> 



More information about the Brmlab mailing list