I would like to isolate Firefox from the OS
would it be the same to achieve this with Firefox in a docker container or in a VM?
what would you prefer, container or VM?
Running it in a VM will give you complete isolation.
However, I think you need to identify what you are actually trying to solve for. If privacy is your concern, I am not sure that the isolation will buy you all that much.
If security is your concern, then the isolation can definitely matter as the browser will be completely isolated from your system. Just be careful what network traffic you allow in/out of the VM.
As for docker, how would you get access to the browser in a way that kept it fully containerized?
Another option would be to install the the flatpak and remove all the permissions either manually or with flatseal.
Although, again, the privacy threat with your browser isnât really solved by any of these.
1 Like
If your goal is true anonymity, instead of privacy - youâd better run a Whonix VM and TorâŚOtherwise it doesnât matter that much.
Both usual VM and container can and will be fingerprinted.
1 Like
what goal are you trying to achieve?
1 Like
just less fingerprint, more security and a little bit more privacy 
but it seems that it will be anyway fingerprinted, with VM or container
Iâm not looking for anonymity, or to use Tor
1 Like
Yeah, thatâs the biggest problem of such ideaâŚ
You canât have any of it âa little bit moreâ, because your privacy / security will always be defined and abused by weakest link in chain.
So logically itâs either:
-
Use usual Firefox in your OS for some not important stuff that you donât care, install ublock origin / Multi-account containers / Temporary containers addons in Firefox to somehow manage what fingerprinters get from each tab
-
For something serious use Whonix + TOR, so nobody would know anything about your real machine and location, unless youâll make some dumb mistakesâŚ
2 Likes
Completely hiding fingerprints is basically impossible, the best you can do is confuse so much the âwatersâ that it becomes statistically challenging to follow them specifically.
Sadly, behavioural patterns recognition through AI is a thing, and thus using a different âcostumeâ wonât help much if you still behave in the same exact way.
Also, keep in mind that most/all modern devices are left vulnerable on purpose (ever heard of Meltdown and Spectre? check this out: CLICK ME) in order to be accessible from the outside by hardware (so the software has absolutely no control over it).
I have a couple of friends who work in the pentest industry, and they showed me nightmare stuff.
Also stop using Google 
4 Likes
Sometimes I would love to throw the fox into the container ⌠and close the lid tightly ⌠but the alternatives are also garbage âŚ
It should also be noted that this requires making multiple online identities that you force to act in different ways, essentially being different people. You will also need to make sure to not access the internet in an easily traceable way from your home/office/etc. amoung many other alterations to the way you use your computer online and interact with the global wan.
Whonix cant help you with changing your behavior and just using it wont make you anon
1 Like
The use Flatpak Firefox with the settings tweaked to be more resistant to fingerprinting. Avoid Social media and try to figure out what your general online habits are and make changes to your behavior to better improve your privacy.
The number 1 way to improve your privacy is to change you, even if you have a hardened browser but you use the web in the exact same way you have invalidated every ounce of that work.
5 Likes
ExactlyâŚthe alternatives are garbage.
You have to be a hardened user not use a hardened browser!
Right!
1 Like
Good thread. Especially about changing your surfing behavior.
I didnât see the concept of browser segmentation, being that you have multiple browsers installed and only visit types of sites in each. Say, Chrome for all your Google mail / calendar, Facebook in another browser, another browser for Twitter, and another browser for all other surfing. A possibility, with obvious memory issues for those with low RAM computers and also some discipline to segment action to browsers.
3 Likes
I only use the Firefox. 
Yeah, donât make stupid mistakes, like logging into your Fakebook or Goolag account, especially when using Whonix + TOR (because then all your effort is in vain).
1 Like
That fine for some basic privacy
if you wanna go full anon haxor mode you gotta have multiple browsers, VMs, VPNs,TOR, etc.etc. but for most people thats a bit crazy soup 
Iâm not a privacy expert by any means, but I just wonder, wouldnât that create several really specific patterns of behaviour? Like someone only watching videos, someone only checking their email⌠Maybe there are users like that out there though. Not sure
for google, one can at the very least change it to Startpage, which provides google results (and claims to do so track-free), though Startpage has had itâs own controversies and itâs probably better to research that before using it
though then again, DuckDuckGo has also had itâs own controversies⌠tbh almost any private search engine that I found has had them. But some are more serious than others, and in case with some, they seemingly get resolved.
there is also an interesting idea to ponder, that many private search engines are meta search engines, drawing the search results from the big search engines :"d so we are often still using google⌠just in a more private way (hopefully)
privacy has so many layers and nuances to it that sometimes I honestly get tired of learning about it. But some things are important to know
Allow me to fix it for you, if you doesnât want to make stupid mistakes - donât have Facebook and Goolag accounts 
1 Like
Startpage is owned by ad company.
The only real way to do that is by using a good searx instance, but itâs relatively slow aggregator of enginesâŚ