Privacy > Firefox in a container or VM?

I would like to isolate Firefox from the OS
would it be the same to achieve this with Firefox in a docker container or in a VM?

what would you prefer, container or VM?

Running it in a VM will give you complete isolation.

However, I think you need to identify what you are actually trying to solve for. If privacy is your concern, I am not sure that the isolation will buy you all that much.

If security is your concern, then the isolation can definitely matter as the browser will be completely isolated from your system. Just be careful what network traffic you allow in/out of the VM.

As for docker, how would you get access to the browser in a way that kept it fully containerized?

Another option would be to install the the flatpak and remove all the permissions either manually or with flatseal.

Although, again, the privacy threat with your browser isn’t really solved by any of these.

1 Like

If your goal is true anonymity, instead of privacy - you’d better run a Whonix VM and Tor…Otherwise it doesn’t matter that much.

Both usual VM and container can and will be fingerprinted.

1 Like

what goal are you trying to achieve?

1 Like

just less fingerprint, more security and a little bit more privacy :slight_smile:
but it seems that it will be anyway fingerprinted, with VM or container
I’m not looking for anonymity, or to use Tor

1 Like

Yeah, that’s the biggest problem of such idea…
You can’t have any of it “a little bit more”, because your privacy / security will always be defined and abused by weakest link in chain.

So logically it’s either:

  • Use usual Firefox in your OS for some not important stuff that you don’t care, install ublock origin / Multi-account containers / Temporary containers addons in Firefox to somehow manage what fingerprinters get from each tab

  • For something serious use Whonix + TOR, so nobody would know anything about your real machine and location, unless you’ll make some dumb mistakes… :upside_down_face:

honka_animated-128px-46

2 Likes

Completely hiding fingerprints is basically impossible, the best you can do is confuse so much the ‘waters’ that it becomes statistically challenging to follow them specifically.
Sadly, behavioural patterns recognition through AI is a thing, and thus using a different ‘costume’ won’t help much if you still behave in the same exact way.

Also, keep in mind that most/all modern devices are left vulnerable on purpose (ever heard of Meltdown and Spectre? check this out: CLICK ME) in order to be accessible from the outside by hardware (so the software has absolutely no control over it).

I have a couple of friends who work in the pentest industry, and they showed me nightmare stuff.

Also stop using Google :smiley:

4 Likes

Sometimes I would love to throw the fox into the container … and close the lid tightly … but the alternatives are also garbage …

It should also be noted that this requires making multiple online identities that you force to act in different ways, essentially being different people. You will also need to make sure to not access the internet in an easily traceable way from your home/office/etc. amoung many other alterations to the way you use your computer online and interact with the global wan.

Whonix cant help you with changing your behavior and just using it wont make you anon

1 Like

The use Flatpak Firefox with the settings tweaked to be more resistant to fingerprinting. Avoid Social media and try to figure out what your general online habits are and make changes to your behavior to better improve your privacy.

The number 1 way to improve your privacy is to change you, even if you have a hardened browser but you use the web in the exact same way you have invalidated every ounce of that work.

5 Likes

Exactly…the alternatives are garbage.

:point_up:

You have to be a hardened user not use a hardened browser!

Right!

:left_speech_bubble:

image

1 Like

Good thread. Especially about changing your surfing behavior.

I didn’t see the concept of browser segmentation, being that you have multiple browsers installed and only visit types of sites in each. Say, Chrome for all your Google mail / calendar, Facebook in another browser, another browser for Twitter, and another browser for all other surfing. A possibility, with obvious memory issues for those with low RAM computers and also some discipline to segment action to browsers.

3 Likes

I only use the Firefox. :fox_face:

Yeah, don’t make stupid mistakes, like logging into your Fakebook or Goolag account, especially when using Whonix + TOR (because then all your effort is in vain).

1 Like

That fine for some basic privacy

if you wanna go full anon haxor mode you gotta have multiple browsers, VMs, VPNs,TOR, etc.etc. but for most people thats a bit crazy soup :joy:

I’m not a privacy expert by any means, but I just wonder, wouldn’t that create several really specific patterns of behaviour? Like someone only watching videos, someone only checking their email… Maybe there are users like that out there though. Not sure

for google, one can at the very least change it to Startpage, which provides google results (and claims to do so track-free), though Startpage has had it’s own controversies and it’s probably better to research that before using it

though then again, DuckDuckGo has also had it’s own controversies… tbh almost any private search engine that I found has had them. But some are more serious than others, and in case with some, they seemingly get resolved.

there is also an interesting idea to ponder, that many private search engines are meta search engines, drawing the search results from the big search engines :"d so we are often still using google… just in a more private way (hopefully)

privacy has so many layers and nuances to it that sometimes I honestly get tired of learning about it. But some things are important to know

Allow me to fix it for you, if you doesn’t want to make stupid mistakes - don’t have Facebook and Goolag accounts :rofl:

1 Like

Startpage is owned by ad company.

The only real way to do that is by using a good searx instance, but it’s relatively slow aggregator of engines…