Nowadays it looks almost possible.Compatibility: Windows, macOS, Linux, Android, iOS I tried several times before to move to chrome as my primary browser, but it always turns out that chrome lacks needed features or extensions. Delete cookies, html5 storage on exit (Firefox - about:config, chrome - shell script) (Firefox - about:config, chrome - really don't know) Disable service workers (firefox - in about:config, chrome - "Reject Service Worker" extension) Block off-domain 3rd party javascripts ("policy control" extension) What is about cross-site security (within the same browser instance), I prefer: Also let's don't forget that there's not only jails, but this old thing: Mandatory Access Control At least until I discover one day another "privilege elevation" vulnerability reading security advisories. What's about OS sandboxing, to me it looks like that it is good enough to run browser just under separate user, with properly set permissions on anything I care about. Googling random chrome 'buffer overflow' CVE's shows me that almost all of them classified by different researchers as possible or proven remote code execution, this is very rough assumption of course.Ĭlick to expand.So it looks to me like inter-site (inter-thread?) sanboxing in chrome doesn't really much matter in comparison to firefox.ītw, I think probably that they really mean is 'secure design' rather than 'sandboxing'. Some chrome vilnerabilities descriptions has 'buffer overflow' words, but there's no any 'code execution'. Some firefox vilnerabilities descriptions has 'remote code execution' or 'malicious code execution', but there's no 'buffer overflow' words. So I've done it for year 2022 and started to grepping over.Ĭhrome on cvedetails shows 283 vulnerabilities for the past year.Īny browser vulnerability may have impact on web security (like XSS, some site data leak) or OS (like remote code execution, filesystem access). Does anybody know why? shows records for both firefox and chrome unclassified by type and score, so it's hard to estimate impact at glance.īut allows export to tsv file. I don't discuss industrial espionage or national security secrets on the phone, or criminal activity of any sort, so I don't care about the microphone.Ĭlick to expand.I'd like to take a look at consistent lists of known vulnerabilities of both, but I didn't found anything really clean. I use a piece of tape to block my phone camera. If you have a large enough balance in your bank account, some banks will forego the bank fee on the gift card. For big purchases it's best to use a one-time gift card loaded with the exact purchase total to pay and throw it away afterwards. Since I count on being able to make internet transactions occasionally, I use a debit card with a limited balance it case it gets swiped. The Apple phones and laptops that aren't totally Google designed or Google black-boxed might be a better idea for avoiding Google, if you don't mind replacing true Google with a smaller, but still huge Google competitor.Īs someone else suggested in this thread, connecting any computer to the internet is woefully hazardous no matter what, if you have anything to hide or numbers to protect. Seems like a Google clone running Google software in a sandbox, or that might need to run Google Play in a sandbox is not completely de-Googled in a world where Google has its claws in everything. I've tried it out on my Android phone and it seems to work well. It's not important to me.ĭuckduckgo also offers a browser you might be interested in, for both phones and laptops. I've visited pornographic sites (strictly for browser ad-blocker testing purposes, of course) and their ads seem to be built into the site in such a way as to inevitably filter through. Other than Duckduckgo Security Essentials and whatever Firefox might have, I don't use any ad-blockers. This is likely done with cookies and is actually kind of useful to me for finding the items I wish to purchase. Rarely, I visit shopping sites when I do, they seem to user-profile me, and target my purchases and merchandise-browsing history with their ads (adverts). It seems to serve my needs but I don't visit a lot of ad-tracking sites. For advertising-trackers, spy-robots, rootkits, etc., I use and the Duckduckgo Security Essentials browser extension. I don't have any nuclear launch codes, high-security documents, or anything like that on any of my computers perhaps you or others here do, I wouldn't know. I don't have too much concern for security other than the routine credit card number security and password protection types of security. Since this appears to be a thread for discussing technical reasons for one's perspectives, I might add that I've used Firefox for years without any security problems that I know of. Click to expand.I see that it's in the "Off-Topic" forum now, in which forum was it originally posted?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |