I'm the Never Ending Pie Throwing Robot, aka NEPTR.
Linux enthusiast, programmer, and privacy advocate. I'm nearly done with an IT Security degree.
TL;DR I am a nerd.
Then that could be used to fingerprint too.
You don't have to sandbox he browser with Bubblejail if you don't want. I was only suggesting it and providing instructions in case you wanted an extra layer of isolation.
The browser can't create unprivileged namespaces because Flatpak blocks access to namespace creation. This DOES interfere with an important method of sandboxing used by browsers on Linux. It makes site isolation weaker, which could allow an attacker from a malicious site to steal information from any open tab, or possibly escape the sandbox. Browser sandboxes are multilayered for a reason, one less layer makes exploitation exponential easier. The Firefox Flatpak is official, but that doesn't mean it is safe. Flatpak sandboxing is substantially less strong than a browser's isolation strategy This because Flatpak is a general purpose sandbox mostly meant for making distribution of software easy by providing an identical environment across all Linux distros, not for rigid security. Browser's provide a more fine grained sandbox that is designed around the threat model that the website is compromised/malicious and is attempting to hack you, since websites are effectively just apps. Don't use Flatpak'd browsers at all, or the very least not as your default.
Dont install browsers as Flatpaks, very bad for security. Flatpaks use Bubblewrap, but that isnt the reason they degrade browser security. Bubblejail is an app that makes sandboxing with Bubblewrap easy and didn't integer with the browser's own sandbox (unlike Flatpak). I don't know if Firefox supports hardened_malloc now.
To use Firefox, you need to use
ujust with-standard-malloc firefox(or something like that). It also needs user namespaces (same with Mullvad VPN/Browser), runujust set-unconfined-userns onFollow these steps to make Firefox run with standard malloc:
For Firefox with no sandboxing ...
cp /usr/share/applications/firefox.desktop ~/.local/share/applications/firefox.desktop- Edit the newly created file so any line that starts with
Exec=firefoxtoExec=ujust with-standard-malloc firefox
For Firefox with Bubblejail, assuming you have already created a profile named Firefox and generated the desktop entry. Edit the file
~/.local/share/bubblejail/instances/Firefox/services.tomland add the following snippet:[debug] raw_bwrap_args = [ "--ro-bind", "/dev/null", "/etc/ld.so.preload", ]I recommend Secureblue.
To install Firefox on Secureblue, run
rpm-ostree install firefoxTo install Mullvad VPN, runujust install-vpn, select Mullvad, wait for it to complete, and runrpm-ostree install mullvad-browserFor browsers, you obviously are going to install Mullvad and Firefox, but no need to install a Blink-based browser because it comes with Trivalent (significantly security hardened Chromium). Since Trivalent only supports MV3 you will need uBl Lite and NoScript supports MV3.
I recommend sandboxing your browsers (except Trivalent) using Bubblejail. For Mullvad/Firefox, create a Bubblejail instance using the config app, create a profile, give it access to Wayland, PulseAudio (sound), Pipewire (screenshare), and use slirp4netns, then run
bubblejail generate-desktop-entry INSTANCE_NAME --desktop-entry /usr/share/applications/INSTANCE_NAME.desktop. I recommend adding access to ~/Downloads for the browsers.Consult the FAQ for more tips/tricks and security toggles. Also use the
ujustcommand line utility to configure the system.I will never use Kagi because requiring an account makes associating search queries with you trivial, though I don't doubt it is a useful service.
Mullvad Leta was nice while it lasted, but an easy replacement is DuckDuckGo HTML. As the name suggests, it doesn't require JS, reducing the attack surface and routes of browser fingerprinting. I do acknowledge that the search results suck about as much as Google, so I need to be creative with search queries.
A better option is a self hosted meta search engine like SearXNG or 4get. I get that the branding of 4get is off-putting, but it doesn't require JS for frontend and is much simpler/leaner/reliable than SearXNG. Self hosted search engines are also only useful (imho) if used by a large group (as a public instance) to blend in, or behind a VPN that rotates frequently. This is to avoid association to you.
Personally my favorite distros that I tried this year are the following:
General:
Gaming:
I am willing to elaborate on my choices.
I have been liking CachyOS as well. I reluctantly switched from Fedora after I kept getting weird problems (definitely a "my PC" thing, I wish I could upgrade).
Features I like about Cachy:
- Auto-setup of snapper btrfs snapshoting (my fav feature of openSUSE) on all bootloaders (I like the simplicity of limine)
- Gaming ready fork of kernel-hardened, with some changes, including allowing use of unprivileged namespaces (needed by Bubblewrap/Flatpak/Firefox/Chromium to avoid the need of a SUID binary)
- AUR (cus it is Arch)
- Update service which updates from all installed sources (pacman, Flatpak, AUR)
What I wish was different:
- Inclusion of a full system Mandatory Access Control policy (SELinux preferably)
- Compatibility with hardened_malloc (idk why but on Cachy, GTK apps crash because glycin bubblwrap commands fail)
The point of my comment wasn't that OP was in "real danger" if they showed local IPs, just that it doesn't hurt to censor them. Never give more information than necessary. I censor usernames and filepaths on any screenshots of the terminal, even though if an actor has the kind of access to utilize that information I am probably already fucked. I think it is good practice to always scrutinize the information you give out willingly.
Just block ICMP lol /s
Shit can always get worse; there is no such thing as rock bottom.
- JumpDeleted
Permanently Deleted
And I dont like GNU even more than systemd lol.
I was taught in my IT Sec classes to avoid sharing any unnecessary information. Information on private IPs can be used to better understand your network, allowing a threat actor to better navigate your network without needing to do ip scans (which are very obvious and should trigger even basic detection). While it is most likely pointless (since OP probably isnt at risk of targeted attacks), it is still good opsec.
I much prefer the looks and feel of GTK4 libadwaita apps over Qt6. I switched to KDE Plasma after using GNOME for awhile because I wanted to see if I noticed any improvement in stability, I want to theme my apps, and I prefer to avoid extensions (it is a security risk). I still very much miss GNOME with the 3-4 extensions that I installed, it just felt so much more polished, consistent, and free of bugs and broken features (looking at you theme search and desktop animations installer).
Run the following command in the directory containing the .desktop launcher:
./start-tor-browser.desktop --register-appThis integrates the launcher and makes it accessible from your start menu or app search (for your user).
At first I thought it was Fin from Adventure Time lol