[deleted]
Since monitoring is only useful when the targets have a false sense of security and privacy, I guess the raiding police have been scolded then…

If the goal of the raid had been to tap the node, you wouldn’t have read this information on a public forum.

  • [deleted]

  • Edited

It's a dangerous misconception that adblock does not increase security and "privacy" however privacy depends on your definition. The problem with adblock is that it relies on badness enumeration which is not a reliable way to defend against threats, and it makes the fingerprint more unique depending on how its implemented. By that being said: by limiting the established connections it still reduces attack surface significantly.

    GrapheneOS do you know if Firefox for android even supports using hardened_malloc instead or jemalloc?

    There is a compile argument that allows LD_PRELOAD replacement, and maybe Mull could set that to at least use that security feature. For sure, without sandboxing it will still be less secure.

    [deleted] I recently read this years old blog post about security BS and it was very interesting.

    Now I understand the concept of badness enumeration, which really is bad, but often helps.

    Best example for the opposite is NoScript on... Firefox (or Chromium Desktop, but it is MV2). I block all javascript by default and only allow Domains that need it. It is manual work, but really useful for privacy and security

    Lixiris I'm a new GOS user and have been looking at privacy for both my PC and my phone. I went to Cover your tracks to test different browsers that I use (Firefox, Mull, Mullvad, Vanadium, Bromite, Librewolf, Brave). Of those browsers listed, only Brave and Mullvad were browsers that had the best results regarding being tracked. The link follows in case you want to try this yourself? https://coveryourtracks.eff.org/. Anyone else know anything more about this and can share?

      Jobloggs The link follows in case you want to try this yourself? https://coveryourtracks.eff.org/. Anyone else know anything more about this and can share?

      Pls don't make conclusions based on the results of this website. Basically all statistical values there are meaningless, because their dataset is extremely skewed, way too small and the used methods are not even close to what modern browser fingerprinting can do.

        5 months later

        missing-root

        I dont think they referred to Vanadium but normal Chromium. I have verified, that without changing the code, Linux Chromium contacts Google all the time, with all possible settings (including flags) and policies applied.

        No, the topic is Vanadium.

        They have no namespace sandboxing using zygote, as they dont have a fork server at all. This is an issue.

        This is not how things work.

        But Firefox uses seccomp-bpf for isolating processes, so "no sandboxing" is not true.

        It has no sandboxing on mobile. You're completely wrong and your claims are baseless.

        There should be no reason why FF mobile shouldnt be able to use seccomp-bpf on Android.

        It's not used as a sandbox by Firefox but rather only basic kernel attack surface reduction. It is possible to use seccomp-bpf for sandboxing which they've never done and certainly don't do on Android.

          GrapheneOS It is possible to use seccomp-bpf for sandboxing which they've never done

          Also on their desktop Linux version?

          Afaik they combine secomp-bpf filters, namespaces and chroots for site isolation and sandboxing on desktop. They even seem to think that secomp-bpf is enough, since they sacrificed namespaces and chroots in their official Flatpak release. I would be very interested in your opinion to this.

            Vanadium is more security focused. I doubt it sends anything to Google. Maybe you can try the bromite browser? It's more focused on privacy, however, I am not sure the project is actively being updated.

              locked Dumdum Bromite is an insecure, dead project and we recommend against using Cromite since it rolls back security and adds a bunch of questionable changes. It's also not a trustworthy project. It may be marked with a warning in the future.

                It's more focused on privacy

                Adding a bunch of low quality changes trying to improve privacy does not mean it's more privacy focused.

                  TheGodfather That's wrong. Firefox lacks a strong sandbox and completed site isolation on desktop. Their seccomp-bpf filter is not a complete sandbox and you are claiming to know their perspective when you do not. Flatpak packages for browsers have weaker internal sandboxing than traditional ones but you're wrong about what the differences are.

                    locked Vanadium is more security focused

                    Vanadium is security and privacy focused, not only security focused. The entire project uses security for privacy-protecting features. GOS aims to offer a highly secure, private and usable mobile OS.

                    As written by the official project account, Bromite is dead and replacing Vanadium with Cromite is worse than better.

                    GrapheneOS but you're wrong about what the differences are.

                    What are the differences?

                    GrapheneOS and adds a bunch of questionable changes.

                    GrapheneOS Adding a bunch of low quality changes trying to improve privacy does not mean it's more privacy focused.

                    Can you please go more in details and explain what?
                    I'm very interested in it.
                    Thanks a lot

                    GrapheneOS also not a trustworthy project. It may be marked with a warning in the future.

                    Why is this? Can you supply more info? I always thought Cromite had a good rep with the privacy community.

                    TheGodfather

                    Thanks for the warning.

                    Could you recommend a different browser fingerprinting test tool?

                    Would be interested to read resources that explain modern browser fingerprinting methods in more detail.

                    Thanks again ~

                    GrapheneOS What would be, from a security perspective, the better choice then: Firefox as flatpak, Firefox as a distribution package, or tar.bz2 from the Mozilla website?

                      wojon
                      Firefox as a distribution package running inside of Firejail with seccomp, AppArmor and noroot.