As I've been contemplating this over the last few days it occurred to me
tools to deal with this effectively are readily at our disposal. The
bullet-proof way to deal with this is related to what I wrote a few days
ago. As I mentioned, I do my web browsing inside virtualbox and
virtualbox has what are called immutable images. I can make my vm disk
read-only and it's easy to do. I know this is not a viable solution for
some, however for those who are able to go this route it really doesn't
matter what gets loose or written to obscure locations since it'll all
be wiped out after a restart. Hence: no tracking and no malware
possible...persistently anyway.
I also looked into other ways this may be accomplished from within the
OS itself. I haven't implemented or experimented with this since what
works for me takes all of 5 minutes yet I list it so that perhaps it may
be helpful in giving someone else a solution that works for them.
Tool: firejail & firectl - from their page...
*"Firejail* is a SUID program that reduces the risk of security breaches
by restricting the running environment of untrusted applications using
Linux namespaces <https://lwn.net/Articles/531114/> and seccomp-bpf
<https://l3net.wordpress.com/2015/04/13/firejail-seccomp-guide/>. It
allows a process and all its descendants to have their own private view
of the globally shared kernel resources, such as the network stack,
process table, mount table."
It also has a ready template for Firefox.
https://firejail.wordpress.com/
The latest version: 0.9.42-rc1 released 7/21/16
https://lwn.net/Articles/671534/ firejail review
http://www.pcreview.co.uk/threads/firejail.4069760/ another review
I'm not sure if this would prevent tracking however since I haven't used
the tool and don't know if it's easy to "reset" the environment once an
app closes. I also considered a permissions-based approach yet after
considering it it doesn't seem much different than using a gui plugin:
if a browser doesn't have permission to write a cookie or run a script
it would probably respond just like the gui tools banning the same.
Also let me be clear my "bulletproof" comment above was only in the
context of malware; not protection from a hacker/cracker since if they
were able to jump out of the vm into the host...then obviously they've
also left the ro env.
hth.
Drew
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
