I saw the other day Tuta complaining that Outlook has been sending emails from tutanota.com straight to junk/spam. What’s surprising is tuta.com emails were fine. So not sure if their domain change had anything to do with it, or if MS is doing the same thing as in the OP.
What Distro are you on? I use Firefox and Brave, both as RPM now. I actually switched for convenience (keepassxc extension works, plasma extension works etc) but they are actually more secure.
Native Chromium is poorly way more secure than Firefox. When using the Browsers through Flatpak you need to remove the sandbox, so process isolation and memory stuff is gone, and replace the specific sandbox with bubblewrap.
Bubblewrap is good, but doesnt support isolated Tabs.
There are CSS exploits, but to my understanding just using Noscript in “block all by default” mode is best for security AND privacy.
I would like to like Brave, as it is more secure, but it sucks a lot. Very bloated, tab management worse, missing extensions, damn Chromium webstore and the addon not working so no updates. It is not bad, and I want to write a hardening config soon, to remove and disable all that bloat permanently.
I would not recommend Librewolf if you are advanced. For one it is a Flatpak, ironically (didnt know this a few weeks ago too) less secure. Also it lacks behind in updates a bit, not much, but this may become a problem.
I am working on this tool, should work, that keeps your Arkenfox config up to date and sets a few switches to soften it. So you add that to Firefox and dont need Librewolf anymore.
On Fedora all you need is libavcodec-freworld from rpmfusion to get everything working. But ublue.it images work best out of the box.
Edit
Why are you downvoting this? Doesnt it fit your opinion? I also dont like Chromium, but its more secure. I also didnt know that Flatpak browsers are less secure, but thats a fact.
I mean sandboxes are just pretty complex. Chromium relies on user namespaces for process isolation. Flatpak browsers are isolated but have no internal isolation of processes (one tab could attack another tab). At the same time the Flatpak sandbox itself relies on user namespaces, while the flatpakked browser cannot use the namespaces internally.
Then there is the hardened kernel which disables user namespaces for security reasons, on the other hand people say running the Sandbox as suid means if there is a vulnerability processes get root access.
Flatpak browsers put less trust in the code, but more in the maintainer that has to keep them as updated as possible.
Even though pretty old and probably outdated, some points are for sure true. Some apps like Onionshare are horribly outdated, and unless every app has at least one packager responsible for it, best official and paid, its a total mess.
These where not the sources I refer to, and it is pretty complex. Secureblue disables user namespaces and uses bubblewrap-suid for security, but after madaidans statement that would mean a hole in bubblewrap allows the app root privileges.
Thanks for the additional reading and information. Maybe it’s just me, but I feel like I hear about a security vulnerability in “processor microcode” or packages or other software basically every day. As a relatively non-technical user, it’s always very difficult to tell how much these things actually matter for normal users. Flatpaks are incredibly convenient because they “just work” and are easily compatible with immutable distributions. For better or worse, I suspect many people are not going to be dissuaded from using them by hypothetical/abstract security risks.
Flatpaks are more and less secure. Their Sandbox improves 99% of apps security as other sandboxes are hard to setup and thus nearly nonexistent.
Browsers have their own, so just dont use Flatpaks there.
I am not sure about microcode, but processes running as root are maybe more critical, but it sounds like any process could have exploits if microcode is a problem. Also, RiscV or even ARM will be waaay better here, as their instruction set is not dozens of years old and extremely bloated.
As we get our apps from secure repos, with projects keeping track of every Git commit etc, we just had no malware really.
The only problem is that Flatpaks, like appimages, “just work” and dont have to evolve like the rest of the OS will. Their main goal is to work everywhere, and Devs always choose convenience over security.
For example Portals are not implemented in most old big projects like Libreoffice, Gimp, Inkscape etc. Scribus is even X11 only. But developers will not remove the filesystem=host permission and replace it with “just all the media locations”. This will still be a problem, but at least apps could not read Kernel logs etc anymore.
Also as they “just work” its easy to abandon them and dont update. The “outdated Runtime” Warning is a veeery good indicator of a project using old and probably insecure libraries. But afaik there is no automatic CVE patching in flatpak-builder which is a huge problem.
That is not what they were asking. They were suggesting you use someone else’s ID (say, your parent’s) and a picture or video of the person the ID belongs to.
They would just exempt themselves from it as they did with both reporting on people accessing porn using the HoP network and with the investigatory powers bill.
The headline is very misleading. Porn companies are considering facial recognition as an option for validating age. Governments are putting more pressure on porn websites to keep minors away from the content, but it’s very hard to thoroughly prove your identity online. A government issued photo ID is useless if you have nothing to compare it to visually. That’s why many websites use bank/credit card info as opposed to an ID.
It is definitely a privacy concern if you worry about it being known that you watch porn, but I don’t think it’s right to fault the company.
No shit I believe FOSS projects investing in PR and corporate Design like that are on a very good path. Things need to look shiny today, KDE & Opensuse icons, wallpaper contests, this is so nontechnical but attrackts lots of attention.
This is just another attempt by Micro$uck to make everyone use their email services. Micro$uck doesn’t want any competition, they want to rule the computer world
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.