Tor Browser Hardening (hardened malloc, firejail, apparmor) vs Web Fingerprint
forums.whonix.org
external-link
I don’t agree with that. Namespaces and seccomp are extremely important and apparmor doesn’t use them. Seccomp especially is important as it can greatly reduce kernel attack surface.

When I started to use Firejail for Firefox and a few other applications I thought it was a great idea, until I read this conversations (URL) a few days ago. My perfect setup is getting a computer with libreboot and a CPU which can do nested pages so I can run FreeBSD and then on top of that with Bhyves run a few Linux things I would need. But til then I will likely stick with Linux for a while. Firejail or bubblewrap or something else ? Apparmor, SELinux, Tomoyo Linux or something else ? Choices choices choices…

@pinknoise
link
2
edit-2
5M

Since browsers do way to many things sandboxing them is either inconvenient or insecure. They would do it themselves if there was a good solution.

I like AppArmor because it is pretty easy to install on most distributions and with their tools it’s quite easy to generate policies.

Bubblewrap is cleaner and saner than firejail but way harder to configure for normal users so it’s easier to fuck up.

For applications that require X or PulseAudio I like to use LXD/LXC with xpra.

@ajz
creator
link
1
edit-2
3M

deleted by creator

@jazzfes
link
15M

For all these choices, would there be a table that outlines the threat models please? I feel like I’m a reasonable advanced non-computer-science user of computers and I find it difficult to understand which tool to use for what effect other than SECURITY.

Of the ones you mention, I’ve used firejail, apparmour and SELinux.

I took firejail and apparmour as tools to sandbox particularly browsers against any accidental stuff up that wouldn’t be covered by in-browser tools. I.e. not running js, using uBO, etc.

But then, does cloudfare use nefarious tools to break out of the browser and do nefarious stuff!!! I would assume no unless I’m geopolitically important (and I’m not at that stage of my career … yet <pinky against mouth>).

SELinux didn’t make too much sense for me, given that I typically have only two users, root and myself. But maybe I misunderstand this too.

I feel a threat model first outline would be really valuable to actually improve security, whether at home or at work. There is too much theatre and systems are too loose…

@pinknoise
link
2
edit-2
5M

would there be a table that outlines the threat models please?

There is no single thread model per software as they can be configured for different needs.

would assume no unless I’m geopolitically important

But maybe the next big malware targets Linux users because all Windows machines are already encrypted, part of a botnet or whatever?

SELinux didn’t make too much sense for me, given that I typically have only two users, root and myself.

You could still run programs under specific users. This is done on servers so when a service gets owned the attacker can only do stuff in the users context.

@jazzfes
link
1
edit-2
5M

There is no single thread model per software as they can be configured for different needs.

Not for software, threat models for users.

E.g. “you don’t want to be targeted by your local government and associated corporations -> use this …”

“you are sharing your system with unreliable people (personal banking, personal data, etc.) use that …”

“you are a whistleblower against a major coorporation, government, dominant group, use this …”

You could still run programs under specific users. This is done on servers so when a service gets owned the attacker can only do stuff in the users context.

This is useful! I.e. using SELinux on servers to limit the damage if there is a problem with a service/application. I didn’t think of that… this is sort of what I’m after

@pinknoise
link
2
edit-2
5M

Not for software, threat models for users.

I’ll try to find some time later or maybe someone beats me to it. I think we should make it a new post for discoverability and so people can give corrections/suggestions in the comments.

I.e. using SELinux on servers to limit the damage if there is a problem with a service/application.

Yes. On your local machine there are also most likely some daemons running that could benefit from that. AppArmor might be easier to set up and can do about the same thing. (It limits per program instead of per role) But as the linked thread already said both aa and selinux don’t utilize namespaces and seccomp which are way more powerful.

@jazzfes
link
25M

I’ll try to find some time later or maybe someone beats me to it. I think we should make it a new post for discoverability and so people can give corrections/suggestions in the comments.

I’d love that!

@ajz
creator
link
3
edit-2
3M

deleted by creator

@jazzfes
link
25M

I totally agree with security and privacy going hand in hand! I can’t understand how anything not-private can claim being secure (looking at you, iPhone).

What I really want to know is how do I best hide from (with my best understanding of what to do):

  • Google, Amazon, Facebook, etc <-- UBO, limit javascript, degoogle your mobile

  • Less known companies like cloudfare that provide background services <-- same

  • My local government requiring the internet service provider to log my activities <-- use VPN

  • My VPN provider <-- use TOR

In addition, for bonus points:

  • Make my server save <-- Use ssh with key access only (ed25519) and a handful of other sshd settings;

I mean most of the time, all I really want is to read some text without being data-mined. So, that is my threat model. When you use security tools like lynis, there are lots of recommendations covering edge cases that don’t seem relevant for normal users. And that is why I’m asking for the threat model…

I feel that security is a massive theatre that hypes itself up to look like magic and as a consequence makes sure people are not doing basic, simple things to avoid the type of wide drag net tracking that corporations abuse for profit and dystopia.

@ajz
creator
link
2
edit-2
3M

deleted by creator

@jazzfes
link
25M

Exactly!

A VPN is a perfectly fine protection against having your normal web traffic logged locally. Even if the VPN provider tracks you, it wouldn’t necessarily be available within your jurisdiction.

Given stuff like law enforcement using “crime prediction” techniques makes privacy important for anyone. Who says that law enforcement won’t ask for data from ISPs to “enhance” their models?

The data mining trend we are seeing is utterly insane. Data being called “the new oil”, just dismisses the fact that we are talking about peoples lives rather than some resource we can dig up.

That we chose to call curve fitting and statistics “Artificial Intelligence” will be facilitator of a new dark age if we are not careful.

It’s Saturday, I had some drinks and my team lost. So maybe that’s what’s causing these doomy words…

@ajz
creator
link
2
edit-2
3M

deleted by creator

@federico3
link
15M

You are confusing very different types of tools. Firejail is excellent for sandboxing applications. AppArmor is not very powerful and almost obsoleted. SELinux is an RBAC and Tomoyo is a MAC: for a single-user desktop they have marginal utility.

@ajz
creator
link
2
edit-2
3M

deleted by creator

Confidentiality Integrity Availability

  • 0 user online
  • 17 user / day
  • 16 user / week
  • 22 user / month
  • 100 user / 6 month
  • 1.83K subscriber
  • 476 Post
  • 415 Comment
  • Modlog