Jump to content

Chromium-based browsers Hardening


Sampei.Nihira

Recommended Posts

https://github.com/dreammjow/ChromiumHardening/blob/main/flags/chrome-command-line.md

 

Even Chromium-based browsers can be hardened to protect our privacy/security.
Check out the multiple info in this link if they can help you.
Do not use all the command line switches or flags described.
But choose and especially check those that may seem useful to you.:hello:

 

 

Link to comment
Share on other sites


7 hours ago, Sampei.Nihira said:

https://github.com/dreammjow/ChromiumHardening/blob/main/flags/chrome-command-line.md

 

Even Chromium-based browsers can be hardened to protect our privacy/security.
Check out the multiple info in this link if they can help you.
Do not use all the command line switches or flags described.
But choose and especially check those that may seem useful to you.:hello:

 

 

TY :)

Edited by XPerceniol
Link to comment
Share on other sites

It should be kept in mind that it is not possible to add many Command Lines Switches to "destination" (I hope in English" is called identically).
In my opinion (but I personally use few of them) it is necessary to create a batch file:

1.jpg

Edited by Sampei.Nihira
Link to comment
Share on other sites

I think the main point about the viability of hardening a browser is the case where the code from it is already safe enough along with how architecturally vulnerable it is. By that i mean, chromium may be the worst because it's a whole operating system inside a binary with so much stuff that isn't even browsing-related and the code is just so massive and long-standing. but the complexity of things like its true multi-process architecture, and, particularly, the way the architecture works in certain operating systems, brings extra attack vectors where things do not always happen in userland in a more dominant way and things get mixed (windows NT is an example where that may be a security liability from the way the browser manipulates the OS, but linux is just a kernel and we know there are plenty distros that operate in a very similar way). The browser may be jailed like people in OpenBSD world do, but sometimes you can't jail the browser because you do not want to lose performance (i'm fully anti-sandbox in a desktop system level, for me it was a way of reducing OS and virus protection costs from microsoft, google and apple, the same i think about real time protection). Firefox is better in that respect, and some kind of safari-like browser would be better than the two, as webkit seems to be, in a contradictory way, the freest and easiest community maintainable open source engine from the 3 mainstream ones today, and you can even see people backporting webkit2 code to webkit1 in the WebPositive Haiku browser. I think the ideal mainstream browser to be hardened should be a webkit2 one,

Although i'm biased to UXP/PM due to design decisions, way cleaner/smaller codebase, and architectural differences, i think these are my views about the three main platforms.

Edited by Eddie Phizika
Link to comment
Share on other sites

https://madaidans-insecurities.github.io/browser-tracking.html

:huh::unsure:...?

From that site:

Quote

Even if you did magically create a blacklist of every single tracker domain ever, the website does not need to connect to a third party domain to run tracking code. For example, blocking Google Analytics does not prevent the website from simply running their own first party tracking code or even hosting third party tracking code from a first party domain.

The website can then share this information to the people that made the trackers you've blocked, so everyone gets the exact same information they would have gotten in the first place.

Blocking trackers can only remove some low hanging fruit and is not a proper approach to systemically improving privacy.

I would like very much to know your opinion on this as I know you have given us a wealth of knowledge on here re the subject. 

Hope all is well :)

Edited by XPerceniol
Link to comment
Share on other sites

The article quite drastically says that it is not possible to eliminate tracking and fingerprinting in other non-Tor browsers.
This statement is indeed unfortunately true.
It should also be said that unfortunately there is no practical effectiveness to using Tor for all our web activity.
So, as is often the case, a compromise must be made.


If you use non-Tor browsers there is a chance to greatly reduce tracking and fingeprinting.:yes:

(Don't cancel tracking and fingeprinting,just reduce these 2 anti-privacy factors).

 

 

Edited by Sampei.Nihira
Link to comment
Share on other sites

finger1.thumb.JPG.a1357057ff30e0121eb574135284732d.JPG

finger3.thumb.JPG.ebf3a495834ec0499317beb5986057b3.JPGfinger2.thumb.JPG.6b07e75b0276f75fae3b32f2a05e95e4.JPG

 

On 7/8/2022 at 10:07 AM, Sampei.Nihira said:

The article quite drastically says that it is not possible to eliminate tracking and fingerprinting in other non-Tor browsers.
This statement is indeed unfortunately true.
It should also be said that unfortunately there is no practical effectiveness to using Tor for all our web activity.
So, as is often the case, a compromise must be made.


If you use non-Tor browsers there is a chance to greatly reduce tracking and fingeprinting.:yes:

(Don't cancel tracking and fingeprinting,just reduce these 2 anti-privacy factors).

 

 

 I see .. I headed over to:

https://canvasblocker.kkapsner.de/test/

... and ran a few tests and only 1 says I'm safe.

 

Link to comment
Share on other sites

Hi,:hello:

You should ask kkapsner not me.
You cannot compare an extension-specific (privacy) test in the absence of the extension....
But probably in my browser the test,with an obviously different layout, would still pass.

I would like to advise you a correct way to deal with hardening (of Chromium-based browsers) otherwise I would have titled the thread in a different way don't you think ?;)

Check in your Chromium-based browser if sandbox support returns a status.

chrome://sandbox

And whether hardening is possible.

If you want to check a comparison in Firefox-based browsers (that would not be the purpose of this thread) you need to give the command:

about:support

Example of a Chromium-based browser (my browser) with hardening done,of course also thanks to the command-lines included in the first post of the thread:

1.jpg

Edited by Sampei.Nihira
Link to comment
Share on other sites

18 hours ago, Sampei.Nihira said:

Hi,:hello:

You should ask kkapsner not me.

Oh, even if I could ask the developer I'd still would ask you first as I trust your judgment and advice. ;)

18 hours ago, Sampei.Nihira said:
chrome://sandbox

And whether hardening is possible.

If you want to check a comparison in Firefox-based browsers (that would not be the purpose of this thread) you need to give the command:

about:support

Example of a Chromium-based browser (my browser) with hardening done,of course also thanks to the command-lines included in the first post of the thread:

1.jpg

Thank you for the help regarding security question. I confess, I'm largely clueless 90% of the time anyway. Ha! I put the ph in confusion. Sometimes I (actually) learn it and have learned so much here at MSFN.

Edited by XPerceniol
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...