If you allow javascript, game over.
If you allow flash, game over.
If you allow java applets, game over.
If you allow page icons, game over. There have been viruses injected via page icons in Windows.
If you allow images ... er ... well, on Windows, game over. There have been viruses injected through image viewing.
So ... the most secure browser doesn't support any of those things. Lynx. Lynx is a great little browser, but won't win any awards for usability or working with all websites.
There isn't any absolute security. Our choices and what we click matter more than anything else. Security is about making the correct decision 10,000 times a day, without fail. If we fail (and we all do), then we hope the next level of protection will save us. If that fails, we hope the next level of protection saves us.
I won't use chrome. Just don't trust the largest advertising company in the world to NOT access private data displayed in their browser. I do use chromium, but only for specific, trusted, financial websites and only when run in a separate container - away from other applications and without any direct access to permanent storage. Firejail is how to accomplish that, but it isn't perfect either; just provides another layer of protection. My day to day browser is firefox - will all the issues it has, but I disable javascript, java, flash, and remove all locally stored tracking objects nightly. Also only allow session cookies and never allow 3rd party cookies. With all this stuff disabled, the web is a very different place. Many websites don't work, which is fine. I don't need to visit them.
If you don't want to be tracked, check out this article: http://ift.tt/2afRj13 - republished by lifehacker a few years ago. It is still valid and works. In fact, short of running your own DNS and blocking all the tracking on your home network that way, I don't see any other way to prevent internet tracking. If you ever leave the house and connect to the internet away from home, you'll still want the /etc/hosts file setup. Be certain to block google, twitter, facebook, pineinterest, and all the other social networking sites which are tracking everyone, everywhere they go online. You can still use google for search - just go their an anonymous proxy first ... like startpage.
Often, security is a trade-off between convenience and being secure.
Oh ... and watch out using lastpast. They had a web flaw which made it possible for any website to pretend to be any other website and capture the automatically filled in credentials. THAT specific bug was fixed, but ... how many others do they have in their javascript? All programs have bugs. All of them.
[ubuntu] Confused over which web browser is most secure
Aucun commentaire:
Enregistrer un commentaire