LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-22-2019, 06:55 PM   #1
actinide
Member
 
Registered: Jan 2012
Posts: 314

Rep: Reputation: Disabled
Web Browser privacy


Can the Web brower I use know what websites i've bookmarked.
Example Firefox, Opera, Vivaldi, Chromium.
 
Old 05-22-2019, 07:06 PM   #2
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 19.1 MATE
Posts: 8,016
Blog Entries: 5

Rep: Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862
If by "web browser", you mean the browser developers (because the web browser obviously knows your bookmarks), then as far as Mozilla goes, relating to Firefox, the best answer I have is "not as far as I know" (even if you're using Firefox Sync which uses encryption for the data you hold).

In saying that, if you are using Firefox and you want to review the security of your data regarding Mozilla, you should read this: https://www.mozilla.org/en-US/privacy/firefox/ and make any necessary configuration changes to Firefox to match your needs.
 
Old 05-22-2019, 09:02 PM   #3
proMusic
LQ Newbie
 
Registered: May 2019
Posts: 20

Rep: Reputation: Disabled
They certainly have the capability if they wanted to push an update and do that, and so can browser addons. Depending on the browser, your browser settings are stored in a cookie which can have PII (personally identifiable information) and these can be sent to second/third parties whom can corrolate to you.. The only cookie your browser should ever need to store on your computer is a first party non-identifying browser setting cookie, as such is the case in the DDG browser..

Quote:
At DuckDuckGo, no cookies are used by default. If you have changed any settings, then cookies are used to store those changes. However, in that case, they are not stored in a personally identifiable way.. For example, the large size setting is stored as 's=l'; no unique identifier is in there. Furthermore, if you prefer not to use cookies to store settings, you can use URL parameters instead.
The keyphrase in that quote is "they are not stored in a personally identifiable way" so if your local cookie with all your bookmarks somehow did get stolen (via a sidejacking attack), then there would be no PII in that cookie that could uniquely browser fingerprint you. (as a sidenote I dont trust DDG as they were bought by Verizon who installed a supercookie on all their customers; you should use StartPage instead)..

Last edited by proMusic; 05-22-2019 at 09:32 PM.
 
Old 05-23-2019, 12:21 AM   #4
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,522
Blog Entries: 9

Rep: Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393
Quote:
Originally Posted by actinide View Post
Can the Web brower I use know what websites i've bookmarked.
Example Firefox, Opera, Vivaldi, Chromium.
yes, definitely, all of those, even DDG browser.
and with javascript it can be actively exploited.

Last edited by ondoho; 05-23-2019 at 12:22 AM.
 
Old 05-23-2019, 10:29 PM   #5
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Rep: Reputation: 13
To be honest, we are royally screwed browser wise. For now use this: https://gitlab.com/Puffles_the_Drago...tes/Firefox.md, but someone needs to write a minimal (pure C no bloat crap) and secure browser. Give me a few years, got a lot to learn. But someone has to do it... Have zero delusions, Firefox is just as bad as chrome and chromium is chrome. Mozilla is the same as Google, they are just less open about it and less obvious. TOR is nice, but lets be real it's protcol is adorable and the project has sold out for NSA money. Browser at this point? Do your best, have zero illusions w3m + proxychians going into i2p then tor is the best bet.
 
Old 05-24-2019, 12:30 AM   #6
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 12,522
Blog Entries: 9

Rep: Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393Reputation: 3393
Quote:
Originally Posted by FOSSilized_Daemon View Post
To be honest, we are royally screwed browser wise. For now use this: https://gitlab.com/Puffles_the_Drago...tes/Firefox.md, but someone needs to write a minimal (pure C no bloat crap) and secure browser. Give me a few years, got a lot to learn. But someone has to do it... Have zero delusions, Firefox is just as bad as chrome and chromium is chrome. Mozilla is the same as Google, they are just less open about it and less obvious. TOR is nice, but lets be real it's protcol is adorable and the project has sold out for NSA money. Browser at this point? Do your best, have zero illusions w3m + proxychians going into i2p then tor is the best bet.
yeah, you talk the talk.
but really it's the internet that's a steaming pile of --- well, all sorts of sh!t.
Unfortunately, browsers need to deal with that.
Some of them being bloated beyond compare, or spying on you, is really just an afterthought in light of the real problem: to reliably display all the stuff that is the WWW. That's the real bloat, the real security hole.

Btw, atempts to "write a minimal (pure C no bloat crap) and secure browser. Give me a few years, got a lot to learn." do exist.
Just look at netsurf or dillo (i don't know if those are actually written in pure C but that's hardly the point). They can't even play youtube videos, and that's after decades of development.
 
1 members found this post helpful.
Old 05-24-2019, 08:42 AM   #7
carlito386
Member
 
Registered: May 2019
Distribution: Debian
Posts: 75

Rep: Reputation: Disabled
Quote:
Originally Posted by FOSSilized_Daemon View Post
Give me a few years, got a lot to learn.
The above is the only accurate statement in your post.
Unfortunately, I don't think OP has time to wait for you to grow up and learn.

Free and open source software is the most effective first step for ensuring your web browser is secure and protects your identity.
Mozilla who owns FF is also not a small niche company - so this ensures the browser will be well maintained and have timely updates.

Mozilla used to be Netscape. There is a documentary about how the company chose to resist Govt pressure to collect data. Netscape then jettisoned FF as free and open source just before it was killed off as a company.
So FF has a history of being loyal to the public rather than to big companies.
FF is the browser of choice for Debian - and Debian is also actively involved in maintaining FF.

If bookmarks are used to identify the user - then users can create several 'profiles' with FF.
Just input: 'about: profiles' in the address bar.
Each profile can then have different bookmarks and different browsing habits. Essentially the user becomes several people whose browsing habit is a little more difficult to identify.

I use Wikipedia as my search engine. I can then go to the Wikipedia page of most websites. On the Wikipedia page there will be a link with the websites address. This avoids using bookmarks.

Alternatively, a seperate file can be held on a hard disk with the address of every website the user wants.
The file can then be used to cut and paste the address onto the address bar of a web browser.

The FF home page allows links to websites to be stored there. This also avoids using the bookmarks toolbar.
 
1 members found this post helpful.
Old 05-24-2019, 03:14 PM   #8
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Rep: Reputation: 13
Anyone who can honestly look at FireFox and Mozilla and say they are not as bad as Microsoft and Google is a fan boy. They have invested in maleware, injected maleware into users browsers many times and have done even worse things than google. I guess people have to justify the crappy situation we are in. Yes, browsers need to be bloated to run all the Javascript, PHP and other crap I and many others bloat and don't use. Browsers shouldn't be bloated peices of spyware just because some web devs think "OH we should make it easier for the users by adding a crap ton of animations and bs no one wants or needs. Just like in the 90s! Rememeber how we centralized the internet? How has that backfired?". At this point this conversation, much all others that take place about bloat and spyware, has become petty crap that isn't worth my (and hopefully your) time.
 
Old 05-24-2019, 03:25 PM   #9
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Rep: Reputation: 13
I know there is surf from suckless which is (I believe) pure C, however personally there are issues with it such. One thing I do love about FireFox is how addons (in some respects) are done. I like that they are downloaded and run off the system as aposed to being web extensions. I would love to see a minimal browser with at most js support that has that ability. To be 100% honest 99% precent of the bloat in browsers (and other software) is due to trying to make something main stream for everyone. This means the whole (easier for the user) screws the project in about all aspects.
 
Old 05-24-2019, 03:31 PM   #10
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 19.1 MATE
Posts: 8,016
Blog Entries: 5

Rep: Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862
Quote:
Originally Posted by FOSSilized_Daemon View Post
Anyone who can honestly look at FireFox and Mozilla and say they are not as bad as Microsoft and Google is a fan boy. They have invested in maleware, injected maleware into users browsers many times and have done even worse things than google. I guess people have to justify the crappy situation we are in. Yes, browsers need to be bloated to run all the Javascript, PHP and other crap I and many others bloat and don't use. Browsers shouldn't be bloated peices of spyware just because some web devs think "OH we should make it easier for the users by adding a crap ton of animations and bs no one wants or needs. Just like in the 90s! Rememeber how we centralized the internet? How has that backfired?". At this point this conversation, much all others that take place about bloat and spyware, has become petty crap that isn't worth my (and hopefully your) time.
Browsers don't run PHP. The servers interpret it and serve any resulting output.

Despite the truth that browsers have indeed become resource-hungry, it looks like you're having an uninformed rant.

Please provide links to evidence about Mozilla's injection of "malware" into Firefox, any by "malware" I mean that something that actually does damage to your system, which is the definition of that term.

Seeing threats everywhere is just as bad as seeing threats nowhere. It means that you aren't able to discern the real threats when they happen.
 
1 members found this post helpful.
Old 05-24-2019, 03:36 PM   #11
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Rep: Reputation: 13
I would, but for whatever reason:

A) people don't care or pay attention (MR. Robot, last week/month, last few years, germany etc)

B) All the blog posts and videos I had saved have been removed and idk why. I know Lunduke's got removed and then he moved it to patrion or whatever the site is called.

I have been ranting about this for sometime and with how little people seem to care it feels like telling a windows user about the keyloggers and spyware in it. I get no where and everyone gets mad. In short, not worth the effort to try to dig an archive of posts just have people wipe themselves with it tbh.

Alos, collecting ANY DATA AT ALL that I have not 100% consented to is a, well can't say it here.

Last edited by FOSSilized_Daemon; 05-24-2019 at 03:37 PM.
 
Old 05-24-2019, 03:37 PM   #12
Slackware_fan_Fred
Member
 
Registered: Oct 2018
Distribution: Slackware64-14.2 Multilib
Posts: 108

Rep: Reputation: 34
Opera has you covered for privacy with it's free built in VPN.
 
Old 05-24-2019, 03:39 PM   #13
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Rep: Reputation: 13
Quote:
Originally Posted by Slackware_fan_Fred View Post
Opera has you covered for privacy with it's free built in VPN.
I hate to be that person, but here we go. A) VPNs you didn't build aren't really something you should trust and I2P and TOR make VPNs kinda pointless. However, I don't know enough about Opera to make a real call on them. I haven't actually heard of them before and am sorta out of the loop opera wise so I will definitley check them out. Thank you for the suggestion.
 
1 members found this post helpful.
Old 05-24-2019, 03:41 PM   #14
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 19.1 MATE
Posts: 8,016
Blog Entries: 5

Rep: Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862Reputation: 2862
Quote:
Originally Posted by FOSSilized_Daemon View Post
I would, but for whatever reason:

A) people don't care or pay attention (MR. Robot, last week/month, last few years, germany etc)

B) All the blog posts and videos I had saved have been removed and idk why. I know Lunduke's got removed and then he moved it to patrion or whatever the site is called.

I have been ranting about this for sometime and with how little people seem to care it feels like telling a windows user about the keyloggers and spyware in it. I get no where and everyone gets mad. In short, not worth the effort to try to dig an archive of posts just have people wipe themselves with it tbh.

Alos, collecting ANY DATA AT ALL that I have not 100% consented to is a, well can't say it here.
If you can't back up your claims with evidence, and then are willing to argue about the validity of that evidence, don't rant about it. What's Germany got to do with it, anyway?
 
Old 05-24-2019, 03:45 PM   #15
Slackware_fan_Fred
Member
 
Registered: Oct 2018
Distribution: Slackware64-14.2 Multilib
Posts: 108

Rep: Reputation: 34
Quote:
Originally Posted by FOSSilized_Daemon View Post
I hate to be that person, but here we go. A) VPNs you didn't build aren't really something you should trust and I2P and TOR make VPNs kinda pointless. However, I don't know enough about Opera to make a real call on them. I haven't actually heard of them before and am sorta out of the loop opera wise so I will definitley check them out. Thank you for the suggestion.
I never use VPN I just pointed out Opera has it built-in and because I always "hear" that a person should use vpn for privacy.
 
  


Reply

Tags
brower, internet, privacy, web


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Iridium Browser: A Browser for the Privacy Conscious LXer Syndicated Linux News 0 02-23-2018 08:44 AM
LXer: Data Privacy Day 2017: Solutions for everyday privacy LXer Syndicated Linux News 0 01-29-2017 10:12 AM
LXer: Are you Privacy Aware? Data Privacy Day, and Every Day LXer Syndicated Linux News 0 01-27-2017 05:33 AM
LXer: FCC Online Privacy Ruling Helps, not Hurts, Privacy-Minded Users LXer Syndicated Linux News 0 11-11-2015 03:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration