Browser Account isolation (with seperate browsers)

Hey friends, I have been looking for harm reduction techniques related to google accounts
(Note: yes, it would be ideal to delete your Google account, but that is not practical for me in my current situation)

One technique I have found (which has been recommended by Rob Braxman), is to use the Google Chrome Browser to connect to Google account and use the associated Google services like Google Mail that require your account and only those services,

Is that a good idea?, does it have any disadvantages?

Is there a better browser to be used for the purpose of Google account isolation, I was thinking maybe ungoogled-chromium?

Note: Braxman further suggests you use misinformation to deliberately “confuse” the Google trackers, which sound it could be beneficial, I am too lazy to do that/

Note: I am not interested in having a discussion about Braxman in this forum thread, only a discussion of technique proposed by him. I am aware he can be controversial

There are a million better ways to compartmentalise your accounts that don’t involve installing Google Chrome in the first place or using a browser that goes so hard on degoogle that it breaks security (yes, ungoogled chromium bad, actually). Here is a non-exhaustive list:

  • Firefox containers
  • Using two different privacy-oriented browsers, e.g., Firefox + Librewolf, Brave + Firefox
  • Using separate devices

As for the “confuse the trackers” hypothesis, long story short: no.

Slighly longer answer: suggesting “confusing the trackers” as a viable strategy shows a poor understanding of how fingerprinting works and what it’s based on

4 Likes

@pinkandwhite I see what you are saying, but here are my problems

  • Firefox containers, honestly too lazy to do that, I do not trust my self to not make a mistake with that
  • I am already using Librewolf + Brave for other reasons and do not want to turn them into my dedicated “Google Acoount browser”, and Firefox is my “fallback” browser.
  • Separated devices, is not a financially viable option for me, I am not willing to spend 100-150 euro for a used laptop just for Google

Could you please elaborate on the dangers of using Google Chrome for that purpose? The main argument is that google already knows what you are doing with Google services anyway, and Google Chrome does not spy on you outside the browser (from what I understand),

Also, what about using Chromium for this purpose (not ungoogled-Chromium just stock chromium)

Thanks!

We don’t recommend ungoogled-chromium for a few reasons.

  1. binaries being compiled by third parties
  2. disabling CRLsets which means that a rogue CA could potentially still issue certificates
  3. A review of ungoogled-chromium patches

As for seperate browsers, there is no reason why you can’t use separate browser profiles no need to install new software.

1 Like

Some of these criticisms about ungoogled-chromium, especially #3 are outdated.

For example, the project has a list of official binaries for different distributions.

There is some wisdom in using different browsers for producing different browser fingerprint profiles. Of course it’s not a full answer by itself but it helps greatly if fingerprinting is a concern.

For some linux distributions but they still have the third party binaries there for major platforms like Windows/macOS etc.

Overall this patch set doesn’t really do a whole lot for privacy, the browser is still highly fingerprintable and there are serious supply chain risks.

2 Likes

Depends. If your threat model is protection against anything Google then it’s a great tool.

Any unhardened Chromium browser, including Brave, leaks browser metadata through noisy APIs like Client Hints. Google have a strong controlling interest in Chromium design.

You can disable Client Hints but every other Chromium fork (apart from Cromite) doesn’t do that leaving you easily fingerprint-able.

That said, there’s some benefit to mixing browser profiles like Brave & Firefox for different activities. From both a technical and an opsec point of view.

Also, not making official binaries available for Windows & Mac is not a strong point from the project. But the source code remains available to anyone on those platforms who wants to compile it.

“anything Google” isn’t really a threat model, and only really comes from “degoogling” nonsense. You can use any Chromium based browser and not have anything to do with other Google products. Google is not the only advertiser on the internet so as far as privacy is concerned hyperfocusing on a single company over all others will lead to unaddressed issues in a threat model where advertising and tracking are primary concerns.

In the case of ungoogled chromium they disabled CRLsets which are more likely to protect you in the case of a rogue CA.

You can determine these things through other fingerprinting methods so this really doesn’t add much in the way of protection. Ungoogled chromium doesn’t provide any fingerprinting protection eg. nothing to do with Canvas etc.

Using ungoogled chromium doesn’t mitigate that, you’re still largely using Chromium with a few patches on top.

You can also determine the same information through JS fingerprinting libraries creepjs so that doesn’t help you. Disable JS? Sure, but most websites won’t actually work like that.

All browsers are fingerprintable, it’s just that Brave and Firefox does more to address that. The very fact that ungoogled chromium users are so few is a fingerprintable metric.

Nonsense. If a browser is good for one thing, it’s good for another thing. Inserting the word “opsec” doesn’t give what you’re saying any credibility.

I would bet 99.9% of people do not compile that source, given how long it takes to build Chromium.

3 Likes

Everybody has their own privacy goal. Who are you to tell them this goal is nonsense? Also I used it as an example, not as an argument for ungoogled chromium. I don’t use it myself.

Some browsers are more fingerprint-able than others.

That’s all I’ll say for now. No point in addressing the other comments you’ve made in bad faith.

This is not a matter of opinion, argument. Google is not the only company out there which tracks users across websites and which operates an ad network.

They typically do that with logged in accounts, because that is without a doubt the most accurate way to determine unique users.

Ungoogled chromium doesn’t provide anything special in this regard as the properties exposed by Client Hints API can be determined through various JavaScript APIs in the browser. It is trivial to make a website not function unless you have JavaScript enabled.

If you read the later replies you’ll see that disabling those things breaks functionality users might expect to work.

TLDR not having client hints doesn’t mean your browser is magically not fingerprintable.

As far as security goes this browser doesn’t have automatic updates whch also means updating the browser is now your job if you use it.

4 Likes

Tbh, I use two different browsers for work reasons: Brave and Vivaldi. Most of the forks have inherent problems such as lagging behind updates, breaking up things etc. Librewolf maybe an outlier in this respect, but still using a fork for browser is not a good idea.

I would highly encourage you to think about your threat model and what you are actually trying to achieve.

When I read this thread, it feels like a philosophical discussion about the meaning of life in a pub after everyone gets completely drunk. This is way too generic and I don’t think you will get any useful answers from anyone in this way.

It is hard to give any recommendations when nobody knows the context. Maybe you could specify how you’re using those google accounts and what you are trying to protect? What are your main concerns?

2 Likes

I’m investigating Ungoogled Chromium at the moment.

Are there any downsides to using it compared to other Chromium based browsers?

Would I be putting myself at more of a security risk by using it instead of other Chromium browsers?

Yes, dngray already stated them in this thread:


Yes.

These binaries are provided by anyone who are willing to build and submit them. Because these binaries are not necessarily reproducible, authenticity cannot be guaranteed.[1]

This is very serious for something which deals with sensitive data like banking, or whatever site you visit.


  1. Italicized emphasis mine ↩︎

3 Likes

Safe Browsing is disabled I believe, Some will see this as an advantage, others will see this as a disadvantage.