Set aside a Profile for it on a daily driver browser?
Multi-Account Containers and call it a day?
Reserve a sacrificial browser for such activities?
Obligatory note:this isn’t a question asking about how best to CONFIGURE untrusted sites/services, but rather where to open them; how much isolation will generally be needed to use untrusted sites with some peace of mind.
=
CONTEXT:
A year ago, there was a discussion (What do you use Arkenfox, Mullvad and Tor for exactly?) asking how users compartmentalized their usage between browsers of varying levels of privacy/variability. Many people seemed to agree on a setup where Tor was for extreme measures, Mull was for general browsing, and Arkenfox was for staying logged in to trusted services.
It had me wondering: where, then, does one open untrusted services?
=
I do actually understand that this is one of those questions where mileage will vary, and ‘it depends’ will be a most tempting answer. Answers change with one’s threat model, and then with how invasive each particular site is.
In the presumable absence of a one-size-fits-all answer, though, I still think that having a bit of a guide/flowchart/idea of general best practices for safely accessing untrusted but necessary sites will help tremendously.
Not all of us can afford to switch all our services overnight to bulletproof ones, after all, and not all of us have the technological expertise to intuit how best to open less-ideal sites on a site-to-site basis. Those of us who don’t still deserve privacy.
=
To get us all thinking about it, here are some examples of instances where privacy-minded people may need to access untrusted sites: have a crack at solving each. Seeing how solutions vary between each particular circumstance may be helpful to formulating a general guideline.
EXAMPLES:
Having to visit old Facebook/Google/etc. accounts to request data before moving services
Having to use Work/School sites
Having to use Discord/Reddit/etc. to access communities and information hubs that can’t be replicated by other services
The examples you gave seems NOT untrusted services to me.
For these kind of sites, if I have to login and use frequently, I will simply install them as PWA with a dedicated browser and separate profiles, and have another browser as daily driver.
P.s. I keep browser profiles in a separate veracrypted drive, and manually unlock after every boot, so not much info is stored in the PC itself.
I always had taken ‘untrusted’ services to mean services that were privacy invasive. Maybe a better word for it would be ‘untrustworthy,’ or simply ‘privacy-invasive?’ Let me know what the best word for it is so I can edit the title into something more appropriate!
Thanks also for the insight of how you go about things. It’s my first time hearing of a PWA. I’ll certainly look into it.
I use a separate browser (Floorp) and launch it with mullvad’s split tunnel feature. These services already know where I live so using a VPN could even be harmful.
Tor Browser, Mullvad Browser for sites that I don’t log into, LibreWolf for sites I log in with a VPN, and Floorp for websites that I must use without a VPN.
Keep your browser updated and use the built-in features to isolate your browsing by different types, i.e. school, personal, etc. In Firefox, use containers. In Chrome, make a different profile for each use case. In Safari, use profiles. This will keep all the data like cookies, cache, etc separate.
Private/incognito tabs will delete all site data on close so you can always use those as well, but you’ll have to login again the next time you want to access that site.
This is a good answer, thanks for it! That said, what are some differences between using Firefox Containers and using multiple Firefox profiles? When will alternate profiles be needed over just making a new container?
For example, one might consider making a profile for more privacy-respecting, trustworthy services, and another profile for services such as Google, Reddit, Discord, etc. Is that viable? Is it too much of a usability trade-off, where Multi-Account Containers would have taken care of much of the compartmentalization work already? Or is it perfectly reasonable?
I think different profiles are mainly just so you can have different browser settings be preserved. In that sense, you could potentially have a different fingerprint for different profiles. But as far as separation of site data, containers are perfect and designed for that.