I just tried out installing SecureBlue. The first attempt went smoothly but after installation Trivalent just refused to work as well as some other gnome apps. On the second try I got it to work, but could not follow all the post-install instructions (like setting grub passwords, I guess that is 41 release issue).
The other thing I don’t fully understand is how to install apps. I’m a newbie and usually install flatpaks via default gnome AppStore. Now, I have to use warehouse to install them from flathub, but the issue is not that. Most of the apps I install just refuse to open. No browser besides Trivalent opens up with some errors (X server, failed to initialize, and other). I tried Brave, Firefox, Liberewolf, Mullvad Browser —non of them work. I then tried to install Steam, but it doesn’t open either. Can someone tell me please what I’m doing wrong? Installing Mullvad VPN is another story (as I understand it is not compatible with secureblue).
That might be true, but those apps (including Firefox) default to Wayland if I remember correctly. The only app complaining about X11 is Brave, other simply don’t start and display no errors (Steam, Firefox, and some other).
I will try Brave with
brave-browser --enable-features=UseOzonePlatform --ozone-platform=wayland
when I come back
Firefox and firefox based browser are incompatible with hardened_malloc. That aside, I don’t understand why you would use a Firefox-based browser if security is your priority
That is great to hear!
One more question I have is about speed. When I open any app it takes much longer than silverblue. Is it because of the hardened_malloc?
Even the terminal takes longer to launch.
Thank you for the replies!
Tor browser is a firefox-based browser. In my opinion, compatibility with Tor browser should be a minimum requirement for an operating system for privacy.
which is why I said: “if security is the priority”
some people prioritize security lower than other things, and that’s their prerogative
on a secure OS
Given how much of the average desktop use case is done in the browser, we have put and are continuing to put a ton of effort into browser hardening. There is no such thing as a “secure OS” independent of the browser, as far as the desktop use case is concerned. The security of your system is inherently tied to the security of how you interface with the internet. Using secureblue and ditching the browser hardening, userns hardening, etc is missing a good chunk of the point of secureblue.
Here’s a contrived example:
A malicious website crafts a response payload that exploits a firefox/TB vulnerability in the CSS engine to escalate privileges
since firefox/TB runs only with at most a weak sandbox, weak internal isolation, and no MAC confinement, the now compromised browser attacker scrapes your homedir info, network info, lan info, etc and sends it back to themselves
The user is now significantly less anonymized than if they had simply used a browser that had measures in place to mitigate categories of vulnerabilities like this.
TLDR, using an insecure browser on a “secure OS” is contradictory, because of the criticality of the browser in the desktop use case.
Alright, but can I be private or even anonymous while using secureblue? (Other than using VPN or Tor of course)
Don’t you think ignoring any efforts that might conceal users identity or identifiable info whether it PII or the fact they are using secureblue will put users at greater risks for targeted attacks?
Alright, but can I be private or even anonymous while using secureblue?
You would have to define both “private” and “anonymous”, but that’s a whole nother can of worms.
Neither are things I think about often.
ignoring any efforts
It’s not that we’re ignoring it, it’s not in scope. I think your question is genuine, but you have to realize that asking a dev about something that’s clearly and repeatedly defined as out of scope is a form of entitlement that’s all too common especially in FOSS. Developers aren’t obligated to share your goals. If someone wants to use secureblue as a base image to build a “privacy image”, more power to them, but it would be entirely out of scope of secureblue and an independent project.
You already made your point, and I agree with the building it if you want to add privacy features to your own image.
But I wanted to clarify some of my points that you didn’t get it.
PII
Anything that phones home that you can’t opt out. IP addresses are considered PII under GDPR. For example: non-consensual phoning to google.com when using Trivalent.
Hardening done to Trivalent makes you stand out (fingerprint is more unique) more than other browsers out there.
For example: non-consensual phoning to google.com when using Trivalent.
Do you have evidence of this? Please don’t just throw out stuff like this without evidence
That said, it’s nearly impossible to use the internet without interfacing with google in some fashion. Are you going to block https://pki.goog/? That’s going to break sites that use google’s CA. Then there’s https://gstatic.com, https://fonts.google.com, etc
Hardening done to Trivalent makes you stand out (fingerprint is more unique) more than other browsers out there.
“fingerprinting” as a concept is more a marketing term than anything, so you’ll have to be much more specific. And on top of that, even if I grant your premise, you’d have to somehow get from “more unique fingerprint” to “less secure”, and I don’t see the connection there.
Like you said, if not being fingerprinted is someone’s priority, they should be using TB.
If say disabling JIT/WASM makes the fingerprint “more unique”, what does that enable them to do that they couldn’t do on a browser with JIT/WASM on? On the contrary, the attack surface is reduced, so they’d have fewer vectors to work with.
I gave an example of what could be considered PII in scope of secureblue’s project (Trivalent as their browser).
Why would a browser ever block these domains? Ublock Origin doesn’t even block them by default. It’s not browser’s business to block bad privacy practices by websites. depends on how you would like to approach it, both Tor browser on Safer & Safest security level and Safari in lockdown mode disable some fonts
hypothetically speaking, with lack of anti-fingerprinting techniques whether you agree on its premise or not, will reduce the chances of specially crafted attack that targets a specific visitor on some website.
Not really, it is just not as easy to protect against when the possibilities of tracking increases when there’s new addition to the specification of JS & CSS, and depending on how secure the engine implements it.
