I had been previously installing all of my applications, including browsers, through Flatpak. This is because they have some level of sand-boxing which can be manually configured with overrides, whether graphically or through “flatpak override”.
However, I have learned that these sand-boxing solutions (notably bubblewrap for Flatpaks) can actually weaken the browser’s internal sandbox! Thus, it must be preferable to install browsers “normally”.
However, this would eliminate all external sand-boxing. Such, is it a matter of preference? Whether you value sand-boxing between sites or sand-boxing from the browser and the operating system?
I am specifically using secureblue, and while I know that it is not recommended as Firefox-based browsers have significantly worse security than Chromium-based ones, I would like to use Mullvad browser for the better resistance to fingerprinting as recommended by Privacy Guides. So, what is the best way to install it?
Thank you!
P.S. If @RoyalOughtness could give an answer that would be swell!
Follow the recommendations on the website of whatever app you’re trying to obtain. I know Brave recommends using the native app over the Flatpak option for their browser
By using a browser you must trust it, just as you must trust your OS. Don’t bother trying to “protect” your system from Mullvad Browser at the expense of being more vulnerable to the websites you visit, it doesn’t achieve anything worthwhile.
I do wonder, however, if I should layer it? Because layering packages with “rpm-ostree” is considered by some “a last resort” (Package Layering - Bazzite Documentation) and have “MAJOR caveats” ( Package Layering - Bazzite Documentation ). This is just from the Bazzite documentation, but it is still fairly trustworthy I think.
I agree we must trust our software at least mostly, but if trust it all completely, would there be no point in sand-boxing? But yes, it seems that being more vulnerable to websites is more of a concern.
I was asking specifically about security, but I now realize fingerprinting could even be an issue! I am now leaning more towards layering the browser, though I am not yet fully convinced.
Thank you, but now I realize my setup brings more complication. My operating system (secureblue) globally disables user namespaces except for the included browser (Trivalent) and Flatpaks.
If this is the case, I suppose whether or not I use Flatpak won’t matter as the namespaces are disabled anyways…
As far as I understand, this will eliminate any issues.
Although if Flatpak starts to support the unprivileged user namespaces like you say, that would be even better, right? Because then we could have all of the browser sandbox and the Flatpak’s bubblewrap sandbox?
Please correct me if I am wrong, people.
Also, if we disable JavaScript, should we care very much about browser sandbox anyways?
Yes, depending on how strict the settings are set for the flatpak.
While JavaScript, especially JIT, is a big attack surface, you should still care about sandboxing, since there are still possible exploits in other components of the browser.
Thank you all for replying. My conclusion is that it is best to avoid installing browsers through Flatpak since Flatpak doesn’t support unprivileged user namespaces which is an important part of a browser’s internal sandbox. I will mark @any1’s answer as the solution.