Secureblue - Immutable Fedora Hardening

For example: non-consensual phoning to google.com when using Trivalent.

Do you have evidence of this? Please don’t just throw out stuff like this without evidence :slight_smile:

That said, it’s nearly impossible to use the internet without interfacing with google in some fashion. Are you going to block https://pki.goog/? That’s going to break sites that use google’s CA. Then there’s https://gstatic.com, https://fonts.google.com, etc

Hardening done to Trivalent makes you stand out (fingerprint is more unique) more than other browsers out there.

“fingerprinting” as a concept is more a marketing term than anything, so you’ll have to be much more specific. And on top of that, even if I grant your premise, you’d have to somehow get from “more unique fingerprint” to “less secure”, and I don’t see the connection there.

Like you said, if not being fingerprinted is someone’s priority, they should be using TB.

If say disabling JIT/WASM makes the fingerprint “more unique”, what does that enable them to do that they couldn’t do on a browser with JIT/WASM on? On the contrary, the attack surface is reduced, so they’d have fewer vectors to work with.

I gave an example of what could be considered PII in scope of secureblue’s project (Trivalent as their browser).

Why would a browser ever block these domains? Ublock Origin doesn’t even block them by default. It’s not browser’s business to block bad privacy practices by websites. depends on how you would like to approach it, both Tor browser on Safer & Safest security level and Safari in lockdown mode disable some fonts

hypothetically speaking, with lack of anti-fingerprinting techniques whether you agree on its premise or not, will reduce the chances of specially crafted attack that targets a specific visitor on some website.

Not really, it is just not as easy to protect against when the possibilities of tracking increases when there’s new addition to the specification of JS & CSS, and depending on how secure the engine implements it.

Agree, I don’t know how hard it is or even possible to spoof that you have such hardening enabled, see for example Cryptee | iOS / Safari Lockdown Mode Detection Test (Proof of Concept).

If you really want strong anonymity and security, you should be using Whonix on top of a sane base like secureblue or Aeon.

I gave an example of what could be considered PII in scope of secureblue’s project (Trivalent as their browser).

Is this a real example or an imaginary one? If it’s real, open a bug report with evidence. If it’s imaginary, say so :slight_smile:

will reduce the chances of specially crafted attack that targets a specific visitor on some website.

Your assumption is in thinking that hardening makes this easier. It’s the opposite. Users are already trivially fingerprinted, and hardening measures make entire categories of vulnerability go away. So it makes an attacker’s life harder.

tracking

This is another nebulous term that would need more definition

spoof that you have such hardening enabled

None of this seems security related so I’m not terribly keen on continuing further.

I recommend these resources on the subject:

Sorry for causing drama)
I use firefox for vpn extension to separate profiles on the trusted websites that I rarely visit. I use chromium based browsers for most of the time.

drama

not at all :smile: just differences in perspective

I use firefox for vpn extension to separate profiles on the trusted websites that I rarely visit. I use chromium based browsers for most of the time.

I see. In case it’s useful for you, chromium-based browsers have a built-in profiles feature, including guest profiles

The website is live :slight_smile:

16 Likes

Really like the design. It looks clean and is very familiar to GrapheneOS users.

2 Likes

familiar to GrapheneOS users.

We forked the GOS site as a basis, so that makes sense :smile:

2 Likes