At the moment, I use Firefox on Windows as my main browser, but I’m planning on switching to Fedora. However, now that I’m switching from Windows to Fedora, I figured I may as well re-evaluate which browsers I use. Privacy Guides recommends against using GeckoView / Firefox-based browsers on Android, but I’ve also seen other researchers claim that Firefox is lacking in security on all platforms. With that being said, I had a few questions in regard to choosing secure browsers, specifically for use on Fedora Linux.
Is Firefox’s sandboxing improved on Fedora? It looks like some of the supposed issues with Fedora on Linux are related to X11 and PulseAudio. However, (and correct me if I’m wrong) I believe Fedora has been using Wayland and PipeWire as the default for some time now. Would that mean at least some of the sandbox escape concerns with Firefox are no longer an issue?
Is GNOME Web reasonably secure? I don’t intend on using it as a main browser, but I’m still curious as to where WebKit / WebKitGTK / GNOME Web stands.
Would using a browser (whether it be Firefox, Chromium, GNOME Web, etc.) as a Flatpak or Snap affect their security? I remember hearing a while back that Flatpak effectively replaces the sandboxing that web browsers would normally take charge of, but I’m not sure if that is true or if that is desirable. That also leaves me to wonder… if Flatpaks and/or Snaps “replace” the sandboxing in browsers, how do the different browsers and package managers compare in regards to which offers the best security? (i.e., Chromium vs. Firefox vs. GNOME Web vs. Flatpak vs. Snap)
So this doesn’t answer the entirety of question 4, but as for Chromium vs. Flatpak, it seems that PG advises people to avoid using the Flatpak version of Brave. This is because (according to them) Flatpak replaces Chromium’s sandbox with Flatpak’s inferior sandboxing. I haven’t seen any information on whether this is also the case for Firefox or GNOME Web, or how Flatpak compares to Snap.
There was a somewhat recent discussion about it here and it looks like @jonah and @sha123 disagreed on the security impact Flatpak may have on Chromium and Firefox. I’m not too sure who is in the right because I’m not an expert, so the more technical details go over my head. I wish I could just point to a reputable cybersecurity organization that has a solid position on this so that we could get a clear answer, but aside from the small mention of Brave Flatpaks on Privacy Guides, it looks like the answer is sort of unclear… unless someone who knows what they’re talking about chimes in on this thread with sources and/or reasoning.
As for Snaps, it seems like AppArmor (which is used by Snap for sandboxing) might not work on Fedora… So installing browsers as Snaps on Fedora might not be a good idea, but honestly, I have yet to see any clarification on this so I have no clue.
Not in a catastrophic matter, but there are differences. Running Firefox or LibreWolf under Flatpak for examply slightly weakens it’s built-in sandboxing. I myself am no expert from this, but there have been numerous debates in the PrivacyGuides Matrix Rooms which generally came to this conclusion.
Snap applications use many of the same features as flatpaks and will consequently be affected by the same issues. After taking a quick look the isolation that is provided by some default snap packages on Ubuntu 22.04 it seems that it is even less isolated then default flatpaks.
I can’t verify the accuracy of their claims as it seems like they don’t include any sources and they don’t elaborate beyond that short paragraph. But after reading the entire article, they seem to know what they’re talking about in my unprofessional opinion. Given that I’ve yet to receive a clear, complete, and convincing answer to my questions, I’m inclined to take hanako at their word, at least for now.
On FF it’s even worse than on Chromium. They simply disable parts of the sandbox without a proper replacement. Don’t use FF- or Chromium-based browsers in Flatpak. Google doesn’t ship official Chrome on Flatpak for good reasons.
Flatpak and Snap, while sharing some similarities, for the most part they are pretty different in terms of sandboying. Firefox Snap on Ubuntu 22.04 seems to have Firefox’s sandbox properly working. So this should be good to use. Haven’t checked Snap Chromium browsers yet.
Snap’s main mechanism to confine applications is through Apparmor. Since you can’t use Apparmor and Selinux at the same time, Snaps on Selinux distros like Fedora won’t be properly confinement.