Browser security on Linux

Created: — modified: — tags: linux security

A good article that summarizes my own thoughts on hardening browser on Linux

4 Best Practices for Web Browser Security on Your Linux Workstation (archived copy).

tl;dr version is like this:

  1. Use different browsers for "trusted" websites and "rest of the world"

  2. Use firejail

  3. Isolate "trusted" and "others" graphic environments from each other

There is one thing I'd like to highlight, however: it's not your trusted browser you should put into a firejail sandbox, but an "untrusted" one. Because otherwise malicious apps, sitting in an untrusted browser, will be able to access your whole system, incluiding the sandboxed "trusted" browser.

I'd also consider using a separate machine for banking websites :-)