Created: 2017-05-10 — modified: 2017-05-11 — tags: Linux security
A Linux.com article I totally agree with
A good article that summarizes my own thoughts on hardening browser on Linux:
tl;dr version is like this:
Use different browsers for "trusted" websites and "rest of the world"
Isolate "trusted" and "others" graphic environments from each other.
There is one thing I'd like to highlight, however: it's not your trusted browser you should put into a firejail sandbox, but an "untrusted" one. Because otherwise malicious apps, sitting in an untrusted browser, will be able to access your whole system, incluiding the sandboxed "trusted" browser.
I'd also consider using a separate machine for banking websites :-)