fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.8K
active users

#firejail

1 post1 participant0 posts today
gary<p>Why Avoid Binaries in Early-Stage Projects?</p><p> Auditability: Source code is readable, understandable, and can be version-controlled. Binaries (especially opaque ones) may include unknown payloads, telemetry, or hardcoded calls. <a href="https://infosec.exchange/tags/bubblewrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bubblewrap</span></a> <a href="https://infosec.exchange/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a></p>
Droppie [infosec] 🐨:archlinux: :kde: :firefox_nightly: :thunderbird: :vegan:​<p>This is a <strong><em>Second</em></strong> Test Toot to see if these <a href="https://infosec.space/tags/hashtags" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashtags</span></a> are, or are not, picked up in my [<a href="https://infosec.space/tags/Sharkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sharkey</span></a>] putative new alternative instance... [my first one was accidentally drafted &amp; sent as <code>Followers Only</code>, dopey damn dropbear 🙄🤦‍♀️]</p><p><a href="https://infosec.space/tags/AUR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AUR</span></a><br><a href="https://infosec.space/tags/AboutConfig" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AboutConfig</span></a><br><a href="https://infosec.space/tags/Arch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Arch</span></a><br><a href="https://infosec.space/tags/ArchInstall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchInstall</span></a><br><a href="https://infosec.space/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchLinux</span></a><br><a href="https://infosec.space/tags/Atheism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Atheism</span></a><br><a href="https://infosec.space/tags/AusPol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AusPol</span></a><br><a href="https://infosec.space/tags/DouglasAdams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DouglasAdams</span></a><br><a href="https://infosec.space/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a><br><a href="https://infosec.space/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a><br><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a><br><a href="https://infosec.space/tags/FirefoxBeta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirefoxBeta</span></a><br><a href="https://infosec.space/tags/FirefoxNightly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirefoxNightly</span></a><br><a href="https://infosec.space/tags/FirefoxSecondSidebar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirefoxSecondSidebar</span></a><br><a href="https://infosec.space/tags/Firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firejail</span></a><br><a href="https://infosec.space/tags/Floorp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Floorp</span></a><br><a href="https://infosec.space/tags/Friendica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Friendica</span></a><br><a href="https://infosec.space/tags/Gaia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gaia</span></a><br><a href="https://infosec.space/tags/GnuCash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuCash</span></a><br><a href="https://infosec.space/tags/Greens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Greens</span></a><br><a href="https://infosec.space/tags/HHGTTG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HHGTTG</span></a><br><a href="https://infosec.space/tags/KDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDE</span></a><br><a href="https://infosec.space/tags/KDELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDELinux</span></a><br><a href="https://infosec.space/tags/KDEOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDEOS</span></a><br><a href="https://infosec.space/tags/KDEPlasma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDEPlasma</span></a><br><a href="https://infosec.space/tags/KMyMoney" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KMyMoney</span></a><br><a href="https://infosec.space/tags/Kalpa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kalpa</span></a><br><a href="https://infosec.space/tags/Lesbian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lesbian</span></a><br><a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a><br><a href="https://infosec.space/tags/Misanthropy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misanthropy</span></a><br><a href="https://infosec.space/tags/Misogyny" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misogyny</span></a><br><a href="https://infosec.space/tags/MontyPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MontyPython</span></a><br><a href="https://infosec.space/tags/MontyPythonsFlyingCircus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MontyPythonsFlyingCircus</span></a><br><a href="https://infosec.space/tags/Nonsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nonsense</span></a><br><a href="https://infosec.space/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSUSE</span></a><br><a href="https://infosec.space/tags/Penguinistas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Penguinistas</span></a><br><a href="https://infosec.space/tags/Phanpy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phanpy</span></a><br><a href="https://infosec.space/tags/Plasma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Plasma</span></a><br><a href="https://infosec.space/tags/RenewableEnergy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RenewableEnergy</span></a><br><a href="https://infosec.space/tags/Sidebery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sidebery</span></a><br><a href="https://infosec.space/tags/Tillies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tillies</span></a><br><a href="https://infosec.space/tags/TreeStyleTab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TreeStyleTab</span></a><br><a href="https://infosec.space/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tumbleweed</span></a><br><a href="https://infosec.space/tags/Whimsy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Whimsy</span></a><br><a href="https://infosec.space/tags/ZenBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZenBrowser</span></a></p>
Droppie [infosec] 🐨:archlinux: :kde: :firefox_nightly: :thunderbird: :vegan:​<p><span class="h-card" translate="no"><a href="https://infosec.space/@MsDropbear42" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MsDropbear42</span></a></span> All fixed, all Foxes happy little campers again, woohoo. </p><p><a href="https://infosec.space/tags/Widevine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Widevine</span></a> <a href="https://infosec.space/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> <a href="https://infosec.space/tags/firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firefox</span></a> <a href="https://infosec.space/tags/firefoxnightly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firefoxnightly</span></a> <a href="https://infosec.space/tags/floorp12" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>floorp12</span></a></p>
5DNEWS PLAYSET<p>oniux!<br><a href="http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/introducing-oniux-tor-isolation-using-linux-namespaces/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="ellipsis">pzhdfe7jraknpj2qgu5cz2u3i4deuy</span><span class="invisible">fwmonvzu5i3nyw4t4bmg7o5pad.onion/introducing-oniux-tor-isolation-using-linux-namespaces/</span></a><br>hexchat and curl work</p><p>onionmasq<br><a href="https://gitlab.torproject.org/tpo/core/onionmasq" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gitlab.torproject.org/tpo/core</span><span class="invisible">/onionmasq</span></a><br>Experimentation Tips ---&gt;<br>Unless you’ve already got Debian Trixie set up, provided that <a href="https://defcon.social/tags/rustlang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rustlang</span></a> works best in the latest <a href="https://defcon.social/tags/environment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>environment</span></a> , I would recommend <a href="https://defcon.social/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a> for rustup and cargo. Be sure you run <a href="https://defcon.social/tags/AndroidStudio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidStudio</span></a> on baremetal for kvm <a href="https://defcon.social/tags/emulation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>emulation</span></a> to work properly for device profiles and then you can forget about nested virtualization.</p><p>Onionmasq looks like a better option for unblocking access while utilizing tor as much as possible than tor to ovpn (wireguard can’t do that). But the project is still under development. It would be nice to have a - -net=onion0 option work with <a href="https://defcon.social/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> but as you will notice with <a href="https://defcon.social/tags/oniux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oniux</span></a> , there is already a level of sandboxing active and ioctl (also RTNETLINK) is not configured to handle this new organization.</p><p><a href="https://defcon.social/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> <a href="https://defcon.social/tags/TorProject" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorProject</span></a> <a href="https://defcon.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://defcon.social/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a></p>
Marek<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@libreoffice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>libreoffice</span></a></span> I like LibreOffice because 1) it is intuitive to use, you don't have to read a manual to use basic functions; 2) it is trouble-free to use without Internet in a sandbox (firejail); 3) it can be extended with add-ons; 4) it can read proprietary formats, unfortunately sometimes necessary; 4) its range of functions allows you to have no disadvantages when using free software for word/table/presentation editing.</p><p><a href="https://layer8.space/tags/LibreOffice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreOffice</span></a> <a href="https://layer8.space/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a></p>
r1w1s1nice!!! I'm starting to use <a href="https://slackbuilds.org/repository/15.0/network/landrun/" rel="nofollow noopener" target="_blank">https://slackbuilds.org/repository/15.0/network/landrun/</a> on <a href="https://snac.bsd.cafe?t=slackware" class="mention hashtag" rel="nofollow noopener" target="_blank">#slackware</a> current.<br><br><a href="https://snac.bsd.cafe?t=landrun" class="mention hashtag" rel="nofollow noopener" target="_blank">#Landrun</a> (Think <a href="https://snac.bsd.cafe?t=firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#firejail</a>, but with kernel-level security and minimal overhead)<br><br>CC: <span class="h-card"><a href="https://fosstodon.org/users/frogfroggy" class="u-url mention" rel="nofollow noopener" target="_blank">@frogfroggy@fosstodon.org</a></span><br>
Pope Bob the Unsane<p>After taking the nickle tour of <a href="https://kolektiva.social/tags/Qubes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Qubes</span></a>, my hasty conclusion is that it is anti-<a href="https://kolektiva.social/tags/KISS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KISS</span></a>; there are seemingly many moving parts under the surface, and many scripts to grok to comprehend what is going on.</p><p>I plan to give it some more time, if only to unwrap how it launches programs in a VM and shares them with dom0's X server and audio and all that; perhaps it's easier than I think.</p><p>I also think <a href="https://kolektiva.social/tags/Xen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Xen</span></a> is a bit overkill, as the claim is that it has a smaller kernel and therefore smaller attack surface than the seemingly superior alternative, <a href="https://kolektiva.social/tags/KVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KVM</span></a>. Doing some rudimentary searching out of identified / known VM escapes, there seem to be many more that impact Xen than KVM, in the first place.</p><p>Sure, the <a href="https://kolektiva.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> kernel may be considerably larger than the Xen kernel, but it does not need to be (a lot can be trimmed from the Linux kernel if you want a more secure hypervisor), and the Linux kernel is arguably more heavily audited than the Xen kernel.</p><p>My primary concern is compartmentalization of 'the web', which is the single greatest threat to my system's security, and while <a href="https://kolektiva.social/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> is a great soltion, I have run into issues maintaining my qutebrowser.local and firefox.local files tuned to work well, and it's not the simplest of solutions.</p><p>Qubes offers great solutions to the compartmentalization of data and so on, and for that, I really like it, but I think it's over-kill, even for people that desire and benefit from its potential security model, given what the threats are against modern workstations, regardless of threat actor -- most people (I HOPE) don't have numerous vulnerable services listening on random ports waiting to be compromised by a remote threat.</p><p>So I am working to refine my own security model, with the lessons I'm learning from Qubes.</p><p>Up to this point, my way of using a system is a bit different than most. I have 2 non-root users, neither has sudo access, so I do the criminal thing and use root directly in a virtual terminal.</p><p>One user is my admin user that has ssh keys to various other systems, and on those systems, that user has sudo access. My normal user has access to some hosts, but not all, and has no elevated privileges at all.</p><p>Both users occasionally need to use the web. When I first learned about javascript, years and years ago, it was a very benevolent tool. It could alter the web page a bit, and make popups and other "useful" things.</p><p>At some point, <a href="https://kolektiva.social/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a> became a beast, a monster, something that was capable of scooping up your password database, your ssh keys, and probe your local networks with port scans.</p><p>In the name of convenience.</p><p>As a result, we have to take browser security more seriously, if we want to avoid compromise.</p><p>The path I'm exploring at the moment is to run a VM or two as a normal user, using KVM, and then using SSH X forwarding to run firefox from the VM which I can more easily firewall, and ensures if someone escapes my browser or abuses JS in a new and unique way, that no credentials are accessible, unless they are also capable of breaking out of the VM.</p><p>What else might I want to consider? I 'like' the concept of dom0 having zero network access, but I don't really see the threat actor that is stopping. Sure, if someone breaks from my VM, they can then call out to the internet, get a reverse shell, download some payloads or build tools, etc.</p><p>But if someone breaks out of a Qubes VM, they can basically do the same thing, right? Because they theoretically 'own' the hypervisor, and can restore network access to dom0 trivially, or otherwise get data onto it. Or am I mistaken?</p><p>Also, what would the <a href="https://kolektiva.social/tags/LXC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LXC</span></a> / <a href="https://kolektiva.social/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LXD</span></a> approach look like for something like this? What's its security record like, and would it provide an equivalent challenge to someone breaking out of a web browser (or other program I might use but am not thinking of at the moment)?</p>
Dokza<p>Just learned about sandboxing software called <a href="https://infosec.exchange/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> Moar security! As I play with things I don't understand do da do da.</p>
5DNEWS PLAYSET<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@LibreQoS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LibreQoS</span></a></span> <span class="h-card" translate="no"><a href="https://bird.makeup/users/mtaht" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mtaht</span></a></span> <br><a href="https://defcon.social/tags/TrafficShaping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrafficShaping</span></a> and <a href="https://defcon.social/tags/bandwidth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bandwidth</span></a><br>in <a href="https://defcon.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a><br><a href="https://tpo.pages.torproject.net/web/support/ga/relay-operators/bandwidth-shaping/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tpo.pages.torproject.net/web/s</span><span class="invisible">upport/ga/relay-operators/bandwidth-shaping/</span></a><br>in <a href="https://defcon.social/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a><br> <a href="https://www.pcsuggest.com/bandwidth-traffic-shaping-in-linux-with-firejail/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pcsuggest.com/bandwidth-traffi</span><span class="invisible">c-shaping-in-linux-with-firejail/</span></a><br>But why would you want to mess with QoS otherwise unless just to annoy your kid with a cellphone or home connection that is too slow to be useful?</p>
Droppie [infosec] 🐨:archlinux: :kde: :firefox_nightly: :thunderbird: :vegan:​<p>My Hashtag Dump [as part of my latest Instance-hop🤦‍♀️]</p><p><strong><em>LAST EDITED</em></strong> 23/4/25</p><p><a href="https://infosec.space/tags/FollowedHashtags" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FollowedHashtags</span></a></p><p><a href="https://infosec.space/tags/AUR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AUR</span></a><br><a href="https://infosec.space/tags/AboutConfig" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AboutConfig</span></a><br><a href="https://infosec.space/tags/AdvancedWebInterface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AdvancedWebInterface</span></a><br><a href="https://infosec.space/tags/AnnaMadrigal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnnaMadrigal</span></a><br><a href="https://infosec.space/tags/AnonsysNet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnonsysNet</span></a><br><a href="https://infosec.space/tags/Arch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Arch</span></a><br><a href="https://infosec.space/tags/ArchInstall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchInstall</span></a><br><a href="https://infosec.space/tags/ArchLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArchLinux</span></a><br><a href="https://infosec.space/tags/Archie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Archie</span></a><br><a href="https://infosec.space/tags/Archies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Archies</span></a><br><a href="https://infosec.space/tags/Atheism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Atheism</span></a><br><a href="https://infosec.space/tags/AusPol" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AusPol</span></a><br><a href="https://infosec.space/tags/Beatles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Beatles</span></a><br><a href="https://infosec.space/tags/Biodiversity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Biodiversity</span></a><br><a href="https://infosec.space/tags/BirdMakeup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BirdMakeup</span></a><br><a href="https://infosec.space/tags/CSLewis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSLewis</span></a><br><a href="https://infosec.space/tags/ChangeTheSystem" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChangeTheSystem</span></a><br><a href="https://infosec.space/tags/DarwinAwards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DarwinAwards</span></a><br><a href="https://infosec.space/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debian</span></a><br><a href="https://infosec.space/tags/Depression" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Depression</span></a><br><a href="https://infosec.space/tags/Distrobox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Distrobox</span></a><br><a href="https://infosec.space/tags/DouglasAdams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DouglasAdams</span></a><br><a href="https://infosec.space/tags/DrHelenMagnus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DrHelenMagnus</span></a><br><a href="https://infosec.space/tags/EnidBlyton" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EnidBlyton</span></a><br><a href="https://infosec.space/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a><br><a href="https://infosec.space/tags/FOSSemojis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSSemojis</span></a><br><a href="https://infosec.space/tags/FamousFive" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FamousFive</span></a><br><a href="https://infosec.space/tags/FediTips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediTips</span></a><br><a href="https://infosec.space/tags/Fedia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedia</span></a><br><a href="https://infosec.space/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fedora</span></a><br><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a><br><a href="https://infosec.space/tags/FirefoxBeta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirefoxBeta</span></a><br><a href="https://infosec.space/tags/FirefoxNightly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirefoxNightly</span></a><br><a href="https://infosec.space/tags/FirefoxSecondSidebar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirefoxSecondSidebar</span></a><br><a href="https://infosec.space/tags/Firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firejail</span></a><br><a href="https://infosec.space/tags/Floorp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Floorp</span></a><br><a href="https://infosec.space/tags/Friendica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Friendica</span></a><br><a href="https://infosec.space/tags/FriendicaHelp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FriendicaHelp</span></a><br><a href="https://infosec.space/tags/fsckALLreligion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fsckALLreligion</span></a><br><a href="https://infosec.space/tags/FsckChristoFascists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FsckChristoFascists</span></a><br><a href="https://infosec.space/tags/FsckRWNJs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FsckRWNJs</span></a><br><a href="https://infosec.space/tags/FsckThePatriarchy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FsckThePatriarchy</span></a><br><a href="https://infosec.space/tags/FuckAroundAndFindOut" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FuckAroundAndFindOut</span></a><br><a href="https://infosec.space/tags/Gaia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gaia</span></a><br><a href="https://infosec.space/tags/GilmoreGirls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GilmoreGirls</span></a><br><a href="https://infosec.space/tags/GlitchSoc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GlitchSoc</span></a><br><a href="https://infosec.space/tags/GlitchSocial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GlitchSocial</span></a><br><a href="https://infosec.space/tags/GnuCash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GnuCash</span></a><br><a href="https://infosec.space/tags/Grammar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Grammar</span></a><br><a href="https://infosec.space/tags/Greens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Greens</span></a><br><a href="https://infosec.space/tags/HHGTTG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HHGTTG</span></a><br><a href="https://infosec.space/tags/HumanRights" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanRights</span></a><br><a href="https://infosec.space/tags/InfosecExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfosecExchange</span></a><br><a href="https://infosec.space/tags/InfosecSpace" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfosecSpace</span></a><br><a href="https://infosec.space/tags/Insiders" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Insiders</span></a><br><a href="https://infosec.space/tags/JRRTolkien" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JRRTolkien</span></a><br><a href="https://infosec.space/tags/KDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDE</span></a><br><a href="https://infosec.space/tags/KDELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDELinux</span></a><br><a href="https://infosec.space/tags/KDEOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDEOS</span></a><br><a href="https://infosec.space/tags/KDEPlasma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KDEPlasma</span></a><br><a href="https://infosec.space/tags/KMyMoney" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KMyMoney</span></a><br><a href="https://infosec.space/tags/Kalpa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kalpa</span></a><br><a href="https://infosec.space/tags/Kbin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kbin</span></a><br><a href="https://infosec.space/tags/Kinoite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kinoite</span></a><br><a href="https://infosec.space/tags/KVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KVM</span></a><br><a href="https://infosec.space/tags/LauraTingle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LauraTingle</span></a><br><a href="https://infosec.space/tags/Lesbian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lesbian</span></a><br><a href="https://infosec.space/tags/LibreOffice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreOffice</span></a><br><a href="https://infosec.space/tags/LibVirt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibVirt</span></a><br><a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a><br><a href="https://infosec.space/tags/LinuxWomen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LinuxWomen</span></a><br><a href="https://infosec.space/tags/Logic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logic</span></a><br><a href="https://infosec.space/tags/MastoAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MastoAdmin</span></a><br><a href="https://infosec.space/tags/Matildas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Matildas</span></a><br><a href="https://infosec.space/tags/MichaelWestMedia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MichaelWestMedia</span></a><br><a href="https://infosec.space/tags/MicroOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicroOS</span></a><br><a href="https://infosec.space/tags/MicroOSDesktop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicroOSDesktop</span></a><br><a href="https://infosec.space/tags/Misanthropy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misanthropy</span></a><br><a href="https://infosec.space/tags/Misdirection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misdirection</span></a><br><a href="https://infosec.space/tags/Misogyny" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Misogyny</span></a><br><a href="https://infosec.space/tags/MontyPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MontyPython</span></a><br><a href="https://infosec.space/tags/MontyPythonsFlyingCircus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MontyPythonsFlyingCircus</span></a><br><a href="https://infosec.space/tags/MostlyHarmless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MostlyHarmless</span></a><br><a href="https://infosec.space/tags/MrsMadrigal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MrsMadrigal</span></a><br><a href="https://infosec.space/tags/Narnia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Narnia</span></a><br><a href="https://infosec.space/tags/NationStates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NationStates</span></a><br><a href="https://infosec.space/tags/Nihilism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nihilism</span></a><br><a href="https://infosec.space/tags/NoGooMe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NoGooMe</span></a><br><a href="https://infosec.space/tags/Nonsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nonsense</span></a><br><a href="https://infosec.space/tags/OhGreatProphetZarquon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OhGreatProphetZarquon</span></a><br><a href="https://infosec.space/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openSUSE</span></a><br><a href="https://infosec.space/tags/Overshoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Overshoot</span></a><br><a href="https://infosec.space/tags/Penguinistas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Penguinistas</span></a><br><a href="https://infosec.space/tags/Phanpy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phanpy</span></a><br><a href="https://infosec.space/tags/Plasma" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Plasma</span></a><br><a href="https://infosec.space/tags/ProgIndies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProgIndies</span></a><br><a href="https://infosec.space/tags/PulseBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PulseBrowser</span></a><br><a href="https://infosec.space/tags/QEMU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QEMU</span></a><br><a href="https://infosec.space/tags/RWNJs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RWNJs</span></a><br><a href="https://infosec.space/tags/RachelWithers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RachelWithers</span></a><br><a href="https://infosec.space/tags/RedFireAnts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedFireAnts</span></a><br><a href="https://infosec.space/tags/RenewableEnergy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RenewableEnergy</span></a><br><a href="https://infosec.space/tags/RightToProtest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RightToProtest</span></a><br><a href="https://infosec.space/tags/RippingYarns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RippingYarns</span></a><br><a href="https://infosec.space/tags/searX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>searX</span></a><br><a href="https://infosec.space/tags/Semantics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Semantics</span></a><br><a href="https://infosec.space/tags/Sengi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sengi</span></a><br><a href="https://infosec.space/tags/Sidebery" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sidebery</span></a><br><a href="https://infosec.space/tags/SlowMode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SlowMode</span></a><br><a href="https://infosec.space/tags/SocialPhobia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialPhobia</span></a><br><a href="https://infosec.space/tags/StateCapture" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StateCapture</span></a><br><a href="https://infosec.space/tags/Statuzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Statuzer</span></a><br><a href="https://infosec.space/tags/SteamEngine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SteamEngine</span></a><br><a href="https://infosec.space/tags/SteamLocomotive" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SteamLocomotive</span></a><br><a href="https://infosec.space/tags/SteamLocomotives" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SteamLocomotives</span></a><br><a href="https://infosec.space/tags/Stylus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Stylus</span></a><br><a href="https://infosec.space/tags/TheGolgafrinchamArkFleetShipB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheGolgafrinchamArkFleetShipB</span></a><br><a href="https://infosec.space/tags/TheGoons" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheGoons</span></a><br><a href="https://infosec.space/tags/TheGreatProphetZarquon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheGreatProphetZarquon</span></a><br><a href="https://infosec.space/tags/TheLordOfTheRings" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheLordOfTheRings</span></a><br><a href="https://infosec.space/tags/TheSpanishInquisition" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheSpanishInquisition</span></a><br><a href="https://infosec.space/tags/Tillies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tillies</span></a><br><a href="https://infosec.space/tags/TreeStyleTab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TreeStyleTab</span></a><br><a href="https://infosec.space/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tumbleweed</span></a><br><a href="https://infosec.space/tags/UniversalBlueAurora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UniversalBlueAurora</span></a><br><a href="https://infosec.space/tags/UserJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UserJS</span></a><br><a href="https://infosec.space/tags/VM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VM</span></a><br><a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a><br><a href="https://infosec.space/tags/VerticalTabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VerticalTabs</span></a><br><a href="https://infosec.space/tags/VirtManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VirtManager</span></a><br><a href="https://infosec.space/tags/Wayland" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wayland</span></a><br><a href="https://infosec.space/tags/WeAreSelfishCruelBastards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeAreSelfishCruelBastards</span></a><br><a href="https://infosec.space/tags/WeAreTotallyFscked" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeAreTotallyFscked</span></a><br><a href="https://infosec.space/tags/Whimsy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Whimsy</span></a><br><a href="https://infosec.space/tags/WindowRules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowRules</span></a><br><a href="https://infosec.space/tags/Xfce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Xfce</span></a><br><a href="https://infosec.space/tags/YellowCrazyAnts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YellowCrazyAnts</span></a><br><a href="https://infosec.space/tags/ZenBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZenBrowser</span></a></p><p><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/aur" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-aur</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/arch" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-arch</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/archlinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-archlinux</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/distrobox" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-distrobox</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/firefoxnightly" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-firefoxnightly</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/friendicahelp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-friendicahelp</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/fsckallreligion" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-fsckallreligion</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/fsckchristofascists" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-fsckchristofascists</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/fsckrwnjs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-fsckrwnjs</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/fsckthepatriarchy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-fsckthepatriarchy</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/gnucash" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-gnucash</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/hhgttg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-hhgttg</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/kmymoney" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-kmymoney</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/lesbian" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-lesbian</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/linuxwomen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-linuxwomen</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/montypython" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-montypython</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/mostlyharmless" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-mostlyharmless</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/penguinistas" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-penguinistas</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/sengi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-sengi</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/statuzer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-statuzer</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/weareselfishcruelbastards" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-weareselfishcruelbastards</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/wearetotallyfscked" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-wearetotallyfscked</span></a></span><br><span class="h-card" translate="no"><a href="https://relay.fedi.buzz/tag/whimsy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tag-whimsy</span></a></span></p>
Yvan<p>That aside, this <a href="https://toot.ale.gd/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> definitely seems to be the way forward. I have a whole other <a href="https://toot.ale.gd/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> profile running in its own little filesystem with its whole own configuration which is only going to be used for a Google login I use for basic-bitch email and YouTube. And no Google login shall ever touch my main/local Firefox which shall only log into my own mail/mastodon/etc services. (Though I'm tempted to jail that too now lol.. thow'em all in gaol!!)</p><p>I see Firefox defaults to Google search (fixed, now DDG) and has a bunch of sponsored shit on the "home" page (turned off recommended/sponsored stories and shortcuts)</p><p>"Enhancer for YouTube" successfully stops autoplaying in new tabs, background tabs, and also even with internal YouTube clicks - this alone is a big win from moving away from Chrome. Oooo... it has a "hide shorts" option, it works, they're all gone, hurrah!</p>
5DNEWS PLAYSET<p>Would it not be fair to say that <a href="https://defcon.social/tags/vanguards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vanguards</span></a> is the <a href="https://defcon.social/tags/fdns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fdns</span></a> of <a href="https://defcon.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> ? </p><p><a href="https://defcon.social/tags/netblue" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netblue</span></a> <a href="https://defcon.social/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> and <a href="https://defcon.social/tags/mikePerry" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mikePerry</span></a> really should talk to each other if they haven't already.</p><p>lots of factors come into play. There isn't just one easy solution that works for everything online. There are levels of tor just like there are levels of dns filtering and control.</p><p>****** Why have local storage if you have a secure and accessible global commons? Because there will never be enough of one, just more fences on the prairie? Could you keep out a Tailored Access APT even if you were primarily locally owned? *****</p><p>I wonder why p2p like i2p and yggdrasil have remained less developed than tor or dns. Has anyone got the i2p config to work well with ygg or torsocks as was envisioned?</p><p><a href="https://defcon.social/tags/obliviousDNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>obliviousDNS</span></a> is new and interesting R&amp;D. </p><p><a href="https://defcon.social/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> has definite flaws. Often acts more like a vector than a security.</p><p><a href="https://defcon.social/tags/Veilid" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Veilid</span></a> looks promising with <a href="https://defcon.social/tags/IPFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPFS</span></a> and the anonymity design. But it might end up like i2p, freenet, or yggdrasil without more development. Technologies like tor's <a href="https://defcon.social/tags/onionshare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onionshare</span></a> (which requires agreed upon share time) or ricochet-refresh <a href="https://defcon.social/tags/gosling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gosling</span></a> (<a href="https://defcon.social/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rust</span></a>) are useful if you don't want upload/download from 3rd party drives and the cloud. Everyone finds a need to share hefty files from time to time unless you like passing USB sticks around.</p>
MiKlo:~/citizen4.eu$💙💛<span class="h-card"><a href="https://pol.social/users/stfn" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stfn</span></a></span> <span class="h-card"><a href="https://kolektiva.social/users/olgamatna" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>olgamatna</span></a></span> <span class="h-card"><a href="https://pol.social/users/thebluemarble" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thebluemarble</span></a></span><br>Ja bym powiedział że nie tyle ze snapami (chociaż też...) co z tym jak <a href="https://soc.citizen4.eu/search?tag=Canonical" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Canonical</span></a> próbuje je popularyzować jednocześnie trzymając łapę na ich dystrybucji.<br>Może to stary tekst ale w sumie chyba nadal aktualny: <a href="https://www.happyassassin.net/posts/2016/06/16/on-snappy-and-flatpak-business-as-usual-in-the-canonical-propaganda-department/" rel="nofollow noopener" target="_blank">www.happyassassin.net/posts/20…</a><br>Z punktu widzenia neutralności to zbliżony do niego flatpack wydaje się być lepszy.<br>Ja jestem wolny od snapów bo nawet gdyby mi to przyszło do głowy to dystrybucja bez systemd mi to skutecznie uniemożliwia.<br>Sandboxowanie aplikacji można robić równie dobrze inaczej (ja: <a href="https://soc.citizen4.eu/search?tag=firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> ) , tak samo pakowanie aplikacji żeby były przenośne (ja: <a href="https://soc.citizen4.eu/search?tag=AppImage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppImage</span></a> ).
5DNEWS PLAYSET<p>some <a href="https://defcon.social/tags/github" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>github</span></a> favorites</p><p>Iodine (make server for proxy &amp; captive portal)<br><a href="https://github.com/yarrick/iodine" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/yarrick/iodine</span><span class="invisible"></span></a></p><p>Macchiato (more sophisticated MAC changer)<br><a href="https://github.com/EtiennePerot/macchiato" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/EtiennePerot/macchi</span><span class="invisible">ato</span></a></p><p>FDNS ( <a href="https://defcon.social/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> ) -- works well against trackers and fully encrypted, shows cached<br><a href="https://github.com/netblue30/fdns" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/netblue30/fdns</span><span class="invisible"></span></a></p><p><a href="https://defcon.social/tags/I2P" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>I2P</span></a> -- not always robust but interesting p2p network<br><a href="https://github.com/i2p" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/i2p</span><span class="invisible"></span></a></p><p><a href="https://defcon.social/tags/Kloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kloak</span></a> (for eepsites - neither Whonix nor TAILS have integrated keystroke anonymization)<br><a href="https://github.com/vmonaco/kloak" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/vmonaco/kloak</span><span class="invisible"></span></a><br>Amnesiac I2P OS<br><a href="https://github.com/umutcamliyurt/Flidgrix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/umutcamliyurt/Flidg</span><span class="invisible">rix</span></a></p>
🏁⚡Omar Two Tone⚡🏁:verified:<p>Application <a href="https://ioc.exchange/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a> with <a href="https://ioc.exchange/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a> in linux 👇 🗃️ 📦 </p><p><a href="https://www.linuxnix.com/application-sandboxing-with-firejail-in-linux/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linuxnix.com/application-sandb</span><span class="invisible">oxing-with-firejail-in-linux/</span></a></p>
DXC://0<p>Hello ! </p><p>I would like to have some feedback from the community on hardening on Archlinux, I tried to implement mitigation measures on my daily machine</p><p>firewalld (strict)<br>AppArmor (max possible)<br>Firejail (all apps)<br>Wireguard VPN (to proton with autoconnect)<br>Custom DNS<br>Double VPN encapsulation for Librewolf<br>Extensions<br>Disk encryption <br>Flatseal</p><p>Any ideas of what else can be done without affecting normal use ? <br>I'm sure I missed something :)</p><p><a href="https://mastodon.social/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardening</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Arch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Arch</span></a> <a href="https://mastodon.social/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://mastodon.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandbox</span></a> <a href="https://mastodon.social/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>firejail</span></a></p>

#sydbox's goal is to make #security #accessible which means secure defaults and _not_ assuming your users are experts. I'm not an expert either, I wouldn't even call myself a novice but for the past 16 years, most of my free time was spent to learn more, to improve #sydbox. Hence, downright demotivating comments such as this based purely on a random HN article without even looking at the docs is just sad, especially coming from a fellow #sandbox dev, github.com/netblue30/firejail/ #firejail #linux

GitHubCan we investigate the syd project? · netblue30 firejail · Discussion #6411Maybe some mitigations techniques we can take and reproduce in firejail. https://rentry.co/DSRsecuritycoursepart2#syd-the-perhaps-most-sophisticated-sandbox-for-linux https://man.exherbolinux.org/s...
Replied in thread

@hyakinthos

Are you referring to these:

github.com/AsamK/signal-cli/is

gitlab.torproject.org/tpo/core

You could create issues on their GitLab project.

"My top choice is actually to use #Firejail with the --net option pointing to a Tor middlebox (which is not a separate box but just a config that yields a virtual eth0 replacement device)."

I'm curious, tell me more. How does it work, what is its structure, and which operating systems are in use 🤔

GitHubproblem connecting over Tor · Issue #614 · AsamK/signal-cliBy islandtrail