My Keyoxide Idendity:

aspe:keyoxide.org:TJXAWXPMSAG6VPARJQRWNB2TPA

  • 64 Posts
  • 1.59K Comments
Joined 8 months ago
cake
Cake day: April 11th, 2024

help-circle






  • Yeah because Flatpak firefox is damn insecure!

    Please dont use it. Firefox devs dont care. Flatpak restricts browsers from spawning “user namespace” sandboxes for filesystem isolation.

    Chromium uses a fork server (zygote) and breaks when it cannot spawn these sandboxes. So developers created zypak, which allows to isolate processes using bubblewrap, the Flatpak sandbox.

    Firefox just runs without a sandbox, and doesnt have a fork server, so nobody cares.

    Without process isolation, you have less duplicated content. This saves space but IT IS INSECURE.

    Please use a non-Flatpak Firefox version.

    There is no reason why a “Zen Browser” should use less RAM than Firefox.


    • use a non sudo user for the user
    • somehow get the IP address of that laptop all the time. There are dynDNS solutions like this where the client just needs to automatically download a certain file daily and you know his IP, my implementation is here.
    • have ssh access to root with a ssh key. The usual hardening, fail2ban, block using passwords
    • open the port for ssh on the clients system

    If something goes wrong, login via ssh (you know the dynamically changing IP) and remove a directory or the entire user.

    You cannot avoid that a user would copy files from there to a usb stick. Well you could, by using usbguard. Works really well in my experience, just prevent nonsudo users from adding new devices.

    And then you need to prevent the user from booting another system, or taking out the SSD and reading it. TPM and boot lock is the right thing here, what Max-P wrote.












  • What would you expect?

    The tor network has more common stuff, drugs etc.

    I2p meanwhile is just really good for anonymity. I think using it for messengers is the best use. I was able to find a bunch of stuff, and yes unlike the dark web this would mostly be also there on the clearnet, mainly because there is no such business on i2p I guess

    Just random people offering services for free, a few pads, pastebins, fileservers

    You can find quite some cool stuff actually, but I think the main advantage is using it for messaging

    And unlike i2p, i2pd also doesnt really use much battery? I could totally keep that on all day