this post was submitted on 19 Feb 2022
6 points (100.0% liked)
Security
5005 readers
2 users here now
Confidentiality Integrity Availability
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Considering the amount of conflict of interests and scare with using browser, I think the only, least risky way is to use someone else's internet to browse or to use TUI browser.
Then again, a non-programmer (i.e. me) would be having difficulties in removing privacy and security threats. For each exploit patched, I'd reckon there would have been dozen more circulating around the dark net. It's a worry that has been looming behind my head. I think one of the more important aspects of security is to know what you are up against. It's far easier to be secure on the internet if your goal is defined as "not being hacked by script kiddies" rather than broadly defining "government-agency sponsored, state-level threat" stuff.
As long as you're not a billionaire, I think the minimum steps to undertake is to limit your use of the internet. Kinda scary for a layman like me to see the internet and see everywhere that each click can get you hacked. Again, that sort of stuff would most likely apply to high value targets anyways... which I am not.
The safety of TUI browsers is a bit overrated; most don't do any sandboxing of content whatsoever and are run in an unsandboxed environment. Both of these are important for a piece of software that only exists to parse untrusted content from the most hostile environment known (the Web).
Check a CVE database mirror for your favorite TUI browser; if it has a nontrivial number of users, it'll have some vulns to its name. Especially noteworthy is Elinks, which I absolutely don't recommend using.
Personally: to read webpage from the terminal, I pipe
curl
orrdrview
output intow3m
that's sandboxed using bubblewrap (bwrap(1)
); I wrote this script to simplify it. I use that script to preview HTML emails as well. The sandboxed w3m is forbidden from performing a variety of tasks, including connecting to the network;curl
handles that.