Ask Slashdot: Most Secure Browser In an Age of Surveillance? 391
An anonymous reader writes "With the discovery that the NSA may be gathering extensive amounts of data, and the evidence suggesting makers of some of the most popular browsers may be in on the action, I am more than a little wary of which web browser to use. Thus, I pose a question to the community: is there a 'most secure' browser in terms of avoiding personal data collection? Assuming we all know by know how to 'safely' browse the internet (don't click on that ad offering to free your computer of infections) what can the lay person do have a modicum of protection, or at least peace of mind?"
Tor Browser Bundle (TBB) R/O system (Score:5, Interesting)
A LiveCD with TBB:
https://www.torproject.org/ [torproject.org]
for LiveDVD/USB preconfigured not to leak try TAILS:
https://tails.boum.org/ [boum.org]
in both instances unplug your HDD(s) before use.
Re:Internet Explorer (Score:4, Interesting)
Re:No such thing (Score:5, Interesting)
I was thinking Incognito/TAILS, exactly. Those guys seem incredibly serious about privacy and security. I haven't messed a whole lot with it myself lack of memory, no discs to spare, runs like crap in a VM...), but I recall it even featured Tor and a Tor Firefox extension and it had strict rules about *not* allowing certain "convenience" features in the name of privacy (ie. swap partition). No doubt, with security features and precautions like those, its Firefox browser is probably locked tight as hell by default.
Aside from this, I figure with all the extensions available and some additional services, you could help to protect yourself. You could start by doing the usual in your browser (disable third-party cookies, install the Adblock Plus, NoScript and DoNotTrackMe extensions, etc.). Reduce your reliance on American companies and/or servers. Example: Since Google's going to be killing off Talk/XMPP support, I decided to look around for alternatives, and chose many XMPP servers to test and decide which one to use. I originally was interested in performance and was going to choose one closest to me, in my own country if possible (the United States). Now, I am almost 100% certain my primary XMPP account will *not* be on an American server, unless I happen to decide to try my hand at setting up and maintaining my own XMPP server.
And... services. Obviously Tor can work as in Incognito if you want to use that, but another option would be a VNC provider. Specifically, one that respects your privacy (ie. does not store any more log data than they need to operate), and possible more importantly--again--one that is not in the United States. I'm not sure of a good VNC provider, but I can say that it's pretty pathetic when you are forced to subscribe to and pay a foreign provider just to try to ensure your own privacy. But, well, it looks like the U.S. government has no end in sight when it comes to royally fucking up own economy.
And last... you run Windows? Mac? Might want to change your operating system. It's already been discovered that various U.S. government agencies have deals with Microsoft to learn about zero-day exploits before anyone else in the world... who knows what other deals they might have, or what other American companies also have deals. Definite possibility of backdoors as well.
The real problem is that PRISM works (from what I can understand) by splitting the signal in between, for example, Microsoft's or Google's servers and their respective ISPs (Steve Gibson brings some pretty good points in a recent episode of Security Now). This means they get *everything*, so if it's encrypted (https:// for example) the government *may* not be able to read the data itself as it's transferred for storage in their own top-secret storage rooms... but they can definitely look at the activity to find out what IP address communications are between at any given time (or... just ask the company running the servers who that user is).
Failure of Premise (Score:5, Interesting)
OP says "what browser should I use" I automatically add "for the Facebooks".
Here's the low-down:
That's just off the top of my head. The software you use to disclose the information isn't the problem - you are.
Re:Internet Explorer (Score:5, Interesting)
They at least get early Zero-Day access. I'm guessing they have more.
http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/
MS gives advance information about security patches to AV vendors. The intention is to allow those AV vendors to create scanning signatures which will enable AV products to pick up the attacks. Attackers have show a lazy tendency to just reverse engineer patches instead of finding vulnerabilities themselves. Less than 1% of attacks are zero-day attacks these days.
Some of AV vendors that receive such vulnerability information are foreign companies. Yes. Some of those AV companies are Chinese.
Is it not reasonable to afford the NSA the same advance warning? The advance warning is a few days before the patch is made public, around the same time that the public receive advance notification (with less details than the AV companies and NSA). It is not like they have months to exploit it.
But tinfoil hatters and Microsoft haters always spin it as something nefarious. There is *nothing* to suggest that there are NSA backdoors in Windows or any other OS for that matter.
wget (Score:2, Interesting)
wget -m -k -K -E -l 1000 -t 3 -w 1 http://www.website.com/
Then after waiting a while (ok, maybe a long while), open the page/articles you *really* wanted to read in a text editor. Sure, the NSA might know which *site* you visited through normal spying means, but they'll never figure out which *page* you were really after.
Of course, they might think you read all the pages, and spend a few million dollars of taxpayer money trying to determine whether it's possible for someone to read 1 page per second and whether that implies terrorist connections, but they're clearly already misusing your tax dollars so you shouldn't really care if they misuse some more.
Chrome phones home with ID code (Score:4, Interesting)
Except that Chrome phones home the first time you start it up to check for upgrades. This has the unfortunate 'effect' of informing Google of the browser ID at this IP address, and as a consequence it informs the NSA of the linkage of browser ID and IP address.
Post NSA, I try to avoid Google services. They try to grab data for themselves, but in the process grab it for the NSA, and if the choice is NSA+Google or no Google, then I go without Google.
I opt for Firefox with the 'check for updates' turned to manual checks.
It's a minor thing, but it helps in as much that the choice of browser can help (not much if you're in the USA, quite a bit if you're not and behind an ISP NAT).
Re:Internet Explorer (Score:3, Interesting)
Of course you can win. All you have do is to build up a massive surveillance system yourself. Then you know exactly who is trying to listen to you with which methods, and can enact appropriate counter measures. :-)
Re:Internet Explorer (Score:4, Interesting)
That said...from a "standards compliance" perspective, IE has made some marginal improvements. Marginal. At best.
Re:Internet Explorer (Score:5, Interesting)
Not enough, apparently.
Only two posts celebrating MS security since he's opened his account a few days ago is far too few.
Even if those two are the only posts he's made as yet.
Re: Lynx (Score:2, Interesting)
Exactly what I was thinking. Which is why I would recommend netsurf. It's fast, functional, and can use frame buffer. It does not have flash or java script and uses its own rendering system.