Hacker News new | ask | show | jobs
by walterbell 3229 days ago
Forks (or old versions of Firefox + extensions) can be run in isolated VMs on platforms like Qubes.
1 comments
4c2383f5c88e911 3229 days ago
That's kind of a moot point when your browser handles most of your online interactions (and therefore a good chunk of your online identity, which is quite valuable to most people). Even if you isolate it as much as you can, which is a good thing to do in any case, it can still do a lot of damage without escaping the sandbox.
link
walterbell 3229 days ago
Yes, usage of isolated browser instances should be restricted to information within a single context or risk profile. E.g. a stateless, frequently rebooted VM for occasional use of a particular extension. Or a Bromium micro-VM for each tab, redirect, etc.
link
testestx 3229 days ago
This is totally impractical, or people would be already doing this when using other browsers as a defense in depth thing.
link
walterbell 3229 days ago
Bromium claims to be seamless to end-users, but it's not available to consumers, except on some HP devices, https://www.theregister.co.uk/2017/02/13/hp_bromium_virtuali...

As for practicality, if your daily workflow involves a browser extension that has no replacement, the options are:

  - stop doing the task
  - all browsing with insecure browser, no isolation
  - single task with insecure browser, no isolation
  - single task with insecure browser, some isolation
Most people will do #2 or #3. Those who care about security will do #4, with quality of isolation dependent on their threat model.
link