Slashdot Mirror
Ask Slashdot: Most Secure Browser In an Age of Surveillance?
An anonymous reader writes "With the discovery that the NSA may be gathering extensive amounts of data, and the evidence suggesting makers of some of the most popular browsers may be in on the action, I am more than a little wary of which web browser to use. Thus, I pose a question to the community: is there a 'most secure' browser in terms of avoiding personal data collection? Assuming we all know by know how to 'safely' browse the internet (don't click on that ad offering to free your computer of infections) what can the lay person do have a modicum of protection, or at least peace of mind?"
I'll be uncharacteristically calm here, and ask that someone provide this, "evidence suggesting makers of some of the most popular browsers may be in on the action."
And in any case, let's be realistic. The NSA doesn't really need help from your browser if they're watching all your traffic. :p
Yes, but how do you know that MS hasn't inserted a nice big back-door for the spooks?
From a "security" perspective, you'll have to go with an open-source browser -- but even that's not a guarantee.
To be sure, you'll have to compile it yourself from a set of source files that you have gone through with a fine-toothed comb, checking each line for any chance of hidden functionality.
Oh, come to think of it -- you'll also have to assemble all the libraries from similarly vetted sources -- oh, and that means you'll need to use a compiler you've built from vetted sources -- but hey, that would involve using another compiler that could already be compromised so...
You'll have to hand-code (from source to binary) every bite of the compiler you use and then type it in through a BIOS that you've also hand coded -- entering the BIOS code through a set of toggle switches on the front panel.
Bottom line -- you don't *know* for sure that *any* browser is going to be secure.
Security should begin at the hardware level, the kernel should be inaccessible from a hardware perspective. The next best thing is a complete secure OS, so your options are limited to something like TAILS.
https://tails.boum.org/
I wouldn't say its 100% secure, its certainly not, but it does raise the bar a little and for them to use anything against you, they would need to admit to having the ability to break encryption. That's not going to happen. That said, always be careful as it will be used in other ways should it be required.
Other than that, there is no such thing as "safe".
Face it, who's going to bother writing anything to exploit flaws in lynx? It just isn't worth it.
Well he is technically correct. IE is as of version 10 actually a good browser. The only problem is that it's only available on Windows and the source code is not available under an open source license. If both of these were false I then I wouldn't mind running it.
... the snooping is done on your ISP's backbone, and the browser you use makes little difference. Government level snooping is a whole different kettle of fish to bad companies stealing info from you via tracking cookies.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Considering that the internet transmits your public IP address in every header you send across the internet and also contains the IP address of the destination, there is no way for you to hide what sites you visit without going through a proxy server. As far as I know, Header information in every packet is plain text and there is no way to encrypt that because if it was encrypted then no router would be able to forward your packets onto the next step in its final destination. So your browser, e-mail program, or anything else that sends and receives data through the internet is going to leave a trail for the government to potentially record. It may not lead back to you specifically, but it will lead to someone in your household or in your neighborhood that is using your wi-fi for internet access, provided you haven't locked down your wi-fi. If you have locked down your wi-fi then the government can claim it was only you, someone in your household or someone you have given your wi-fi password to, which significantly lowers their potential suspects or targets.
If you send everything you do through a proxy server with a vpn connection to the proxy, then that has a very good chance of making you mostly anonymous. However, a warrant and the cooperation of the proxy service owner might make it possible for the government to still connect the dots back to you. Also, sending everything through a proxy server with all the non-routing information encrypted (via vpn) may actually lead to you being watched more closely then if you don't.
If what you are really after is encryption of the contents of what you see and do on the internet, your best bet is probably still a VPN through a proxy server. Especially since SSL and some of the other methods for encrypting data between two end points on the internet aren't as secure as they were once thought to be. I don't know of anyone that has come up with a replacement for SSL that has been adopted by very many content providers. And even if the web browsers may have adopted some new security encryption scheme, it won't be effective until most if not all content providers also adopt and implement it.
So you fix your browser .. are you also going to fix your ISP, whoever they buy their feed from etc etc until you get all the way to the actual web server? And how do you know to trust them?
Or are you going to build your own internet ,. with hookers and blackjack?
I am Slashdot. Are you Slashdot as well?
None of the browsers will protect you from surveillance.
Work on the basis that your ISP is compromised and that the web services you use have shared their databases with Government agencies. When you consider this, changing your browser is going to have little to no impact.
I think the only way you can really be secure from surveillance is to use the tor browser and only use web services which can't trace you. So, no Google, Apple, social networking or any of the cool stuff we take for granted these days.
Backup not found: (A)bort (R)etry (P)anic
That's what people said about IE5 & 6 at the time they were released and look how that turned out. Those who forget the lessons of history are doomed to repeat them.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Doing what you prescribe will do the very thing that you are trying to avoid - get you on the NSA's list of people who are probably not American and must be up to something really interesting.
http://yro.slashdot.org/story/13/06/21/1443204/use-tor-get-targeted-by-the-nsa
When IE6 came out, it was competing with Netscape 4. I don't think i need to elaborate too much on that, those who were around back then can confirm how not great netscape 4 was.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I always love how people simultaneously believe that the NSA is so technically brilliant that it can collect and analyze every message sent by every random person on earth, but also so stupid that they name their secret backdoor key _NSAKEY.
Life needs more saving throws.
Which is exactly the point, if enough people start using IE again that competition is effectively eliminated they will almost certainly cease development while encouraging the creation of ie-only websites to lock users in. This is called "bad faith".
Having experienced this in the past, i have no desire to experience it again and thus won't use any version of IE wether it's a decent browser or not.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Some of those AV companies are Chinese.
Care to list out the name of the AV companies which are owned and/or operated by the CHINESE ??
I am interested in factual information, not fear mongering !!
The MAPP program is public. You can find the list of MAPP partners at Microsoft Security Response Center
Huawei is there, as well as several Beijing companies.
My emphasis on Chinese was tongue-in-cheek. They get a few days advantage to develop scanning signatures. Yes, some of them may go rogue or (more likely) some of the employees. I would think that is why they only get a few days head start and not several months.
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
You are 100% right friend and for those that want a REAL education in what you are potentially up against I urge you all to go take a good hard look at the entries in the various obfuscated C contests and then realize this...you know for a FACT there is malware in those, yet it is DAMN HARD to spot it. Now think about how you have the endless budgets of governments wanting to spy on their citizens and each other and you have those that create malicious code as a business.
At the end of the day all you can do is keep an eye on your browser and network traffic, see who it is hooking up to, when and why, because with THAT much money involved if a government or group with nefarious intent truly wanted to backdoor a program or even an OS they CAN do so without too much effort required. with the proprietary companies they can just flash a badge and get what they want and with a FOSS project or OS...how many of the projects are gonna turn down a highly skilled coder that volunteers?
ACs don't waste your time replying, your posts are never seen by me.
You forgot that you also have to craft your own CPU.
Ever wondered why CPU's didn't get any faster than 3.5 to 4 GHz?
That's right, the NSA has since crammed in so many "features" that it became technically impossible to make them run any faster.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
You don't have to compile Firefox from source. If an open source product has an NSA backdoor, it only takes ONE user to bring down the entire product, or the Mozilla Foundation in the example, and shame them forever. This in itself is a guarantee.
Assuming that it's clear that it's a backdoor, as opposed to something that appears to be an ordinary security bug.
Your "secure browser" can be compromised by the Operating System. The Operating System can be compromised by the hardware.
The safest way to do your computing is to make all your own chips, assemble it yourself, and write your own OS. Even then you're subject to Man-in-the-Middle attacks, so you're going to have to go lay all your own fiber and do it all over again for those on the other side.