Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Most Secure Browser In an Age of Surveillance?

Posted by Soulskill on from the lynx-seems-pretty-safe dept.

An anonymous reader writes "With the discovery that the NSA may be gathering extensive amounts of data, and the evidence suggesting makers of some of the most popular browsers may be in on the action, I am more than a little wary of which web browser to use. Thus, I pose a question to the community: is there a 'most secure' browser in terms of avoiding personal data collection? Assuming we all know by know how to 'safely' browse the internet (don't click on that ad offering to free your computer of infections) what can the lay person do have a modicum of protection, or at least peace of mind?"

21 of 391 comments (clear)

  1. Internet Explorer by futuramasd · · Score: 5, Funny

    IE10 and 11 are superb browses. They containing many very good tactics to secure the browser and computer, for example, true sandboxing and JIT hardening. Most other browsers don't come even close.

    Secondly, the sandboxing means that IE is usually able to block an attack on plug-ins like the Flash Player and JAVA VM. This alone makes surfing with IE remarkably safe.

    IE really is an different kind of beast in the sea of mediocre browsers. It has come long way and is aiming for the top.

    - John Futura
    Security Consultant

    1. Re:Internet Explorer by NewtonsLaw · · Score: 5, Insightful

      Yes, but how do you know that MS hasn't inserted a nice big back-door for the spooks?

      From a "security" perspective, you'll have to go with an open-source browser -- but even that's not a guarantee.

      To be sure, you'll have to compile it yourself from a set of source files that you have gone through with a fine-toothed comb, checking each line for any chance of hidden functionality.

      Oh, come to think of it -- you'll also have to assemble all the libraries from similarly vetted sources -- oh, and that means you'll need to use a compiler you've built from vetted sources -- but hey, that would involve using another compiler that could already be compromised so...

      You'll have to hand-code (from source to binary) every bite of the compiler you use and then type it in through a BIOS that you've also hand coded -- entering the BIOS code through a set of toggle switches on the front panel.

      Bottom line -- you don't *know* for sure that *any* browser is going to be secure.

    2. Re:Internet Explorer by kthreadd · · Score: 5, Insightful

      Well he is technically correct. IE is as of version 10 actually a good browser. The only problem is that it's only available on Windows and the source code is not available under an open source license. If both of these were false I then I wouldn't mind running it.

    3. Re:Internet Explorer by smash · · Score: 5, Informative

      When the backbone is compromised, you're pretty much fucked unless you run strong encryption everywhere and obfuscate who you are talking to. Irrespective of whether your browser is open source - if it doesn't do the above, you're boned.

      --
      I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    4. Re:Internet Explorer by Anonymous Coward · · Score: 5, Informative

      They at least get early Zero-Day access. I'm guessing they have more.

      http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-microsoft-others/

    5. Re:Internet Explorer by cyssero · · Score: 5, Informative

      Rising are a Chinese company listed as an anti-virus partner by Microsoft.

    6. Re:Internet Explorer by Anonymous Coward · · Score: 5, Informative

      Ah.. an anti-ms troll still stick in 1999. _NSAKEY has nothing to do with backdoors. Its understandable that non-technical simpletons would mistake it as such.

      http://www.schneier.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryptoAPI

    7. Re:Internet Explorer by Grashnak · · Score: 5, Insightful

      I always love how people simultaneously believe that the NSA is so technically brilliant that it can collect and analyze every message sent by every random person on earth, but also so stupid that they name their secret backdoor key _NSAKEY.

      --
      Life needs more saving throws.
    8. Re:Internet Explorer by benjymouse · · Score: 5, Insightful

      Some of those AV companies are Chinese.

      Care to list out the name of the AV companies which are owned and/or operated by the CHINESE ??

      I am interested in factual information, not fear mongering !!

      The MAPP program is public. You can find the list of MAPP partners at Microsoft Security Response Center

      Huawei is there, as well as several Beijing companies.

      My emphasis on Chinese was tongue-in-cheek. They get a few days advantage to develop scanning signatures. Yes, some of them may go rogue or (more likely) some of the employees. I would think that is why they only get a few days head start and not several months.

      --
      Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
  2. Well... by Anonymous Coward · · Score: 5, Insightful

    I'll be uncharacteristically calm here, and ask that someone provide this, "evidence suggesting makers of some of the most popular browsers may be in on the action."

    And in any case, let's be realistic. The NSA doesn't really need help from your browser if they're watching all your traffic. :p

  3. No such thing by Anonymous Coward · · Score: 5, Insightful

    Security should begin at the hardware level, the kernel should be inaccessible from a hardware perspective. The next best thing is a complete secure OS, so your options are limited to something like TAILS.

    https://tails.boum.org/

    I wouldn't say its 100% secure, its certainly not, but it does raise the bar a little and for them to use anything against you, they would need to admit to having the ability to break encryption. That's not going to happen. That said, always be careful as it will be used in other ways should it be required.

    Other than that, there is no such thing as "safe".

    1. Re:No such thing by UltraZelda64 · · Score: 5, Interesting

      I was thinking Incognito/TAILS, exactly. Those guys seem incredibly serious about privacy and security. I haven't messed a whole lot with it myself lack of memory, no discs to spare, runs like crap in a VM...), but I recall it even featured Tor and a Tor Firefox extension and it had strict rules about *not* allowing certain "convenience" features in the name of privacy (ie. swap partition). No doubt, with security features and precautions like those, its Firefox browser is probably locked tight as hell by default.

      Aside from this, I figure with all the extensions available and some additional services, you could help to protect yourself. You could start by doing the usual in your browser (disable third-party cookies, install the Adblock Plus, NoScript and DoNotTrackMe extensions, etc.). Reduce your reliance on American companies and/or servers. Example: Since Google's going to be killing off Talk/XMPP support, I decided to look around for alternatives, and chose many XMPP servers to test and decide which one to use. I originally was interested in performance and was going to choose one closest to me, in my own country if possible (the United States). Now, I am almost 100% certain my primary XMPP account will *not* be on an American server, unless I happen to decide to try my hand at setting up and maintaining my own XMPP server.

      And... services. Obviously Tor can work as in Incognito if you want to use that, but another option would be a VNC provider. Specifically, one that respects your privacy (ie. does not store any more log data than they need to operate), and possible more importantly--again--one that is not in the United States. I'm not sure of a good VNC provider, but I can say that it's pretty pathetic when you are forced to subscribe to and pay a foreign provider just to try to ensure your own privacy. But, well, it looks like the U.S. government has no end in sight when it comes to royally fucking up own economy.

      And last... you run Windows? Mac? Might want to change your operating system. It's already been discovered that various U.S. government agencies have deals with Microsoft to learn about zero-day exploits before anyone else in the world... who knows what other deals they might have, or what other American companies also have deals. Definite possibility of backdoors as well.

      The real problem is that PRISM works (from what I can understand) by splitting the signal in between, for example, Microsoft's or Google's servers and their respective ISPs (Steve Gibson brings some pretty good points in a recent episode of Security Now). This means they get *everything*, so if it's encrypted (https:// for example) the government *may* not be able to read the data itself as it's transferred for storage in their own top-secret storage rooms... but they can definitely look at the activity to find out what IP address communications are between at any given time (or... just ask the company running the servers who that user is).

  4. Tor Browser Bundle (TBB) R/O system by Anonymous Coward · · Score: 5, Interesting

    A LiveCD with TBB:

    https://www.torproject.org/

    for LiveDVD/USB preconfigured not to leak try TAILS:

    https://tails.boum.org/

    in both instances unplug your HDD(s) before use.

  5. Lynx by Anonymous Coward · · Score: 5, Insightful

    Face it, who's going to bother writing anything to exploit flaws in lynx? It just isn't worth it.

  6. Helpful guidelines from EFF by LoneHighway · · Score: 5, Informative

    The EFF has provided an up to date list of privacy-enabling tools in the age of Prism. http://prism-break.org/

  7. actually it's pretty irrelevant by smash · · Score: 5, Insightful

    ... the snooping is done on your ISP's backbone, and the browser you use makes little difference. Government level snooping is a whole different kettle of fish to bad companies stealing info from you via tracking cookies.

    --
    I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
    1. Re:actually it's pretty irrelevant by Anonymous Coward · · Score: 5, Insightful

      It's best to leak as little info as possible, so Firefox + NoScript.

      What really should be done is making this Orwellian nightmare illegal. There is zero reason to wiretap EVERYBODY ALL THE TIME!

      Free speech is one of the most important principles of the USA. And no privacy means no free speech. This dystopia is unconstitutional.

    2. Re:actually it's pretty irrelevant by bill_mcgonigle · · Score: 5, Informative

      ... the snooping is done on your ISP's backbone, and the browser you use makes little difference.

      If you're just using a stock browser, this is somewhat true. But for privacy you wouldn't do that.

      For instance, installing the HTTPS Everywhere extension will get you secure connections to as many sites as possible. That's a direct counter to pervasive snooping. I use it with Firefox and also NoScript, Ghostery, RefControl, and CookieMonster, and that set does a fairly decent job of having a more privacy-oriented (and faster) browsing experience. It also makes the NSA's eavesdropping more difficult, but that's just a nice side effect of not sharing your every move with the commercial trackers out there (I installed them all well before I'd ever heard of Snowden). The nice thing about solid security approaches is that they proactively defend against unknown attackers.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  8. hard to hide what sites you visit by Viking2054 · · Score: 5, Insightful

    Considering that the internet transmits your public IP address in every header you send across the internet and also contains the IP address of the destination, there is no way for you to hide what sites you visit without going through a proxy server. As far as I know, Header information in every packet is plain text and there is no way to encrypt that because if it was encrypted then no router would be able to forward your packets onto the next step in its final destination. So your browser, e-mail program, or anything else that sends and receives data through the internet is going to leave a trail for the government to potentially record. It may not lead back to you specifically, but it will lead to someone in your household or in your neighborhood that is using your wi-fi for internet access, provided you haven't locked down your wi-fi. If you have locked down your wi-fi then the government can claim it was only you, someone in your household or someone you have given your wi-fi password to, which significantly lowers their potential suspects or targets.

    If you send everything you do through a proxy server with a vpn connection to the proxy, then that has a very good chance of making you mostly anonymous. However, a warrant and the cooperation of the proxy service owner might make it possible for the government to still connect the dots back to you. Also, sending everything through a proxy server with all the non-routing information encrypted (via vpn) may actually lead to you being watched more closely then if you don't.

    If what you are really after is encryption of the contents of what you see and do on the internet, your best bet is probably still a VPN through a proxy server. Especially since SSL and some of the other methods for encrypting data between two end points on the internet aren't as secure as they were once thought to be. I don't know of anyone that has come up with a replacement for SSL that has been adopted by very many content providers. And even if the web browsers may have adopted some new security encryption scheme, it won't be effective until most if not all content providers also adopt and implement it.

  9. None of them by timmyf2371 · · Score: 5, Insightful

    None of the browsers will protect you from surveillance.

    Work on the basis that your ISP is compromised and that the web services you use have shared their databases with Government agencies. When you consider this, changing your browser is going to have little to no impact.

    I think the only way you can really be secure from surveillance is to use the tor browser and only use web services which can't trace you. So, no Google, Apple, social networking or any of the cool stuff we take for granted these days.

    --

    Backup not found: (A)bort (R)etry (P)anic
  10. Failure of Premise by mrbene · · Score: 5, Interesting

    OP says "what browser should I use" I automatically add "for the Facebooks".

    Here's the low-down:

    1. If you install any software, it can identify your machine uniquely. This goes for apps, doubly.
    2. If you use an ISP without TOR or other proxy, your ISP knows exactly what sites you're going to.
    3. Even if you use obfuscation techniques (TOR, other proxy), the exit node knows where you're going. TOR is designed to prevent the exit node from knowing where you entered from, but this fails if you send unencrypted identifying data across the wire.
    4. Additionally, using TOR obfuscates your country of origin, thereby giving NSA the freedom to retain your activity indefinitely.
    5. If you authenticate anywhere, you've provided that party (and the NSA) with a unique ID for yourself.
    6. If you authenticate and also provide actual information about yourself, a link to your physical self can be made. Remember, there's an 87% chance that your DOB, ZIP, and Gender are a unique combination. And if it isn't unique, you probably only share these with one or two other people.

    That's just off the top of my head. The software you use to disclose the information isn't the problem - you are.