January 6, 2020 2:20 PM, "gorked" <ggg...@gmail.com> wrote:
> To Morph this post a bit, being a lot of intrusions are now coming in with > the Web Browser, which > Web Browser is now the recommended one for Security? I have been using > Firefox, with a lot of > Addons, but I had to turn off the Java Script to buy items online. I would definitely not say Firefox is the most secure (though it is among the best for privacy). But the good news is that, that doesn't really matter in Qubes. Qubes always assumes the browser is compromised. As long as you use Qubes correctly (use different VMs for different tasks/identities, use DispVMs where possible, etc), you can mostly rely on the hypervisor instead of the browser for security. For example, use a different VM for buying things online with JS enabled, than for your regular browsing. Arguably there should be security/hardening at all levels and not just the hypervisor, but the Qubes core principle is security by isolation. > Is there a movement to create a standard about what a Web Page should never > be allowed to do, to > facilitate security on the internet? Not sure what you mean. In terms of JS functions and permissions and things like that? The w3c is who decides the standards for what web pages should be allowed to do and access, and even that is not totally standard: ultimately each browser, and each user, makes their own decisions. I don't think there will ever be a universal list of rules that suits all users and all websites. This is more a matter of privacy than security. I.e. no rules or standards are going to prevent a heap overflow vulnerability or something like that. > Surveillance Capitalism now rules. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b37fd87705416e6d4b1864b283f3e45b%40disroot.org.
