Title: Firefox, Firejail, and Hosts

Published: 2020-09-21 09:27

Author: Rev. Fr. Robert Bower

Tag: firefox,firejail,hosts,browsing

layout: blog


There is always going to be struggle for safe untracked browsing on the Internet. I am not sure it is completely possible, but we can try to make ourselves as safe and allusive as possible. I am no security expert so take this all with a grain of salt.

While there are many tools to try and accomplish this I have settled in on three tools to make surfing as safe as possible and keep my profile to myself. The three tools are Firejail, the use of profiles with Firefox, and my hosts file.

The first tool I want to talk about is Firejail. It can sandbox any program you run with it. The program's description from its web page, "Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table."

So if you run Firefox within Firejail Firefox has a limited ability to read your system and even more limited ability to write to your system. The default Firejail profile for Firefox limits Firefox write permissions to the Downloads directory and writing to your Firefox profile. This limits the amount of damage a malicious website can do to your system. For added security, if you use the private switch in Firejail anything from the session is deleted when the session is closed.

I use Firefox profiles in conjunction with Firejail to help prevent trackers from building a profile of me. I have a Firefox profiles for Google, the School I teach at, banking, Amazon, and an unknown profile. Profiles themselves do nothing to prevent you from being tracked. It is how profiles are used that help prevent trackers for building a complete profile. By using multiple Firefox profiles you look like multiple users to the outside world.

I start each Firefox profile in its own instance of Firejail so each profile is isolated from one another. Your behavior is what makes this work. In my Google profile I only use Google services. In my banking profile I only do banking. Again this doesn't limit tracking, it only makes you look like multiple users. So by having multiple profiles for different tasks, hopefully I am a little harder to profile. FYI, it takes some practice browsing with multiple profiles, but it gets easier with some practice. I use the I3 window manager, so if my browser windows are in tab mode it is like browsing with tabs that have subtabs.

The last tool I have does help limit tracking and that is my hosts file. A host file is like a bit of on board DNS. Usually it has that is local host and a few other things but one thing you can do is add websites and corresponding ip addresses to it, so DNS requests are not made. For example a large domain may have multiple ip addresses but if you always want to connect to a certain ip address you could specify the ip address in the hosts file.

You can also use it to block ads and trackers. Lets say you go to a web page example.com but it has an ad tracker embedded that loads ads from anoyingads.com.

In your hosts file you can enter annoyingads.com

What happens is Firefox rather checking the DNS server for annoyingads.com ip address it just uses the one in the host file. Since signifies a non-routable address the ad / tracker from annoyingads.com doesn't load. You can create your own list but there are many premade lists. The best hosts file that blocks ads and trackers is Steven Black's hosts file. It is a combination of several lists. Just add the list to your existing hosts file and many of those trackers and ads will not show up in your browser.

Again, I am not a security expert just a guy trying to browse a little safer than the day before.

Zettelkasten ID **firefoxandfirejail-2020-09-20-1517**

Links Bibliography



Steven Black hosts file



Proxied content from gemini://frrobert.net/log/firefoxandfirejail-2020-09-20.gmi

Gemini request details:

Original URL
Status code
Proxied by

Be advised that no attempt was made to verify the remote SSL certificate.