You have to understand that computer security (CompSec) is a moving target. Every day something new appears to threaten our control over our systems and our sanity.
As always, we need to keep in mind that the primary issue is control of your system. This implies some measure of control over your data, but all the privacy absolutists are chasing a lie. Remember: Once digitized, forever public. Even more important than data privacy is data integrity, particularly in transmission. We want to make sure that no one has an easy time spoofing our identity and saying for us things we’d never say. In similar fashion, we want to make sure when we pull stuff down from the Net that we are getting what’s advertised.
Realistically, CompSec is properly system control and transmission integrity. One of the major elements of morality in technology is honesty. Reputation is a fundamental element of your online presence. It’s reciprocal; you rightly demand it from others. When you detect deception, you rightly become guarded with the source. Consistent deception justifies cutting them off as much as possible. Cynicism is a necessity online.
Given recent revelations that paint Google as not a whit better than Microsoft or any bureaucratic government, I’ve been moving away from using their products. Every big company compromises user wishes in favor of profits (particularly from advertising) to some degree, so it’s a matter of how much trust. Google has really gone way over the line, so when there’s a choice, you should look at other options.
I’ll use GMail because it’s just above the line of tolerance for me. Android? No freaking way. Chromebooks? Nope. Chrome browser? Absolutely not. Other browsers derived from their Blink browser engine (forked from WebKit)? Not if I can avoid it. I’ll keep Chromium around for sites where Firefox simply will not work. But we keep finding sneaky crap Google has done to compromise user control, particularly in snooping. Then they lie about it.
It’s not that Mozilla Project is wholly trustworthy, but they do offer the user somewhat better control. They tend to report honestly what they are doing and how you can control it. And lately their browsers are working better with a wider range of websites. Not just Firefox, but I can actually use Seamonkey on Outlook.com without any problems. It also appears to work well enough on the MS Office Online applications. And Seamonkey is the volunteer project that has no profit motive, so in keeping alive the original Mozilla Suite (which derived from the old Netscape Communicator) they offer an honest measure of user control.
You can also find the ESR version of Firefox (extended service release) which doesn’t pump in all the extra latest-n-greatest features that you may not like. The ESR channel caters to government-corporate environment, where sudden changes are unwelcome. This, by the way, is the basis for Debian’s Iceweasel rebrand of Firefox.
There are other browsers built on the same Mozilla framework. One that is growing in popularity is Pale Moon. It’s a little clunky running on your Linux desktop because the updates have to be installed manually. Their nifty installer script doesn’t work on every distro, and may not put things where you want them. Unless you know how to rewrite it to suit you, it’s easier just grabbing the zipped tarball and installing manually into your home directory. Firefox, Thunderbird (email) and Seamonkey all update in place on Linux if you install it in your home directory where your user account owns the file system. Just periodically check through the menu system: Help > About. If there’s an update, it’ll happen while you watch, then it directs you to restart the application.
Regular readers may recall I’ve often advised compartmentalizing between your various online activities. For example, I use Iceweasel for general surfing and research, Seamonkey for sites that require secure login and for email, and regular Firefox for blogging only. Because of how Mozilla stuff works, Firefox and Iceweasel would tend to grab the same user profile on my system, so I keep them compartmentalized by having multiple profiles. Then I create all my launchers with the proper commandline incantations to make each one use a different profile. It looks something like this:
/home/ed/firefox/firefox -P default --new-instance %u
Parsing: The executable binary is in a firefox folder in my home folder, and it’s name is “firefox” of course. The
-P warns Firefox that I want to use a particular named profile; in this case, it’s named “default.” The
--new-instance ensures that Firefox won’t recycle the currently running process if I have Iceweasel open at the same time. The Mozilla folks are trying to save your RAM, but it’s safer to create an entirely new process.
Unfortunately there’s no direct route to creating a new profile without using the commandline. You launch it this way on Debian, for example:
This opens a tool that you can use to create as many profiles as you like, so long as you give each one a different name. Then you can create your launchers (“shortcuts”) as noted above for each profile. Similar language is used for Windows shortcuts, but I don’t have room to explain here how to do that. You can look it up easily enough…
Check out the addons (Tools > Add-ons). I always add the ublock advertising blocker. While Seamonkey has their own wiping tool (Tools > Clear Private Data), the one for Firefox doesn’t work quite the same. You can get a Click & Clean that does a better job for Firefox variants. I have no need for other extensions, and some of them may not be totally honest about what they do, but the two I named have never been caught in a lie yet.
Finally, I note that if you are running CentOS 7 (or some other Red Hat clone), you can always run the Mozilla stuff because either CentOS handles the update or the generic downloaded versions (select 64-bit only) are compiled on CentOS in the first place (last time I checked). Keep in mind that the primary reason for selecting any of the Red Hat clones is longevity; your OS will be supported — bug fixes and security updates — several years from now. Google is scornful about such goals and builds all their stuff on the latest-n-greatest, refusing to even advise Red Hat developers on how to make it build on their long-lived systems. If you just have to have that Blink engine on your Red Hat clone, maybe Opera will eventually offer something for you. Or, you can always try Slimjet if you get the generic 64-bit zipped package. You can install it the same as the generic Mozilla stuff in your home directory, but it’s a little clunky because every time you install or update (reinstall), you have to use the commandline and setup the sandbox (a required security feature) using root permissions.
At any rate, Mozilla stuff is the way to go right now if you need a full service browser, regardless of your OS.