Do you isolate different aspects of your computer activities to improve security?

For example, if you install a game on Steam, the creator of that game now has full access to all your personal files, which might not be the most ideal of situations.

The same goes for any other software of course. That NPM library you just installed? Well, it can copy your SSH keys, and so on.

@loke I use 'firejail' in Linux for Firefox, and snap does it for Chromium, both utilize the kernel container system (aka namespace isolation). Any programs which requires internet to function. Sure, VM isolation is safer, I use that for anything Windows related, but also takes a lot more RAM to run practically.

@modrobert VM's does use more memory, which is something Qubes OS obviously also suffer from. A Qubes OS system is note really usable unless you have 16 GB RAM, and you definitely want more than that.

Follow

@loke In general I think the threat has changed the past decade from being blackhat hackers doing things to government hacking directly through APT groups (en.wikipedia.org/wiki/Advanced) and otherwise government sponsored groups/individuals, their focus is different, and so are their methods. I think central package handling systems and repositories are at risk now more than ever. Their focus are on spyware and backdoors. We need a smart system where binaries can be matched with open source code and checksums stored immutable against blockchain or similar tech.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.