Sandboxing Facebook: Could it work?

[JackReacher]

I have been struggling to find a balance between engaging in social networking and taking advantage of its most useful features and protecting my privacy online. The problem is I have not been able to find a system that allows me to both protect my privacy and use social networks without considerable trouble. I want to be clear that when I speak about "protecting my privacy" I mean from Facebook and other trackers/data aggregators NOT from other facebook users.

In my quest to reassert my right to privacy I have been pondering a system to maintain privacy and usability which on a conceptual level sounds logical (I have no idea whether it is technically possible). This system could be called a social networking quarantine or a social network partition.


What I envision is:

A system that is setup with two (or more) web browsers. One is to be used with social networks and google products (or any other 1st party services which compromise your privacy) and the other is to be used for general web browsing.

Your Social Networking Browser (SNB) could than be tailored to both work with social networks and control them using methods meant specifically for social networks without breaking other segments of the internet.

Your regular browser could than be configured to be more secure (in terms of privacy) and your browsing history on this browser would not be connected to the identity associated with your social networking or google accounts.

It seems to me that there are many benefits to this arrangement:

1. Social Networks + Google & Yahoo are some of the biggest tracking and advertising companies. By "quarantining" these trackers you could keep them from tracking you (to a large extent) and still use the services as they are intended to be used. Even if you allowed these sites to keep cookies longer than a single session the only data they would have access to is data you willfully chose to share within this restricted ecosystem of social networks. Furthermore, as Google, Facebook, Yahoo, Twitter, and AOL are competitors it would stand to reason that they would not share information amongst each other very often.

2. If you have a separate browser for social networking + Google, you could completely blacklist these sites (with the exception of google which could only be partially blacklisted). This would ensure these advertising companies would have no access to your browsing history, sites you visited, search terms etc, outside of the restricted social networking ecosystem they operate in.

3. Moreover, it would make it harder to connect the two "identities" or partitions. Due to different browsers and different extensions in each browser the Browser Fingerprints would be significantly different and the browsing habits would be different (to satisfy the most cautious user).

4. A further layer of security could be added by using different proxies in each browser so that the IP would be different for each browser.

5. If it improved the security or privacy, each browser could be run from its own VM

In short, this system seems like it would provide extra security and enhance privacy by design alone. Coupled with extensions and tweaks specific to each browser that enhance the functionality and privacy protection for each specific scenario, it seems this could be a very powerful and very straightforward solution.

I am, however, an amateur, I can't program, have moderate knowledge of privacy issues, and little knowledge of the technical side of security, the internet, or tracking/profiling.

I would like to ask members of the Wilders community with more technical expertise than myself to assess whether my system makes technical sense and point out any vulnerabilities or shortcomings which might come to mind. Also feel free to propose changes to my system or share your own ideas!

Thanks for reading guys,
- Reacher

[Hungry Man]

I have a privacy-oriented Chrome profile, which blocks social widgets and scripts etc and blocks 3rd party cookies and clears 1st party cookies and user data after closing.

By separating all sensitive web browsing into this "locked down" area I can maintain two browsers (at the same time actually) for different tasks.

On the regular browser all I do is block 3rd party cookies and block sending referrer headers. I could easily allow 3rd party cookies or any loose restrictions and still beenfit from my private-browser.

So, yes, separating your browsing between two distinct browser sessions works well.

[mirimir]

Quote:

Originally Posted by JackReacher

5. If it improved the security or privacy, each browser could be run from its own VM

Yes, compartmentalize Use different VMs, connecting through different VPNs.

Edit: See -http://en.wikipedia.org/wiki/Compartmentalization_%28information_security%29

[hogndog]

Sifting through the Chromium Privacy & Security applications i found these today that is unless you've already seen them..

http://www.chromium.org/Home/chromium-privacy

Hogndog

[HKEY1952]

Quote:

Originally Posted by JackReacher

What I envision is:

A system that is setup with two (or more) web browsers. One is to be used with social networks and google products (or any other 1st party services which compromise your privacy) and the other is to be used for general web browsing.

Your Social Networking Browser (SNB) could than be tailored to both work with social networks and control them using methods meant specifically for social networks without breaking other segments of the internet.

Your regular browser could than be configured to be more secure (in terms of privacy) and your browsing history on this browser would not be connected to the identity associated with your social networking or google accounts.

Using two Web Browsers here, for two different tasks.

Microsoft Internet Explorer at the default settings, other than blocking all third party Cookies.
This Web Browser is used for updating Windows, accessing Websites where Scripting or ActiveX is required.

SRWare IronPortable mounted on an RAM Drive blocking all Web content, disabled everything, custom defaults.
This Web Browser is used for everyday browsing. Allowing any loose restrictions are only temporary in RAM Memory.
Installed AdBlock and Ghostery.

The RAM Drive is automatically mounted, maintained, recreated after reboot, formatted NTFS, and Imaged, by the
DATARAM RAMDrive Software.

Stop the RAM Drive or reboot the computer and all browsing data is gone.

When the DATARAM RAMDrive software recreates the RAM Disk from the special Image, the Web Browser and all if the
orginal settings are back to my custom defaults, so are all of the SRWare IronPortable modules and data files.

Details are in the link below.

So Lets Sandbox The Internet
http://www.wilderssecurity.com/showthread.php?t=314392


HKEY1952

[JackReacher]

Thanks for the responses guys,
Sounds like what I envisioned has been thought of and implemented by others as well! I will be sure to check out the link you provided HKEY, what your advocating sounds like a more nuanced and secure version of what I was talking about.

mirimir, do you think that running the browsers in separate VMs enhances the practical privacy/security of my setup, or is it more of an extra-- worst case scenario-- precaution? I like yourself, believe that compartmentalization is a critical and prudent aspect of security, but this is my main PC and I would like to avoid the performance losses associated with VM's if it doesn't improve my 'practical privacy.'

Also, I would love to hear critiques or shortcomings of my, or any of the systems discusses so far. Thanks!

[mirimir]

Quote:

Originally Posted by JackReacher

mirimir, do you think that running the browsers in separate VMs enhances the practical privacy/security of my setup, or is it more of an extra-- worst case scenario-- precaution? I like yourself, believe that compartmentalization is a critical and prudent aspect of security, but this is my main PC and I would like to avoid the performance losses associated with VM's if it doesn't improve my 'practical privacy.'

Yes, I think that it's important. It's especially important if you're using Windows. Microsoft typically knows who you are, and Windows logs many things in many places. Linux logs too, of course, but there's typically more transparency, and far less disclosure. I don't know Macs, but I'm suspicious.

If you have an old machine to play with, you could use that for private stuff. An old quad-core machine with 6-8 GB memory will easily run several VirtualBox VMs. Linux VMs are happy with 512 MB. Ubuntu is quite user friendly. If you use Linux on the host, you can use software RAID (faster and/or more reliable) and encrypted LVM (offline security). Manual setup with the Debian (or Ubuntu alternate) install ISOs isn't very hard.

If you don't have an old machine for that, you'll need to balance privacy vs performance. In my experience, Linux, Unix and Windows XP VMs run well in VirtualBox on Linux hosts, but Windows 7 VMs were sluggish. Maybe that's changed in newer VirtualBox releases. If not, VMware is probably best for Windows 7 VMs. There's now a free version of VMware vSphere hypervisor. But VMware wants to know who you are before letting you download.

[JackReacher]

Quote:

Originally posted by: Mirimir
Yes, I think that it's important.

Noted. What operating system (or Unix derivative / Linux flavor) do you recommend? Would you recommend using one of the more secure Linux distros like Polippix, Liberte Linux, or Tails (or even open BSD) or is this overkill?

Quote:

If you have an old machine to play with, you could use that for private stuff. An old quad-core machine with 6-8 GB memory will easily run several VirtualBox VMs.

My current machine is a Tri-core with 8gb lol. My old machine is a single core amd @ 1.8ghz with 1gb of DDR

Quote:

If you use Linux on the host, you can use software RAID (faster and/or more reliable) and encrypted LVM (offline security). Manual setup with the Debian (or Ubuntu alternate) install ISOs isn't very hard.

Yes, I have been planning to do this, and would like to do this soon, but haven't found a good tutorial/writeup to fit my scenario yet (Multi-boot, Win7/LinuxMint/OtherLinux, Seeking to encrypt the Win7 and Mint partition or all three partitions if possible. Also have a separate storage drive that can be accessed by all OSes.

Quote:

But VMware wants to know who you are before letting you download.

I downloaded VMware Player a couple weeks ago, it requires some information but it can all be forged except for an email address which can be disposable or anonymous. Ive only really used it to try out different Linux distros and fool around.

[mirimir]

Quote:

Originally Posted by JackReacher

Noted. What operating system (or Unix derivative / Linux flavor) do you recommend? Would you recommend using one of the more secure Linux distros like Polippix, Liberte Linux, or Tails (or even open BSD) or is this overkill?

For hosts, I've liked Ubuntu 10.04.n x64 desktop. But I don't like Unity, so I'll probably be switching to server x64 plus xfce. For VMs, I've used many flavors of Linux and BSD. I do run Windows VMs, but just for running Excel and Access. My favorites currently are pfSense for VPN clients, Ubuntu and PCBSD for browsing etc, and TAILS for Tor.

Quote:

Originally Posted by JackReacher

My current machine is a Tri-core with 8gb lol. My old machine is a single core amd @ 1.8ghz with 1gb of DDR

OK, then, your current machine will handle several VMs

Will you be gaming or running other resource-intensive software? Multi-threaded stuff can be problematic, because VMs with multiple virtual CPUs can get bogged waiting for free cores. VMs also don't handle heavy disk I/O very well.

Maybe you could compartmentalize by devoting your old machine to private stuff.

Quote:

Originally Posted by JackReacher

Yes, I have been planning to do this, and would like to do this soon, but haven't found a good tutorial/writeup to fit my scenario yet (Multi-boot, Win7/LinuxMint/OtherLinux, Seeking to encrypt the Win7 and Mint partition or all three partitions if possible.

I wouldn't want to mix RAID and encrypted LVM with multi-booting. Using a solid Linux distro on the host, you can boot as many VMs as you have space to store, and run as many simultaneously as you have memory.

Quote:

Also have a separate storage drive that can be accessed by all OSes.

That would be a risk.

[JackReacher]

Thanks for the feedback Mirimir,

Quote:

Will you be gaming or running other resource-intensive software?

Yes, I do do some gaming and occasionally do digital photo or video editing. For ethical and practical reasons I would prefer to use Linux as my only OS however there are some obstacles to me doing this. First, there are many products which are still only available on windows/mac, second, I need Microsoft Office for school and collaborative group projects, third, gaming--many of my favorite games aren't offered on linux, and lastly, I can't seem to use Microsoft Silverlight (necessary for Netflix) on my Linux OSes.

Quote:

I wouldn't want to mix RAID and encrypted LVM with multi-booting.

I don't know about RAID, but I know people have been able to encrypt both OSes in multi-boot situations. I am hesitant to move to Single boot with multiple VMs because they seem sluggish to me and not suited for general computing (although this could be due to misconfiguration on my part).

Quote:

[Having a separate data drive accessed by all OSes] would be a risk.

Couldn't that drive be encrypted as well but still be accessed from multiple OSes. Or does no product exist that can be used to encrypt/decrypt on both windows and linux?

Quote:

Yes, compartmentalize Use different VMs

Would using these browsers within a semi-compartmentalized environment provide added protection with less impact on system performance?
I am picturing running each browser within its own Sandbox or using light virtualization but I have no experience with this type of software.

[Hungry Man]

You could run each browser in its own sandboxie. You could also create single-site browsers, which only allow connection to a single domain (preventing XSS and other attacks that can damage privacy.) This works well with sandboxie as you can have multiple instances each with their own site.

So a banking site browser etc.

Rather than using a VM I would suggest what HKEY said, move your cache/user data to a RamDisk and have it reset on boot. That way it's flushed to a clean image every time and there's no hope of recovery.

P.S. Netflix/ Silverlight won't run on Linux. I personally boot up an XP VM and just watch Netflix in there. It's not ideal... but I haven't had to boot into Windows for a week. My only suggestion is that you absolutely make sure to keep your XP VM patched and run EMET to avoid potential exploits. If you're as paranoid as some users on here (myself included) you can find my Apparmor topic and there's a profile for Virtualbox.

[mirimir]

Quote:

Originally Posted by JackReacher

Yes, I do do some gaming and occasionally do digital photo or video editing. For ethical and practical reasons I would prefer to use Linux as my only OS however there are some obstacles to me doing this. First, there are many products which are still only available on windows/mac, second, I need Microsoft Office for school and collaborative group projects, third, gaming--many of my favorite games aren't offered on linux, and lastly, I can't seem to use Microsoft Silverlight (necessary for Netflix) on my Linux OSes.

HKEY's approach may be best for you, then. But all you'll get is private browsing. There are probably ways to sandbox other applications.

Quote:

Originally Posted by JackReacher

Quote:

Couldn't that drive be encrypted as well but still be accessed from multiple OSes. Or does no product exist that can be used to encrypt/decrypt on both windows and linux?

There could be data sharing across OSes.

[JackReacher]

Another strategy to regain control over the data you share with social networks is being explored by a new start-up Priv.ly Caspian started a thread on it but it hasn't received that much attention yet.

Here is a link to the official website
And
A link to Caspian's thread

[hogndog]

If you want to run Windows applications in Linux you might want to have a look at Wine. I've been tinkering with Linux Mint since January and found it to be a very nice OS. This article is a couple of years old but the version of Wine mentioned here 1.2 is still a stable build..

http://www.linuxnov.com/upgrade-to-w...lts-whats-new/

[mirimir]

Quote:

Originally Posted by JackReacher

Another strategy to regain control over the data you share with social networks is being explored by a new start-up Priv.ly Caspian started a thread on it but it hasn't received that much attention yet.

I just stumbled upon something that may be very cool.

In another thread, I've mentioned the hcrypt project "Secret program execution through homomorphic encryption". That's at -http://www.hcrypt.com/.

But -https://www.hcrypt.com/ isn't just the secure version of that site. It leads to CloudCrypt.me "Easy-to-use Encryption For Your Facebook Messages". That seems to be a practical implementation of homomorphic encryption. Or maybe it's a phishing site

Maybe I'll get a Facebook account, and test it.