Is Google Chrome sandboxed by default on Linux?
Is Google Chrome sandboxed by default on Linux?
I already know that it's spyware but in the case that I need to use it for work and school on my Linux laptop, do I need to worry about configuring something so that it won't have access to my whole system like it does on Windows? I'm on ZorinOS/Ubuntu. Thanks in advance
Ok thanks. Are flatpaks better for isolation than snaps? I see many people avoid snaps.
IIRC the flapak packaging system is completely open source while snap does not release the server code.
Also, snaps were forced to the users, had terrible performance at the start, thus, making them unpopular.
Neither isolates everything. Both have some isolation features. The features enabled by default vary from package to package, so you would have to look at the permissions on each package to find out.
For a bit more isolation than a flatpak/snap, I suggest creating a separate user account for running chromium (or any other moderately nosy software). Note that linux lets you log in to two accounts at the same time, each with its own desktop, and switch between them. Check out your desktop environment's "switch user" function.
For even more isolation, you could run chromium in a hypervisor-based virtual machine.
I just use chromium when needed. Not ideal but usually works in place of chrome.
If you don't like flatpak there is also firejail which you can run to isolate browsers or many other programmes.
There is also a programme to run your browser from ram and commit changes to disk when it closes, which I've used for a year or so and can recommend. I have to look up the name later at home, if you are interested.
Browsers write to disk every couple odd seconds per default settings (I think up to 20gb a day), which eats away on an ssds life cycle. in Firefox this can be changed, but the in ram option makes it smappier as well as a benefit.
You could try Qubes OS? Portable version maybe? That's quite easy and sucure.
Why would suggest a jump from Ubuntu to qubes?