N.E.P.T.R

Fitejail is a large SETUID binary which weakens security and can aid in privilege escalation. Use Bubblewrap (preinstalled on most Linux systems cus of Flatpak) which runs unpriveleged. Bubblejail is a program that makes it easier to make sandboxes profiles for apps.

Very interesting read.

People on Snapchat dont give a fuck about cleanliness.

Not exactly. Ironfox is a fork, not a direct continuation of Mull. I’m holding off on using it because I want to verify that the new fork can keep timely security updates. Ironfox is a big unknown.

Also seems to have way too many permissions. Maybe to work around some problem "flatpak"ing virt-manager?

Legit. Even if documentation can be time-consuming, it is such a lifesaver and makes the whole process of coding much smoother. It means not as much time wasted backtracking. If you think there is any part of your code you won’t understand when you coming back to it, document, document, document.

Sometimes I write some multiline psuedocode comments or/and an explaination of specific choices, especially those invisible choices you make while debugging that aren’t apparent when your just reading through your code.

Good thing to do is make code that is generally readable too lol.

Is there now a flatpak for virt-manager?

Lacks many features atm, eg VoIP, matrix call, threads, etc. Still very promising and I like that it is written in Rust.

They used to recommend Mull (firefox-based) before it died.

Not from f-droid, but Piper TTS models are great and performant. You can install the apk and the app requires no permissions. They also have other models other than Piper (eg Coqui). For English, I recommend recommend vits-piper-en_US-lessac-medium for the model.

Here is a link to the list of prebuilt APKs: https://k2-fsa.github.io/sherpa/onnx/tts/apk-engine.html

Here is the Github repo: https://github.com/k2-fsa/sherpa-onnx

Aurora is a downstream Kinoite distro by the Universal Blue project. It is tweaked to be a bit more user friendly and has a lot of tweaks and changes. I recommend anyone try it out.

uBlock Medium requires some unbreaking of websites, so i would avoid it on this laptop. Ungoogled Chromium could be a good replacement for chrome.

Gender is obviously a signed byte.

Nah I did too.

I have no experience with this project. I will check it out.

Are you on the userns image? Because podman/docker/toolbox/distrobox all require unprivileged user namespaces.

I also experience with Secureblue, so here are my answers:

• I used GNOME because it is the only DE that protects the screen copy API. I used GNOME extensions because native methods of customizing UI/UX are very limited.
• I personally re-enabl Xwayland because many apps (eg Steam) still use/require XOrg.
• Yes I recommend use and recommend Bubblejail as a simple way of sandboxing some apps. Not a “super tight” but much better than unsandboxed. FYI, AppImages don’t work with Bubblejail, or Secureblue (cus they remove the unmaintained FUSE dependency).

Fingerprinting is a complex beast and nearly impossible protect against. RFP (created and upstreamed by Tor Browser) protects and normalizes most fingerprintable metrics (timezone, display viewport dimensions, user agent, audio devices, installed system languages/fonts, etc) to a stable value for each Firefox version. Canvas is the only metric which is randomized. The purpose of this is to create a shared stable browser fingerprint for all RFP users, creating a crowd for people to blend in with each other.

While RFP is strong, its anti-fingerprinting strategy was created for Tor Browser, which users are not supposed to customize. The same can not be expected of all other Firefox users, resulting in most users being much easier to distinguish from each other. RFP also can cause some site breakage and doesnt offer a granular way to toggle specific features per website (eg. Canvas protections breaks your webcam in conference calls).

There is no good solution. Best options are use Firefox (or a fork like Librewolf) for casual use, and Mullvad/Tor Browser for more critical situations. Always use uBlock Origin (except with Tor).

On the Chromium-side, Cromite and Brave randomize some fingerprintable metrics, but they aren’t as exhaustive and aren’t upstreamed to Chromium (for obvious reasons).

Online tests of uniqueness are skewed by the population who uses them, aka privacy-conscious aren’t the typical user even if a dataset overrepresents.

My point was introducing Canvas noise isnt going to make you less fingerprintable, actually quite the opposite. Firefox’s RFP is much better at normalizing fingerprintable metrics and is native. Canvas is one of many many other fingerprinting vectors.

If you go the route of trying to protect against fingerprinting through randomization, use the extension JShelter which seems to do much more noise than Canvas blocker does. I am still very skeptical of it (and other anti-fingerprinting extensions) because of how complex fingerprinting is.

Not an exhaustive solution which results in easier unique fingerprinting. Plus Firefox already randomizes Canvas noise with both FPP or RFP modes (FPP is default).