FIrefox can and should but refuses to implement browser level encryption to protect every browsing data generated by the browser. - eviltoast

Chrome does not do it either but are we supposed to be the ones that start a new trend or the ones that follow the trend?

I made a post into their feature request section about how important it is for privacy and security. It is perfectly possible to do but they are not interested in doing.

What I asked was that they provide a feature that allows users to opt in to encrypt all browsing data including history, passwords, cookies, etc. With this feature I can only access my browser information after I open up Firefox and provide my encryption password.

How would this help? Well, there could be viruses that can read Firefox browsing history and cookies and send that to the server. With this feature enabled, one can be even more safer.

There is an option to encrypt Passwords. Thats not enough, every other piece of browsing data should also be encrypted.

  • AphoticDev@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    85
    arrow-down
    1
    ·
    1 year ago

    They refuse to do it because the idea has absolutely no merit to it. If there’s a virus on your computer that could steal your data, it can just wait till you unlock that data to steal it. There is zero practical benefit to implementing your suggestion.

  • jsdz@lemmy.ml
    link
    fedilink
    arrow-up
    45
    ·
    1 year ago

    “full-disk encryption” is the search keyword you’re looking for

  • MangoPenguin@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    21
    ·
    1 year ago

    I’m a little confused as to how that would help with privacy/security.

    When your browser is open and ‘unlocked’ a virus could still read the data.

    It’s the same thing with full disk encryption, if you get a virus on the running system it doesn’t matter.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    14
    arrow-down
    1
    ·
    1 year ago
    1. its open source, you can submit your patch… if they don’t accept it, you can fork it

    2. having a application try to make up for deficiencies of a operating system is a losing battle, better to isolate sensitive data at a container/vm level. i.e. Qubes, you can encrypt all the data at rest, and only unencrypt it when needed.

  • orcrist@lemm.ee
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    To protect it from … what attack are you stopping here? If you don’t know, and it sounds like you don’t know, then forget it.

    If someone roots your device, you still lose. If someone takes your device while you’re browsing, you still lose. If your hard drive is unencrypted, you still lose.

  • MoshBit@beehaw.org
    link
    fedilink
    arrow-up
    10
    ·
    1 year ago

    Tired of seeing all these anti Firefox posts lately, especially when they instantly get debunked in the comments (which I am thankful for)

      • ramble81@lemm.ee
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        Which is why the suggestion won’t work either. Say your computer is infected and you’re not aware. It lies in wait for you to launch Firefox and enter your decryption password, then it takes what it wants. It’s basically a useless idea.

        If you have full disk encryption you’re protected if someone takes your disk, but as long as it’s running anything can wait for it to be decrypted. You’d need container/jail/isolation at the OS level to be effective which is outside the scope of Firefox.

        • Display Name@lemmy.ml
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          No idea what virus. Op is afraid he has/gets a virus. No need for it to decrypt it just waits till op decrypts

    • ares35@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      i used to use an encrypted volume on a flash drive for a ‘portable’ mail client and its mail store.

      could do the same with browser or any other software in ‘portable’ form that doesn’t leave data behind on the pc it’s run from.

  • Onurtag@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    Chrome does lock some of your browser data to the current (windows) account. Which is why all chromium profiles aren’t portable. You can’t move your profile to another pc.

    As for myself, I use an encrypted container for my ff profile. A fully encrypted disk is a better choice though.