Just Another Geek

I am blogging about Information Security since 2003

25 Sep 2011

Introducing a bit of Web paranoia into my habits...

When I’m not slacking in Emacs, I now spend most of my time in Google Chrome. Almost everything I do is in the “cloud” (I hate this buzz word): mail, blog, chats, voip and even version control.

With the explosion of “social buttons” everywhere, I became really more paranoid than before about my privacy. And when I see new Facebook ‘Frictionless sharing’ feature, I don’t regret my move. What did I do? Simple, I’m just using dedicated browser profiles for each task:

  • The most sensitive: the one I use only for my mail account and nothing else. I even think to use the clever proxy hacks mentionned by Chris Evans to only authorized outbound connections to my mail provider. I didn’t do it yet because it would prevent me from reading HTML mails linking to external image (OK this is not a big loss and a potential privacy issue but useful sometimes). This is a dedicated profile because if you have access to mails, you have access to every web sites (ie “I lost my password”)
  • Then there is my main profile (using it for Google Reader, Google+, Twitter and Facebook). My biggest fear is to be tracked because of social buttons or because I clicked a link somewhere. So I changed my habit and instead of clicking, I drag and drop interesting pages to my sandbox profile
  • The sandbox profile is where I do searches, browsing web pages, etc. It is configured to never send anything, or to store information on disk. I never use this profile to log on a website and if I have to do that, I get back to the main profile.

To do this efficiently, when I boot, I spawn these browsers with specific profile directory (using –user-data-dir  Chrome option) and they are never closed. My window manager is configured to display the sandbox and my main profile side-by-side on the same workspace in order to switch rapidly.

For each profile, I use these Chrome extensions:

This setup works really well for me, I’m using it for more than 6 months now and it’s cool :)

The next step is to use dedicated UIDs for each profile, I didn’t do it yet because there is no “perfect solution” because of Xorg design: any X11 client can mess with other X11 client…