You've made my day. Thank you so much!

All you really need to do is run a single application within a container, not a whole distro!/os Why do I say this? Well resource consumption for one and why replicate an entire distro/os when an app can be run inside a container: https://bacchi.org/posts/brave-in-docker/

Mind-blown. I was already thinking for such a long time that the distrobox approach just didn't seem right at all for the purpose of security. But somehow my limited search never bear any results on how I should go about it. Perhaps I didn't do a good job on googling or somehow missed a (couple of) keywords to be effective at searching for this. And I seem to have finally found 'the holy-grail'; for which all credits obviously go to you!

Additionally I spoke about attack vectors, running another distro/OS inside a docker may well have samba, ssh running by default, If the container for that is not firewalled that is is an attack vector that will allow RCE and exploits be run inside that container!

Exactly!

The first minute of that video talks of nginx webserver image, That is a webserver running inside a container, with distrobox you have the rest of the OS inside the container as well as nginx. Do you get what I say now?

Yup (or at least I hope so :P ). And I would have loved to share the feeling of my head/brains right now. Just bliss for finally finding the missing piece that has been (somehow) absent all this time.

I suggest you use the above link I gave to look into running just a browser within a container, drop distrobox (unless you need to test drive distros) and learn about running a single application within a container, when you can do that find a container framework that provides the security you want/like then run your “untrusted” applications in containers and rejoice with a slightly faster machine.

I will definitely! Are there any keywords beyond the ones mentioned in your excellent comments that I would need for an endeavor as such?

EDIT: Additionally wolfi is based on Alpine, This is a popular server distro, If you want to install wolfi you’ll need to know how to install alpine, which is similar to installing gentoo as it uses bootstrap images, don’t be surprised if the desktop experience is a bit …erm lacking as that is not the focus of alpine or wolfi ! Good luck

Wolfi was only mentioned as a 'safer' distrobox-container. It's the only one accessible through Distrobox that I'm okay with using 😅.

Words can't describe the epiphany I'm currently experiencing! Thanks again so much! I wish you and your loved ones the best! Heck, I would be fine with buying you a beer (or a cup of coffee :P ) or whatever. Please feel free to make use of 'these services' :P .

Thanks a lot for mentioning this! I didn't know someone took over the good work from Bromite. I'll definitely check into it! Am I correct to assume that (like Bromite), this is a browser exclusively meant to be used on Android devices? I guess I might get it to work on Waydroid as well, not sure if I would like to commit to that yet though. Nonetheless, this input of yours has been much appreciated!

Brave is a buggy browser

Honestly my experience on Brave (on Fedora) hasn't been great 😅. So I can definitely attest to that. I'm willing to deal with it as long as its merits are substantial, which so far seem to be the case 😭. But thank you for confirming that I'm not the only that has experienced difficulties while using it!

Just a few days ago I tried to pay for flight tickets on flypgs.com. Multiple attempts on Firefox didn't work, while the first attempt on a Chromium-based one did. It might have been a fluke, but every so often issues like these do happen. And for some reason switching the browser does bear a positive result. YMMV though.

Aight, I'll look into it. Much appreciated!

I believe Brave is the most private chromium browser, at least with the installation defaults.

I haven't come across anything that surpasses its defaults yet within the realm of Chromium-based browsers.

As for the controversies with the company, there were some at the beginning stages, but I haven’t heard anything new in quite a while.

Like I said in the original post, those would be secondary reasons after their respective merits in security and privacy had been resolved to a tie. Though, so far, Brave seems to be the clear winner. I would like to thank the Privacy Guides community over at lemmy.one for their engagement and contributions for that*.

Regarding the crypto, vpn, etc bloat, I use Brave on all my devices and all I have to do is hide that stuff after the installation and I’ve never been bothered by pop-ups or similar annoyances. I don’t think it’s more annoying to remove than Firefox with the recommended sites and Pocket.

Yeah, the linked article by Privacy Guides in the original post already shows what should be applied. Some kind of hardening seems to be done first by default anyways, it seems*.

Since you want private browsing, I would also say that a big plus for Brave is that it has built-in Tor browser.

For whatever it's worth, the Privacy Guides team is against using it:

"Brave is not as resistant to fingerprinting as the Tor Browser and far fewer people use Brave with Tor, so you will stand out. Where strong anonymity is required use the Tor Browser."

on other Linux distros the way to get brave is via flatpak if the provided repos are borked for you.

I would love to use the flatpak if it was endorsed. Privacy Guides says the following about it:

"We advise against using the Flatpak version of Brave, as it replaces Chromium's sandbox with Flatpak's, which is less effective. Additionally, the package is not maintained by Brave Software, Inc."

I mentioned Brendan specifically because people like to lump in his flaws as reasons for not using brave in these discussions.

True. His name didn't stick with me as his controversies and the fact that he is co-founder and CEO of Brave weren't necessarily reasons I would forego Brave for. Feelings have to be put aside IMO in favor of merits.

Firefox used to have xulrunner and prism to provide them but now Firefox doesn’t provide a way other than a JavaScript popup via bookmarklet.

It's really unfortunate that Firefox did this. This is actually one of the reasons why I like to have a Chromium-based browser around. I might eventually switch over to Epiphany for that.

Did you mean this "chromium-web-store" extension?

firefox/librewolf

“Just use Firefox/Librewolf or any other privacy-conscious browser that isn’t Chromium-based.” I already do, but some websites/platforms don’t play nice on non-Chromium-based browsers due to Google’s monopoly on the web. Sometimes I can afford to not use that website/platform, but unfortunately not always.

😅. Thanks anyways 👍.

because of the built-in adblocker so the fingerprinting is minimized between users and reduces the attack surface

First time hearing that, thanks for mentioning that!

Bounce tracking

TIL.

Fingerprinting

Gosh, I can't believe I forgot about Brave's excellent implementation of fingerprint-spoofing.

Also Brave announced on X/Twitter that they will continue supporting MV2, Chromium won’t.

This is a big thing. Thank you for mentioning that!

if you rly don’t like Brave

I've actually for the longest time used Brave as my go-to Chromium-based browser, but it seems as if the support on Linux leaves a lot to be desired. I don't understand for example why it just isn't included in the repos of Arch, Debian, Fedora, openSUSE, Ubuntu etc. Sure; the AUR has it -also available as a not up to date nixpkg-, but the others have to either download the .deb or rpm package (which is undesirable due to inability to keep it updated at all times) OR rely on Brave's own repos, that somehow borks itself every once in a while. Which actually just happened a couple of days ago on my device*. I'm on Fedora Silverblue, so it was already quite hacky to get Brave from its own repos. But due to the repos borking themselves, I didn't get any automatic system updates at all for the last couple of days. I only noticed it yesterday when I did my weekly manual update. Perhaps I should setup something that notifies me when the automatic system update fails, but I'll prefer if the repos I rely on don't call it quits whenever they feel like it. Apologies for my rant*.

Vivaldi would be a good alternative, but is weaker than Brave, since it includes not all the protections or alternatives which Brave has.

Would you say that Vivaldi is (at least) better than Chromium for security and privacy?