Solved Best alternative browsers for use with FreeBSD

C

Cedric62

Right now I'm using Firefox 151.0.3, but I'm now wondering what would be the best browser to use alongside Firefox?

My plan is to keep using Firefox for regular use such as watching videos, or posting in this forum, but what would be the best browser to use for online banking and that sort of thing?

Any info greatly appreciated.
 
what I did for my "banking" firefox: have a jailed firefox which can only connect to my local dns resolver (only resolves the webdomains of my bank and their subdomains) and to a bunch of IP addresses (of my bank and the needed subdomains) that are resolved when the jail is started.
 
Well, Teams is broken for example for video calls (if you don't use it doesn't apply). What is broken depends on the firefox version and whatever changes microsoft is doing for that week.

Other than that I don't see much reason to go with chrome.
 
Is Firefox installable from pkg now? pkg search on ARM64 (aarch64 :p) RPi 15.1 doesn't show anything, and ESR was missing/fallout for a week or 2 AMD64 iirc

Edit: esr was available no problem amd64 15.1-STABLE :D
 
Last edited:
I've recently started using librewolf. It's a Firefox based browser and it's very locked down but you can change your settings if you like.

FreshPorts -- www/librewolf: Custom version of Firefox, focused on privacy, security and freedom

LibreWolf is a free and open source web browser descended from the Mozilla Application Suite. It is small, fast and easy to use, and offers many advanced features: o Popup Blocking o Tabbed Browsing o Live Bookmarks (ie. RSS) o Extensions o Themes o FastFind o Improved Security
www.freshports.org www.freshports.org
 
LibreQuest said:
I've recently started using librewolf. It's a Firefox based browser and it's very locked down but you can change your settings if you like.

FreshPorts -- www/librewolf: Custom version of Firefox, focused on privacy, security and freedom

LibreWolf is a free and open source web browser descended from the Mozilla Application Suite. It is small, fast and easy to use, and offers many advanced features: o Popup Blocking o Tabbed Browsing o Live Bookmarks (ie. RSS) o Extensions o Themes o FastFind o Improved Security
www.freshports.org www.freshports.org
Click to expand...
Or you can start locking down Firefox yourself. Because Librewolf might give you a false sense of security. You can try to disable Just-In-Time compiler (JIT) in firefox to start with - that's one of the biggest attack surfaces.
 
Espionage724 said:
Is Firefox installable from pkg now? pkg search on ARM64 (aarch64 :p) RPi 15.1 doesn't show anything, and ESR was missing/fallout for a week or 2 AMD64 iirc

Edit: esr was available no problem amd64 15.1-STABLE :D
Click to expand...
ESR's still not available on CURRENT; anyone happen to know why?

Main Firefox's "revamped" settings page is as-bad as Win11 with hiding stuff in hidden tab views and almost making Chromium look interesting...

Like, seriously? What's the block for if it's still going to default-present a chatbot on context menu? ( browser.ml.chat.menu removes that)
ff.png
 
As several others have said, most browsers are generally on the same level of secure; you won’t have to worry about your banking info getting picked up over the wire. However, if you’re the neurotic type, a hardened-locked down browser may be for you. Some examples include the previously linked LibreWolf ( available in the ports tree. ) If you’d prefer to use popular first party browsers, some hardening solutions for those exist, such as Firefox’s Arkenfox. Of course, these are third party, so YMMV. Google is your friend.
 
I really don't understand what is this whole 'alternative browser' nonsense.

Do you want to do finance and be safe? Get a cheapest brand name tablet or smartphone.
Don't do anything on that device bar install the app(s), and work with them.
Do you want to go extra mile for security? Firewall off the internet on your network for that device, allow only connections to banking services / app store.

Please use common sense and don't use FreeBSD as a hammer when the problem is folding a piece of paper.

Imagine you get hacked. You call the bank. You explain to them your alternative browsers, your isolation setups, whatever, they just roll their eyes and declare "user error" without any obligation to return the funds.

On the other hand, you call them and tell them I bought a Samsung/Apple phone explicitly for mbanking, and used it for mbanking only, without it ever leaving your house. "Dindu nuffin" and the ball is in their court. They need to prove an user error now, and they won't be able to raise any doubt about phishing because you can give them enough data or permissions to see you don't have any messengers installed and there were no SMS/calls going in/out of the phone.

This is the sad state of reality so align to it. The corporate and some of the state actors are seeking "attested platforms", e.g. closed off smart-devices with hardware non-tampering stuff, exactly for this case - they want to put a terminal in your hands that is used to access the service, not a general computing device. Yes they are not doing it for security but to siphon in user data from such a non-controllable terminal device, but they're doing it none the less.

It may be weird to hear this from professional on FreeBSD forum, but take a look around you - how many people you know, have been hacked using a major bank app on the cellphone? It happens less than with computers. Why? Because cellphones and tablets are used by noobs that just use them as they're told. With computers, you can have people that like to tinker, but do not have a wide outlook of the problem area they're tinkering with. There were posts on these forums, people got simply phished. No pf ruleset no isolation no custom/alternative browsers will protect you from that. What happens here, is that someone invests too much time to get irrelevant layers of protection while totally negating the most obvious one.
 
P.S. I ran Windows 2000 Pro from 2001 to 2008, with a 56k direct modem connection.
Warez, cracks, P2P, IRCing, you name it. Public IP. Software firewall (Sygate) on the OS. Opera browser.
A regular user would have 0 prudency to use it, they would somehow end up with firewall disabled, IE installed and a ton of shitware on the infected computer in two days. For me it was a daily driving clean computer that carried me through comp. sc. college, early sidegigs and work.

Back then, as well as today, 99% of security is in the usage patterns.
 
Zare said:
P.S. I ran Windows 2000 Pro from 2001 to 2008, with a 56k direct modem connection.
Warez, cracks, P2P, IRCing, you name it. Public IP. Software firewall (Sygate) on the OS. Opera browser.
A regular user would have 0 prudency to use it, they would somehow end up with firewall disabled, IE installed and a ton of shitware on the infected computer in two days. For me it was a daily driving clean computer that carried me through comp. sc. college, early sidegigs and work.

Back then, as well as today, 99% of security is in the usage patterns.
Click to expand...
I was using macOS for 12 years (2013-2025), never got problems with any malware on it. I used to have Windows dual booted. I used it like 1% of the time for some gaming. I had 4 computers for macOS (hackintoshes) for that period and Windows was always modern versions of Enterprise LTSC. I never visit anything on the Internet despite youtube, google and famous websites (e.g. reddit, strackoverflow (rip) etc)
All security updates.

And you know what? Somehow I've managed to catch miners two times. I have zero bad patterns of insecure behaviour, scammers tried me to social engineer me like 15 times, never succeeded.
One time miner started working after upgrade of GPU to GTX 1080 Ti.

Second time was last year. It made an exclusion in Windows Defender for it. All I did before that - I've installed AnyDesk from official Website, Parsec from official website and DuckDuckGo from Microsoft Store. Also updated klmcodecs from official website. I know that malware can go even from Microsoft Store.

I never tried sandboxes on Windows. Anyway once you catch malware it's too late for your data and your system is compromised. No "miner_deleter.exe" does not guarantee that your system is yours. And I have few friends who have no viruses for years. I catch them occasionally even if I don't really use Windows 99.9999% of time now.

Anyway from my expertise, there is no really a problem to just use FreeBSD/Linux on some weird laptop with encrypted system drive and encrypted virtual machine inside. If you're a trader, you probably will need 3x3 displays of matrix :D

I mean people require to work with financial stuff all the time. Just have clean, controllable environment for that. Not necessarily FreeBSD, you can use VirtualBox with Linux and doing zfs snapshots of built-in snapshots in VirtualBox. Encryption.

If you just want to save your bank card to pay for lavender raff online - I can't see why you're so concerned. Any bank should have 2FA per each payment except some trusted platforms.
 
I run Firefox on both Win10 and MX Linux.

I do notice the Win10 version spawns a whole slew of processes. Dunno about MX as just getting started with it.

I’m idly looking at lighter footprint browser as my needs are simple. Then again everything on Win10 these days seems a bloated pig.
 
cracauer@ said:
I use linux-chrome for that.
Click to expand...
Why not FreeBSD's chromium?

rootbert said:
what I did for my "banking" firefox: have a jailed firefox which can only connect to my local dns resolver (only resolves the webdomains of my bank and their subdomains) and to a bunch of IP addresses (of my bank and the needed subdomains) that are resolved when the jail is started.
Click to expand...
Since I discovered that my router hijacks queries to port 53 and hence recursive unbound does not work correct,
I added to unbound.conf :

forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 9.9.9.9@853#dns.quad9.net
forward-addr: 149.112.112.112@853#dns.quad9.net
Click to expand...

But my stupid bank needs also internet in the smartphone for generating a TAN challenge. I do not understand why.
 
You must log in or register to reply here.
Back
Top