Hey kc1, I like your other posts on this forum and have no hard feelings.. so I disagree from a purely debate/idea perspective...
I disagree with every point made.Don't use a password manager.
Password managers ain't secure.
If you're really worried then install Firejail sandbox or any other sandbox.
Another option is to install Firefox Snap which is run from inside a container and supposedly nothing is able to get inside of the container.
Hey, so I setup a Fedora VM which has Wayland natively by default. I ensured Wayland was being used by command line.That's a very old article and appears to be written by someone explaining the advantages of something they were working on. To my mind, they're turned the volume up quite high.
The Wayland folk were concerned enough to do something about it, it took a while, but Wayland now has several implementations. Wayland is now used by default in many Linux desktops. But you still need to ensure you browser and password-repository of choice runs native in wayland and doesn't just run in XWayland. You still need to be able to share data between windows, media-devices, etc, until you don't. The need to share may still open up a lot of unforseen (probably non-browser based) exploits.
There are heaps of non-X11 hardening one could do, such as runnings browsers in Xnest (a nested session), layering on capabilities, udev rules, containers, task specific logins. Some distro's are armoured-up out of the box. There are also disto's focused on achieving the best security possible.
Then you chose to share the entire screen because with Wayland you can choose which screen you want to share because you get a popup screen giving you a selection, if you want to share only a specific browser tab or application window.Hey, so I setup a Fedora VM which has Wayland natively by default. I ensured Wayland was being used by command line.
With Wayland, I ran firefox and hit share screen on Jitsi chat... and it can still see the other windows.. for example a password manager.
Perhaps these will work for you.I disagree with every point made.
1) lastpass is online & propritary. we're talking about offline. as opposed to what, you writing by hand long complex passwords?
2) Firejail doesn't isolate firefox as just demonstrated in this thread right before
3) Snap is a weak sandbox. Even weaker than firejail. Check out this quote from
Snap is a software deployment and package management system like AppImage or any other package manager for that instance. It is originally designed for the now-defunct Ubuntu Touch Operating system. Snappy lets developers create software packages for use in a variety of Linux based...www.ubuntudocs.com
"The sandboxing feature, a very important one indeed from a security standpoint, is flawed in that the sandboxing actually requires certain other core services to run (such as Mir) while applications running the X11 desktop won’t support the said isolation, hence making the said security feature irrelevant. Questionable press releases and other marketing efforts from Canonical and the “central” and closed app repository are also widely criticized aspects of Snappy."
Don't ever quit. Never quit. Never show anybody you're hurt. Grin and walk through the cannon smoke. It will drive them up the wall. You always stay true to your own principles. You always believe in your gift. God doesn't make mistakes when he presents someone with a gift like that. It's there for a reason. Tell the naysayers, those who reject you, to drop dead! Who cares?
--James Lee Burke