massive difference between youtube play on flatpak browser vs .deb version

Trynna3

Trynna3

Active Member
Joined
Jun 5, 2024
Messages
470
Reaction score
234
Credits
4,500
So I found out that security comes with restrictions (again).
I have two LMDE systems on two different computers.
On one the Brave and Firefox were installed via Flatpak and youtube plays with delay - sound and pictured don't align. The sound goes first and the visual lags by a number of seconds.
On the other one, when I installed it directly from debian repositories (so it seems, it was some time ago), where it isn't sandboxed like via Flatpak, the youtube plays properly. But the security risk is higher here, if I get it right.

What do you suggest to do? Both machines have 16GB RAM, plenty of disk space and one has intel i5 of 9th gen and the other has some 11th gen stuff (in he post footnote). So hardware isn't a problem.
 


Trynna3 said:
I have two LMDE systems on two different computers.
On one the Brave and Firefox were installed via Flatpak and youtube plays with delay - sound and pictured don't align. The sound goes first and the visual lags by a number of seconds.
On the other one, when I installed it directly from debian repositories (so it seems, it was some time ago), where it isn't sandboxed like via Flatpak, the youtube plays properly. But the security risk is higher here, if I get it right.
Click to expand...
I'd use the default Firefox browser.

I've never found the default Firefox to be any security risk or less secure.

If worried about browser security the download and install Firejail and run Firejail Firefox.

firejail.wordpress.com

Firejail

security sandbox
firejail.wordpress.com firejail.wordpress.com
 
The Duck said:
I've never found the default Firefox to be any security risk or less secure.

If worried about browser security the download and install Firejail and run Firejail Firefox.

firejail.wordpress.com

Firejail

security sandbox
firejail.wordpress.com firejail.wordpress.com
Click to expand...
Depending on what access you give it. I am not too smart on this topic, but from the AI, it advised me to enable access to the home folder to the Flatpaked one, and warned there can be a security risk if malware visited my system (tailored for Linux of which there will be more in the future). There is probably a reason why it is sandboxed via Flatpak.
 
AI does not always get it right :)
 
kc1di said:
AI does not always get it right :)
Click to expand...
I know, but if not for the AI, I wouldn't be on this forum, also fixing my own machines, upgrading, and troubleshooting both Windows and Linux. I was just as any normie a year ago and still mostly am.

The question is: was AI wrong in this instance?
 
Trynna3 said:
The question is: was AI wrong in this instance?
Click to expand...
AI is only as good as what is programed into it.

I'm not real impressed with AI.

I wasn't impressed by the TUX penguin that was on Linux.org forum and glad to see it gone.

I guess if it gives comfort to users power to it.

I'll rely on my own searches and decide for myself.


Trynna3 said:
The question is: was AI wrong in this instance?
Click to expand...

To answer your question imo AI didn't give the right information for Firefox.

I'll stay with the default browser over any aftermarket third party browser.

Best advice I have is learn what security features and security options browsers offer and use them.
 
The Duck said:
To answer your question imo AI didn't give the right information for Firefox.
Click to expand...
Its note wasn't about Firefox only, it was in principle that sandboxing apps increases security and having not sandboxed internet search, at least, can increase vulnerability. That's how I understand it. Browsers were just one part of the whole thing.
I think I have heard that Brave also has its tabs sandboxed, not sure whether I got it right, so it should be somewhat save, if I get, let's say, some infostealer, it should be kept within that one tab, but that is my brief idea about what it meant and it might be wrong.
Cyber attacks are growing in intensity, ingenuity, looking for every possible crack. Today it isn't only that you need to go on the web to catch something, simply having outdated system is enough to be found out and having all that mess thrown at your system (like installing Windows XP and connecting it to the network, without opening the browser, for example). Cyber security experts have difficulties to keep up with this rapidly advancing field and they better focus on a narrower field to master it, because one cannot be an expert on the entire thing anymore.
 
I'll toss this into the mix.

Chromium (and Chrome and the like) have sandboxed tabs.

Firefox is also sandboxed, along with a couple of other aspects like plugins/extension and the overall browser instance.

You can do some isolation with Flatpaks but they are not guaranteed to be sandboxed.
 
I've done some searching and Flatpaks are sandboxed although not very well.

I hadn't realized that Firefox was sandboxed.

I guess that happened once Firefox became containerized.

It makes sense as containers aren't easily sandboxed with third party sandboxing.
 
kc1di said:
AI does not always get it right :)
Click to expand...
yes, prompt engineering is a whole other mess/conundrum, you really do have to look at each little piece of information at a time, and sometimes you have to resist the urge to talk to it forever and get off (it's even okay to be mean to it, but it won't really do you any good in the long run...)
 
So what does it all mean? When sandboxed = secure from infostealer for other tabs than the one that potentially brought malware into the system?
 
Trynna3 said:
So what does it all mean? When sandboxed = secure from infostealer for other tabs than the one that potentially brought malware into the system?
Click to expand...
All sandboxing does is runs whatever is sandboxed inside of a perimeter so to speak.

Will it keep others from collecting you data.
Nope.

Will it keep you from getting compromised.
Nope.

A sandbox is just an added layer of protection for browsing the WWW and nothing more.

In Windows users run antivirus and anti-malware suites and still get compromised.

Most always from a users poor web habits.

Linux isn't as vulnerable to exploits because Linux requires user administration to do run software.

That being the case doesn't mean Linux is bulletproof as nothing is bulletproof.

Stick with default software as it is usually developed to work with the Linux distro it comes with.

I think some users are sometimes their worst enemy when it comes to security.

Some users read all of the FUD that's posted thinking it spot on and become paranoid.

I just use the basic security firewall with default settings and common sense web habits.

As long as the firewall is enabled and you have an ad blocker you are good to go based on my use.

I search the dark web all of the time and never had a bad guy attack.

Use Linux and don't worry as Linux is pretty secure OOTB.
 
The Duck said:
I search the dark web all of the time and never had a bad guy attack.
Click to expand...
How do you know? Your firewall blocks unwanted traffic from outside, not exfiltration of stuff from inside (unless specifically set up, which I have no idea detail wise), especially with default settings.
Modern malware is increasingly recluse, you are not supposed to know you have it, for it to do a job quietly, or be dormant until activated.
Just yesterday I watched a video how some clever hackers hacked the Virtualbox, targeting the connection between the VM and the host, leaking stuff to the host system (Low Level elaborated about it). They are always one step ahead, patches coming as the second.
Could a malware be downloaded from some spiked website and wait in RAM, until I authorise some other software with a password and get in along?
 
The Duck said:
I search the dark web all of the time and never had a bad guy attack.
Click to expand...
If I feel I have bad guy stuff on my computer a simple restart and it's gone.

I don't use mainstream Linux.
I boot from a save file on a usb flash drive.
Everything loads and runs from ram.
Ram is volatile therefore power off or restart computer and all bad guy stuff in ram is gone.

I have no HDD or SSD in my computer.
I run 100% from ram.

Trynna3 said:
Just yesterday I watched a video how some clever hackers hacked the Virtualbox, targeting the connection between the VM and the host, leaking stuff to the host system (Low Level elaborated about it). They are always one step ahead, patches coming as the second.
Could a malware be downloaded from some spiked website and wait in RAM, until I authorise some other software with a password and get in along?
Click to expand...
My whole point in my earlier post about FUD.

You watch this stuff and become paranoid and worry.

I don't worry about this kind of stuff.

If you are that paranoid and worry that much your best bet is to stay off of the WWW.

Bottom line if bad guys wants your information you ain't gonna stop them from getting it.
 
The Duck said:
My whole point in my earlier post about FUD.

You watch this stuff and become paranoid and worry.
Click to expand...
I don't know what FUD stands for.

And more than paranoia, it is education, of the possibilities and thinking forward, be cautious.
If I was paranoid, I wouldn't be on the web.

"Bottom line if bad guys wants your information you ain't gonna stop them from getting it."

Not always. Most of malware infections are by chance, people opening the door by themselves either by clicking on something, or downloading something. Gamers get a lot of bad stuff from spiked 'games'. Targeted attacks are for the bigger fish with money. Attack on institutions with personal data of thousands or millions is a different case. My data is on the dark web already from such attack on the pension fund a couple years ago. I don't need to give these crooks also my money though. I think I know about cyber security more than an average person and therefore I am cautious. Not an expert, just aware.
 
Trynna3 said:
Not always. Most of malware infections are by chance, people opening the door by themselves either by clicking on something, or downloading something.
Click to expand...

PEBKAC​


Trynna3 said:
Gamers get a lot of bad stuff from spiked 'games'.
Click to expand...
None of the Gamers I know have ever been attacked.
 
@Trynna3
I'm curious as to how long you have been using Linux.
 
Just about a year, half time, half on Windows.

So to conclude this topic: .deb packages are fine for at least these two browsers and sandboxing sandbox affects performance too much to my like.
 
You must log in or register to reply here.

Similar threads

M
Linux Privacy, Security & Libre - Let's Have a Chat
Replies
0
Views
2K
mrlen
M


Follow Linux.org

Members online

Total: 2,760 (members: 1, guests: 2,759)

Latest posts

Top