N.E.P.T.R

I am using OpenSUSE Tumbleweed. I’ll try enabling Wayland using the environment variable for a game when I get on later.

I dont get flickering on my OLED on GNOME with VRR. Odd.

For real, a good font.

It’s Portuguese

Probably just has it run at login in the background.

flatpak kill some.app.id

Instantly kills it.

Yes there are. Actually quite a lot. They hate it because it isn’t a perfect solution in every single case that X.Org provided but ignore the long history of vulnerabilities, bugs, and cursed workarounds present in X.Org. it is getting harder for them to hate though as most of the pain points (eg. color management and global shortcuts) are part of the standard now.

Sadly it only works on Google Pixel. I’d recommend LineageOS, but the images aren’t signed so you can’t lock the bootloader.

GrapheneOS

eOS is just Android, so Android apps work.

That aside, eOS has a history of being often behind on security patches and updates, so it is highly recommend to avoid it.

For example Richard Stallman

Thank god. It is a fantastic game.

No

Firejail is a large SETUID binary which can (and has) aid in privilege escalation. It is recommended to avoid it for this reason.

See: https://madaidans-insecurities.github.io/linux.html#firejail

If you are relying on community sandboxing profiles and not making your own, i can understand why Firejail is interesting as a choice because of its large community.

If you are making your own, consider checking out Bubblewrap (available on most Linux systems), Bubblejail), Crablock, and Sydbox, which all use unprivileged sandboxes.

It really isnt any defense. All a website can do is initiate a download, websites are sandboxed by default. You still have to run the executable, which doesnt really apply to Linux because the file will have no executable permission.

Yeah okay.

My logic was that it is much more likely that someone will spoof there useragent already if they are on Linux. If threat actor is targeting not just Windows but also Linux, they probably would understand the very real likelyhood of platform spoofing.

That isnt a great defense against malware “imho”. Security through assuming the threat actor is lazy is just not security. It doesnt take like any effort on their part to just use some off-the-shelf OS fingerprinting code. It isnt worth it either because it contributes to your overall fingerprint, since normal RFP users have a standardized useragent for Windows and Linux separately.

Firstly there is no need to be condescending.

Secondly, do you block all JS? NoScript is not a silver bullet and doesnt stop fingerprinting, it is itself identified by the CreepJS test site. It may in this case reduce the chance of OS fingerprinting, but pure CSS methods exist as well.

Additionally, NoScript is laregly redundant with uBlock Origin since you can do everything that it offers, such as blocking 3rd party scripts/iframes/all, block fonts, block JS, and it is very granular.

Bottom line, you are fingerpintable.

It is trivial to identify OS platform because browser work differently on each platform. Wjat Librewolf does with useragent on Linux actually is makes users stand out more because it isn’t what privacy.resistFingerprinting (RFP) reports on normally.

Hackers (like the comment scenario i was responding to) are substantially more likely to employ platform fingerprint than trust a fale useragent. And loads general websites employ fingerprinting, meaning deviation from default RFP behaviour makes you stand out (more than you already do by using RFP since it is a small pool already).

You can lie, but that doesnt mean that a website cant still tell your base OS if they use JS platform fingerprinting. Arkenfox, the base config which Librewolf is based off of says the exact same thing. Go to CreepJS and see it get your platform regardless.