security question -- spot, containers, google, EasyOS -- SOLVED

[Subito Piano]

Hi! In my work environment I HAVE to access google (specifically, gmail and youtube). I've been trying to keep google from its nasty habit of pestering me even when I'm not using it and realized part of the solution is to use a different browser just for google (and youtube and whatever else I find google owns) -- currently Brave, or Tor if I have time to wait. I already subscribe to Proton VPN.

But I'm thinking, does running Brave as Spot keep google's hands off everything else in my computer? I know I can upload files through Brave even though I am running it as Spot, so am I correct in thinkng that google access my files? Or can it only access open tabs in Brave, my uncleared history, cookies, etc.? (I clear everything when I close Brave, of course.) If running Brave as Spot doesn't keep google away from my files, perhaps I should consider EasyOS -- if containers will help. If I use a browser in its own container, will that keep google & co. away from all my files?

Thanks in advance for advice.

[williwaw]

in what way does it pester you?

I dont pretend to know all the ways google works, but if you are logged into a google account from a particular IP address, then there is a correlation.

what other browsers or add-ons may report to google might be configured or limited if you are not logged on to google thru that browser, but the sites you visit while using the different browser may frequently use google services, and of course the sites you visit also know your IP address and may forward that info to google, especially if google is delivering third party content to you.

[rockedge]

If I use a browser in its own container, will that keep google & co. away from all my files?

Yes.

[BarryK]

Yes, in EasyOS you can run a browser in a container; however, just running as a non-root user provides isolation.

Easy goes one-better than spot, runs each app as its own user. Currently I have Chromium and Firefox installed. Chromium comes built-in, Firefox is a simple download from the menu.
Chromium runs as user "chromium", Firefox as user "firefox".

/home/chromium and /home/firefox, the home folders for the browsers, have 700 permissions and chromium:chromium and firefox:firefox owner:group
This means that the Chromium browser cannot see into the Firefox home folder, and vice-versa.

[Subito Piano]

Thanks, guys!

@BarryK -- for the comprehensive answer. So spot = no access wherever. That will save me having to move to EasyOS ASAP in a production environment (i.e., no late nights learning and tweaking, I can experiment with Easy at leisure).

@rockedge -- short, swift, and to the point.

@williwaw -- it pesters me by showing up asking me if I want to use google to log into this or that -- how do they know I use them? I figured that out, hence my dedicating a browser more or less exclusively for google, having it clear everything when I exit, etc. It disturbs me that they (and other nefarious sites) can see my other tabs & history and might even be able to look at my files. As I mentioned, I use a VPN to hide my address, and FossaPup nicely hides my MAC addy, plus I have various no-spy add-ons.

God bless!

Marty/Subito Piano

[williwaw]

@Subito Piano

it pesters me by showing up asking me if I want to use google to log into this or that -- how do they know I use them?

if you "view page source" of this page, very close to the bottom you will see
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>

this is an external resource your browser just obtained from google when you loaded the page. If rockedge also offered a feature whereby you could login to the forum with your google account credentials, you would be pestered.

to see how unique your browser is https://coveryourtracks.eff.org/

[Subito Piano]

Nice link, thanks, williwaw!