What's the best way to container multple web browsers for security?

Running ubuntu 16.04 on my old latitude e6410. I’m looking to be more security conscious when it comes to online transactions and banking. Was looking for a method a little lighter than running multiple VMs. I have no idea what other methods there are now. I’ve heard of docker and flatpak and snap but I’m not sure exactly how they work or if they are a viable option for such compartmentalization. What are you suggestions? I would be looking at running 3 or 4 different isolated instances of firefox.

Ublock Origin, Ghostery, https, verify certificates.

Docker is far from security in most cases. Running nested VMs isn’t going to protect against a keylogger or someone breaching your bank’s database.

Maybe I don’t understand what you’re asking…

I recommend some unprivileged LXC containers. Because they provide better security and isolation over the basic UNIX chroot. You can also look into this, though I have never done it myself: http://blog.z3bra.org/2016/03/hand-crafted-containers.html#


There’s firejail that has ootb profiles for firefox and chromium, it can even run the containerized programs isolated from the rest of your X environment by using Xephyr.
Iirc it doesn’t isolate multiple instances of the same program tho, for that there’s another easy solution, SELinux sandboxes, but for that you need SELinux and the appropriate software packages, which are available in CentOS, Redhat & Fedora.

IMO with a desktop PC the best way is to use a couple (or a number) of small SSDs with a Linux install on them, which you put in a hotswap bay so you can boot from them. That way you don’t have to worry about having a keylogger in your main OS.
That’s basically how I set mine up.

With a laptop … well … yours has a DVD tray so you can get a caddy in which you mount the SSDs.
It’d be a lot more work than a regular hotswap bay and it’ll be slower due to having to reboot instead of just firing up a VM, but it is doable.
The question is how much convenience you’re willing to give up for increased security.



Could you use an USB docking station for the SSD? Rather than removing the dvd drive.

There’s a workshop during the recent LinuxConf Au that talks about using LXC to contain apps on desktop.

1 Like

I think this OS may do exactly what I’m describing in the thread below. Have you use this OS?

Proxmox or Qubes?


Used it briefly months ago… I been wanting to convert over to it… but I havent had the time to yet.

That could be possible as long as you’re using Linux (Windows has issues booting full installs from USB).

1 Like

That’s a good point. I have an esata port on the laptop I could just get a dock and some cheap old 64gb ssds