Recently I did an article about the sad state of Firefox security. That article was a bummer for people looking to escape the Google browser monopoly, so this Shortie is here to serve as more of an upbeat follow-up.I wanted to find an alternative for Firefox that was actively being updated, has been around for a long time, is lightweight enough to run on old computers or in a weaker Virtual Machine, and makes a political statement about how YOU as a PERSON want to escape the post-AI/post-Javascript internet landscape. Enter Lynx.
Lynx is a lightweight browser with a lineage that is about as old as the Internet itself. It is extremely lightweight and minimal, with a low memory footprint, and can only render html and markdown. As a result of cutting out CSS and Javascript, Lynx is a very honest browser; you will see the sins of every website you visit. You also cut out a lot of attack surface, and most non-cookie trackers and naive fingerprinting scripts can't run on Lynx. Javascript-dependent malicious pages won't be able to execute their payload, and all websites really see is that Lynx from an IP address of (your ip here) is trying to connect. Lynx does have a couple problems that can be pretty major: no multi-process architecture and no sandboxing. This basically means there is no protection for the system against a specifically crafted attack against the Lynx browser, and this means no site isolation either (though this isn't much of a problem since Lynx can only run one tab at a time, and running multiple pages in Lynx means running multiple instances of Lynx that are running as different PIDs). Thankfully, we can protect our systems against the very niche (but plausibly existent) threat of Lynx attacks.
To sandbox Lynx we're going to use SELinux on a Redhat-based distribution. All you need is Lynx and the package policycoreutils-sandbox. From there, we need to make a sandboxed /tmp in our home. You can run the command "mkdir .tmp .tmp/lynx" to do this. Without access to /tmp, Lynx cannot download data for certain websites and will crash. You can also make a home folder for Lynx if you want to save data, but this is optional; you can run the command "mkdir .home .home/lynx" to make a home folder for Lynx as well. Now all you have to do is run "sandbox -t sandbox_web_t -T ~/.tmp/lynx -H ~/.home/lynx lynx" to run your newly sandboxed Lynx browser. Breaking down this command: sandbox calls upon SELinux to load a policy, and -t specifies the policy to use. Without -t, it loads the most restrictive SELinux policy it has. The profile sandbox_web_t is the most restrictive policy for web browsers, only granting access to the ports for HTTP/HTTPS traffic, there is a sandbox_net_t profile but it is more generous in permissions. The -T argument specific a /tmp directory, and -H specifies a home directory. Finally, we add our command at the end. Once again, the -H argument is optional and only for saving things in Lynx. To make this command easier to launch, just open up ~/.bashrc in your favorite text editor and add "alias (your custom command here)='sandbox -t sandbox_web_t -T ~/.tmp/lynx -H ~/.home/lynx lynx'" From there you can just run ". ~/.bashrc" to reset your terminal and your alias should be ready to run a hardened Lynx.
Lynx is a fantastic little browser from a bygone era, but the internet has tumbled wildly out of control and we need more options that respect the user. Using SELinux we can protect the system from Lynx, but we can even adjust our application to run multiple contained Lynx instances, bringing Lynx into the modern age of computer security. Lynx has a minimal footprint that can't even load CSS or images, and now we have just made it more resistant to targeted attacks. Unfortunately, we cannot completely disregard the Gecko engine as Lynx has no privacy protections outside of cookie blocking. In short: you are not anonymous with Lynx. If you need to browse anonymously, the Tor Browser is absolutely required. Lynx also cannot log you in to web applications, so another GUI browser is needed alongside it. However, browser compartmentalization is good security hygeine and we can absolutely use Lynx for quick searches for information, and Lynx will help cut through all the distracting features the Internet of today tries to force on users. Make sure you visit https://newmoon443.neocities.org/ on Lynx as well, my minimal approach to this site makes it so the site renders as intended in Lynx. That's it for this week, the internet is a hologram download Lynx okay BYEE.
return to home return to mobile site