I know two factor authentication is considered more secure than just passwords, but here’s the deal: One of my family members uses Linux Mint on their laptop (at my recommendation and yes, they are aware that it’s not a Mac), and while they’ve mostly adapted to the different workflows (coming from a macbook), one of their biggest pain points is that web sites are constantly challenging them because they don’t recognize their machine. It’s frustrating to them because they used to just allow all cookies in Safari, whereas I’ve configured Firefox on their Linux laptop not to keep any cookies after the browser is closed. I know this isn’t a Linux/Firefox issue, but I think they might not see it that way and I worry they’ll get frustrated to the point that they’ll go out and splurge on a new macbook air when they already have a perfectly functional laptop with functional OS.
I’m looking for some way to walk that line between security and convenience—I know they tend to be opposite forces, but my question for the audience is, is there some happy medium where I can configure Firefox so that it’s less frustrating for my family member to use without sacrificing everything in terms of security?
Right now I’m thinking I’ll need to add a bunch of web sites as exceptions in Firefox settings so at least their most frequently used web sites are easier to log into. Or maybe I’ll just allow cookies indefinitely, although I’d rather not. Is there another way to walk that line between convenience and security that I’m not thinking of? Should I just remove my tin foil hat and allow all cookies indefinitely?
Thanks in advance for your advice.
Right now I’m thinking I’ll need to add a bunch of web sites as exceptions in Firefox settings so at least their most frequently used web sites are easier to log into.
I’d go for allow cookies to be stored for the sites they use or allow all.
Yeah, I’ve decided to just allow cookies to persist without having to manage some list of exceptions. Thanks.
For my family my setup slightly different for reasons in other comments:
- do change browsers away from Chrome or Edge
- do change search engines
- allow cookies
- drop tracking surveillance traffic at the network level with something like pihole or nextdns
Gotcha, thanks for sharing your setup.
Why not use Privacy Badger to prevent usage of tracking cookies?
My first time trying to get my mother to switch from Windows to a Linux based OS wasn’t successful because there was too much friction and inconvenience for her, and she wasn’t willing to even entertain the idea of Linux for years after that. My second attempt was successful because Linux is much more user friendly than it used to be 13 years ago, and I changed my approach to make it as frictionless as possible.
Firefox just set to block 3rd party cookies + some basic extensions like adblocking and some easy privacy stuff is a good way to go about it, because it’s better than what she used previously and it doesn’t become inconvenient to her. She doesn’t know what an operating system is, or what cookies are… She just uses the computer to browse the web, emails, and light office work. She even says she prefers the current setup (though that’s because her old computer was chugging with Windows and runs smoothly now with a less bloated OS)
No need for noscript, deleting cookies, fingerprinting, or user agent stuff… Only introduce these to them if they express interest in privacy and are interested in learning more. If you try to thrust it upon them too suddenly they will just think “Linux isn’t a good user experience and is only good for tech enthusiasts and programmers”.
Nice read! 👍 🐧
Thanks for sharing your story, this helps.
Allowing cookies for websites you are logged into makes sense. If you are going to login the site already knows who you are can track you, so you do not lose much with the exception. What I do for some sites like google services is access them from a separate browser.
If using Firefox:
- uBlock Origin: Ads be gone. You need to select/add the blocklists you want.
- Privacy Badger: Automatic tracker blocker with no configuration required.
- Cookie AutoDelete: Saves cookies for the pages you want it to, and nukes everything else.
- Firefox Multi-Account Containers: Keep your activity in separate silos. That Banking container cookie won’t be visible to that Porn container’s JavaScript, Meta’s container can only see Meta’s stuff, etc.
I use a bunch of others, but the above are my bare minimum.
Don’t believe anyone who tells you that one extension does everything.