Comment by fsflover

3 hours ago

> The web page you are visiting contains personal information, and that is where the mischief can be made.

This is a weird threat model. You trust some website with your personal information but you don't trust that images they embed are trusted and will not attack you. Nothing will save you here except switching off showing pictures, which you can also do on Qubes.

I would say, if they really embed malicious images, then they probably have other problems with security, which nothing you run can help with.

2 comments

fsflover

Reply
lern_too_spel  1 hour ago

> Nothing will save you here except switching off showing pictures

Or having a trustable image decoder, which is what web browsers actually do. This is a basic requirement that you are proposing to do away with by instead not showing images at all.

  • fsflover  5 minutes ago

    > trustable image decoder

    This may never exist, since all software have bugs. Instead, you can isolate opening your pictures into a different VM, keeping this VM safe.

    > what web browsers actually do

    Haven't we seen related vulnerabilities?