Safer Internet Research using Kasm Workspaces for Privacy & Security through Browser Isolation
Internet research often means exploring many corners of the web while reviewing the work of security researchers and hackers. This activity brings the challenges of how to keep your identity private and your workstation safe from malware.
Here is a prime example: I’m browsing /r/netsec, a popular network security sub-Reddit. Someone has posted an article “How I Bypassed Custom SQL Injection filter and performed Blind SQL Injection”. Ok, I’m interested. But then I look at the link — what is mannulinux.org? How do I know if it, or the dozens of other links referenced here, are safe and reputable?
In this post I’ll show you how to utilize Kasm to browse the web using secure, disposable and anonymous cloud browsers.
Kasm Workspaces is a software stack created by Kasm Technologies that allows you to create on-demand instances of containerized desktops and browser that you can access directly from your browser. The system is orchestrated with Docker and all sessions are Linux-based. The underlying connection technology is open sourced as KasmVNC.
For home/personal use, the Community Edition provides five simultaneous sessions at no cost.
What about just using Incognito Mode?
Incognito mode of standard browsers offers a small improvement to privacy by not saving your browsing history or sending previously saved cookies to websites but the traffic is still visible to your ISP and the website still knows you are coming from the same IP.
With Kasm, your entire browsing environment is fresh each session. No cached content, history or cookies persist. Since you are deploying Kasm on a cloud server, your ISP does not see the browsing traffic, and the websites you visit only see the cloud server IP.
Incognito mode offers no improvement to security since any page visited still runs on the local computer.
What about just using a VM?
VMs consume resources on your machine slowing things down. You also have to remember to power them on and off when you need them. Once installed, you can create Kasm browsers in a couple of seconds with a single click in your browser.
What about just using a VPN?
While VPNs encrypt traffic from your local computer to the internet, the websites you visit can still have a concept of who you are via numerous fingerprinting and tracking mechanisms. The connection to Kasm is encrypted. Since each new session is pristine, many of the fingerprinting and tracking mechanisms are rendered ineffective.
In this example, we will be setting up Kasm Workspace on an Ubuntu cloud-hosted VPS so the IP of my Kasm browsers will not be directly attributable. You can download the latest version of Kasm Workspaces directly without any sign-ups.
Once logged in, select Kasm from the User menu. A list of images pre-built images maintained by the Kasm team will be shown but you can also create your own. Clicking on one of these images will create a new on-demand container.
For example, clicking on Firefox, will create a brand new container that loads a pristine version of Firefox. Notice I’m accessing this browser from inside my laptops main browser, Chrome.
This is incredibly powerful…
- The session is pristine with no browser history or cookies from my host computer or previous sessions.
- Any website I visit only runs in the context of this session. None of the website’s code runs on my personal computer — only the remote browser in the disposable container.
- The session is running the full edition of Firefox so I can add my favorite extensions and I can be confident most websites will work.
- Websites will see the IP of my Digital Ocean server and not my home or work IP.
- At any time I can destroy this session and start a fresh one over again.
Clicking the tab on the left side of the screen will open the control panel that gives you the ability to download and upload files, share your session, pass through your microphone and destroy the session.
Kasm provides a “Kasm — Open In Isolation” Chrome extension that can be used to open links in a Kasm session. This is great if I encounter a link while using my native browser that I’d rather open in Kasm.
For this feature to work, we need to configure one of the browser based Images as the Default Kasm Image.
Once installed , open the options of the extension to enter your Kasm server’s URL in the options.
Add your Kasm server in the options
Once installed, a new menu item “Open link in Kasm” will be presented when you right click a link.
Open Link in Kasm option presented when right-clicking a link
Clicking this will open the link in a Kasm Session. It will open the link in a new tab of an existing Kasm Session if one exists.
Kasm is a great platform that facilitates a convenient, secure and private way to browse the web.
Originally published at https://medium.com on October 9, 2020.