Secure iOS Browsing

My day to day preferred way to browse is using my iPad, but I was wondering if there were any recommendations for how to do it more securely. I used to use android, and there I could use Firefox with ublock origin to block scripts etc, but iOS doesn’t have anything on that level. I can use content filters but they’re not as thorough as ublock or have the ability to selectively run particular scripts as needed. I can use SnowHaze or Brave to block scripts, but they are all or nothing solutions and if I’m suspicious of a site I can’t look to see what scripts they’re trying to run or where they’re from. Firefox and DuckDuckGo only do basic tracking blocking.

I’ve looked into using VNC to a desktop browser and go from there but it’s very clunky and doesn’t work well. I know puffin uses a server rendering solution that renders a site on a remote server and sends a stream with the results but that is very privacy intrusive.

Does anyone have any solutions or ideas for iOS that I might work with? Containers or VMs might be a pipe dream, but just the ability to control scripts at a more detailed level then all or nothing would be great.

In general, every major web browser (including Safari) that is up-to-date can be considered “secure enough” for daily usage.

AFAIK, the latest iOS version introduced the possibility to choose other web browsers than Safari as the default. Maybe, this is also possible on your device after upgrading.

Another more complex solution is to deploy network-level content filtering (e.g., a Pi-hole). Of course, this likely doesn’t filter JavaScript completely.

Just a note here: Keep in mind that VNC (or the underlying RFB protocol) is very insecure nowadays. VNC only supports very weak authentication and no encryption at all. There are some non-standardized extensions to fix this; however, I wouldn’t rely on this. So, if you want to use VNC, only use it via a VPN tunnel.

Apart from this, as you said, using VNC to remotely connect to a computer for browsing makes everything more complicated. Keep security simple.

2 Likes

It’s true they’re generally good, but I’m a bit of a tin foil hat type who doesn’t use ad-blockers for speed, but because of malvertizing. As such I treat every site as a possible vector to hack my system; trust no one is a general rule of thumb.

As for using other browsers, that was part of my question, is there a browser that is more secure than safari and it’s content filters or brave and it’s ability to block all scripts. I already have a Pi-hole as another layer in my browsing security.

I’m aware of the security issues with VNC, but I use it on my internal network on a subnet that only has my iPad and the desktop system so I’m not concerned. I’ve also used RDP.

The two approaches you’ve described are what I’m familiar with.

  1. Deny all scripts by default and allow all when you need to interact w/ a site using say SnowHaze. You also only get the blocklists that come preconfigured with the browser when you do enable scripts.
  2. Use any number of content blockers (e.g. AdGuard, Better.fyi, Firefox Focus) w/ Safari and disable them if they break a site.

Regardless of browser though, all Webkit-based browsers benefit from ITP (like full 3rd party cookie blocking) but with Safari/content blockers you get the possibility of cosmetic filtering. I’ve found option #2 works best for me along with using a DNS-based blocking approach at the network layer.

Another option maybe worth exploring is UTM (source); which would allow you to run Linux in a virtual machine on your iPad (no experience using it however). You can avoid jailbreaking your iPad to install the .ipa directly by sideloading it with Altstore (source) (macOS or Windows support only though).

1 Like