A More Secure Way to Browse The Web Using Docker & VNC

Normally I like to browse the web through a Virtual Machine (VM). I would build out a VM (various flavors of Linux), take a snap shot, and launch the snapshot each time. Why do this? Anonymity and security.

Lately though, this method hasn't worked out very well for me, just because of how resource intensive it is to emulate a Linux box. I was able to get away with VMs on my desktop because my desktop was very generously spec'ed out. Since "upgrading" to a laptop, my methods have fallen apart. Bang for the buck, laptop hardware is slower than desktop hardware. VMs on my laptop run, but run very slowly.

So came a thought, why run a VM? Why not a container? The benefit of a VM is that is emulates the entire kernel & hardware. When browsing the web, the main risk to anonymity is cross site tracking through the form of browser finger printing (cookies, etc). That is something that is occurring at the application level. So running a VM, which emulates the kernel is an over kill if the aim is to obfuscate at the application level.

So in comes containers. Containers, unlike VMs, do not emulate the kernel; because of this, they run quicker. From the kernel level and up, they provide an isolated operating system apart from the host. Unlike a VM which require dedicated hardware, the container just share hardware with the host machine. Let me take this opportunity to point out that OS minimum resource requirements have been growing over the years.. which mean VMs have to be well endowed, and the resources allocated to VMs can take away from the host.

So to keep it short, run a VNC within a container. This will offer most of benefits of web browsing in a VM in a much more convenient and usable fashion.