[REMOVAL] Remove Brave and Librewolf from the browser list

[iio7]

State which point should be edited or removed. Put "Remove/ Edit ____" as Title

Remove Librewolf and Brave browser from the list.

Justification

Neither are truly privacy respecting. Please see: https://www.unixsheikh.com/articles/choose-your-browser-carefully.html

[Shamar]

The argument against LibreWolf there sounds a lot like FUD.

In fact, the author even states:

I have some reservations about putting Librewolf in the "privacy compromising browsers"

The argument is that on first execution LibreWolf downloads uBlock Origin from mozilla's CDN and updates its block lists.

While I agree with the author that "all update features needs to be opt-in only", he also argue that a further cons of LibreWolf (that does NOT support automatic updates) is that it could stay behind in security updates, in plain contraddiction.

Also, the author suggests to use Firefox instead (with Arkenfox) that does NOT remove Mozilla's telemetry, DRM and does NOT provide all the privacy enhancement provided by LibreWolf.

Given that Google still is the default search engine of Firefox, given telemetry and all, I'd argue that it's Firefox that should be removed (or at least clearly marked as very problematic).

[iio7]

While I agree with the author that "all update features needs to be opt-in only", he also argue that a further cons of LibreWolf (that does NOT support automatic updates) is that it could stay behind in security updates, in plain contraddiction.

No, there is no contradiction. Keeping the project as a whole up to date with upstream has nothing to do with automatic updates.

Also, the author suggests to use Firefox instead (with Arkenfox) that does NOT remove Mozilla's telemetry, DRM and does NOT provide all the privacy enhancement provided by LibreWolf.

That also is not correct. Arkenfox disables Mozilla's telemetry.

[kdenhartog]

I'm a biased person (I work at Brave), but I still believe it's worth stating that Brave browser consistently rates as one of the best browsers for preventing fingerprinting and remains one of the few browsers who is actively working on new features such as redirect debouncing to actively prevent new tracking based techniques.

-1 to Brave being removed here

[Lissy93]

Browsers is quite an opinionated topic, especially since there isn't a single browser with all-round perfect privacy and security.

Using Firefox, with some tweaks (like arkenfox/user.js) is probably one of the best options, but not the only one.

Waterfox

I'm not sure what's up with the link you shared, as none of the points listed about their privacy policy are actually present in their real Privacy Policy. But a genuine concern about Waterfox is their slower updates from upstream. It's up-to-date at the moment, but in the past releases have been a few weeks behind.

It's also possible to achieve the same results as Waterfox with ESR and modifying your user.js, but I am aware that not all users will find it that as easy.

Brave

Regarding removing Brave, I know it's not perfect, and has had some scandals in the past (appending affiliate links to URLs was pretty bad). But with the exception of the "Daily usage ping to Brave" which should be disabled under brave://settings/privacy, it's pretty well configured out of the box, for privacy for an average user.

@iio7 - The link shared above doesn't provide any hard evidence or up-to-date info. If you have any information about anything else that Brave does, which could jeopardies privacy, then please do share. And while we've got @kdenhartog in the thread it could be a good opportunity to get any additional concerns ironed out.

I'm also aware Brave's tight integration with crypto is a bit controversial, but I understand the logic behind this, as web3 is the direction the internet is going in. And it can be disabled under brave://settings/wallet by setting 'Default cryptocurrency wallet' to 'None'.

Librewolf

I wasn't able to recreate the main argument outlined in your link, using a fresh install, on a clean VM, nothing external was sent by the browser on launch. However their release schedule is a bit hit and miss, they're often very outdated, and again similar results could be achieved with a user.js config.

[iio7]

@Lissy93 The information on the website regarding Brave is up to date as nothing has changed. Regarding Librewolf, you must have done something wrong, use a tcpdump, you'll see, it will eventually try to access the network which includes Amazon AWS.

[Lissy93]

@Lissy93 The information on the website regarding Brave is up to date as nothing has changed

The information is not up-to-date, as the affiliate link thing was years ago now, and was fixed shortly after being raised. And in terms of their other claims, as mentioned above, there's no evidence to back it up.

Regarding Librewolf, you must have done something wrong, use a tcpdump, you'll see, it will eventually try to access the network which includes Amazon AWS.

I am using tcpdump, but am not getting anything at all, except for the expected traffic. Was there any extra steps you did? Could you share the relevant parts of your pcap file? as I am very interested if there are calls to AWS

I'm going to discount this article, but I am genuinely interested in arguments for and against the above browsers, so long as they can be backed up with facts.

[kdenhartog]

The information on the website regarding Brave is up to date as nothing has changed

Both of the issues have been fixed at this point and so I'm not sure what additional fixes would be needed to address your concerns.

As for the final edit it states: "Should Brave really make good on the promise of respecting privacy, it should not do anything on the Internet unless the user has explicitly told it to so". This is built on a false pretense that a browser should be configured only by the user and there should be no defaults set because that's the only way to have the user "explicitly tell it". This is a faulty assumption because it rests on the premise that every user should both be able to and know how to properly configure a complex piece of software like a browser with often times hundreds of configuration parameters. The author states as such in their opinion on Tor where they state "When improperly used, Tor is not secure!" Effectively meaning any good browser must select sane defaults and be used correctly or it will present issues.

So in other words this complaint against Brave appears to be built upon shaky foundation and past mistakes. Obviously if you can show evidence of legitimate harm to a user right now there's stronger merits and we'd be happy to address it, but I'm not seeing anything we can actually address at this point other than making a time machine to stop mistakes made in the past. If I had a time machines though I don't think fixing privacy scandals of a browser would be near the top of my priority list for ways to use it 😄 . Furthermore, if we're holding the past record against the list of browsers advocated there I don't think a single one would actually make the list because its a fact of building complex software that sometimes bugs and design mistakes occur and at this point the state of the art today is to just make sure that things are being fixed ASAP.

[iio7]

@Lissy93 The information on the website regarding Brave is up to date as nothing has changed

The information is not up-to-date, as the affiliate link thing was years ago now, and was fixed shortly after being raised. And in terms of their other claims, as mentioned above, there's no evidence to back it up.

That's simply not true. As the article states, which is easily confirmed using a tcpdump, "Brave not only also "phones home" but as soon as you fire up the browser it starts contacting Amazon."

This is exactly what is happening.

I am using tcpdump, but am not getting anything at all, except for the expected traffic. Was there any extra steps you did? Could you share the relevant parts of your pcap file? as I am very interested if there are calls to AWS

And what would that "expected traffic" be?

All you need to do is to do a tcpdump on your network card, you can even isolate for port 53 for DNS requests, then wait a little after you have started up a clean installation of Brave, and there you have it.

I'm going to discount this article, but I am genuinely interested in arguments for and against the above browsers, so long as they can be backed up with facts.

It has all been backed up.

This seems to be a complete waste of time.

[iio7]

Both of the issues have been fixed at this point and so I'm not sure what additional fixes would be needed to address your concerns.

The article clearly mentions that those issues have been fixed, but that's not the problem. Brave still phones home and still goes straight to Amazon.

[kdenhartog]

Both of the issues have been fixed at this point and so I'm not sure what additional fixes would be needed to address your concerns.

The article clearly mentions that those issues have been fixed, but that's not the problem. Brave still phones home and still goes straight to Amazon.

@Lissy93 stated

But with the exception of the "Daily usage ping to Brave" which should be disabled under brave://settings/privacy, it's pretty well configured out of the box, for privacy for an average user.

This should disable those calls to Amazon who is a service provider for us and is noted as such in our privacy policy. There may be a few others that also may require a few other privacy toggles to be switched off as well (thinking P3A and diagnostic reports will be needed to), but I'd have to look into it further to be certain. So that's why I believed the concerns have been addressed here and I'm not seeing what your additional concern is.

Furthermore Firefox is known to phone home telemetry data as well, but you're not advocating for the removal of it. It's also listed in your link as a privacy compromised browser. Is the issue here that the default settings are not how you would have set them and therefore we should throw the baby out with the bathwater? Or is a more constructive compromise here that we should tell users how to configure these browsers like has been done with Firefox?

It's worth noting here that when you're trying to ship software to 50+ million people sometimes not everyone is going to be happy with the decisions we make. Ultimately we're doing our best to try and further advocate for privacy and security on the web and are doing so in many different ways, so I don't see why there's such a strong bias against how we're trying to achieve that compared to how Mozilla is doing it?

[Shamar]

Is the issue here that the default settings are not how you would have set them

Well, no: everybody here can change those settings by themselves.

The issue here is that Brave's default settings explicitly violate the human rights recognised (at least) to European citizens by the GDPR. In fact, to send personal data anywhere, the browser should get an explicit and informed OPT-IN consent from the user for each specific data.

Or is a more constructive compromise here that we should tell users how to configure these browsers

A more constructive compromise here is that Brave should ask users' consent for any data transfer not explicitly started by the users. Such consent could be stored on a per-website basis.

I don't see why there's such a strong bias against how we're trying to achieve that compared to how Mozilla is doing it?

In fact, from a privacy point of view, you are doing slightly better than Mozilla, but far worse than, say, LibreWolf. Except for the cryptocurrency defaults, that make Brave just as bad as Firefox, overall.

Firefox is known to phone home telemetry data as well

In fact, LibreWolf is basically a set of patches that disable telemetry and stop undesired and unintended requests at compile time. That's why it's better than Firefox.

Also I'd call FUD on @iio7 statement about the project lacking behind the Firefox security updates: as of today, both Firefox and LibreWolf are at 99.0.1. And that's quite obvious if you think about it: at every new Firefox release, all LibreWolf needs to do is to rebuild from sources after applying (and sometime fixing) the patches. And if your company is in a hurry to apply upstream's security updates, they could rebuild it themself (or even better, donate better hardware to LibreWolf)

Regarding Librewolf, you must have done something wrong, use a tcpdump, you'll see, it will eventually try to access the network which includes Amazon AWS.

I am using tcpdump, but am not getting anything at all, except for the expected traffic. Was there any extra steps you did? Could you share the relevant parts of your pcap file? as I am very interested if there are calls to AWS

Actually @Lissy93 your exchange with @iio7 made me realize that we could actually measure how trustworthy are browser's privacy claims. We just need to collect and compare the tcpdump produced by equivalent browser session by several browsers run in isolation.

We could build reports showing how much data each browser send, how many host they connect and so on. We could even rate them somewhat objectively!

If you could share your setup, I'd be happy to help and look for help on this sort of public service.

[Shamar]

This is built on a false pretense that a browser should be configured only by the user and there should be no defaults set because that's the only way to have the user "explicitly tell it".

No, the premise is simply that the USER Agent should only do what the user intend it to do.

No user intend to inform Brave about, say, their daily usage of the browser. At best, they can accept such burden, but only if they can truly understand the implications.

Otherwise it's not an informed consent but a deceitful grab of data.

But even so, even if the user understand the AdTech business and technology deeply enough to give an informed consent, such consent should always be explicit and opt-in.

So sane defaults means defaults designed to serve exclusively the user.

This is a faulty assumption because it rests on the premise that every user should both be able to and know how to properly configure a complex piece of software like a browser with often times hundreds of configuration parameters.

If your users cannot configure your software, your software has a huge UX and UI flaw and you should fix it with high priority, not only for the privacy issues, but even for the security issues that a misconfigured browser could pose.

[fxbrit]

the unixsheik article about LW (or any browser really) is a complete joke, I'm so tired of breaking it down over and over I will just copy previous replies:

I wish people would just stop bringing up this old and incorrect article, which we addressed several times already. but let me address this one last time because I find this article very annoying and I think it's best to explain why.

• it is outdated and irrelevant.
• the writer didn't do any research whatsoever. he doesn't even know what these domains are (eg. the browser is connecting to mozilla to fetch uBO, where's the privacy invasions?) and he's just taking the simplistic approach of "connection=privacy invasions" because he couldn't bother doing any kind of research on the endpoints or the implementations.
• "the domains that the browser visits the very first time you open up the browser do log these requests" proof? amazon cloudfront is just where something is hosted, he couldn't even bother finding out what is hosted there, and he just assumed it's bad for privacy.
• all outgoing connections made by librewolf are documented in the faq. they are also all discussed on gitlab where each implementation is carefully evaluated.
• not every outgoing connection is privacy invading, making this assumption without any proof, or even worst without even knowing what the connection is doing or where it is going, is just fuzz.
• the fact that this is the only thing he talks about without addressing any of the privacy features in the browser is kinda insulting. he doesn't know how to evaluate a browser, he just setup tcpdump and launched the browser.

tldr: old and uninformed article, uniksheikh didn't do any research and he doesn't know what he's talking about.

he even updated the article recently but it's even worse now, he still refused to do any research at all. here's the faq entry bt., as for actual privacy measures maybe look at https://privacytests.org/ instead of performing network dumps of things you don't know because you couldn't be bothered reading them up. it's kinda insulting.

---

The best solution is still to tweak firefox with Arkenfox user.js...you also get to disable any automatic outgoing connections and a ton more.

I also want to address this: in AF you don't get to disable all outgoing connections, because just like in LW nobody gives a shit about disabling harmless and security related connections. if anything arkenfox has had a very strong stance against spreading bs about outgoing connections (like it happens in this article). turns out once again unixsheik is clueless, while a reputable project like arkenfox knows what it's doing, since it researched stuff and evaluated it properly instead of feeding paranoia.

Librewolf is usually behind with security updates

they're often very outdated

can you please provide any kind of proof? otherwise this is just crap. other than v99 where there were patch issues and the release was delayed by 5 days with regards to upstream, LW is always released within 72hrs, at times even the same day. just check gitlab releases vs firefox releases and see it for yourself.

@iio7 stop posting or re-posting FUD, do some proper research and learn about how to evaluate tools.

full disclaimer: I'm affiliated with both LW and AF. as I said I'm not here to argue their inclusion/removal (don't care) or to discuss stuff which is already vastly documented, I'm just here to stop FUD from spreading. I don't want anyone to read this issue and think there's truth or logic behind the commentary.

edit: while I still sand by my words and I think the article is problematic, after re-reading my post today I want to apologize for the aggressive tone I used in your repo @Lissy93.

[atomGit]

@Lissy93 said, re: Librewolf...

I am using tcpdump, but am not getting anything at all, except for the expected traffic.

you may have to capture for hours/days/weeks before you see all connections (or search the source code), however i never tested LW

@Shamar said, re: the unixshiek article...

The argument against LibreWolf there sounds a lot like FUD

i've been reading his stuff for a while and he strikes me as a very smart guy - don't toss out the baby with the bathwater

that article was penned in late 2020 - it was updated just a few days ago, but i don't know whether he edited the LW section or re-tested connections

his statement "A network dump reveals that the very first time Librewolf is started it immediately contacts the Mozilla add-on CDN" is of course odd given that LW ships with, and clearly states so, uBO, and so it SHOULD be phoning AMO to check for an update - uBO is a key component of LW (actually it's the only component since they're just running scripts on FF release far as i can tell)

@kdenhartog said...

As for the final edit it states: "Should Brave really make good on the promise of respecting privacy, it should not do anything on the Internet unless the user has explicitly told it to so". This is built on a false pretense that a browser should be configured only by the user and there should be no defaults set because that's the only way to have the user "explicitly tell it". This is a faulty assumption because it rests on the premise that every user should both be able to and know how to properly configure a complex piece of software like a browser with often times hundreds of configuration parameters.

agreed - modern browsers are larger then some entire operating systems and i think sometimes folks put a little too much emphasis on "phoning home" - granted there is allot of telemetry and other nefarious and unnecessary traffic happening with Firefox by default (and i'm sure all others), but some of it is absolutely for the benefit of the user and is not a privacy concern and should not be tinkered with - the rest can be effectively dealt with via prefs (and arkenfox makes that easy)

Furthermore Firefox is known to phone home telemetry data as well, but you're not advocating for the removal of it.

but she does advocate for arkenfox and that is key

no modern browser i'm aware of is privacy respecting out of the box, so where do you go from there? you have to pick something and i pick FF - don't get me wrong, i am not a FF fanboy, but Moz provides a high degree of control with prefs and that, combined with arkenfox user.js, makes FF the best browser regarding privacy in my opinion - security? well, that's a different issue

[atomGit]

i perhaps should have mentioned for those that don't know, LibreWolf benefits from the arkenfox user.js project

[jdev082]

Firefox has to tend to a large user-base. A user-base of frequent Google ecosystem users, some use Firefox for privacy. Not all though, the issue with making such a private/secure browser. Is that you have to tend to the entire user-base. Not just those who seek privacy and security features.

[atomGit]

that's where the arkenfox user.js comes in

[kdenhartog]

But even so, even if the user understand the AdTech business and technology deeply enough to give an informed consent, such consent should always be explicit and opt-in.

Explicit consent that requires opt-in capabilities could mean that at startup every new user would need to explicitly select their choices for about://config (Firefox) or brave://flags (brave) or chrome://flags (chrome) on setup and then also recheck it every time a browser is updated to make sure no unintended side effects have been brought in. Otherwise, one could argue that a new browser couldn't render HTML5 (since canvas elements can be used to fingerprint) all JS would be turned off, and we'd end up with an even more incompatible web platform compared to where we're at currently. I know that's not the argument you're making, but I point it out to show that the principle of "explicit and informed opt-in consent" can only be taken so far before it turns from a useful principle to a broken weapon. This is simply because of the complexity of trade offs that occur.

At some point, it's reasonable to accept that defaults will be set in order to accept tradeoffs between the extremes of usability (users can't configure anything and everything is handled for them by the developers) and consent (users have to configure everything and nothing is decided by the developer). Especially because it's a full time job to keep up with everything that browsers are changing. So to ask a user to do either one of those extremes seems unreasonable. This is why we have defaults in the first place, but also enable users to change them.

All in all, reasonable minds can differ on the same topic. Especially when it comes to incredibly nuanced topics such as privacy on the web and configuring a browser. However, I personally fall on the side that Librewolf and Brave should remain in this list because I think the net gains far outweigh the net losses to users. If others disagree with the outcome of this issue and @Lissy93 decision (whether these options stay or are removed) we always have the option to fork this repo and change it.

In any case, it was great to get other people's take on this topic and I enjoyed hearing the differing perspectives of the values that motivates them as users, and presumably also developers since we're on GH by choice, and building software. Thanks for the discussion!

[atomGit]

back to basics...

@iio7 justification for wanting to ax LibreWolf and Brave is because "Neither are truly privacy respecting"

he/she is correct, if we assume default settings, and i don't think there's an argument there, but the same argument can be made for Firefox or any other modern browser, so the reason for wanting to eliminate LW and Brave specifically falls on its head right there (and i personally have serious concerns with Tor but that's another story)

no modern browser is truly privacy respecting out of the box, hence the need for projects like arkenfox ... and LibreWolf