Closed angela-d closed 5 years ago
If one is inclined, one can install Firefox with all the defaults set to be privacy-focused. I would suggest working on a guide on how to install Firefox with all the default config set to good privacy options. PTIO could mantain their own version of user.js file or Firefox install script and the user would be one click/script run away of having a better privacy-focused browser
Potential duplicate or subset of https://github.com/privacytoolsIO/privacytools.io/issues/780 ?
@Mikaela I would say its a subset. My post is primarily a suggestion to list the smaller forks alongside the bigger projects - with facts of why the browser was suggested.
@abbluiz
If one is inclined, one can install Firefox with all the defaults set to be privacy-focused.
You can do a lot to Firefox to make it private - but my point is that those are not defaults and such changes are not sanctioned by Mozilla. So championing Firefox as a privacy king is nonsense.
Lately (business as usual, for them), Mozilla's been doing very questionable things regarding privacy, such as enabling ping tracking by default and defaulting DNS queries to Cloudflare.
@angela-d so you prefer a non customized browser against a fully customized?
Yes Mozilla make some bad things but at same time good things too.
Also it's better to use Mozilla/cloudflare DNS then Google DNS. Can you chance that in chrome/ chromium forks?
@angela-d so you prefer a non customized browser against a fully customized?
I am not sure where you would get that from.
Also it's better to use Mozilla/cloudflare DNS then Google DNS. Can you chance that in chrome/ chromium forks?
You're missing my point. Why aren't any of the smaller forks listed? Be in Firefox forks or Chromium forks.
Can you chance that in chrome/ chromium forks?
Chrome does not have built-in DNS servers at all, unlike Firefox. Chrome will use your system's DNS servers, as all browsers should. DNS is an OS issue, not a browser issue, so I'm not sure why Mozilla is messing with it in the first place. I 100% agree Mozilla has been making some super questionable decisions lately with regard to privacy.
@angela-d forks aren't listed because of security. They're always behind the mainline
@JonahAragon If Google doesn't use their DNS yet (which i can't believe), they will include it. Please test it: https://dnsleaktest.com & https://www.grc.com/dns/dns.htm Also even if Mozilla/ Cloudflare DNS isn't the best, it still protect your DNS with encryption and it can be changed/ disabled
@angela-d forks aren't listed because of security. They're always behind the mainline
The argument can also be made, privacy tools is about privacy first; while collaborative, privacy and security are not the same thing.
Which is also why I suggest a chart, comparing pros & cons of the big browsers alongside the small forks. Let the user decide which best fits their threat model.
Mozilla proves time and again they're treading dangerous waters with users' privacy.
If Google doesn't use their DNS yet (which i can't believe)
Why is it hard to believe? DNS should be a networking/OS issue and the browser has no business touching it, unless the user goes ahead and makes the change themselves. The fact Google isn't meddling with it, should be an indication of out insane it is that Mozilla thinks this is a good idea. If it were opt-in, it would be - but one can't expect that to be the case (like Pocket) once it becomes a feature. Mozilla knows best.
It's so hard to believe cause Google gives a shit about privacy. Mozilla have some bad configs too but you can change/ config everything. Not so in chrome/ chromium
Mozilla have some bad configs too but you can change/ config everything.
For now. The route they're headed, this is not a promised future. Hence the request for an explanation as to why smaller forks are not also posted.
Not so in chrome/ chromium
I won't disagree, but if the justification for Brave being posted is because it has a Chromium base, what's wrong with Ungoogled Chromium, too?
Ungoogled Chromium is Chromium too and even doesn't remove all Google shit.
Edge restart, building on chromium may the only build which remove all Google stuff. No other done this yet
If somebody logs into their bank account while using Tor, is Tor still the best suggestion?
That's a wrong use of Tor.
Even though Mozilla has privacy blunder after privacy blunder, should they still be a top recommendation?
Debatable, still the leading alternative to Google.
Even though Brave Phones home to Google they're a top mention?
Moreover Brave is a walled garden.
IceCat is the best choice, it has privacy addons bundled.
If somebody logs into their bank account while using Tor, is Tor still the best suggestion?
That's a wrong use of Tor.
Sure it is, but how its displayed on PTIO, a privacy newbie would not know that.
IceCat is the best choice, it has privacy addons bundled.
That's debatable too, as its updated more infrequently than Waterfox and stuff the non-free JS extension that is default will be overwhelming to your average user, since the majority of the web now runs on bloated JS code.
The point of this thread is to get info from Privacy Tools mods/team members to explain why no smaller forks are listed. Which is superior or Mozilla vs Chromium-based I don't think is very relevant! They all have their flaws and some have better strengths than others in some areas. None are perfect.
To be honest, I think that the criticisms towards Mozilla here are a bit overstated. They have certainly made some blunders in the past, but these can more accurately be described as tone-deaf PR blunders rather than privacy blunders.
Regarding Mozilla's use of Google Analytics and Cloudflare, they have special contracts with both of these companies that require them to treat user data gathered in a strict, separate way that respects user privacy. To suggest that they do otherwise is conspiracy theory type thinking, given the compliance requirements in that sort of contract, the substantial penalties within it, and the lack of evidence that there is any breach. Companies do obey contracts and have large legal and compliance teams for this very purpose. I would suggest that Privacy Tools needs to adopt an evidence-based approach in this regard.
In particular, using Cloudflare DoH is actually a big win for user privacy imo, because users can get their DNS traffic encrypted within the browser, gain the benefit of encrypted sni and DNSSEC and be certain that Cloudflare is contractually required to respect their privacy. Relying on users to make these private choices and configurations regarding DNS is just not realistic given how difficult these can be to setup and given that most users have never heard of DNS. Relying on sane default platform choices is also not going to happen for the majority of users when most platforms are owned by advertising and proprietary software companies. Given that for most people, this is the only way in the foreseeable future for their DNS traffic to be encrypted, this should be considered a net win. Doubly so, when there are an increasing number of jurisdictions with mandatory data retention and ISP commercial data gathering. There is some legitimate risk that the small amount of data that Cloudflare is able to collect will be subpoenaed, but this could happen to an ISP or other DNS or VPN provider as well. Many ISPs and GPAs rely on unencrypted DNS traffic to track and retain, censor and maliciously impersonate in the status quo regardless.
Regarding the Firefox forks (excepting Icecat and Tor Browser), I have always encouraged users not to use them. The improvements that Waterfox makes can be done through preferences, or a user.js file, as all of the eme, telemetry and pocket features can be disabled if a user is so inclined. Clang is also already the primary compiler for all tier 1 Firefox platforms.
In exchange for it's marginally better defaults, the tradeoff is essentially getting to forking Python 2 level of insane. XUL and NPAPI are both completely unmaintained. What used to be supported by a team of professional developers and a massive dedicated security team, is now being supported by only a handful of community developers with no security team. This is not sustainable, and the only reason widespread breaches haven't occurred is that the userbase is too small. The other issue is the tardiness and selectivity of security updates, given the size of the dev team and the differences from upstream.
Palemoon is even worse, as almost every factor discussed regarding Waterfox applies to Palemoon on a much larger scale. As they are not even attempting to keep up with upstream, they are already incompatible with a large portion of the web. Due to this large divergence from upstream, their maintenance burden is much higher, and maintaining security is much harder for the same reasons as above, with similar limitations in their project. Even the addon situation is not great as the userbase is so small that many of the few addons that remain compatible are essentially just languishing without substantial development, and many users have always resorted to old unmaintained addons.
Given the the big security disadvantages of the forks, compared to the small benefit in waterfox of perhaps more private defaults, it cannot be recommended. Palemoon perhaps also has marginally more private defaults, but no part of it could be considered "sane". If users really want to make these changes to Firefox, then a user.js file is the way to go.
Decent security practices are also a key feature in maintaining privacy and are a key responsibility of a project like this that makes recommendations that users trust.
I won't even get into the fact that I don't think any Chromium-based browser should be recommended here.
Everything @chinaar said.
I know we hold Mozilla to a higher standard, but lets put things in perspective. So Mozilla made a blooper with e.g. Mr Robot, maybe screwed up the PR on it afterwards. As long as they learn from it (and they supposedly have by building in internal checks). And yet chrome do way more nefarious things, intentionally, and while they do get attention, just shrug it off, roll it back partially (or not at all) and everyone forgets about it. Mozilla, oh no .. lets bring up this old chestnut every time. Perspective on some of these things please, that's all I'm saying :)
As for other decisions: my answer is always:
before you criticize someone, walk a mile in their shoes. Then criticize them, because one, you'll be a mile away, and two, you'll have their shoes
Only those who make the decisions are probably fully informed. I for one have never run a company with thousands of employees, or controlled the design of web tech / UI that touches on hundreds of millions of daily users. I've never tried to compete with a competitor that has tens of billions of dollars to use against me. And so on.
So what if they use google as a default search engine for most of their regions. It's a commercial deal that helps ensure Mozilla can keep going - and that's important for diversity in the browser space. Who else could pay them the money that google does? No-one! The thing is, it's easy to change your search engine. And they include DDG. I'm playing devils' advocate here, looking at this in their shoes, that's all.
So what if they collect telemetry (how else can they improve the product and stay competitive) - I for one actually trust them. You can always turn (almost all of) it off via the UI. You can actually look up and use their telemetry. Imagine how far behind the curve they would be if they couldn't keep making anonymized data buckets to know when to deprecate a cipher, or increase the minimum TLS. Or make thousands of tiny improvements in speed, etc. Telemetry is simply required if you expect them to compete: with a default on,but with an opt-out on first run: otherwise no one would turn it on and it becomes pointless: they do no different than any other major browser AFAIK. Again, I'm wearing their shoes.
Google Analytics used in the browser (Activity Stream, Get Addons panel, AMO) - they have a special deal for that (see chinaar's post above about how sacred deals are and the shitstorm that would happen if broken and made public). Why use GA: probably because it's cost effective rather than roll their own. Again, just stepping in their shoes - do they care about privacy? Yup, they did a special deal.
Same with Safe Browsing: the work that has gone into that to add noise to part hashes, strip identifying parameters, to isolate it from other web content, and to actually remove the use of and block a google cookie in SBv4 (FF57+), and more.
So as for the browser not being private: I disagree. Who else has containers? Who else is actively building in anti-fingerprinting and first party isolation (as part of the Tor Uplift)? They're been working on Next Gen Local Storage (for well over a year) to combine all persistent data and make it easy for end users to manage. They're adding more Tracking Protection lists, and will be turning them on by default in the near future. I could probably list 2 or 3 dozen other items, but lets not get off track.
A major browser needs to ship working for all users, and all websites. So sure, it will never be as "private" as a niche product / fork. But I'll just repeat what @chinaar said
The improvements that .... makes can be done through preferences, or a user.js file
No-one has such an easy and large config selection as Firefox (well, they put almost everything behind prefs anyway, for testing and rollouts). Trust me, and I've been living in Firefox's code for the last 8 years, you can almost do everything that the Tor Browser does just with prefs - obviously excluding the Tor protocol itself, and there are some patches / areas that still need help. It just takes time. They were hampered by XUL - now they're able to actually move forward.
I've looked at what other browsers do for fingerprinting (it's my specialty, so to speak), and no-one comes close to FF. Safari did a couple of neat things FF hasn't yet. Brave is (usually poor;y doing some things FF already perfected.
At the end of the day, it is seriously NOT hard to provide a sane list of a few prefs for users. With respect (please don't take this as an affront: I don't expect anyone to always be an expert), the PTIO list, has been pretty horrible IMO - I've kept an eye on it for years: the battery one was only just removed. Other options are really suspect: e.g. disabling Safe Browsing is the worst thing you could recommend (and I can tell you why if someone want to talk about it: there are zero privacy issues with those prefs: I know: we have checked, we had contact with the Mozilla engineer who worked on all this, and he's super pro-privacy etc). There are others. It's not too bad.
Someone asked me in that other thread, about what to do with promoting the two user.js files up prominent with the browsers: and my answer would be
But, if you want an actual sane user.js based on my many many years of Firefox knowledge (disclaimer: I am an active participant in the Tor Uplift, and Tor Project - but not an employee), then I would be happy to provide one. So to whoever it was who hollered at me last time - just ask, otherwise I have plenty of other things to do
:kiss: and :heart: 's at everyone. Hope no-one takes offense at my words (I can be a little blunt at times: I hate beating around the bush, and I'm shit at writing). Here to help if you want to use me.
PS: I was only commenting on Firefox, and that I think Waterfox, Palemoon and other FF forks (Tor excepted) are a waste of time as recommendations: because you can already control FF to an extremely high degree. Chromium stuff: I couldn't care less and know even less about them. FF, I think I've read a billion lines of code and tested a million things. I know more about FF than I do about myself. Use me if you want it.
Please pin/ mark/ sticky THAT post from @chinaar and @Thorin-Oakenpants Awesome! :+1:
^^ oh it was @five-c-d : hell no, do not stick the PK or ghacks user.js in the "worth mentioning" (whatever that means exactly), but hell yeah, link to them at some point (with an advanced user warning or something)
What I can do is create a https://github.com/ghacksuserjs organization new repo e.g. privacytoolsio-user.js .. and make it super duper simple, super small, very very sane prefs (FF/ESR60+) - even if it's just for you to inspect and approve. Assuming it passes muster, I can add a PTIO member/admin and give them admin rights to maintain it. Or you can copy it (and I can ditch mine), stick it under your own umbrella. Up to you. That's all you need.
I say small, because you don;t need much in extensions if you set your prefs right, and also because you don't want to overwhelm people.
@Thorin-Oakenpants agreed, please do open an issue with a newly proposed user.js for PTIO. I think it would be of great benefit, as I also think that many of the current user.js files are not sane.
EDIT: I've removed my points regarding Gecko v Blink, as I don't want to derail the thread.
not that i'm going to hang around in this thread, but let's not get off topic
I won't even get into the fact that I don't think any Chromium-based browser should be recommended here.
What happened to that? :grinning: I disagree. Forget about all the politics and everything else, and just focus on the goals in mind
If a chromium browser meets that, then FFS recommend it
I'm out of here, unsubscribed. If someone who runs PTIO wants to get on contact with me, you know where to find me
It is a weird a user drops in here defending Mozilla and then has their account deleted.
Deleted user:
To be honest, I think that the criticisms towards Mozilla here are a bit overstated.
Not relevant to the topic of this thread.
Regarding Mozilla's use of Google Analytics and Cloudflare, they have special contracts with both of these companies that require them to treat user data gathered in a strict, separate way that respects user privacy.
As a user, I object to a third party handling my browsing data. I want my browser to be a BROWSER and nothing more.
and the lack of evidence that there is any breach
So there has to be a breach before a user is labled a "conspiracy theorist" for not wanting their data passed around like a cheap whore?
Companies do obey contracts and have large legal and compliance teams for this very purpose.
I do not trust any of them. I don't want them having my data unless I choose to give it to them.
In particular, using Cloudflare DoH is actually a big win for user privacy imo, because users can get their DNS traffic encrypted within the browser,
This is not a browser's job. A browser's job is to get the user onto the web.
Relying on users to make these private choices and configurations regarding DNS is just not realistic given how difficult these can be to setup
Are you serious? Any user that cares about privacy in the first place is going to find a way to change those. Those that do not care, are using Chrome or Google's DNS. Mozilla sticking their nose into this is an underhanded attack on their user's data and privacy. Cloudlfare has their tentacles in enough of the web as it is, why are we putting yet MORE eggs into their basket?
This is how single points of failures tend to begin.
and then has their account deleted
Or deleted it themselves. No conspiracy necessary.
Best is Mozilla Firefox coming from the tor bundles. You can disable tor starting from the tor bundles browser by following theses steps: https://superuser.com/a/1117660
Palemoon is even worse, as almost every factor discussed regarding Waterfox applies to Palemoon on a much larger scale. As they are not even attempting to keep up with upstream, they are already incompatible with a large portion of the web. Due to this large divergence from upstream, their maintenance burden is much higher, and maintaining security is much harder...
The upstream changelog seems to disagree with this ghostly opinion. PM has gotten security updates regularly and EMCA2019 was already implemented. It doesn't have telemetry and a bunch of other anti-features that FF has either. Less bloat means less vulnerabilities.
I don't think a set of requirements would age well with browsers, mostly because constantly new issue will popping up. also, its not a bad thing that people keep opening issues, as it keeps calling browers back on the chopping board every once in a while to see if they are still indeed the best choice.
Description:
856 has become too long.
Since there is seemingly an endless debate on what browsers are featured, could the moderators / team members of PTIO finally lay it out on what requirements have to be met in order for a browser to be featured?
Alot of the arguments are stemming from what appears to be personal preference. Why Brave and Firefox? Both aren't pro-privacy by any stretch of the imagination (I think the end goal for Brave is to get there, but it doesn't appear as though they're there yet - any topic I've seen about Google components seems to have indirect answers for how much remains or was taken out.)
None of the three are perfect for privacy, yet being featured on a site like PTIO, many users take the suggestion at face value.
I am not arguing for removal of any of these browsers, they all have good and bad attributes -- the reason I cite these examples:
Many arguments point to the fact Pale Moon, Waterfox, IceCat or Seamonkey have smaller teams and/or aren't "privacy focused" (but Mozilla is? You have to spend a half hour disabling crap on a vanilla Firefox install)
Why aren't there a list of pro's & cons for the top mentions plus smaller alternatives?
What if Mozilla sells out to Google? (As they have and will continue to do!) My counter-argument:
I don't think there's a one-size fits all browser for privacy. None of the top 3, or even Pale Moon, Waterfox or IceCat fit every scenario for every person. Each person should be able to arm themselves with knowledge and make an informed decision. As of right now, you're essentially telling them 3 large projects are all that's out there. What's the purpose of keeping smaller projects from being listed?
I've seen Brave referred to as basically a shoe-in, "because some users prefer a Chrome base, if we exclude them, we'll drive them right back to Chrome" - so why not Ungoogled Chromium, too? Why does it have to be Brave and no other Chromium-based forks?