Personally I find it far more important that it’s not run by a company that will try its hardest to track your every movement on the web, but to each their own, I suppose.
También tenemos que entender que hay algunos que solo entran para tener con quien discutir, porque con su esposa no se atreven, así que entran aquí a eso 🤣
The only issue they have with sandboxing is on Android, as they have yet to implement per-site process isolation despite it being present on desktop Firefox and Chromium Android for many years now. I’ve been tracking the development of Project Fission on Android (Firefox’s per-site process isolation) for years now and it still isn’t even ready for testing. Additionally, Firefox Android does not use Android’s isolatedProcess flag for sandboxing, which is another area in which it is behind Chrome. For that reason, I cannot recommend Firefox on Android, and instead recommend Cromite (fork of Bromite after its development was abandoned) which is based on Chromium.
Yes very poorly true. The lack of any sync makes other mobile browsers hard to use for me though. Often start stuff on mobile, and continue on a real browser on Laptop.
Firefox shipped sandboxing on Android years ago (before chrome) and then removed it. I’m not sure you gain much from it on Android. It eats up ram making performance crap on cheap phones and apps already run in their own app user context to isolate what they can access.
If you’re referencing an isolatedProccess implementation, the benefit is that each site is isolated in its own process, and any exploit would only have access to its own process (the data that the site sees anyways) without further escape (kernel exploit or meltdown, for instance). Without this isolation flag, sites are not sandboxed from each other or from the browser’s process itself, meaning an exploit could access any data from any other active site or from the browser’s process (such as accessing browser settings, bookmarks, history, or the built-in browser password manager). This has a massive implication on security. I’m unaware of the sandboxing you mentioned before Chrome, so I can’t comment on that, but you gain a lot of security from proper per-site process isolation. Yes, the app lives inside its own sandbox, but there’s plenty of data within that sandbox that you may not want a site to access, hence the importance of the isolatedProcess flag.
You never tried to listen for stock Firefox’s traffic with Wireshark for sure.
People speak very good thing about Firefox but they like to hide and avoid the shady stuff. Let me give you the un-cesored version of what Firefox really is. Firefox is better than most, no double there, but at the same time they do have some shady finances and they also do stuff like adding unique IDs to each installation.
Firefox does is a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like the OP did.
I know other browsers do it as well, except for Ungoogled and because of that I’m sticking with it. I would like to avoid programs that need no snitch whenever I open them. ungoogled-chromium + ublock origin + decentraleyes + clearurls and a few others.
Now you’re free to go ahead and downvote this post as much as you would like. I’m sorry for the trouble and mental break down I may have caused by the sudden realization that Firefox isn’t as good and private after all.
That’s all true, but why take a modified chromium instead of a modified Firefox?
Because chromium rendering is better than Firefox’s and I personally like the dev tools better and my usual target audience in dev uses Chrome. I have LibreWolf as the secondary browser but I don’t see me ever liking the way Firefox renders the web.
I personally prefer Firefox’s rendering, or even Edge’s old and long deprecated EdgeHTML (Trident fork) renderer.
IME Chrome performs way too much antialiasing on graphics that are not to scale, and their default font hinting technique doesn’t match Windows or even common Linux distro defaults.
It feels a lot like the enhanced speed and performance come from the shortcuts taken in the renderer, akin to Safari… except that Safari also opts to just refuse implementing new APIs and draft specs.
Text heavy sites in particular are not really that nice to read in Chrome for me personally.
Yes but no. Firefox does some creepy stuff, and I will need to verify this. But it also matters how much data websites get about you, and Ungoogled Chromium has no fingerprint protection
Chromium-based browsers have inherently weaker extensions due to Manifest v3 and many other targeted attacks on adblockers. If you want a browser that works far better and provides a much higher level of privacy, use Mullvad Browser (worked on in collaboration with the Tor Browser, just without Tor integration) or LibreWolf. Both are Firefox forks with Firefox telemetry removed and anti-fingerprinting measures. You don’t need and absolutely should not install any extensions beyond the default installed in those 2 browsers (except perhaps a password manager), as that will dramatically damage the fingerprinting protection they provide. Both will have a much higher level of protection than you could ever realistically expect from any Chromium-based Browser.
I’d really rather have some harmless telemetry by Mozilla with a stronger ad blocker than Chromium bullshit. Ngl some people take privacy too seriously
I’m not ever going to use Mullvad Browser, I would rather use stock Firefox than that. I have LibreWolf installed as second browser and I like it at that, but I don’t see myself going away from ungoogled-chromium anytime soon.
Can we ask why you wouldn’t use Mullvad Browser? I’m honestly curious about that. From my wireshark tests, that thing only hits what you tell it to hit, nothing else. Am I missing something?
So… you don’t trust Google but you trust some shady VPN company? You aren’t wrong about quick wireshark tests, it does seem cleaner but long term trust and VPN companies are not something that go into the same sentence.
I dont use Mullvad VPN, only the browser. I do use NordVPN when I need to show as being in another country, but mostly to circumvent geolocation and keep some stuff from my ISP. I know commercial VPNs are just switching who sees your data, but I’m good having a company that’s not my ISP and in my country looking at that. And yes, I distrust Google to no end. The same applies to Apple, Amazon, Microsoft, Samsung, etc. There are not many names out there I trust. At the end of the day, anything not under your control, you need to choose how much you trust it, if at all.
I know commercial VPNs are just switching who sees your data,
Oh yeah.
And yes, I distrust Google to no end.
Me too, the reason why I use ungoogled-chromium is mostly because of that and because when you take Chrome and remove all the tracking and spyware it runs way faster ahah. There are many people and projects that came together in the ungoogled-chromium community and the source code is scrutinized and cleaned up like nothing else.
We’re lucky that there are so many nice developers out there just providing these tools for the community to break the ropes that tie us to big tech. Those devs are the real heroes in my book.
First off, everything Mullvad deploys is open source, from their clients to their servers. They have been audited and checked by 3rd parties to ensure their servers are running the source code they released. They are not some “shady VPN company” like Nord. They have a continual commitment to transparency that has been tested and true for many years.
Second, MullvadVPN has very little to do with the development of the Mullvad browser. It’s just a fork of Tor Browser maintained by the Tor Project as a collaborative effort towards a uniform browser with the benefits of Tor Browser, but to be used without the Tor network. It is funded by Mullvad, but maintained mostly by the Tor Project. Do you not trust the Tor Project? The non-profit that has been open source and audited constantly throughout its lifespan? Here’s the source code on the Tor Project’s repo: gitlab.torproject.org/tpo/…/mullvad-browser
The only Mullvad affiliation is the Mullvad extension that comes preinstalled (which you can uninstall, of course), the name, and the logo. That’s about it. No need to use their VPN, no need to buy anything from Mullvad, it’s basically just the Tor Browser without Tor.
If you ask a user to show you a “core dump” they’re more likely to shit on their floor and send you a photo than do what you actually mean.
Telemetry is absolutely crucial in determining what to focus on in development, to fix issues the users might not even realize exist. Especially for projects that aim at the general public. As long as it’s communicated clearly, used truly only for development purposes and an opt-out is available there’s nothing wrong about it.
I think librewolf scrubs most of that stuff out. I’m basing that off of using burpsuite’s proxy server though. On vanilla firefox it captures so much crap going out. I havent tried with wireshark though.
Not OP, but every single day, for web development. I find them quite a bit more intuitive and easier to use then the ones Ungoogled-Chromium comes with.
Firefox is better than most, no double there, but at the same time they do have some shady finances.
I’m not going to refute this because it seems to me that article are right in several points. Also, we have to be honest, Mozilla is kind of stupid sometimes.
But if you care about the default search engine or privacy settings, you really just need to do some hardening and tweaks to make it very private in general. Chromium doesn’t have any of these settings, it even doesn’t have RFP btw.
Looks like you can download Firefox through the Mozilla’s official HTTP/FTP repository that doesn’t trigger this ID token generation. Also this article motivates people to download Firefox installer from Softonic’s page:
Firefox users who prefer to download the browser without the unique identifier may do so in the following two ways:
Download the Firefox installer from Mozilla’s HTTPS repository (formerly the FTP repository).
Download Firefox from third-party download sites that host the installer, e.g., from Softonic.
I’m not trying to justify the Mozilla’s problems. They makes silly things sometimes, but being realistic, they do a better job taking care of their users privacy more than Google or even Brave.
we have to be honest, Mozilla is kind of stupid sometimes.
Yes.
Looks like you can download Firefox through the Mozilla’s official HTTP/FTP repository that doesn’t trigger this ID token generation. Also this article motivates people to download Firefox installer from Softonic’s page:
Yes, but still having to go around the main download page to get an untracked version is kind of annoying. Fuck Softonic, the rest of the information about the IDs still holds true.
Firefox is better than most, no double there, but at the same time they do have some shady finances
So I went ahead and read that article and goodness gracious, does anybody actually read these links??? Because that link is a complete nothingburger. It’s a blog post from someone who never read a 990 before (standard nonprofit disclosure form) who thinks every other line of is proof of a scandal. But it’s not, it’s just a big word salad that is too long to read, so nobody will bother.
The most significant charge is (1) that the CEO makes too much and (2) the author doesn’t like that they contract out work to consultants who think diversity is good. Every point made, so far as I can tell:
Have assets worth $1.1 billion as of 2021
Mozilla spent less on “expenses” from 2021 relative to 2020
Revenue went up over the same time
A lot of revenue was from royalties (e.g. agreements for default search)
They disagree with the wording on a donate form about whether Mozilla “relies” on individual donations
The CEO made $5.6MM
They pulled out one expense, which appears to have been training/education relating to social justice topics
They pull out a few more individual expenses and weren’t sure what they were.
This isn’t secret documents being handed to Deep Throat in a dark parking lot. There’s no smoking gun, no smoke, just a PDF with ordinary tables of expenses and revenue, and consultants who did diversity training. If that’s shady then, get ready to be mad about every non-profit ever.
If you have websites break without noscript, you visit some really shady websites.
Be happy they break and dont claim the browser.
For my websites nearly never cause problems, and if they do Firefox tells me that they want to read my canvas data, send push ads and more, so its obvious.
Google, for example, did many demo websites that only worked on chrome in the past… I’ve also seen government website that only worked in Chrome… but unfortunately I don’t keep a list. A company I worked at in the past also had a training website that only worked in Chrome (I’m not revealing this one though…).
Edit: Just stumbled on this website: Thai5sushibar.com … not sure if it’s my extensions, but it doesn’t load in Firefox and loads in Chrome. Good rainbow rolls.
When I was using Librewolf maybe 4 years ago, it was never up to date with Firefox. I thought it could be a potential security risk, sometimes it took months to incorporate Firefox security updates. Has that improved recently?
Iceraven is a mess. Their extension list is totally random, has tons of duplicates and more. I went through all of them and testes them and reported what was broken and what was missing.
That alone is enough to convince me not to use their browser. Mull is based.
I started using it in my early 20s when it was still called "Firebird" because I was still salty that Netscape was dead and using IE sucked donkey balls (There was stuff like Konqueror and Lynx on Linux, but Konqueror and Lynx were...well they were Konqueror and Lynx). Mozilla 4 lyfe. "Technically" (with huge quotation marks) I've been more or less using the same browser since 1997.
Source: One person’s opinion on their personal Fediverse account
… Not that I disagree, mind. I’ve been on FF since like. 2007? Which was the moment I figured out that other web browsers besides IE7 existed?
Never saw reason to hop to Chrome(ium) even before I knew/cared about datamining or enshittification or any of that stuff. Back then it just looked like “another browser, that does things a bit different but has no features that entice me that Firefox lacks”. Then as I learned about the political side of things I was like “Huh, guess I’m glad for myself then!”
I used Netscape “back in the day”. With some interim transition attempts including the likes of Opera, I eventually switched to Chrome because it was genuinely more featureful and faster.
I was a happy Chrome user until they decided to deprecate manifest V2 and fuck up my ad blocker, at which point I switched to Firefox and haven’t looked back.
i love firefox but honestly right now i find edge to be much more aesthetically pleasing, especially with vertical tabs and grouping. if firefox can add these two items, i’d switch to firefox in a heartbeat (and they’re already adding tab groups)
there is sidebery but i just like the edge version more. the extension wasn’t as fluid, plus i like how i can have native profiles for work, uni, and personal built in without extensions like profile switcher, which relies on a third party program. nothing against it; and i still donate to mozilla and firefox. i’m looking forward to seeing mozilla’s approach to tab groups though.
yup vertical tabs are the dealbreaker for me, edge got me hooked. Floorp is a fork that has it, haven’t used it a ton yet but i keep hearing more about it. I’ve been using Arc which i’m enjoying.
Mullvad Browser is torbrowser without tor. Its basically the same as Librewolf, afaik Librewolf uses arkenfox user.js which is based on torbrowser.
But the Torbrowser has a “disk avoidance” principle, which means they always use “private browsing” mode as that never saves data on your hard drive.
This means it always deletes everything, session, cookies, tabs, searches, …
MullvadBrowser is not more private than Librewolf and ALSO has these things making it basically unusable for daily usage.
This may lead to people using it “for the private stuff” and a shitty browser for the rest. Which makes no sense, as Librewolf is the same.
And also, private browsing doesnt allow containers, meaning “multi account containers” and “temporary container” are nonfunctional. You dont need to run multiple damn browser sessions, just use containers.
no stored session = not a browser normal people will switch to
not more hardened or privacy optimized than librewolf
no profile support too I guess, because private browsing.
But sorry your statement is correct, it is a privacy focused version of Firefox.
But not sure what the “use more to separate activities” means, I try to do that with containers and mail aliases and its already complicated. Running and updating 2 browser engines will not help here.
Also, a browser for your searches. I guess containers could do that but my understanding you still can get finger printed easily plus I could not get to use them consistently. Having different browsers made it easier, at least for me.
No that clears browser data, the fingerprint is very complex. If you mean cookies, Librewolf and Firefox can delete all but you can add exceptions where you want to stay logged in. Very handy, also not there in private browsing.
For me its way easier to use a different browser for each use case. Librewolf for something, Mullvad for something else, also Brave, also Vivaldi. 4 different browsers are making my life seriously easy. Why would I stick to 1 browser with many profiles? If something breaks in that one browser (which happens quite often) all I have to do is fire up a different one and try again. Different people different use cases, different streamlines.
If your browser breaks I hope another profile is not broken? Running 4 browsers at a time is seriously problematic for RAM, attack surface, updates etc.
I will do a post on introducing firefox profiles (as they are hidden away) and GUI integration into desktops
Tor Browser is based on Firefox-ESR, while Librewolf is based on Firefox-Release. Because of this, they do not have identical features and preferences. Tor Browser and Mullvad Browser are designed for stability and minimal customization for the purpose of blending in with other users. Librewolf is designed to receive new features, better privacy defaults than standard Firefox, and allow users to more easily configure preferences. All of these browsers are valid options for privacy-minded people, depending on personal preferences, including separating activities/identities between different browsers. Container tabs are certainly good for privacy, and hopefully the feature can one day be used in private browsing mode.
All of these browsers are valid options for privacy-minded people
However they are bad options for those looking to switch from chrome. Even to myself it was very annoying that it always deletes everything, to someone who “already makes life hard on the web” for itself as some like to note in real life.
Mullbad Browser is fine for systems like Tails (not sure if they have it) and maybe for environments like libraries and such public places, where everything is our should be volatile anyway.
Well yeah, people still using Chrome probably need to take baby-steps to reclaim little bits of privacy for themselves. For those users, switching to Firefox is probably the best option. But technically, Mullvad Browser and Tor Browser can both be configured to disable private browsing mode and be non-volatile. It's just that normal users are unlikely to know that or to know how to do it.
It’s objectively worse than Firefox. For example, Firefox recently passed all minimum security requirements by the German Federal Office for Information Security. No other browser meets them.
Firefox’s extensions actually let developers do stuff, so we have tons of tab groups extensions. My favorite is Simple Tab Groups. But if you dont like that one, you can swap it out for a different one! DO YOU GET THAT KIND OF CUSTOMIZATION IN EDGE?
If you use Edge than you probably use Windows, which means that Microsoft can already mine your data. I guess it’s better to have your data mined by only Microsoft than to have it mined by both Microsoft and Google?
Not sure of this is still true, it often feels like edge is the main spyware feature of windowless in general, integrated into windows search.
Everytime you search for an app or file it doubles as a edge search query to present in the results. You can try disable all the spyware on windows if you want. Edge still stores it in the microsoft cloud so you can sync.
Copilot is a golden ticket for them now. Its literally an edge based application.
I can packet inspect and watch them sell data? No lol they collect telemetry but you can use a derivative that doesn’t because it’s open source. That’s not the point though, the point is they don’t sell data. You can look at the finances yourself stateof.mozilla.org
Hmm guess they’re running a charity then. Your tracking is not data? I guess you and I have different definitions of what data is. Sure, you can lock it down if you really want. But so can every other browser.
Edge works better with specific vm coursework but not sure why. On Firefox I would press a key and it would input 0-2 times. On edge, it worked just… Normal. That’s the one up that edge has had for me.
Some people Firefox and some people just love to edge. They get close but don’t really get it all the way.
Firefox dev tools are much better for typical web development.
Not true, not even close. That was true like 15-20 years ago, but nowadays, especially when I’m debugging Angular (yes the extension for chrome is better) and developing stuff that will be used by people who go for Chrome.
You say Angular. But what else can we expect for a framework for making WebKit/Chromium apps. Angular working in Firefox is an afterthought because it has very much similar featureset.
I’ve to work with what I got :P Either way even if I was doing jQuery or Vue (like I did in the past) I wouldn’t ever use Firefox because even without the Angular extension, just plain JS/CSS debugging I like Chromium dev tools more.
Besides the fact that my target users are always Chrome users and by using Firefox for development in the past I run into issues because specific features would work in Firefox but not on Chrome and vice-versa… or some piece of CSS rendered differently Chromium offers a level of polishness on small details that Firefox wasn’t ever close to. Firefox’s dev tools are always playing catch-up time to Chromium’s, that’s what I see.
Maybe I’m biased like you seem to be, but in the opposite way :P
Chrome dev tools are better for JS debugging, but Firefox wins with everything else, IMO. Especially their flexbox, grid and font visualizations and debug tools are amazing.
I cannot use Firefox without them. They adjust the text rendering to be more... normal, I don't understand why they aren't default, but maybe things change at higher resolutions (but I don't own a 2160p monitor to test).
I've accidentally fell into a Linux space, my bad! This will work on Windows, I'm not sure of alternatives on Linux, I gave up using it before I could play around with Firefox.
Try looking for aliasing options under gfx.font_rendering and trying them out.
No offence, but I used to think Windows had good font rendering while I was using it. That was until I started using Linux distros. Now every time I boot into Windows, I again remember how awful Windows looks in comparison - washed out, pixelated, gives me eye strain....
I have the inverse - where Windows is so fine and pixelated it looks blurry. Linux is sharp and legible. It may be to do with with sub-pixel rendering. And this has been the case for across multiple computers and laptops, windows versions and Linux distros.
Never heard of LibreWolf but they say on their website that features like DRM are disabled, what does that mean if I want to view DRM content in my browser? I may be confused but currently with Firefox I already have problems with DRM sometimes. For example on Dell’s website I had difficulties viewing product videos on there, will they simply not play on LibreWolf or how does that work?
Yes, Librewolf is basically a fork of Firefox that makes different trade-offs, where it accepts more breakage than Firefox does, to gain a bit more privacy.
There is a toggle for DRM in both Firefox and LibreWolf that is off by default. It will prompt you when site would like to use it, so you can happily say no and launch your favourite file sharing software.
Create a second profile that you only use for DRM crap and enable DRM in the settings. Firefox also doesnt have DRM pre-enabled so that claim of them makes no sense.
See my post on konsole on how to make a desktop entry in Linux, where you can put profiles on the right click actions with icons and all.
Librewolf doesn’t respect your choice in system fonts if you uncheck “Allow pages to choose their own fonts, instead of your selections above”. I don’t use it for that reason.
You can but it won’t be respected. It will continue to default to their included Noto fonts despite whatever font you select. You can test this yourself. I’m sure they do it for some “privacy reason” but if I wanted that trade off I’d simply use the Tor Browser or one of those hardened firefox profiles.
Just use Floorp. Gives you even easier UI customisation by allowing you to switch to the old UI via the settings, and also includes Webapp support and support for Workspaces.
Add comment