Attached: 2 images
I have no idea why people use #Chrome. #Firefox looks so much better, and their theme actually works! Even their hidden compact theme looks perfect, the padding around elements is always the same... meanwhile Chromium uses tons of different shapes and they are all incoherent and the padding is off.
Apart from the fact that Firefox is #efficient has core components rewritten in #rust and supports #wayland for way longer.
#Librewolf is a perfect addition to Firefox, I highly recommend to use it!
A little admiration of how easy UI customization is on Firefox, and how shitty Chromium looks.
Personally I find it far more important that it’s not run by a company that will try its hardest to track your every movement on the web, but to each their own, I suppose.
You never tried to listen for stock Firefox’s traffic with Wireshark for sure.
People speak very good thing about Firefox but they like to hide and avoid the shady stuff. Let me give you the un-cesored version of what Firefox really is. Firefox is better than most, no double there, but at the same time they do have some shady finances and they also do stuff like adding unique IDs to each installation.
Firefox does is a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like the OP did.
I know other browsers do it as well, except for Ungoogled and because of that I’m sticking with it. I would like to avoid programs that need no snitch whenever I open them. ungoogled-chromium + ublock origin + decentraleyes + clearurls and a few others.
Now you’re free to go ahead and downvote this post as much as you would like. I’m sorry for the trouble and mental break down I may have caused by the sudden realization that Firefox isn’t as good and private after all.
I think librewolf scrubs most of that stuff out. I’m basing that off of using burpsuite’s proxy server though. On vanilla firefox it captures so much crap going out. I havent tried with wireshark though.
Not OP, but every single day, for web development. I find them quite a bit more intuitive and easier to use then the ones Ungoogled-Chromium comes with.
That’s all true, but why take a modified chromium instead of a modified Firefox?
Because chromium rendering is better than Firefox’s and I personally like the dev tools better and my usual target audience in dev uses Chrome. I have LibreWolf as the secondary browser but I don’t see me ever liking the way Firefox renders the web.
I personally prefer Firefox’s rendering, or even Edge’s old and long deprecated EdgeHTML (Trident fork) renderer.
IME Chrome performs way too much antialiasing on graphics that are not to scale, and their default font hinting technique doesn’t match Windows or even common Linux distro defaults.
It feels a lot like the enhanced speed and performance come from the shortcuts taken in the renderer, akin to Safari… except that Safari also opts to just refuse implementing new APIs and draft specs.
Text heavy sites in particular are not really that nice to read in Chrome for me personally.
If you ask a user to show you a “core dump” they’re more likely to shit on their floor and send you a photo than do what you actually mean.
Telemetry is absolutely crucial in determining what to focus on in development, to fix issues the users might not even realize exist. Especially for projects that aim at the general public. As long as it’s communicated clearly, used truly only for development purposes and an opt-out is available there’s nothing wrong about it.
Chromium-based browsers have inherently weaker extensions due to Manifest v3 and many other targeted attacks on adblockers. If you want a browser that works far better and provides a much higher level of privacy, use Mullvad Browser (worked on in collaboration with the Tor Browser, just without Tor integration) or LibreWolf. Both are Firefox forks with Firefox telemetry removed and anti-fingerprinting measures. You don’t need and absolutely should not install any extensions beyond the default installed in those 2 browsers (except perhaps a password manager), as that will dramatically damage the fingerprinting protection they provide. Both will have a much higher level of protection than you could ever realistically expect from any Chromium-based Browser.
I’d really rather have some harmless telemetry by Mozilla with a stronger ad blocker than Chromium bullshit. Ngl some people take privacy too seriously
I’m not ever going to use Mullvad Browser, I would rather use stock Firefox than that. I have LibreWolf installed as second browser and I like it at that, but I don’t see myself going away from ungoogled-chromium anytime soon.
Can we ask why you wouldn’t use Mullvad Browser? I’m honestly curious about that. From my wireshark tests, that thing only hits what you tell it to hit, nothing else. Am I missing something?
So… you don’t trust Google but you trust some shady VPN company? You aren’t wrong about quick wireshark tests, it does seem cleaner but long term trust and VPN companies are not something that go into the same sentence.
First off, everything Mullvad deploys is open source, from their clients to their servers. They have been audited and checked by 3rd parties to ensure their servers are running the source code they released. They are not some “shady VPN company” like Nord. They have a continual commitment to transparency that has been tested and true for many years.
Second, MullvadVPN has very little to do with the development of the Mullvad browser. It’s just a fork of Tor Browser maintained by the Tor Project as a collaborative effort towards a uniform browser with the benefits of Tor Browser, but to be used without the Tor network. It is funded by Mullvad, but maintained mostly by the Tor Project. Do you not trust the Tor Project? The non-profit that has been open source and audited constantly throughout its lifespan? Here’s the source code on the Tor Project’s repo: https://gitlab.torproject.org/tpo/applications/mullvad-browser
The only Mullvad affiliation is the Mullvad extension that comes preinstalled (which you can uninstall, of course), the name, and the logo. That’s about it. No need to use their VPN, no need to buy anything from Mullvad, it’s basically just the Tor Browser without Tor.
I dont use Mullvad VPN, only the browser. I do use NordVPN when I need to show as being in another country, but mostly to circumvent geolocation and keep some stuff from my ISP. I know commercial VPNs are just switching who sees your data, but I’m good having a company that’s not my ISP and in my country looking at that.
And yes, I distrust Google to no end. The same applies to Apple, Amazon, Microsoft, Samsung, etc. There are not many names out there I trust. At the end of the day, anything not under your control, you need to choose how much you trust it, if at all.
I know commercial VPNs are just switching who sees your data,
Oh yeah.
And yes, I distrust Google to no end.
Me too, the reason why I use ungoogled-chromium is mostly because of that and because when you take Chrome and remove all the tracking and spyware it runs way faster ahah. There are many people and projects that came together in the ungoogled-chromium community and the source code is scrutinized and cleaned up like nothing else.
We’re lucky that there are so many nice developers out there just providing these tools for the community to break the ropes that tie us to big tech.
Those devs are the real heroes in my book.
Yes but no. Firefox does some creepy stuff, and I will need to verify this. But it also matters how much data websites get about you, and Ungoogled Chromium has no fingerprint protection
Firefox is better than most, no double there, but at the same time they do have some shady finances
So I went ahead and read that article and goodness gracious, does anybody actually read these links??? Because that link is a complete nothingburger. It’s a blog post from someone who never read a 990 before (standard nonprofit disclosure form) who thinks every other line of is proof of a scandal. But it’s not, it’s just a big word salad that is too long to read, so nobody will bother.
The most significant charge is (1) that the CEO makes too much and (2) the author doesn’t like that they contract out work to consultants who think diversity is good. Every point made, so far as I can tell:
Have assets worth $1.1 billion as of 2021
Mozilla spent less on “expenses” from 2021 relative to 2020
Revenue went up over the same time
A lot of revenue was from royalties (e.g. agreements for default search)
They disagree with the wording on a donate form about whether Mozilla “relies” on individual donations
The CEO made $5.6MM
They pulled out one expense, which appears to have been training/education relating to social justice topics
They pull out a few more individual expenses and weren’t sure what they were.
This isn’t secret documents being handed to Deep Throat in a dark parking lot. There’s no smoking gun, no smoke, just a PDF with ordinary tables of expenses and revenue, and consultants who did diversity training. If that’s shady then, get ready to be mad about every non-profit ever.
Firefox is better than most, no double there, but at the same time they do have some
shady finances.
I’m not going to refute this because it seems to me that article are right in several points. Also, we have to
be honest, Mozilla is kind of stupid sometimes.
But if you care about the default search engine or privacy settings, you really just need to do
some hardening and tweaks to make it very private
in general. Chromium doesn’t have any of these settings, it even doesn’t have RFP btw.
Looks like you can download Firefox through the Mozilla’s official
HTTP/FTP repository that doesn’t trigger
this ID token generation. Also this article motivates people to download Firefox installer from
Softonic’s page:
Firefox users who prefer to download the browser without the unique identifier may do so
in the following two ways:
Download the Firefox installer from Mozilla’s HTTPS repository (formerly the FTP repository).
Download Firefox from third-party download sites that host the installer, e.g., from Softonic.
I’m not trying to justify the Mozilla’s problems. They makes silly things sometimes, but being
realistic, they do a better job taking care of their users privacy more than Google or even Brave.
we have to be honest, Mozilla is kind of stupid sometimes.
Yes.
Looks like you can download Firefox through the Mozilla’s official HTTP/FTP repository that doesn’t trigger this ID token generation. Also this article motivates people to download Firefox installer from Softonic’s page:
Yes, but still having to go around the main download page to get an untracked version is kind of annoying. Fuck Softonic, the rest of the information about the IDs still holds true.
También tenemos que entender que hay algunos que solo entran para tener con quien discutir, porque con su esposa no se atreven, así que entran aquí a eso 🤣
The only issue they have with sandboxing is on Android, as they have yet to implement per-site process isolation despite it being present on desktop Firefox and Chromium Android for many years now. I’ve been tracking the development of Project Fission on Android (Firefox’s per-site process isolation) for years now and it still isn’t even ready for testing. Additionally, Firefox Android does not use Android’s isolatedProcess flag for sandboxing, which is another area in which it is behind Chrome. For that reason, I cannot recommend Firefox on Android, and instead recommend Cromite (fork of Bromite after its development was abandoned) which is based on Chromium.
Firefox shipped sandboxing on Android years ago (before chrome) and then removed it. I’m not sure you gain much from it on Android. It eats up ram making performance crap on cheap phones and apps already run in their own app user context to isolate what they can access.
If you’re referencing an isolatedProccess implementation, the benefit is that each site is isolated in its own process, and any exploit would only have access to its own process (the data that the site sees anyways) without further escape (kernel exploit or meltdown, for instance). Without this isolation flag, sites are not sandboxed from each other or from the browser’s process itself, meaning an exploit could access any data from any other active site or from the browser’s process (such as accessing browser settings, bookmarks, history, or the built-in browser password manager). This has a massive implication on security. I’m unaware of the sandboxing you mentioned before Chrome, so I can’t comment on that, but you gain a lot of security from proper per-site process isolation. Yes, the app lives inside its own sandbox, but there’s plenty of data within that sandbox that you may not want a site to access, hence the importance of the isolatedProcess flag.
Yes very poorly true. The lack of any sync makes other mobile browsers hard to use for me though. Often start stuff on mobile, and continue on a real browser on Laptop.
Personally I find it far more important that it’s not run by a company that will try its hardest to track your every movement on the web, but to each their own, I suppose.
You never tried to listen for stock Firefox’s traffic with Wireshark for sure.
People speak very good thing about Firefox but they like to hide and avoid the shady stuff. Let me give you the un-cesored version of what Firefox really is. Firefox is better than most, no double there, but at the same time they do have some shady finances and they also do stuff like adding unique IDs to each installation.
Firefox does is a LOT of calling home. Just fire Wireshark alongside it and see how much calling home and even calling 3rd parties it does. From basic ocsp requests to calling Firefox servers and a 3rd party company that does analytics they do it all, even after disabling most stuff in Settings and config like the OP did.
I know other browsers do it as well, except for Ungoogled and because of that I’m sticking with it. I would like to avoid programs that need no snitch whenever I open them. ungoogled-chromium + ublock origin + decentraleyes + clearurls and a few others.
Now you’re free to go ahead and downvote this post as much as you would like. I’m sorry for the trouble and mental break down I may have caused by the sudden realization that Firefox isn’t as good and private after all.
I think librewolf scrubs most of that stuff out. I’m basing that off of using burpsuite’s proxy server though. On vanilla firefox it captures so much crap going out. I havent tried with wireshark though.
Librewolf is my second browser, but I don’t see me using it everyday. I like chromium rendering more and the dev tools.
Chrome devtools are just bullshit. Firefox has the better implementation imo
Let me ask you, how much do you use the dev tools and for what?
I use them for security assessments and completely agree with the other person. I find Chrome so unintuitive and ugly compared to Firefox.
Not OP, but every single day, for web development. I find them quite a bit more intuitive and easier to use then the ones Ungoogled-Chromium comes with.
That’s all true, but why take a modified chromium instead of a modified Firefox?
Also clearurls and decentraleyes would be pretty much useless with Firefox and uBlock Origin.
Because chromium rendering is better than Firefox’s and I personally like the dev tools better and my usual target audience in dev uses Chrome. I have LibreWolf as the secondary browser but I don’t see me ever liking the way Firefox renders the web.
Got any examples of popular websites that render better on Chrome?
I personally prefer Firefox’s rendering, or even Edge’s old and long deprecated EdgeHTML (Trident fork) renderer.
IME Chrome performs way too much antialiasing on graphics that are not to scale, and their default font hinting technique doesn’t match Windows or even common Linux distro defaults.
It feels a lot like the enhanced speed and performance come from the shortcuts taken in the renderer, akin to Safari… except that Safari also opts to just refuse implementing new APIs and draft specs.
Text heavy sites in particular are not really that nice to read in Chrome for me personally.
Usually it’s not about entire websites, it’s the small detail like the font rendering smoothness and a few others.
I will never understand how people expect software to gather no telemetry or metrics whatsoever.
We did fine without it for a very long time. We still do with a lot of software. It’s called voluntarily submitting a bug report and/or core dump.
If you ask a user to show you a “core dump” they’re more likely to shit on their floor and send you a photo than do what you actually mean.
Telemetry is absolutely crucial in determining what to focus on in development, to fix issues the users might not even realize exist. Especially for projects that aim at the general public. As long as it’s communicated clearly, used truly only for development purposes and an opt-out is available there’s nothing wrong about it.
You don’t use the technical term, but you do ask.
I’m not against telemetry, I’m against making it hundreds of different hidden options.
Especially software with hundreds of millions of users, that constantly has to deal with bleeding edge attack vectors and compatibility.
Chromium-based browsers have inherently weaker extensions due to Manifest v3 and many other targeted attacks on adblockers. If you want a browser that works far better and provides a much higher level of privacy, use Mullvad Browser (worked on in collaboration with the Tor Browser, just without Tor integration) or LibreWolf. Both are Firefox forks with Firefox telemetry removed and anti-fingerprinting measures. You don’t need and absolutely should not install any extensions beyond the default installed in those 2 browsers (except perhaps a password manager), as that will dramatically damage the fingerprinting protection they provide. Both will have a much higher level of protection than you could ever realistically expect from any Chromium-based Browser.
I’d really rather have some harmless telemetry by Mozilla with a stronger ad blocker than Chromium bullshit. Ngl some people take privacy too seriously
I’m not ever going to use Mullvad Browser, I would rather use stock Firefox than that. I have LibreWolf installed as second browser and I like it at that, but I don’t see myself going away from ungoogled-chromium anytime soon.
Can we ask why you wouldn’t use Mullvad Browser? I’m honestly curious about that. From my wireshark tests, that thing only hits what you tell it to hit, nothing else. Am I missing something?
So… you don’t trust Google but you trust some shady VPN company? You aren’t wrong about quick wireshark tests, it does seem cleaner but long term trust and VPN companies are not something that go into the same sentence.
First off, everything Mullvad deploys is open source, from their clients to their servers. They have been audited and checked by 3rd parties to ensure their servers are running the source code they released. They are not some “shady VPN company” like Nord. They have a continual commitment to transparency that has been tested and true for many years.
Second, MullvadVPN has very little to do with the development of the Mullvad browser. It’s just a fork of Tor Browser maintained by the Tor Project as a collaborative effort towards a uniform browser with the benefits of Tor Browser, but to be used without the Tor network. It is funded by Mullvad, but maintained mostly by the Tor Project. Do you not trust the Tor Project? The non-profit that has been open source and audited constantly throughout its lifespan? Here’s the source code on the Tor Project’s repo: https://gitlab.torproject.org/tpo/applications/mullvad-browser
The only Mullvad affiliation is the Mullvad extension that comes preinstalled (which you can uninstall, of course), the name, and the logo. That’s about it. No need to use their VPN, no need to buy anything from Mullvad, it’s basically just the Tor Browser without Tor.
I dont use Mullvad VPN, only the browser. I do use NordVPN when I need to show as being in another country, but mostly to circumvent geolocation and keep some stuff from my ISP. I know commercial VPNs are just switching who sees your data, but I’m good having a company that’s not my ISP and in my country looking at that. And yes, I distrust Google to no end. The same applies to Apple, Amazon, Microsoft, Samsung, etc. There are not many names out there I trust. At the end of the day, anything not under your control, you need to choose how much you trust it, if at all.
Oh yeah.
Me too, the reason why I use ungoogled-chromium is mostly because of that and because when you take Chrome and remove all the tracking and spyware it runs way faster ahah. There are many people and projects that came together in the ungoogled-chromium community and the source code is scrutinized and cleaned up like nothing else.
We’re lucky that there are so many nice developers out there just providing these tools for the community to break the ropes that tie us to big tech. Those devs are the real heroes in my book.
Yes but no. Firefox does some creepy stuff, and I will need to verify this. But it also matters how much data websites get about you, and Ungoogled Chromium has no fingerprint protection
More or less, but you know as we all as I do that there are extensions for that… and Ungoogled Chromium doesn’t snitch on me so…
No extension can change the core of how a browser interacts with the web, especially not with manifest v3.
So I went ahead and read that article and goodness gracious, does anybody actually read these links??? Because that link is a complete nothingburger. It’s a blog post from someone who never read a 990 before (standard nonprofit disclosure form) who thinks every other line of is proof of a scandal. But it’s not, it’s just a big word salad that is too long to read, so nobody will bother.
The most significant charge is (1) that the CEO makes too much and (2) the author doesn’t like that they contract out work to consultants who think diversity is good. Every point made, so far as I can tell:
This isn’t secret documents being handed to Deep Throat in a dark parking lot. There’s no smoking gun, no smoke, just a PDF with ordinary tables of expenses and revenue, and consultants who did diversity training. If that’s shady then, get ready to be mad about every non-profit ever.
Only in the USA a “non profits” turns profit. 😂
Pretty sure all non-profits strive to be cash flow positive, in the United States and otherwise.
There is a distinct type called a not-for-profit.
Should Mozilla be a not-for-profit instead? Trying to figure out the upshot of that distinction as it relates to this thread.
No of course not. It’s for very limited businesses like clubs. Obviously you can’t grow or really make products under that structure.
It was just a fun fact they do exist.
I’m not going to refute this because it seems to me that article are right in several points. Also, we have to be honest, Mozilla is kind of stupid sometimes.
But if you care about the default search engine or privacy settings, you really just need to do some hardening and tweaks to make it very private in general. Chromium doesn’t have any of these settings, it even doesn’t have RFP btw.
Looks like you can download Firefox through the Mozilla’s official HTTP/FTP repository that doesn’t trigger this ID token generation. Also this article motivates people to download Firefox installer from Softonic’s page:
Softonic have a really nice and privacy respectful privacy policy (obviously that’s not the case) in contrast with randomized pretty anonymous unique ID triggered by Firefox installer download. Mozilla’s generated ID feels more like a download counter than a tracker indeed.
I’m not trying to justify the Mozilla’s problems. They makes silly things sometimes, but being realistic, they do a better job taking care of their users privacy more than Google or even Brave.
Yes.
Yes, but still having to go around the main download page to get an untracked version is kind of annoying. Fuck Softonic, the rest of the information about the IDs still holds true.
I’ve never wiresharked my workstation to verify but I absolutely review my DNS logs on my pihole and I have never seen what you’re describing.
Go ahead then.
¿Por qué no los dos?
Hooray! 🌮
También tenemos que entender que hay algunos que solo entran para tener con quien discutir, porque con su esposa no se atreven, así que entran aquí a eso 🤣
Always better to argue with strangers than family.
Maybe better, certainly easier than having to sleep on the couch or in the Garage 🤣🤣🤣
I am also pretty sure Firefox is equally if not more secure than Chromium. They just got some really bad reputation for not sandboxing everything.
The only issue they have with sandboxing is on Android, as they have yet to implement per-site process isolation despite it being present on desktop Firefox and Chromium Android for many years now. I’ve been tracking the development of Project Fission on Android (Firefox’s per-site process isolation) for years now and it still isn’t even ready for testing. Additionally, Firefox Android does not use Android’s isolatedProcess flag for sandboxing, which is another area in which it is behind Chrome. For that reason, I cannot recommend Firefox on Android, and instead recommend Cromite (fork of Bromite after its development was abandoned) which is based on Chromium.
Firefox shipped sandboxing on Android years ago (before chrome) and then removed it. I’m not sure you gain much from it on Android. It eats up ram making performance crap on cheap phones and apps already run in their own app user context to isolate what they can access.
If you’re referencing an isolatedProccess implementation, the benefit is that each site is isolated in its own process, and any exploit would only have access to its own process (the data that the site sees anyways) without further escape (kernel exploit or meltdown, for instance). Without this isolation flag, sites are not sandboxed from each other or from the browser’s process itself, meaning an exploit could access any data from any other active site or from the browser’s process (such as accessing browser settings, bookmarks, history, or the built-in browser password manager). This has a massive implication on security. I’m unaware of the sandboxing you mentioned before Chrome, so I can’t comment on that, but you gain a lot of security from proper per-site process isolation. Yes, the app lives inside its own sandbox, but there’s plenty of data within that sandbox that you may not want a site to access, hence the importance of the isolatedProcess flag.
Yes very poorly true. The lack of any sync makes other mobile browsers hard to use for me though. Often start stuff on mobile, and continue on a real browser on Laptop.
Ah yes the trust worthy browser without tracking that comes with Google search by befault. lol
Browser and search engine are completely different, plus you can change it.
the great thing about foss projects, is that people fork them! try librewolf!