Thoughts on Browsers?
From all my research the best browsers I've been able to find for daily use (so not tor) are as follows:
Abrowser:
Pros
- Maintained by a team that has been around a long time so likely won't be going anywhere anytime soon
- Is in most distro repos I've tried
- Is more hardened then normal firefox (?)
Cons:
- Not chromium/dart based so security will generally be worse (if only slightly)
- No useful plugins preinstalled
Recommended config:
- disable the "always do not track" as this can make you stand out/is rarely respected anyway from what I know
- install ublock, chameleon, privacy badger, and noScript (This+reasonable user behavior will fix 99.999% of all security/privacy issues imo)
- use a trusted VPN (Mullvad is what I use, but I know there are others with good track records as well)
- use a pihole/a custom dns to block any tracking/bad sites etc that aren't caught by your plugins (I use NextDNS, and am planning on setting up a pihole at some point.)
Librewolf:
Pros:
- Quite hardened and well configured out of the box
- Good reputation/decent name recognition for any support needed.
Cons:
- not in most distro repos I've tried so have to rely on AUR/nix/flatpack/appimage etc (could be a good thing security wise if you know what you're doing)
- Still based on Gecko and not dark so security issues stand
- Run/Maintained by volenteers which means the likelihood of abandonment is higher than the other 2 on the list
Recommended config:
same as Abrowsear
Brave:
Pros:
- great out of the box configuration
- chromium/Dart based so higher security level
- no need for privacy badger, noscript, or ublock as all of the same features are built into brave you just have to configure some of them
Cons:
- no Chameleon support
- has a messy homescreen/crypto integration (but that's pretty easy to config your way out of)
- might be mildly more resource intensitve due to chromium/dar
Recommended config:
- leave as is except cleaning up the homepage
- same VPN/DNS/Pihole advice as the others
I also recommend using searxNG as a search engine, if the instance you are using starts failing/dies, you can scroll to the bottom of the page, click "public instances" and choose a different one
can be a bit annoying but worth it
Curious if I missed anything obvious, or if others have any other suggestions/corrects to my recommendations! Feels free to let me know
Strange, I thought is was not the troll section here.
Seriously, I don't know where to begin and really feel discourage by this amount of nonsensical assumptions.
I really am sorry not to argument, but when I say discourage, it would be like an anti-USA-imperialism militant that would have felt asleep in an Afganistan cave and that would wake up naked in the middle of the biggest of all Disney parks of USA.
At least I hope my metaphor makes you laugh.
>"Cons:
- Not chromium/dart based so security will generally be worse (if only slightly)"
What is this assumption based on? Chrome/chromium has had about 40 to 45 zero day exploits against it in the past 5 years - it's setting records for its horrifying amounts of security vulnerabilities. It's making Flash Player look like a relatively secure piece of software back when Flash was in its heyday of allowing malware to spread globally.
A web browser can do processing that could be done using programmes installed on the computer via the package manager and can download and execute code from the web site without even informing the user of what code is downloaded exactly. These features could easily be used to spy on users and steal their data.
When I read from people discussing security of web browsers and they don't mention that (always), it makes me wonder whether the issues these people are discussing are not actually just tiny holes in a wall that has several open doors.
I am unable to compare Firefox with Chromium from security perspective. Some people say Chromium has better features for "security" but Chromium also has much larger code, which means more opportunities for bugs, and it is unclear whether it is entirely free software, which I understand is the reason why it is not included in Trisquel.
I use abrowser, I block execution of downloaded code on all sites by default (I use Noscript, I first removed all default exceptions) and only consider allowing it when the website is unusable without that and I really must use this website or the website is the one of a free software project. Nevertheless, I feel that free software projects should not make a website that requires allowing the use of dynamically downloaded code.
I have yet to find a browser I like as much as Abrowser. I can tolerate some others but if I can use Abrowser then I will.
I've recently found one called "WaterFox". It's a much more privacy focused version of Firefox. :)
https://www.waterfox.net/en-US/
Started using it at work and so far it's pretty good. Basically an upgraded firefox :P
Waterfox invites the user to "play DRM-controlled content": https://trisquel.info/files/Screenshot_20200220_233023.png
Who knows about the harms of DRMs and values her freedoms will not accept the invitation. Anyway, inviting the user to surrender her freedoms is bad: this community should not recommend Waterfox (unless it has changed since 2020, date of the screenshot).
>"Waterfox invites the user to "play DRM-controlled content"
Mullvad browser doesn't have a DRM option.
I wonder if Mullvad browser is all free software? Its license file is here: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/blob/mullvad-browser-115.2.0esr-13.0-1/toolkit/content/license.html?ref_type=heads
Seems to be the same as the Firefox license file. There's an addition for "open sans" Adobe fonts that the Mullvad browser is using that appear to my untrained eye to be freely licensed.
Does Firefox contain non-free code?
Does Firefox contain non-free code?
I have never heard of nonfree code in Firefox. https://gitlab.trisquel.org/trisquel/package-helpers/-/blob/aramo/helpers/make-firefox does not seem to remove blobs. Nevertheless, Firefox suffers from more subtile issues. The main one is the same as Waterfox: the invitation to surrender to DRM, unless compiled with --disable-eme (added by Trisquel's package helper, to build Abrowser). Well, it is obviously the other way around: Waterfox inherits the issue from Firefox.
So if Mullvad browser does not have the DRM option and if it hasn't added anything with a non-free license to Firefox, then I assume it would be free software.
It would be better to check the configuration build, I wonder if the DRM complement firefox uses has a free license or if it's a third party "addon" not part of firefox what allows to play DRM content.
The fact that it plays without asking the user, could be that in the configuration build it was accepted to play DRM content by default.
Magic Banana:
> I have never heard of nonfree code in Firefox... The main one is the same as Waterfox: the invitation to surrender to DRM
I thought the issue with EME was that it required a nonfree module in the browser to enable decryption of DRM media? Is this code not shipped with Firefox, but rather downloaded when the DRM media is played? If so, why did this require insertion of EME into the HTML standard, rather than just being done with JavaScript?
I thought the issue with EME was that it required a nonfree module in the browser to enable decryption of DRM media?
There is that, but DRM by itself is an injustice: https://www.defectivebydesign.org
Is this code not shipped with Firefox, but rather downloaded when the DRM media is played?
The first time DRM-encumbered content is requested (a click in a pop-up, I believe).
If so, why did this require insertion of EME into the HTML standard, rather than just being done with JavaScript?
If it is in the standard, every Web browser is supposed to implement it. That is obviously what Netflix, Disney, ... want.
As for the programming language, I guess performance would be an issue with JavaScript (we are talking about decrypting high-resolution video streams), but that is only a guess.
EmiliaES:
> [LibreWolf is] not in most distro repos I've tried so have to rely on AUR/nix/flatpack/appimage etc
Why is LibreWolf not in the Trisquel repos? Pre-built packages are available for both Debian and Ubuntu:
https://librewolf.net/installation/debian/
Probably because Trisquel is FSDG compliant, which makes this not acceptable: