Web Browser

88 replies [Last post]
MD. SHAHIDUL ISLAM
Offline
Joined: 10/14/2015

In Trisquel, firefox alternative-> IceCat.
But What is the alternative of Chromium?
Chromium is not a free software?

FindEssential
Offline
Joined: 08/23/2017

Chromium is not supported because it is a complex collection of different pieces, some of which are not free, and cannot be easily parced out because each version is different. There are other Webkit browsers though: Flakon (Qupzilla), Surf, Web, Midori, and Konqueror.

calher
Offline
Joined: 06/19/2015

I'd like to add that Web (GNOME Web) is awesome, and people should be
writing their web apps to run inside it rather than Chromium. GNOME Web
integrates web apps with the desktop at the click of a button.

jules_verne
Offline
Joined: 01/02/2017

I am currently using Palemoon. Can't complain so far... Works pretty well. Maybe you would like to give it a try?

MD. SHAHIDUL ISLAM
Offline
Joined: 10/14/2015

But Palemoon is not free software.

bobstechsite

I am a member!

Online
Joined: 12/10/2017

Having had a quick look, it seems to be under Mozilla Public License v2. https://www.palemoon.org/licensing.shtml. According to GNU, that's free software: https://www.gnu.org/licenses/license-list.en.html#MPL-2.0

Edit: On closer inspection you are right. In section 1.5 they included the “Incompatible With Secondary Licenses” clause. Due levels of facepalm.

jules_verne
Offline
Joined: 01/02/2017

What a shame.

jxself
Offline
Joined: 09/13/2010

It has the same problem as Firefox, where freedom #2 (the ability to make exact copies) has been limited to non-commercial purposes. https://www.palemoon.org/redist.shtml

https://libreplanet.org/wiki/Libre_Browsers_Libre_Formats#Browsers_that_might_seem_free.2C_but_are_not

https://jxself.org/mozilla_trademark.shtml

Because that loophole is open, it allows room for a derivative to be free but the original version itself would still only have 3 (or maybe 3.5) of those 4 freedoms, depending on how you count.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Indeed. And using the same source, here is the free software status of Chromium (the original question):

Chromium might or might not be free. During the last review, the copyright or license of some code was unclear. It also has a similiar problem to Iceweasel and Firefox in which it links to proprietary plugins. (Chromium should NOT be confused with Google Chrome, which shares a codebase with Chromium but is not free software.)

For details on the license issues, see the "Blocked on" list on the left of https://bugs.chromium.org/p/chromium/issues/detail?id=28291

heyjoe
Offline
Joined: 01/09/2018

Hello friend of software freedom,

In December 2017, after trying FF 57 for the first time, I saw some hideous things and I started to test various browsers myself, from privacy perspective. I have shared some of my findings as bug reports:

Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1424781
Chromium: https://bugs.chromium.org/p/chromium/issues/detail?id=795526
IceCat: I have reported this directly to GNU and FSF as it shows similar behavior to Firefox (with a little less messages sent). RMS himself replied and forwarded the message to one of the developers who then replied:

"I'll be working on more a more strict cleanup of those "features" for the next IceCat release cycle."

FWIW I am using openSUSE Leap 42.3 (and interested in trying Trisquel).

Considering the results: It seems to me that the so called FOSS browsers don't really respect user privacy and as also mentioned in the bug report to Mozilla, I consider this violation of Freedom 0 as privacy is essential to freedom. Unfortunately Mozilla seems not to care at all. Chromium developers replied much more sanely and as a whole Chromium so far seems the most privacy respecting browser (as per my tests, feel free to share your results).

Also looking at most recent issues of Spectre and Meltdown - personally I have blocked all JS in chromium. Firefox doesn't even have such setting. Waterfox (supposedly a version of FF with enhanced privacy) shows exactly the same result as Firefox in tcpdump. I am still willing to test other browsers when I have time.

Currently I am also looking for RSS reader which won't load any JS. Akregator seems to load web pages with embedded and playable YouTube videos (which means it also loads scripts, 3rd party stuff etc). If anyone knows about good privacy respecting RSS reader, please share.

mason

I am a member!

Offline
Joined: 07/07/2017

> and as a whole Chromium so far seems the most
> privacy respecting browser

As I understand it Chromium has freedom issues, which doesn't surprise me since the project seems committed not to freedom but to ensuring that its proprietary counterpart Chrome benefits from all free software included in Chromium, only including pushover-licensed free software and avoiding the work of free software developers who have used the GPL to protect their labor from exploitation.

Firefox has known issues, but as free software can be modified to remove any antifeatures. Have you tried the same privacy tests on any other Firefox forks? Tor Browser should be the most privacy-respecting. Abrowser should also be better than vanilla Firefox.

> Also looking at most recent issues of Spectre and Meltdown -
> personally I have blocked all JS in chromium.

You are wise to avoid JS.

> Currently I am also looking for RSS reader which won't load any
> JS.

Liferea's internal browser has JS enabled by default, but it can be disbled under Tools->Preferences->Browser.

heyjoe
Offline
Joined: 01/09/2018

> As I understand it Chromium has freedom issues

Could you please explain what freedom issues (apart from the one mentioned by me) there are? I have always thought Chromium is FLOSS.

> Firefox has known issues, but as free software can be modified to remove any antifeatures.

But I am not a programmer. And it seems no programmer has taken care to remove them, yet the vendors claim it is free software respecting privacy and people believe that. My test proves that it is not. And that the vendor not only doesn't care but would rather argue with proven and close the ticket.

> Have you tried the same privacy tests on any other Firefox forks?

Yes - IceCat, Waterfox. IceCat also does background communication on startup. Waterfox shows the same behavior as Firefox.

> Tor Browser should be the most privacy-respecting.

Using uMatrix's background log I noticed that Tor Browser also sends behind the scenes packets. I don't know if they go through the Tor network but in any case - they are sent, without prior (or any) consent. Some of them were to Mozilla's servers. I haven't tested further or in more detail.

> Liferea's internal browser has JS enabled by default, but it can be disbled under Tools->Preferences->Browser.

Thanks. I also just found QuiteRSS which has built in browser in which JS can be disabled. But to my mind the very fact that the RSS reader has support for JS makes me stay away from it. Perhaps I need to find an command line tool or get rid of RSS totally...

ETA: FWIW this whole thing makes me question the FOSS software as a whole. I know that the idea is that it is open and verifiable but considering that even major (perhaps the most used) applications are not tested like I tested (which is quite a simple test) logically leads to the question - does anyone inspect the code and the effect of apps? And where is the community control? Or do people just trust words?

mason

I am a member!

Offline
Joined: 07/07/2017

> Could you please explain what freedom issues (apart from the one mentioned
> by me) there are? I have always thought Chromium is FLOSS.

See Magic Banana and Supertramp's posts.

> But I am not a programmer. And it seems no programmer has taken care to
> remove them

I wasn't suggesting that you yourself do it. I was referring to Firefox derivatives, including Abrowser, IceCat, and Tor Browser. From reading your bug report, it appears that Mozilla is unwilling to make the reasonable change you requested. However, the three browsers I listed are more likely to address the issue if brought to their attention. It sounds like you've already done this for Icecat and gotten a promising response. I suggest doing the same for Tor Browser. If the data is not sent through the Tor network or contains identifying data then it is deanonymitizing and I'm sure they would take it seriously.

> yet the vendors claim it is free software respecting privacy

There are two claims in there, as freedom (in the software sense) and privacy are to important but separate issues. I agree that Firefox does not adequately respect privacy, but it is free software which is why it is possible to create Firefox derivatives that improve the software with respect to privacy. You've found one issue that has not yet been fixed in Icecat, Abrowser (I just checked), or Tor Browser (more info needed to know if deanonymitizing in this case) but there is nothing stopping them from fixing the issue now. If Firefox were proprietary no one would be allowed to fix any of these issues.

> Perhaps I need to find an command
> line tool or get rid of RSS totally...

I recently started using newsbeuter. It's very easy to configure. Run it once to generate ~/.newsbeuter/ and save a list of links to feeds as ~/.newsbeuter/urls.

> ETA: FWIW this whole thing makes me question the FOSS software as a whole.

It is possible for free software to include antifeatures, and it's true that community control over the software doesn't immediately eliminate all antifeatures. However, at least it is possible to audit and improve the software. With proprietary software we are truly at the developers mercy and only have their word that the software contains no malicious functionality. It's similar to how science works. It is possible for a study to be flawed or for results to be forged, but if the research is public and subject to peer review it is possible to refute falsehoods, which also incentivizes researchers to be accurate and truthful in the first place. If scientists were allowed to keep their methedology a secret so that no one could attempt to replicate their results we would simply have to trust what they say is the truth. Public information, whether it is code or any other kind of information, is not necessarily perfect, but it is far more reliable than privatized information.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

There are two claims in there, as freedom (in the software sense) and privacy are to important but separate issues. I agree that Firefox does not adequately respect privacy, but it is free software which is why it is possible to create Firefox derivatives that improve the software with respect to privacy.

Well said. heyjoe raises interesting privacy concerns. It is unfortunate he pretends they are freedom issues. They are not. That makes his arguments look bad, including on Mozilla's bug tracker:

It is a shame that generally a useful technical investigation is made all but useless by waving "freedom 0" around here. Your freedom is about the user using the program in any way you like - not having the program or the vendor DO exactly what YOU what. Hence the other freedoms to achieve that.
https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c16

https://www.gnu.org/philosophy/imperfection-isnt-oppression.html starts with:

When a free program lacks capabilities that users want, that is unfortunate; we urge people to add what is missing. Some would go further and claim that a program is not even free software if it lacks certain functionality — that it denies freedom 0 (the freedom to run the program as you wish) to users or uses that it does not support. This argument is misguided because it is based on identifying capacity with freedom, and imperfection with oppression.

The issues heyjoe raises are not lacks of capabilities but undesired capabilities or, to be more precise, capabilities whose side effects (potential spying) makes them undesirable. Yet, the same rationale applies. Ubuntu's spyware was a similar issue (although worse imho: even the main goal of the capability was not laudable) as those heyjoe points. The conclusion of https://www.gnu.org/philosophy/ubuntu-spyware is not that freedom 0 is tainted. Not at all. It is:

What's at stake is whether our community can effectively use the argument based on proprietary spyware. If we can only say, “free software won't spy on you, unless it's Ubuntu,” that's much less powerful than saying, “free software won't spy on you.”

Another problem, that https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c14 clearly states, is that Firefox/Chromium's bug tracker is not the place where policies are discussed. They are places for specific technical issues. And heyjoe does not seem to understand even simple technical explanations (e.g., that the check box "Allow Firefox to send technical and interaction data to Mozilla" switches datareporting.healthreport.uploadEnabled and that, once "false", all "telemetry" configs become moot: no telemetry is sent).

Finally, I do not understand heyjoe's conclusion, in this thread:

Mozilla seems not to care at all. Chromium developers replied much more sanely and as a whole Chromium so far seems the most privacy respecting browser

On Mozilla's side he got an invitation to argue for policy changes in https://lists.mozilla.org/listinfo/governance and several statements like:

No user should ever have to go into about:config to do anything as important as preserve their privacy. We take user control and user privacy too seriously to hide it away. It's the reason we have such rigorous review on the data we _do_ ask to collect, and the reason we only collect anonymous usage statistics
https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c4

On Chromium's side:

I guess your feature request boils down to "Create a setup in Chrome such that not network communication happens in the background." I acknowledge this feature request but don't think that it is very likely to become a priority soon.
https://bugs.chromium.org/p/chromium/issues/detail?id=795526#c2

heyjoe
Offline
Joined: 01/09/2018

> newsbeuter

Yes, I have started using it yesterday too. Looks nice. Thanks for sharing your experience.

> agree that Firefox does not adequately respect privacy, but it is free software

I see a big danger in this. It implies that free software can be malicious to the user and still be called free software. So the very term looses its meaning because normally free is a associated with ethical, so that is the expectation. Would you agree? Of course I am not implying that it should be 100% bug free but I object to the fact that it is intentionally made non-private. That's why I mention freedom 0 in the comments.

The other question is - how come an average nobody, not even a network expert, could make such a simple test (which seems essential and fairly easy to my mind) and professional top programmers or sysadmins never did that, yet they stick to software which they accept as given to be safe? That is what really worries me. I don't mean to be disrespectful to anyone but looking at facts, logically and sanely, without any bias - we have great talks about software freedom, ethics, non-maliciousness, non-spying, endorsements listed as 100% free/libre/RYF etc. - words creating the impression of absolute cleanness in which the user can be completely safe, like a baby in the hands of a good loving mother. But at the same time - it is not quite the case. Why are these endorsements created if nobody really seems to have checked elementary things? How can a free/libre thing be "respecting your freedom" if it contains a product which connects to Amazon, Akamai etc. on first run, without even asking you or without even telling you that it will do that? I have read some threads with lots of criticism about Purism, about how they carefully structure the language to create the impression of cleanness, security and safety. But how is this different? It is either clean or not clean. We cannot mix clean water and dirty water and advertise that it is clean water. Otherwise the words free and ethical are already polluted and we need new words, which in turn will get polluted too etc. I wonder if I am making myself clear :)

So I am not questioning the technical expertise of anyone but the depth of attention given to things and how it is shared. Through the words used and through the mockery at proprietary stuff the sharing creates the impression of absolutism, as in inspected thoroughly down to the semiconductor by super experts. At the same time we see such superficial issues and the company "respecting user privacy" would rather send me to talk to another one who doesn't care. It is not that I don't understand what they are doing - I simply won't play their game. I have uninstalled Firefox, to me it is that simple. When one sees a venomous snake one doesn't argue with it - one stays away from it, doesn't one?

mason

I am a member!

Offline
Joined: 07/07/2017

> I see a big danger in this. It implies that free software can be
> malicious to the user and still be called free software.

You make a similar point to the one RMS makes in the Ubuntu article Magic Banana linked to, which I encourage you to read if you haven't already. It is for this reason that he suggests people shun Ubuntu, while acknowledging that they had not infringed on user freedom to modify the software, which is why Trisquel was able to remove the spyware features. I was not defending Mozilla's privacy violations by calling it free software. I was clarifying the terms we are using so that our criticisms are accurate.

> normally free is a
> associated with ethical, so that is the expectation.

Freedom (in the general sense) is an aspect of ethics that in my view does include privacy. However, because RMS coined the term 'free software', it is generally associated with his definition, which is very specific.

> That's why I mention freedom 0 in the comments.

Again, RMS's definitions are very specific, and I think you misunderstand his definition of freedom 0. If I give you a shovel that is too long for you to use comfortably, perhaps you can not use the shovel as you wish in its current form. It may seem that this infringes on freedom 0, and you may get frustrated if I were to refuse to make the shovel shorter. However, I am simply refusing to perform labor I do not wish to perform. I would be infringing on freedom 0 if I told you that you may only use the shovel with certain kinds of soil during certain hours of the day and that anything valuable you find while digging you must give to me. I would also be infringing on freedom 1 if I told you that you may not shorten the shovel, freedom 2 if I told you that you may not lend the shovel to your friend or create a new shovel for her, and freedom 3 if I told you that the new shovel you create for her may not be better than the one I gave you.

I'm not trying to get too semantic on you. I just want to clarify the definition of freedom 0 because I think you had a very good point in the Mozilla thread and it was unfortunate that they jumped on your misuse of the term as a way to derail what youwere saying.

> The other question is - how come an average nobody, not even a
> network expert, could make such a simple test (which seems
> essential and fairly easy to my mind) and professional top
> programmers or sysadmins never did that

Whether they never

> words creating the impression of absolute
> cleanness in which the user can be completely safe, like a baby
> in the hands of a good loving mother.

It is a mistake to think that way. Free software is less likely to be malicious that proprietary software because a community of many people who may review the source code is less likely to conspire than a single party, and because malicious functionality may be removed by community members with the knowledge and time to do so. However, that does not mean you should blindly trust free software. Healthy skepticism is part of the process by which a community can find faults with and improve software. If Mozilla won't make the improvement you suggest and you lack the knowledge to do it yourself, you can approach a more privacy-minded Firefox derivative like Icecat (as you have done and got a positive response), Abrowser, or Tor Browser.

> How can a
> free/libre thing be "respecting your freedom" if it contains a
> product which connects to Amazon, Akamai etc. on first run,
> without even asking you or without even telling you that it will
> do that?

This is a huge privacy concern, and I consider privacy to be a freedom in the general sense of the word. Again though, in the context of software 'freedom' is associated with RMS's four freedoms, and that is what we mean when we call something 'free software'. That does not mean that we shouldn't critize Mozilla if they do something that tarnishes the reputation of free software

> I have read some threads with lots of criticism about
> Purism, about how they carefully structure the language to create
> the impression of cleanness, security and safety.

Even with Purism, it is important to be accurate in our criticisms. When Purism claims that they use a completely libre BIOS they are being dishonest, but there is nothing wrong with them claiming that their Debian-derived distro PureOS is libre because it is, and they can be commended for creating a libre distro without defending their claims about their BIOS. Similarly, Mozilla is telling the truth when they describe Firefox as 'free software' (meaning software that respects the four freedoms) but it appears that they do not respect privacy as well as they claim.

> different? It is either clean or not clean. We cannot mix clean
> water and dirty water and advertise that it is clean water.
> Otherwise the words free and ethical are already polluted and we
> need new words, which in turn will get polluted too etc. I wonder
> if I am making myself clear :)
>
> the company
> "respecting user privacy" would rather send me to talk to another
> one who doesn't care.

If you are referring to the fact that the Mozilla representative tried to refer you to someone else, I believe that is because a bug report is not the place to request a policy change. You wouldn't go to an Apple store and demand that one of the employees make Apple stop using sweatshop labor to create their iPhones. The best they could do is refer you to someone higher up, not that they would necessarily care either.

> I have uninstalled
> Firefox, to me it is that simple. When one sees a venomous snake
> one doesn't argue with it - one stays away from it, doesn't one?

There were already reasons to use a privacy-minded Firefox derivative rather than vanilla Firefox. You've discovered another one, and I'll bet that if you bring this issue to the attention of the Abrowser and Tor Browser developers they will be willing to clean up after Mozilla as they already do. However, switching to Chromium because one of their developers told you what you wanted to hear (the Mozilla developer who referred you to someone who had some control over the policy was actually being more helpful) is not a good solution. When it comes to privacy, no company has a worse track record than Google. Mozilla is flawed, but not nearly as bad. You're much better off with a privacy-minded Firefox derivative. Honestly, if you really care about privacy Tor Browser is your only option. You can't have privacy without anonymity.

heyjoe
Offline
Joined: 01/09/2018

> You make a similar point to the one RMS makes in the Ubuntu article Magic Banana linked to, which I encourage you to read if you haven't already.

I am familiar with the story about Ubuntu's search forwarding info to Amazon.

> However, because RMS coined the term 'free software', it is generally associated with his definition, which is very specific.

I understand that (even without the excellent shovel example) and I am questioning the effect of it because accompanied by talks about ethics and non-harmfulness 1) that creates the false implication of something friendly, safe etc. 2) people easily 'buy' free/safe/secure things. In other words - it can be exploited quite easily.

> It is a mistake to think that way.

Of course. That's why it is essential that not only Ubuntu but browsers should also be exposed. I find it disturbing that IceCat was released by people who are so strict and critical to ethics.

> Again though, in the context of software 'freedom' is associated with RMS's four freedoms, and that is what we mean when we call something 'free software'.

Which is an excellent example of exploitation of the term (considering the results of the test).

> When Purism claims that they use a completely libre BIOS they are being dishonest

I would be interested to read that claim as I haven't found any explicit evidence of it. They don't claim anywhere they use Libreboot but it seems to be a forthcoming step in future: https://puri.sm/learn/freedom-roadmap/

> I'll bet that if you bring this issue to the attention of the Abrowser and Tor Browser developers they will be willing to clean up after Mozilla as they already do.

I don't know how to test Tor Browser with tcpdump due to the specific way it connects to the network. As for Abrowser - I can't find it on openSUSE's repos, neither I find it by DDGing for it. Where can I download it?

> However, switching to Chromium because one of their developers told you what you wanted to hear (the Mozilla developer who referred you to someone who had some control over the policy was actually being more helpful) is not a good solution. When it comes to privacy, no company has a worse track record than Google.

The answer given by the Chromium dev surely is not to my taste. Yet it is more acceptable considering that even currently Chromium's test shows it to be a privacy respecting browser. Or can you show a test which demonstrates that Chromium leaks data to Google? Or any other freedom related issue? Please do share, I am interested.

As for Firefox again: of course is free in the "legal sense" (just like Ubuntu) but if one prides oneself to be an integral part of an organization which respects user privacy it is absolutely unacceptable to:

1) create a telemetry feature (for whatever purpose)
2) make it enabled by default (do you know that kids who can't read play YouTube videos in browsers?)
3) make it not possible to disable without some expert fine tuning
4) close the ticket with "FIXED WORKSFORME" when demonstrated that there is a real issue
5) give "talk to someone else" style of answer

Due to all this I am reluctant to use any product by Mozilla. Still we use it on our phones because otherwise we would have to use Google Chrome (as I don't know of Chromium for Android).

> Honestly, if you really care about privacy Tor Browser is your only option.

I question that too. If one is not extra careful, even through Tor one can expose a traceable pattern. For lots of things Tor is an overkill (imo).

> You can't have privacy without anonymity.

I think they are different things. When you go to your home you have privacy. You can have a private conversation with someone in a public location. That doesn't mean you need to hide your face or remove the name from your front door in order to do that, right?

CalmStorm

I am a member!

Offline
Joined: 12/31/2014

Chromium has no good free software derivatives, firefox does.

Chromium collects information just like google chrome sending it back to google. Firefox does do the same by default... but you can turn it off at least.

Also, firefox has free software forks such as, Abrowser, Icecat, Iceweasel (Hyperbola and Parabola's versions of iceweasel though.) and tor browser. That's really about it.

Purism is only honest if you don't read much about them except in favor of what they say to you.

and last but not least, I get the feeling I am wasting time sending this post because you may be trolling us...

If so, I applaud you for that +1. If not, your insane or possibly just delusional... xD in that case -1

mason

I am a member!

Offline
Joined: 07/07/2017

I agree with most of what you just said, except that I don't think heyjoe is necessarily trolling. In fact, I think that he has provided some interesting information information, and while I question as you do his decision to use Chromium I would not risk driving him off when he may be sincere, nor would I dismiss him as delusional. He is right about much, and even on the points I disagree with he's been reasonable.

CalmStorm

I am a member!

Offline
Joined: 12/31/2014

Okay, I just thought he was messing around. You have a point though, we should never assume till there is ample evidence.

heyjoe
Offline
Joined: 01/09/2018

> Chromium has no good free software derivatives, firefox does.

I don't know why that makes Firefox better software (privacy or freedom wise). It may actually have the implication that Firefox *needs* modifications in order to be good for the user. In any case without having expected each line of code of both browsers these are just general considerations.

> Chromium collects information just like google chrome sending it back to google. Firefox does do the same by default... but you can turn it off at least.

You see, I have read thousands of such statements. For that reason I decided to test for myself and my tests show exactly the opposite. Here is what each browser sends in the background on startup with maximum privacy settings (as explained in the bug reports):

Firefox (also the same with WaterFox):

https://bug1424781.bmoattachments.org/attachment.cgi?id=8937242

IceCat:

https://tracker.pureos.net/file/data/ezq7sfsa3em4iipqan2a/PHID-FILE-ms72jsoc2en6alzjr54z/icecat-privacy.txt

Additionally (found today):
https://lists.gnu.org/archive/html/bug-gnuzilla/2017-11/msg00012.html

Chromium:

https://bugs.chromium.org/p/chromium/issues/attachmentText?aid=316942

Do you see Chromium sending any packets to Google? Or to any other company at all? - No. But both Firefox and IceCat do.

If you can show actual STR for a test scenario which proves that Chromium sends data to Google without user consent, I am very intersted to look at it. But as Chrmoium sends only DNS lookup requests to random names to test if the proxy/gateway requires authentication (as explained in the Chromium bug report) it is not really a privacy issue because:

1) if you connect to a public WiFi you have already trusted it, i.e. it is not a question of browser

2) if you use your local DNS you are in control

3) you can create a default browser policy which would enforce those settings, so even on first run there will be no communication to any company.

With Firefox (or IceCat, or WaterFox) you don't have that level of control and Mozilla refuses to give it to you. Please test, see for yourself and share if you find anything different.

> Purism is only honest if you don't read much about them except in favor of what they say to you.

I don't want to go too off-topic as the thread is about browsers. I mentioned Purism because I noticed the harsh critique in another thread. Personally I don't have the expertise to evaluate the validity of what they say or of what others say about them. The fact is that I shared my findings in their bug tracker and they have structured it properly for further cleaning up of ther PureBrowser - which unfortunately I am unable to test as I can't find a way to install it on my openSUSE (maybe I will do it in a VM when I have time).

In any case the point for which I mentioned Purism is because we must be very careful when we use or accept words about anything - browsers, OS, hardware, companies etc. I agree that the overall linguistic outline on their website is quite cleverly tailored and indeed creates the impression of a perfectly pure system which is obviously not the case: disabling Intel ME does not remove the secondary CPU built in the main one and so far it seems nobody has reverse engineered completely the modules which me_cleaner must leave untouched. But doesn't the same apply to the laptops listed as RYF by FSF? Has Intel ME been completely removed or only disabled just the same way? Along these lines:

"The distro must contain no DRM, no back doors, and no spyware."

https://www.gnu.org/distros/free-system-distribution-guidelines.html#no-malware

If this is actual criterion used in evaluation of FSF endorsed distros, then the "no spyware" has not been checked. Browsers are perhaps the most used programs and if any distro has Firefox (or IceCat, or WaterFox), considering tcpdump's output the logical question is: How deeply has the distro been tested actually? Are there any public records which show the exact procedure and the result of it for every distro, so everyone can reproduce it? I really don't know. But if the idea is openness and freely accessible info - it makes sense to have such records. And if there is an entity which can decide which is free and ethical, then such auditing must be done on a regular basis, not just listed once and forever. Otherwise the endorsement really has no meaning and can be easily exploited for marketing purposes.

So considering all that, without any condemnation or justification, it is very difficult to say who is honest and at what depth. Without actual testing it is all just words. Unfortunately technology is so complicated that it is really impossible for one to learn and test everything. So we become slaves to experts and as we see every day - being an expert does not always include good morality.

> because you may be trolling us...

It has never been my intention. Forgive me if anything I said sounded like that.

CalmStorm

I am a member!

Offline
Joined: 12/31/2014

Yeah, I just didn't think chromium was good for security at all so I thought you were trolling. My bad...

As for purism, their operating system pureos is fine unless your against systemd... but more pressing is the hardware RYF issue.

As in their hardware isn't going to get the respects your freedom certification. Or at least, not easily...

PS, have you tried maximum privacy settings on iceweasel from hyperbola or parabola even if in a vm?

just wondered...

Hyperbola and Parabola both are free software entirely. Though Hyperbola is still trying to get certification.

heyjoe
Offline
Joined: 01/09/2018

> My bad...

No worries.

> As for purism, their operating system pureos is fine unless your against systemd...

Should I be? I read some comments against it in the other thread... Then in Wikipedia... but still I don't know if one should be worried enough to avoid it. Again - I don't have the expertise to inspect it.

> PS, have you tried maximum privacy settings on iceweasel from hyperbola or parabola even if in a vm?

Not yet. But you can do it if you are intersted. Just follow the STR listed in the bug reports.

> Hyperbola and Parabola both are free software entirely. Though Hyperbola is still trying to get certification.

Thanks. Do you think we should probably open a separate thread where we can discuss? I have some more questions which are not browser related.

mason

I am a member!

Offline
Joined: 07/07/2017

> I understand that (even without the excellent shovel example) and
> I am questioning the effect of it because accompanied by talks
> about ethics and non-harmfulness 1) that creates the false
> implication of something friendly, safe etc. 2) people easily
> 'buy' free/safe/secure things. In other words - it can be
> exploited quite easily.

Yes, I agree with your point, and it's similar to RMS's point which I why I suggested the article, not because I thought were unware of the Ubuntu issue itself. My only point is that "This Firefox antifeature is an invasion of privacy" will be a more effective argument than "The fact that this feature can't be disabled without editing the source code violates freedom 0."

> Of course. That's why it is essential that not only Ubuntu but
> browsers should also be exposed. I find it disturbing that IceCat
> was released by people who are so strict and critical to ethics.

It sounds like RMS took your report seriously and I believe they will fix it.

> I would be interested to read that claim as I haven't found any
> explicit evidence of it. They don't claim anywhere they use
> Libreboot but it seems to be a forthcoming step in future:
> https://puri.sm/learn/freedom-roadmap/

I don't want to get too sidetracked talking about Purism here, but they don't claim to use libreboot. On the page for their latest Librem laptop they imply that the laptop is entirely libre but to not disclose what BIOS they use. I found another page on their website acknowledging that they use coreboot but erroneously claiming that coreboot is completely libre, when it contains proprietary blobs. There is also a near-zero chance that Purism will ever use libreboot, because post-2010 Intel chips will probably never be supported. If Purism claimed that they plan to use libreboot I would be skeptical, but I'm not aware of them having made that claim.

> I don't know how to test Tor Browser with tcpdump due to the
> specific way it connects to the network.

I don't know either, but I would contact them with your Icecat results (since both Icecat and Tor Browser are based on ESR) and ask them if they are aware of the issue and whether it affects Tor Browser.

> As for Abrowser - I
> can't find it on openSUSE's repos, neither I find it by DDGing
> for it. Where can I download it?

Abrowser is from the same developer as Trisquel. It is the default browser in Trisquel and the Trisquel-derived Uruk. I'm having trouble finding it via DDG too because there is apparently an IE-based browser by the same name. I don't have time to look further right now but will get back to you.

> Or
> can you show a test which demonstrate that Chromium leaks data to
> Google? Or any other freedom related issue?

Most of what I know about Chromium comes from what Magic Banana and others have shared on this forum, including in this thread and others, regarding why Chromium is excluded from Trisquel. Magic Banana's link in this thread is on its own reason enough. The bug Supertramp links to is apparently closed but alarming. I understand that Chromium is currently being investigated by jxself, so perhaps a libre build will be possible in the future, but until them I'm not going to trust the Chromium developers to declare that their software is libre given (1) the material Magic Banana links to and (2) the fact that they have no real incentive to care about freedom and only even attempt to meet the weaker "open source" definition for strategic reasons.

> As for Firefox again: of course is free in the "legal sense"
> (just like Ubuntu) but if one prides oneself to be an integral
> part of an organization which respects user privacy it is
> absolutely unacceptable to:

Ubuntu is not quite as free in the sense that Firefox is, since it contains and recommends proprietary software (see https://www.gnu.org/distros/common-distros.html), where Firefox recommends but does not contain proprietary software, but I agree with your overall point.

> Due to all this I am reluctant to use any product by Mozilla.
> Still we use it on our phones because otherwise we would have to
> use Google Chrome (as I don't know of Chromium for Android).

I'm about to get a little off-topic, but if you are using Android you might consider switching to Replicant (if you are okay with aquiring and using an older device) or LineageOS (not 100% libre like Replicant but much better than Android and supports more devices than Replicant). I have a Replicant phone that I only carry when I absolutely have to and never use for browsing the web, so I haven't really looked into what its default browser is based on. It isn't Firefox, and it is definitely not Chrome, but it may be Chromium-based. If you live in North America you might want to look into JMP (https://jmp.chat) as an alternative to carrying a cell phone at all.

> If one is not extra careful, even through
> Tor one can expose a traceable pattern.

No, Tor is not foolproof and anyone who uses it should read this first (https://www.torproject.org/download/download-easy.html.en#warning) but using it responsibly is better than taking no steps to preserve your anonymity, or in the cases where you do identify yourself, by logging into an account for instance, to prevent your location from being revealed or having your traffic associated with other activities you do wish to be anonymous.

> I think they are different things. When you go to your home you
> have privacy. You can have a private conversation with someone in
> a public location. That doesn't mean you need to hide your face
> or remove the name from your front door in order to do that,
> right?

They are indeed different things, but one is a precondition for the other in many situations. Your home analogy doesn't apply well because use of the internet is a public interaction that is not confined to your personal computer. Having a private conversation in public is a better analogy, so let's go with that. In that case, assuming you are not being eavesdroped on, you do not need to cover your face to have privacy from a third party, but you would need to cover your face to have privacy from the person you are talking to. Why would you want to do this? Suppose you want to receive information from this person without giving them any information about yourself. This is perhaps not a common situation on the street, but very common when browsing the internet. The act of communication inherently requires giving some information, and in some situations the only way to complete the exchange without the other party learning something about you is if they don't know who the information is coming from. Of course, if the information is unique enough you may be 'unmasked' even while your face is hidden, which is why it is also important to avoid providing identifying information, leave JavaScript disabled, and refain from changing the default Tor Browser configuration in a detectable way. Back to your private conversation analogy, there is also 'eavesdropping' on the internet and using Tor can help protect you from that, although again it is not foolproof. Here's a good link (https://www.eff.org/pages/tor-and-https). Forgive me if you already know about all this.

heyjoe
Offline
Joined: 01/09/2018

> My only point is that "This Firefox antifeature is an invasion of privacy" will be a more effective argument than "The fact that this feature can't be disabled without editing the source code violates freedom 0."

You are right about that. Perhaps I should have actually used a new definition, e.g. "freedom -1" as what I am questioning is deeper than F0. From general user perspective security and privacy are much more important then the ability to inspect the code. Maybe the 4 freedoms are not enough and we need a new form of evaluating qualities which considers the deeper issues of today.

> It sounds like RMS took your report seriously and I believe they will fix it.

Yes. But still - is there any official public announcment by FSF saying "We have found a privacy issue in IceCat" + description of it? I actually suggested in my emails that they share the issue with the public, so that people know about them.

> I don't have time to look further right now but will get back to you.

If you have Trisquel you could probably repeat the test for yourself and share the result.

> Most of what I know about Chromium comes from what Magic Banana and others have shared on this forum, including in this thread and others, regarding why Chromium is excluded from Trisquel.

Now you have actual facts from tcpdump too :)

> The bug Supertramp links to is apparently closed but alarming.

It seems invalid because current version of Chromium doesn't do what that bug describes.

> I understand that Chromium is currently being investigated by jxself, so perhaps a libre build will be possible in the future, but until them I'm not going to trust the Chromium developers to declare that their software is libre given (1) the material Magic Banana links to and (2) the fact that they have no real incentive to care about freedom and only even attempt to meet the weaker "open source" definition for strategic reasons.

This is a valid concern but the question is: why would you trust a "free software" which sends packets to Amazon etc. or would you use one which is weaker (OSS) but shows better privacy?

> I'm about to get a little off-topic, but if you are using Android you might consider switching to Replicant (if you are okay with aquiring and using an older device) or LineageOS (not 100% libre like Replicant but much better than Android and supports more devices than Replicant).

I know about Replicant and LineageOS (and Omnirom). I have a Samsung Galaxy S3 mini which unfortunately is not supported by any of those. I very rarely connect the internet from my phone and (almost) never turn on the GPS. Of course that doesn't mean anything because it doesn't stop the firmware to do what it wants but still... this is the only thing I can do for the moment. We also have 2 devices here (used by other people) which are in the supported Replicant list and I am planning to try Replicant on them but considering that Replicant is not 100% deblobbed - I am questioning if it makes any sense at all. Maybe we can rather wait for the Librem 5 phone? :P

> Tor...

One problem which I see is that one cannot use login-based sites at all and preserve anonymity because 1) you need an email address (or phone no.) to create a login 2) I cannot find any email service provider where one can register for free without javascript. And all this greatly limits Tor usage. BTW do you think that installing uBO, uMatrix or HTTS everywhere as extensions in Tor reduces anonymity or improves it?

> Suppose you want to receive information from this person without giving them any information about yourself.

You see - THAT is the big paradox, the fight is not for freedom but for control. We hate to give information yet we want to receive freely available one. We really try to be clever merchants of information because of all our cultural conditioning. How is that different from what PRISM does?

> The act of communication inherently requires giving some information, and in some situations the only way to complete the exchange without the other party learning something about you is if they don't know who the information is coming from.

The other day I've been thinking about a new way of communication. A new network if you will. AFAIK UDP does not require response from the other peer. So in that sense: what if we have a network of anonymous UDP peers sending encrytped info. It will be available to all other nodes but only those which know how to read it (the recepient) will be able to. Of course this is just a very rough concept but maybe worth considering... Share your thoughts please.

> Here's a good link (https://www.eff.org/pages/tor-and-https).

Thanks. I find it amusing that the page ask to enable Javascript :)

mason

I am a member!

Offline
Joined: 07/07/2017

I don't have time to respond to everything here right now, so I'm going to respond to the simple stuff now and get back to you on the complicated stuff later.

> Maybe the 4 freedoms are not enough and we need a new form
> of evaluating qualities which considers the deeper issues of
> today.

What's wrong with just calling it "privacy"? Privacy is important enough on its own that I don't think we need to reframe the discussion in ways that might cause confusion.

> If you have Trisquel you could probably repeat the test for
> yourself and share the result.

From your bug reports it sounds like you had two findings. The first was the logs in ~/.mozilla, which I can confirm exist in Abrowser. I briefly attempted your second test, but the command immediately exited and /tmp/tcpdump.log was not created, so I must have done something wrong. I will figure it out when I have more time.

> Now you have actual facts from tcpdump too :)

According to your bug reports neither Firefox nor Chromium passed this test, so I don't see how it is an argument for either.

If I understand correctly, your test creates a lower-bound, not an upper-bound, on what data is sent. It doesn't seem to prove that no additional data is sent by Firefox or Chromium during browsing, just that this data at minimum is sent on startup.

> It seems invalid because current version of Chromium doesn't do
> what that bug describes.
...
> This is a valid concern but the question is: why would you trust
> a "free software" which sends packets to Amazon etc. or would you
> use one which is weaker (OSS) but shows better privacy?

I said that it had been closed, but it's alarming that it ever happened. If Chromium were downstream from Chrome it could have been something implemented in Chrome that Chromium developers simply did not notice. However, Chrome is downstream, so this was apparently intentional. That makes me unwilling to trust Chromium developers that there there are no similar issues in Chromium not yet discoved by the Debian community. However, right now I am more concerned with the issues linked to by Magic Banana, since they are active and haven't been adequately addressed after several years.

> but considering that Replicant is not 100% deblobbed

Replicant, the operating system, is 100% libre. You are likely referring to the modem or bootloader that the device itself uses regardless of what operating system it runs.

> Maybe we can rather
> wait for the Librem 5 phone? :P

Maybe the emoticon there was meant to indicate that this is a joke, but since I'm not familiar with Purism's phones I took a quick look at the page on their site (https://puri.sm/shop/librem-5) and just sighed. I don't have time to pick the whole thing apart, so I'll just focus on the big lie "Does Not Track You". If pressed in the matter, I'm sure they'd say that only the main operating system PureOS (like Replicant) does not track you, but they're clearly trying to imply that the phone itself won't track you, which it will whenever the modem is turned on. A kill switch for the modem is a good idea (the Neo 900 will have kill switches too) but most people will choose to leave it on so that they can receive calls. I hope anyone who buys this phone is informed that they must turn the modem off to avoid being tracked.

I suggest looking into JMP if you live in North America (unfortunately it is not available elsewhere yet). It allows you to send and receive calls/texts from a device that has no modem, so that you can actually avoid being tracked. For now you have to rely on being in range of WiFi, although the main developer Denver Gingerich is now working on a radio mesh that if adopted by enough people in year area would allow you to use JMP without being in range of WiFi. That's at least a few years out though.

> One problem which I see is that one cannot use login-based sites

In this case the advantage of using Tor is that you do not reveal your location. This is especially important if it is a site or account you use frequently (like an email provider) as otherwise they can track you to the point of detecting behavioral patterns.

> you need an email
> address (or phone no.) to create a login

You can you a temporary email address that self destructs when you're done with it (see link in next point).

> 2) I cannot find any
> email service provider where one can register for free without
> javascript.

Here is a good resource that also links to some disposable email address sites that do not require proprietary JavaScript. https://www.fsf.org/resources/webmail-systems

> We hate to give information yet we want to
> receive freely available one.
...
> How is that different from what PRISM does?

Asymmetrical protections are warranted when one party has much more power than the other, and when one of those parties is an individual and the other is a corporation, human rights only apply to the individual. We can't really harm, manipulate, or profile Google, Amazon, Facebook, Apple, even Mozilla, with the information we get from using their websites, browsers, or other software. However, they can do a great deal with the information they get from use. Moreover, they have the power of aggregating data about many users, while we don't have the power to aggregate data about many browsers, for instance. And finally, while the individuals who work for these companies deserve privacy and we are not entitled to their personal information, the corporations they work for are not people (sorry Mitt) and are not entitled to human rights. This is why I think it was reasonable for you to request in your bug reports that Google and Mozilla not collect or send your personal information, even though you benefit from receiving information through their browsers.

> The other day I've been thinking about a new way of
> communication. A new network if you will. AFAIK UDP does not
> require response from the other peer. So in that sense: what if
> we have a network of anonymous UDP peers sending encrytped info.
> It will be available to all other nodes but only those which know
> how to read it (the recepient) will be able to. Of course this is
> just a very rough concept but maybe worth considering... Share
> your thoughts please.

I'd be very interested to hear more about this but don't have time to ask follow-up questions at the moment.

> Thanks. I find it amusing that the page ask to enable Javascript :)

You are right not to have Javascript allowed by default. On this particular page the Javascript is free software, so if you don't trust the EFF you don't have to. You can inspect the source code yourself or show it to someone else with more knowledge.

Or better yet, screw JavaScript. If you don't care whether the page is interactive and don't mind an extra minute to collect the information, the urls to the four images can be found in the text following the JS message (you can often navigate JavaShit heavy sites this way. It works especially well in a command line browser like lynx or elinks). If you haven't already done this, here they are:

No Tor and No HTTPS: https://www.eff.org/files/tor-https-0.png
No Tor and HTTPS: https://www.eff.org/files/tor-https-1.png
Tor and No HTTPS: https://www.eff.org/files/tor-https-2.png
Tor and HTTPS: https://www.eff.org/files/tor-https-3.png

heyjoe
Offline
Joined: 01/09/2018

What's wrong with just calling it "privacy"? Privacy is important enough on its own that I don't think we need to reframe the discussion in ways that might cause confusion.
Nothing wrong at all. I just wanted to accent on the fact that for people privacy (as a form of personal security) is more important then the ability to inspect/change/redistribute. That's why I think we need stronger criterion when evaluating the quality of software (or hardware). As discussed here, just being free (in the FSF sense) is obviously not enough and with the state of what is happening in the world we need new things. Hence my idea about a new network.

I will figure it out when I have more time.
You can also try wireshark.

It doesn't seem to prove that no additional data is sent by Firefox or Chromium during browsing, just that this data at minimum is sent on startup.
I don't know what lower/upper-bond means but the very fact that any browser which sends these packets without the user initiating explicitly that communication is enough for me to mark it not privacy respecting and not consider it for further testing. Of course you are right - we need to test how it works during browsing. Perhaps the best thing to do would be to keep it simple - e.g. opening remote txt or html without scripts or extensions and looking at tcpdump. Let me know if you have any better idea.

I said that it had been closed, but it's alarming that it ever happened.

That is in no way different from Ubuntu's case or from Mozilla's telemetry. In such scenario, when flaws are all around, all we can do is look at facts as they are right now: Chromium does not send packets to any third party on startup. Konqueror sends no packets at all on startup but has other issues as it seems.

However, right now I am more concerned with the issues linked to by Magic Banana, since they are active and haven't been adequately addressed after several years.
I am honestly having a difficulty in understanding what you mean. Aren't they primarily licensing issues? Why are you more concerned about licensing while your browser is sending packets to company X, Y, Z? Please explain as I may be missing something.

Replicant, the operating system, is 100% libre. You are likely referring to the modem or bootloader that the device itself uses regardless of what operating system it runs.
Exactly.

Purism's phone...
It is still not produced, so nobody can possibly evaluate it. But from what I know there will be complete hardware separation between the modem and the rest of the system. So you can use it as a pocket libre computer, hopefully without any coreboot or whatever firmware blobs, otherwise it won't be much different from a Samsung + Replicant. Also from what I have heard, it would be able to use the mobile network as a pipe, to make encrytped phone calls. So basically the only tracking will be possible through the location of the phone based on nearby mobile stations (which perhaps cannot be avoided if one wants to talk to anybody).

I suggest looking into JMP if you live in North America
I don't but thanks for the info. What you describe is similar to Librem5.

In this case the advantage of using Tor is that you do not reveal your location. This is especially important if it is a site or account you use frequently (like an email provider) as otherwise they can track you to the point of detecting behavioral patterns.
Sure. You can probably even use Facebook anonymously but FB (and many other sites) won't allow you to sign up/in with a disposable email address (they seem to recognize the domains). I know the FSF page which you linked but it seems dated. From all the recommended ones only safe-mail.net seems to work without JS but it requires a current email address and I can't find any site which gives disposable email without JS, so there is still no possibility for complete untraceable anonymity. As for Kolabnow - I have been in touch with these guys and asked them if they have cleaned their systems from Intel ME, proprietary BIOS, what is their approach to quantum resistant security etc. The answer was "We are still learning to ride the bike" and some advertising that they use only FOSS. I explained further that security at ring 0-3 means nothing when a system is flawed at ring -3 and they told me the would forward my concerns to some operations department. ProtonMail's answer was even worse. So far I haven't found a single online service provider who can guarantee a clean and completely tested system and without that there can be no privacy, regardless of how deep the server may be buried in the Alps (or wherever). And considering the most recent side-channel bugs, things are really out of hand, globally. I think it is a much bigger problem than cleaning up ones own machine(s) as we still need to communicate with the majority who use PRISMed services and have no idea what end-to-end encryption is. So considering the mid-man is always flawed (in one way or another) and that end points are already infected, freedom/privacy for one's own computer becomes a petty little affair.

Asymmetrical protections...
My previous comment was about your example of 2 people having a private discussion in a public place and one of them hiding his face. My point was: that is unnatural and will never work, it will always lead to conflicts. Our current approach to security is through isolation and isolation itself creates separate conflicting sides. So we cannot be secure through isolation. We are naturally secure when we are together - when we think together, work together, share together. I am not proposing communism (that's an illusory ideal which didn't work) but perhaps we need to fix ourselves as species first, not technology (which is just the product of what we are). Just thinking...

Thanks for the links to EFF's images. I enable JS in private mode (i.e. temporarily) for individual sites when it is absolutely necessary (e.g. to pay some bills) and for my local web server on which I do some front-end web dev. But as a whole I browse with JS, cookies and 3rd-party images and CSS blocked. It is amazing how very few good designed sites are out there. Most of the web is really terrible, just like the increasing length of my posts :)

mason

I am a member!

Offline
Joined: 07/07/2017

Just a heads up that the way you've started quoting text does work in the mailing list making this very difficult to read.

> Nothing wrong at all. I just wanted to accent...

I think we basically agree here. I brought this up to explain why invoking 'freedom 0' was not effective in the Mozilla thread, and we're past that.

> Hence my idea about a new network.

This is probably worth starting a new thread over.

> You can also try wireshark.

Will do.

> That is in no way different from Ubuntu's case or from Mozilla's telemetry.

Yes, I avoid Ubuntu and Firefox as well. I use modified versions (Trisquel and Tor Browser) by more privacy- and freedom-friendly developers. I would also be open a similarly modified version of Chromium but am not aware of one.

> Chromium does not send packets to any third party on startup.

Am I missing something? You filed a bug report because it does, right?

> Why are you more concerned about licensing while your browser is sending packets to company X, Y, Z?

I am concerned with both. While software freedom and privacy are two different issues, lack of software freedom makes it easier for software to abuse its users, including by invading their privacy. I would be interested to know what packets are sent from Tor Browser and how. If they contain no identifying information and are sent through the Tor network then they do not invade my privacy because the information has nothing to do with me and no one knows it came from me. Of course, I would feel more comfortable with it not being sent at all, but it's certainly not worth switching to Chromium over.

I suggest that you approach the Tor developers as you have with Mozilla, Google, and RMS. I can do it myself if you don't have time, but you'd be able to do it much more quickly because you've already learned how to run these tests and articulate your findings.

> Purism's phone...
> It is still not produced, so nobody can possibly evaluate it.

If the device connects to the cell network, we do not need to evaluate the device to know that it will track you.

> But from what I know there will be complete hardware separation between the modem and the rest of the system. So you can use it as a pocket libre computer, hopefully without any coreboot or whatever firmware blobs, otherwise it won't be much different from a Samsung + Replicant.

If they made a pocket libre computer with no modem I'd be fine with them saying it doesn't track you. If it's a phone it does. Good modem isolation can limit the amount of information that your modem accesses, but the modem only needs to connect the cell network for you to be tracked.

> So basically the only tracking will be possible through the location of the phone based on nearby mobile stations (which perhaps cannot be avoided if one wants to talk to anybody).
...
> I don't but thanks for the info. What you describe is similar to Librem5.

No, it's completely different. I won't lengthen this message by explaining JMP since you don't live in North America and the information won't benefit you right now, but unlike what Purism is proposing, JMP requires no modem or connection to the cell network. Purism's marketing for their phones hasn't really been on my radar until now, but many people are already ignorant of the issues with cell phones and Purism could do some real damage if they spread misinformation just to sell their product.

> FB (and many other sites) won't allow you to sign up/in with a disposable email address (they seem to recognize the domains).

As an experiment I tried making a Facebook account through Tor with a disposable email address. It rejected the first domain I tried but accepted the second one. However, it eventually wouldn't let me advance without uploading a picture of my face, at which point I gave up. Anyway, the fact that Facebook rejects some disposable email address is far from the only reason to avoid Facebook. I avoid any site that prevents me from accessing it anonymously.

> I can't find any site which gives disposable email without JS, so there is still no possibility for complete untraceable anonymity

The one's linked to from the FSF use libre JavaScript. If you don't trust the FSF's evaluation of the code, you can review it yourself or find someone who can. JavaScript is a programming language like any other. Avoiding every single instance of JavaScript is unnecessary. We don't need to avoid every single instance of C just because some proprietary and/or malicious software is written in that language. Unless the JS on those sites compromises anonymity (which it might. I never learned JavaScript and have not audited the code, relying on the FSF's judgement) it is not an obstacle to anonymity.

> So far I haven't found a single online service provider who can guarantee a clean and completely tested system

Sure, really the only way to be certain is to use your own server. But if you can't do that, some are certainly better than others. You're right that parts of the FSF page are out of date. Here's some recent discussion of email providers on this forum, if you're interested.

https://trisquel.info/en/forum/what-service-do-you-recommend-replace-openmailbox
https://trisquel.info/en/forum/posteo-vs-tutanota-vs-openmailbox

> we still need to communicate with the majority who use PRISMed services and have no idea what end-to-end encryption is.

Totally.

> So considering the mid-man is always flawed (in one way or another) and that end points are already infected, freedom/privacy for one's own computer becomes a petty little affair.

If you are freedom- and privacy- focused you can greatly mitigate risk and harm to yourself. The fact that we can't at this time perfectly solve every problem does not make those actions petty.

> My previous comment was... Our current approach to security is through isolation and isolation itself creates separate conflicting sides.

I basically agree with your point about isolation, but feel like it's a stretch to apply it to what we are talking about. It comes across as if you are trying to dismiss the importance of anonymity by arguing that privacy is antisocial. I'm sure that this is not what you mean, since you obviously care about privacy and it was the fact that Chromium and Firefox were transmitting information that you wanted to keep to yourself that got you involved in this thread.

> It is amazing how very few good designed sites are out there.

Right?! I see otherwise static pages that make navigation impossible without JS by using cute buttons that look identical to an image with a link, because why? You aren't getting your money's worth unless the web developer you hire uses JS in your ugly webpage? You're afraid that if your page loads too quickly people won't have time to emotionally prepare themselves to have to click 8 more links to find the information they were looking for?

What I'd like is a browser that has no JS by default, and when you visit a page with JS it says

"asshats.com would like you to install
- nonsense.js (proprietary license, no source code available)
- slightly-more-ethical-nonsense.js (GPLv3, view source code)
Would you like to install this software?"

That way sites wouldn't be able to control the narrative with crap like "Whoops! we think you're a bot because you aren't letting us install something on your personal computer. Maybe your browser sucks? Try installing a *modern* browser like Google Chrome. Remember kids: don't jailbreak your device and don't use encryption. Without us you wouldn't know what to buy!" "Aw, shucks. I don't want to have an Incomplete Browsing Experience(tm). Better enable this futuristic JavaScript so that Facebook can manipulate my dopamine levels and more efficiently insert itself into my personal relationships. I know, I know, but it's just so convenient!"

https://nonfree.news/2017/10/27/full-stack-developer-discovers-language-that-isnt-javascript

heyjoe
Offline
Joined: 01/09/2018

> Just a heads up that the way you've started quoting text does work in the mailing list making this very difficult to read.

Thank you for mentioning that. I was just trying to make my post more readable as ">" doesn't give good enough visual separation.

I was also wondering how to get email notifications for replies in the forum as it is getting more and more difficult to find which posts are new. It seems you are using some mail system. Could you please help me set this up? Also please suggest a way to make posts more readable without affecting mail. (Or maybe someone can work on the frontend to improve the forum?)

> This is probably worth starting a new thread over.

I have been thinking about it. But considering this forum is Trisquel - wouldn't it be considered as site-off-topic? I am interested in discussing wider aspects of freedom too (such as ones already mentioned here). Please suggest.

> I would also be open a similarly modified version of Chromium but am not aware of one.

Brave browser was mentioned. Perhaps worth trying. I also wonder which others we should look at:

https://en.wikipedia.org/wiki/Comparison_of_web_browsers

Personally I would prefer to a browser compatible with the extensions uBlock Origin and uMatrix as they improve the security, privacy and cleanness of browsing tremendously.

> Am I missing something? You filed a bug report because it does, right?

Perhaps you haven't read the follow up comments in the bug report which show that it doesn't. At least unless you open settings:// (which is I found yesterday, also shared in comment to the bug report).

> but it's certainly not worth switching to Chromium over.

It obviously comes down to: what is more important - to have actual privacy or to have implication of privacy respect (F0-4). From your explanation I understand that you seem to give up privacy because of a promise for respecting privacy (conceptually but not actually). That is what confuses me. If we are able to inspect packet destinations (as we are) and a test shows that a particular browser does not send packets to 3rd party, i.e. does not really abuse the user in any way: Does it really matter if it is free or open source at all? Please share your thoughts.

> I suggest that you approach the Tor developers

I will as soon as I test Tor too. Could you just share a link to the proper page where I can do that?

> but the modem only needs to connect the cell network for you to be tracked.

Yes, because the SIM card is not anonymous. But with current technology and legislation we cannot escape from that unless we stop communicating which can be more harmful.

> As an experiment I tried making a Facebook account through Tor with a disposable email address. It rejected the first domain I tried but accepted the second one.

But even if that works it is not useful because to use FB you need a non-disposable email address where you can receive notifications etc. Otherwise the account is completely compromised and makes no sense at all (since you can browser parts of FB without registration).

> I avoid any site that prevents me from accessing it anonymously.

I understand completely your points. Unfortunately, as mentioned previously, the majority of people are using those sites and will not stop using them, and will let their email provider access to your email address (even if you are not on FB), and will not move away from FB regardless of the valid arguments we may provide to them. Pretty much the same applies to Gmail, Yahoo etc. So it seems to me anonymizing oneself is not the solution to privacy but rather a road to break communication. To my mind the solution may be a new technology, designed not to create such issues.

> The one's linked to from the FSF use libre JavaScript...

I know that. I also do a little JS programming myself but that is not important. LibreJS is just as good as 'free software' which may send packets to Amazon. I don't see myself auditing every JavaScript code on every non-chached HTTP request just because it is open for evaluation. So this basically still comes down to enforcing trust. The more I look, the more I think we need a technology which does not in any way require from a layman user to trust anybody. Maybe we should open a new thread.

> Sure, really the only way to be certain is to use your own server.

Is that really certainty? Is there hardware which is 100% libre and *verified for privacy issues*. Considering that even browsers are not fully tested (something used by millions of people) I question that, even with the risk of my scepticism being considered close to insanity :)

> Here's some recent discussion of email providers on this forum, if you're interested.

Thanks, I am. But as with all others - these still have the same issues at hardware level.

> If you are freedom- and privacy- focused you can greatly mitigate risk and harm to yourself. The fact that we can't at this time perfectly solve every problem does not make those actions petty.

They are petty because you or I, or another 10k FLOSS enthusiasts is a drop in the ocean. You can completely disconnect from the internet, stop using a mobile phone, never visit a bank, give up all property so you never pay taxes (which supports warfare), escape and go to live in a cave far from civilization. Each of these are steps in the so called mitigation but what kind of life is that? I (the average person) don't want to hide, I don't want to be afraid, I don't want to inspect every bit or transistor. I want to enjoy life and have friendships without being extra careful about each word I say or key I press. You get the idea.

> as if you are trying to dismiss the importance of anonymity by arguing that privacy is antisocial.

Privacy is not antisocial but forcefully breaking privacy is. Anonymity means "without a name", i.e. without identification. I don't think one needs to become face-less for the purpose of not being spied on. The fact that anonymizing tools were created is just a reaction to breaking of privacy. It won't resolve the root cause. It is really a game of cat and mouse. This is becoming philosophical, let's maybe have a new thread.

> What I'd like is a browser that...

I would like much more than that :)

> Without us you wouldn't know what to buy

That's the curse of capitalism: property which is owned, sold and purchased, all the time. People have tried to escape from it through opposing ideology but that failed too. We need to fix ourselves first. Fixing technology is very superficial at the moment.

> "so that Facebook can manipulate my dopamine levels and more efficiently insert itself into my personal relationships. I know, I know, but it's just so convenient!"

Exactly!

> https://nonfree.news/2017/10/27/full-stack-developer-discovers-language-that-isnt-javascript

:))

mason

I am a member!

Offline
Joined: 07/07/2017

Ugh. I spent a long time writing a message and then accidentally deleted it. I can't afford the time it would take to fully reconstruct it, so this will not be the full response that many of your points deserve.

The forum is mirrored to a mailing list which you can join here: https://listas.trisquel.info/mailman/listinfo/

I understand that the forum is being reworked. In the meantime, to ensure that forum posts are readable for mailing list users, avoid relying on html for coherence and update your comments by replying to them instead of editing them.

If you want to start a thread that will be of interest to people here but that you are afraid is too far off-topic from Trisquel, the Troll Lounge is good for meaningful but off-topic discussions.

Although Tor Browser is as libre as Firefox and more so than Chromium, the reason I use is for privacy. I agree that we *shouldn't* need anonymity to protect our privacy, but right now we do. If Tor Browser sends the same data Firefox does and it is either deanonymizing or not sent through the Tor network then that is a serious bug. (If you find that this is the case, I'm sure it can be addressed if you report it here: https://trac.torproject.org/projects/tor) However, if the data is not identifying and is sent through the Tor network than it is irrelevant as far as privacy is concerned, eliminating Chromium's advantage on this one point. When it comes to other potential privacy issies, I see Chromium as far more risky than Tor Browser. In many situations on the internet the only way to protect your privacy is to avoid them entirely, or engage with them anonymously. The former option is crippling, and more isolating than the latter. Outside the context of the issue you are testing among browsers, Google and Chromium have a far worse track record than Mozilla and Firefox, and while Tor developers have an incentive to find and fix privacy issues from Firefox, Chromium developers have an incentive to create as many privacy issues as they can get away with and only have an incentive to remove them after they get caught and if there is enough outrage. Unless Firefox has an extraordinarily massive flaw we are unaware of that cannot be fixed in Tor Browser, the hypothetical privacy gained from switching to Chromium, assuming it is better overall than Firefox in situations outside of the one you are testing, is far less than the actual privacy lost by failing to protect my privacy from many parties, not just Google and Mozilla, with anonymity.

I understand your point about this not being a long-term solution. Many of your points are about identifying things that are not long-term solutions, and that is valuable because without long-term planning the good guys have no chance of winning. However, if the bad guys win anyway then all that will have mattered is mitigation of the harm to our lives, our communities, and the people we care about, so I do not consider mitigating actions petty. We have to do both.

As you point out, the best long term solutions are those that replace important but harmful technologies, rather than isolate ourselves from them. Just as important as the new technologies is a path toward transitioning from the old technologies. I see Denver Gingerich's work with JMP and WOM to be a very promising plan. It is already possible to use JMP to send and receive texts and calls without a SIM card. No need to choose between isolating yourself and being tracked. Having integrated with the cell network, the next steps are to create advantages to using JMP over connecting the cell network directly, and finally replace it. Good old EEE. Thanks Micro$oft. Diaspora takes a similar approach with respect to Facebook, but I am more skeptical of it. I have some ideas about ethical and pracical social media that I am still organizing and are outside the scope of this thread.

As for JavaScript, you are right to avoid it when you can. However, no individual can review every line of code in all software they use, whether it's JS for a disposable email address or the Linux kernel. JavaScript is unique in that many people install JavaScript programs everyday with out knowing it (hence my suggestion for how browsers could better frame the issue for uninformed users), but if you are as cautious about installing software written in JavaScript as you are with any other software it is no worse than C or Python. This is a good essay that probably won't tell you anything you don't already know about the problem but has some good insight as to possible solutions: https://onpon4.github.io/other/kill-js

> even with the risk of my scepticism being considered close to insanity :)

You aren't insane. The world is. That said, don't let perfect be the enemy of the less-awful-option-until-we-maybe-solve-the-problem-for-real-one-day.

I didn't touch the capitalism stuff because at some point thread has to start winding down. :) I'm really interested to hear your results with Tor Browser, and I really apprecitate the time and energy you're putting into this. As for some of the other issues we've touched on, they might be better explored in new threads. I look forward to hearing more from you in this forum.

heyjoe
Offline
Joined: 01/09/2018

> Ugh. I spent a long time writing a message and then accidentally deleted it.

For reasons like that I learned to first write my answer in a text file and then paste it :)

> The forum is mirrored to a mailing list

Thanks, I already found that. Unfortunately it sends me emails from all threads which is somewhat spammy but I guess this is how mailing lists work.

> Troll Lounge

https://trisquel.info/en/forum/freedom-security-technology-what-can-we-do

> if there is enough outrage

Unfortunately I don't have a high traffic web site or anything like that to bring it to the attention of enough people. So far I have shared my findings 1) in the bug reports 2) here and in openSUSE forum. Still I don't see hundreds of people adding outrage to the bug reports, so I suppose they either don't realize the actual issue, or put up with it, or their desire for privacy is just verbal.

> We have to do both.

Of course. But the effort we put in securing current systems should probably be only for the sake of developing a conceptually new one. Otherwise it is an endless chase of a moving target which moves at speed which is beyond anyone's capabilities.

> I have some ideas about ethical and pracical social media that I am still organizing and are outside the scope of this thread.

Please share a link to another thread. I am interested to learn about your ideas.

> As for JavaScript, you are right to avoid it when you can.

I wasn't too concerned about it before the announcement about Spectre and Meltdown as I relied on the stronger process isolation mechanisms at lower level (which is no longer reliable obviously).

ADFENO
Offline
Joined: 12/31/2012

And it's where these basic websites for paying bills get the most focus
of web-vandals, because these websites have automatic client-side
software being forced to end-user which just want to "get the bills
paid".

What you should do instead is contact the website owners and tell them
to change to a solution which doesn't require any client-side software
besides a browser with HTML and CSS support and no JS, extensions nor
plug-ins. If you are not a programmer or not a web developer, tell them
to contact libreplanet-discuss (this forum, trisquel-users, isn't for
this kind of requests unfortunatelly), with more and more people doing
the same for a given company they will eventually give it a try, if they
ignore you, you have a reason to not use their disservice anymore. ;)

2018-01-12T01:17:01+0100 name at domain wrote:
> What's wrong with just calling it "privacy"? Privacy is important
> enough on its own that I don't think we need to reframe the discussion
> in ways that might cause confusion.
> Nothing wrong at all. I just wanted to accent on the fact that for
> people privacy (as a form of personal security) is more important then
> the ability to inspect/change/redistribute. That's why I think we need
> stronger criterion when evaluating the quality of software (or
> hardware). As discussed here, just being free (in the FSF sense) is
> obviously not enough and with the state of what is happening in the
> world we need new things. Hence my idea about a new network.
>
> I will figure it out when I have more time.
> You can also try wireshark.
>
> It doesn't seem to prove that no additional data is sent by Firefox or
> Chromium during browsing, just that this data at minimum is sent on
> startup.
> I don't know what lower/upper-bond means but the very fact that any
> browser which sends these packets without the user initiating
> explicitly that communication is enough for me to mark it not privacy
> respecting and not consider it for further testing. Of course you are
> right - we need to test how it works during browsing. Perhaps the best
> thing to do would be to keep it simple - e.g. opening remote txt or
> html without scripts or extensions and looking at tcpdump. Let me know
> if you have any better idea.
>
> I said that it had been closed, but it's alarming that it ever happened.
>
> That is in no way different from Ubuntu's case or from Mozilla's
> telemetry. In such scenario, when flaws are all around, all we can do
> is look at facts as they are right now: Chromium does not send packets
> to any third party on startup. Konqueror sends no packets at all on
> startup but has other issues as it seems.
>
> However, right now I am more concerned with the issues linked to by
> Magic Banana, since they are active and haven't been adequately
> addressed after several years.
> I am honestly having a difficulty in understanding what you
> mean. Aren't they primarily licensing issues? Why are you more
> concerned about licensing while your browser is sending packets to
> company X, Y, Z? Please explain as I may be missing something.
>
> Replicant, the operating system, is 100% libre. You are likely
> referring to the modem or bootloader that the device itself uses
> regardless of what operating system it runs.
> Exactly.
>
> Purism's phone...
> It is still not produced, so nobody can possibly evaluate it. But from
> what I know there will be complete hardware separation between the
> modem and the rest of the system. So you can use it as a pocket libre
> computer, hopefully without any coreboot or whatever firmware blobs,
> otherwise it won't be much different from a Samsung + Replicant. Also
> from what I have heard, it would be able to use the mobile network as
> a pipe, to make encrytped phone calls. So basically the only tracking
> will be possible through the location of the phone based on nearby
> mobile stations (which perhaps cannot be avoided if one wants to talk
> to anybody).
>
> I suggest looking into JMP if you live in North America
> I don't but thanks for the info. What you describe is similar to Librem5.
>
> In this case the advantage of using Tor is that you do not reveal your
> location. This is especially important if it is a site or account you
> use frequently (like an email provider) as otherwise they can track
> you to the point of detecting behavioral patterns.
> Sure. You can probably even use Facebook anonymously but FB (and many
> other sites) won't allow you to sign up/in with a disposable email
> address (they seem to recognize the domains). I know the FSF page
> which you linked but it seems dated. From all the recommended ones
> only safe-mail.net seems to work without JS but it requires a current
> email address and I can't find any site which gives disposable email
> without JS, so there is still no possibility for complete untraceable
> anonymity. As for Kolabnow - I have been in touch with these guys and
> asked them if they have cleaned their systems from Intel ME,
> proprietary BIOS, what is their approach to quantum resistant security
> etc. The answer was "We are still learning to ride the bike" and some
> advertising that they use only FOSS. I explained further that security
> at ring 0-3 means nothing when a system is flawed at ring -3 and they
> told me the would forward my concerns to some operations
> department. ProtonMail's answer was even worse. So far I haven't found
> a single online service provider who can guarantee a clean and
> completely tested system and without that there can be no privacy,
> regardless of how deep the server may be buried in the Alps (or
> wherever). And considering the most recent side-channel bugs, things
> are really out of hand, globally. I think it is a much bigger problem
> than cleaning up ones own machine(s) as we still need to communicate
> with the majority who use PRISMed services and have no idea what
> end-to-end encryption is. So considering the mid-man is always flawed
> (in one way or another) and that end points are already infected,
> freedom/privacy for one's own computer becomes a petty little affair.
>
> Asymmetrical protections...
> My previous comment was about your example of 2 people having a
> private discussion in a public place and one of them hiding his
> face. My point was: that is unnatural and will never work, it will
> always lead to conflicts. Our current approach to security is through
> isolation and isolation itself creates separate conflicting sides. So
> we cannot be secure through isolation. We are naturally secure when we
> are together - when we think together, work together, share
> together. I am not proposing communism (that's an illusory ideal which
> didn't work) but perhaps we need to fix ourselves as species first,
> not technology (which is just the product of what we are). Just
> thinking...
>
> Thanks for the links to EFF's images. I enable JS in private mode
> (i.e. temporarily) for individual sites when it is absolutely
> necessary (e.g. to pay some bills) and for my local web server on
> which I do some front-end web dev. But as a whole I browse with JS,
> cookies and 3rd-party images and CSS blocked. It is amazing how very
> few good designed sites are out there. Most of the web is really
> terrible, just like the increasing length of my posts :)

heyjoe
Offline
Joined: 01/09/2018

When you quote automatically whole (especially lengthy posts) it is difficult to follow what exactly you are commenting on (without rereading the whole post). You obviously do this through email but please consider quoting only what you comment on.

As for recommendations to web developers: I can assure you I have done this so many times. Including: to trisquel.info which has weak HTTP security headers:

https://securityheaders.io/?q=https%3A%2F%2Ftrisquel.info&followRedirects=on

I have sent this using the Contact link on this site. No reply so far. No fix either. Hopefully someone will look into it.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>It seems invalid because current version of Chromium doesn't do what that bug describes.

It's a matter of trust. If you still trust them after something like that, your trust is easy. Mine is very difficult.
If you believe it was an unintentional bug then I would go so far as to call you gullible.

-----------------

As far as the tcpdump test, I just did it and twice. Nothing showed up. Zero (0). Firefox is pinging nothing, no background connection whatsoever.

Now, I do need to make it clear that I am one of those guys that prefer spending 50 hours of their time if need be in order to make it right. Several, and by several I mean a huge ton of modifications were applied in about:config. The only addon installed is noscript. The version of the browser is 57.0.4

You can see the connections it makes in about:networking too.

mason

I am a member!

Offline
Joined: 07/07/2017

> Several, and by several I mean a huge ton of
> modifications were applied in about:config.

Is there an easy way for you to share your about:config?

Something else occurs to me. I'm not knowledgable enough to know if this is possible, but could it be the distro? You use Debian, right? Perhaps they've done something differently from OpenSUSE either in their build of Firefox or elsewhere in the distro? When I have time to figure out tcpdump I'll see if the issue occurs in Trisquel.

heyjoe
Offline
Joined: 01/09/2018

Perhaps they've done something differently from OpenSUSE either in their build of Firefox or elsewhere in the distro?
In my tests I downloaded Firefox from Mozilla directly.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>Is there an easy way for you to share your about:config?

Well, I can describe my procedure, yes.

>You use Debian, right? Perhaps they've done something differently from OpenSUSE either in their build of Firefox or elsewhere in the distro?

Yes, although I am not talking about Firefox ESR packaged by Deb devs but the tar you download directly from the Mozilla website.

As the mate Joe points out and I could not agree more a user should not spend incredible amounts of their time into figuring out how to make their browser privacy decent. Third party cookies anyone? Phoning home to google constantly because of muh security? That is indeed huge bullshit. I agree with (was it?) Lunduke when he says Mozilla is nothing else but business. Open sores business. Fact is, their browser is the best worst choice we have right now. I mean, you can use lynx for your browser if you want only text but year 1986 is long gone, unfortunately.

I prefer not to share the inner workings of my network but I am pretty confident I got the tcpdump right.. so yeah, you don't need to trust my words, do the following and see for yourself. Point is, to sum it up, FF can be made truly privacy respecting, chromium on the other side ... not.

There is a fork of it called ungoogled-chromium, you might want to take a look at that one too (I don't recommend it, just saying) -> https://github.com/Eloston/ungoogled-chromium
----------------

In the past I spent hours reading about those 'hidden' settings in about:config, now I do not need to do that anymore thanks to this guy ->

https://github.com/pyllyukko/user.js/

His user.js is very very good and gets updated when new crap gets added by Mouzilloua.
Very good but not perfect, you will need to apply some additional modifications but don't worry it is just a few.

Place the user.js in the relevant folder. Open your browser and in about:config write 'safebrowsing'.
Disable them all and remove every gooobles url (make it blank), as in:

browser.safebrowsing.downloads.remote.enabled false
browser.safebrowsing.downloads.remote.url (blank)

Disable the captive portal feature

network.captive-portal-service.enabled

As far as background connections that would be all, if memory serves me right. I also recommend you change your user agent to that of the TorBB, it will lower your fingerprint considerably (according to the eff's panopticlick that is)

general.useragent.override Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

This last one is a 'string' you create by yourself (right click - new - string)

Do bear in mind that addons will make background connections so you should test your browser without them.

heyjoe
Offline
Joined: 01/09/2018

> I agree with (was it?) Lunduke when he says Mozilla is nothing else but business.

youtube-dl https://www.youtube.com/watch?v=qMALm1VthGY

BTW I am looking for a way to search/browse Youtube without JS. Any ideas?

Testing as you suggested:

-------------------
(Potential) issues which I see:

When Firefox starts: Show your home page (I would set it to blank)
Check spelling as you type: ON (I don't know if that includes any connections but I would leave it of for the test)
Allow Firefox to automatically install updates (recommended): ON (I would set it to OFF for the test)
Default search engine: Google (and all the other PRISM ones are inabled too)
Always use private browsing mode: ON (inconvenient)
Accept cookies from websites: ON (should be OFF with only exceptions allowed, when needed)
Tracking protection block list: Disconnect.me basic (perhaps should be 'strict'?)
Send "Do Not Track": Only when using Tracking Protection (should be "Always")
Prevent accessibility services from accessing your browser: OFF
Block dangerous and deceptive content: ON (this requires connection to Google hosts where the blacklists are hosted)
Query OCSP responder services: ON (this also requires connection to hosts)

Further in about:config:

browser.ping-centre.telemetry;true
toolkit.telemetry.archive.enabled;true
toolkit.telemetry.bhrPing.enabled;true
toolkit.telemetry.debugSlowSql;false
toolkit.telemetry.firstShutdownPing.enabled;true
toolkit.telemetry.newProfilePing.enabled;true
toolkit.telemetry.shutdownPingSender.enabled;true
toolkit.telemetry.updatePing.enabled;true
--------------

> 'safebrowsing'. Disable them all and remove every gooobles url (make it blank)

I suppose toggling the default browser.safebrowsing.allowOverride;true would work contrary to what you are trying to do, so I leave that one to 'true'.

---------------------
Testing with your settings applied on top of the downloaded shows indeed zero communication with any host. Until you browse (https://fsf.org/robots.txt) when tcpdump shows multiple connections also to:

ocsp.usertrust.com
ocsp.comodoca.com

Another thing which I notice. Even after closing the browser and waiting for some minutes (process terminated) tcpdump shows packets related to fsf.org hosts and also to the OCSP hosts. I don't know why this is happening and why the computer is trying to connect to those hosts without any software asking for it. Any ideas?

Closed Firefox and ran it again. Without opening any web pages whatsoever I go to Preferences and immediately tcpdump shows a load of connections to amazonaws.com, mozilla.com, phicdn.net, digicert.com...

Anyway I proceed to tighten the preferences mentioned above. While changing them I see tcpdump shows active communcation going on in the background.

Setting "Always use private mode" to OFF asked me to restart the browser. I did and after that some of the settings were not as I set them:

Search: I had this one set to DDG and all other search engines I deleted. After restart it is set to Google and no other search enginse are listed. Again: I leave DDG only.

Always use private browsing mode is again ON and Accept cookies is ON too (although turned off before restart). Another attempt and another fail. I go to prefs.js and remove

user_pref("browser.privatebrowsing.autostart", true);

Still no luck after many more attempts. I give up and try to at least turn off cookies accepting: same story - after restart the "Accept cookies" is still ON. I go and delete lines mentioning 'cookie':

user_pref("pref.privacy.disable_button.view_cookies", false);
user_pref("network.cookie.cookieBehavior", 1);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.cookie.thirdparty.sessionOnly", true);
user_pref("pref.privacy.disable_button.cookie_exceptions", false);

Restart. Disable "Accept cookies". Restart - it is back ON. I give up and proceed to next setting.

Block dangerous and deceptive content: OFF
Query OCSP: OFF

It seems my setting "Never check for updates" is disrespected too, so I go to prefs.js and remove:

user_pref("app.update.auto", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1515756610);
user_pref("app.update.lastUpdateTime.background-update-timer", 1515756370);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1515756730);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1515756130);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1515756490);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1515756250);
user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1515756850);

And... no, and no, and no. It reverts to "Check for updates but let me choose to install them".

Also Block dangerous and deceptive content and Query OCSP also reverts to ON.

After 42 minutes of tuning a program which refuses to respect my preferences and which clearly does background communication as per my earlier test, all I can do is wipe it away from my system and I am not even going to attempt fine tuning the rest of the potential issues noticed.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>BTW I am looking for a way to search/browse Youtube without JS. Any ideas?

mps-youtube, you'll find the project on github, it's a very sweet program.

>When Firefox starts: Show your home page (I would set it to blank)

agreed, indeed I did that too :)

>Check spelling as you type: ON (I don't know if that includes any connections but I would leave it of for the test)

It doesn't AFAIK.

>Allow Firefox to automatically install updates (recommended): ON (I would set it to OFF for the test)

It will make just one connection each 24 hours AFAIK

>Default search engine: Google (and all the other PRISM ones are inabled too)

Yeah.. You can easily remove those via GUI though. Google throws hundreds of thousands of greens at them in exchange of user data, u know, open sores biz..

>Always use private browsing mode: ON (inconvenient)

How is that inconvenient? I have done so for years. Well, I have also not allowed js (except for very very few websites) for years, I know I am a strange guy.. But in which way is it 'inconvenient'?

>Accept cookies from websites: ON (should be OFF with only exceptions allowed, when needed)

I don't know.. I mean, I know it will get you a higher fingerprint (eff panopticlick again) to disable cookies, and it is inconvenient in that many websites won't work properly. Also, if private browsing, as soon as you close your browser all of them get purged. I close my browser very often. I don't like having programs I don't use opened.

>Tracking protection block list: Disconnect.me basic (perhaps should be 'strict'?)

Indeed I set it to strict (remember I only use noscript, no adblocker addon whatsoever - in fact I find it unnecessary being javascript always turned off here and adds are basically just javascript nowadays, rarely a plain image file..)

>Send "Do Not Track": Only when using Tracking Protection (should be "Always")

Well, it is a nonsense useless feature anyway, isn't it? I mean no shark is gonna respect it, let's be realistic. But yeah I did set it to always :P

>Prevent accessibility services from accessing your browser: OFF

Indeed, via GUI again

>Block dangerous and deceptive content: ON (this requires connection to Google hosts where the blacklists are hosted)

Yeah, as mentioned already, disable every reference to goobles and to 'safe' browsing (always makes me lul - **safe** browsing, sponsored by google)

>Query OCSP responder services: ON (this also requires connection to hosts)

True

>telemetry

That one also in the GUI. In about:config it is toolkit.telemetry.enabled. Telemetry, again, should not be enabled by default..

>browser.safebrowsing.allowOverride

Yes, leave that one as it is (true)

>Another thing which I notice. Even after closing the browser and waiting for some minutes (process terminated) tcpdump shows packets related to fsf.org hosts and also to the OCSP hosts. I don't know why this is happening and why the computer is trying to connect to those hosts without any software asking for it. Any ideas?

As you said above, you'll inevitably connect to hosts if you want it to work but why in the world would it make connections when the browser is closed I have no idea. Is that even possible? I mean, are you sure ones you closed the browser it's process was correctly killed? That is strange.

>Closed Firefox and ran it again. Without opening any web pages whatsoever I go to Preferences and immediately tcpdump shows a load of connections to amazonaws.com, mozilla.com, phicdn.net, digicert.com...

That's even stranger. Are you testing this without any addon?

>Always use private browsing mode is again ON and Accept cookies is ON too (although turned off before restart). Another attempt and another fail. I go to prefs.js and remove

Hmm, do note that user.js has the precedence AFAIK, so you will need to change those inside that file (user.js) and not
prefs.js

>still on / back on

Yeah, I believe you'll need to set the modifications you want to be permanent into user.js. See, if you have say browser.safebrowsing.allowOverride set to false in user.js and you modify it in about:config or prefs.js (which is the same) to set it to 'true' when you restart the browser user.js will override it.

>After 42 minutes of tuning a program which refuses to respect my preferences and which clearly does background communication as per my earlier test, all I can do is wipe it away from my system

No, mate, again - user.js overrides prefs.js :)

------

Wow, this was long. I believe this is the longest comment in my over 3 years here (and I am a daily -and quite verbose- visitor..). But it is nice to see that I am not the only one who has spent time on achieving the almost impossible: getting a decent browser out of Firefox. Cheers colleague :)

heyjoe
Offline
Joined: 01/09/2018

> mps-youtube, you'll find the project on github, it's a very sweet program.

Thanks. I will check it.

> How is that inconvenient?

Private mode cleans cookies on each exit and I don't like having to re-login to sites just because I restarted the browser.

> and adds are basically just javascript nowadays, rarely a plain image file

Just a side note: Pixel trackes are not JS based. And you can be tracked also through 3rd-party CSS request. So an extension like uMatrix and uBO is much more helpful than NoScript because through it you can control quite well JS blocking too.

> I mean, are you sure ones you closed the browser it's process was correctly killed? That is strange.

Yes, I am sure. And yes, it is strange. Speculation: I suppose it may be some related to the fact that I am behind a router which NATs the Internet to the LAN but still - tcpdump shows the connection is from the localhost to the remote host and it makes no sense.

> Are you testing this without any addon?

Absolutely clean virgin browser without any ~/.mozilla/firefox upon first run. I also explicitly run it from command line with option --ProfileManager so that I can see how the profile is created and selected.

> But it is nice to see that I am not the only one who has spent time on achieving the almost impossible getting a decent browser out of Firefox. Cheers colleague :)

Well, cheers to you too! Unfortunately I can't confirm that the final result is a decent browser. :( I may try user.js some time but I really don't have the nerves right now. I have already spend so many hours to test Firefox and each time I really find it is so bad at listening to what I ask it to do.

Can you please test on your system the opening of Preferences and the browsing to https://fsf.org/robots.txt? What results do you get for each?

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>but I really don't have the nerves right now.

Yeah, as I said a truly libre and privacy friendly browser would not come with a ton of antiprivacy nonsense and a user should not have to do such a hard work to 'clean it up'.

>Can you please test on your system the opening of Preferences and the browsing to https://fsf.org/robots.txt? What results do you get for each?

Will do later, I'm curious.

heyjoe
Offline
Joined: 01/09/2018

> Yeah, as I said a truly libre and privacy friendly browser would not come with a ton of antiprivacy nonsense and a user should not have to do such a hard work to 'clean it up'.

How can something be privacy friendly and come with antiprivacy? :)

> Will do later, I'm curious.

Great. Looking forward to it.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Ok, I know I should have tested without any addon but I installed umatrix (which btw is absolutely magnificent). So I tested it with noscript and umatrix and all my mods, basically the browser as I use it.

I opened the browser and the connections made were the following:

hosts-file.net (107.22.171.143)
someonewhocares.org (209.97.222.140) (turing.theorem.ca)
winhelp2002.mvps.org (216.155.126.40) (mars.olymp.mvps.org)

Then, when going into preferencse the new connections I see are:

aus5.mozilla.org
balrog-aus5.r53-2.services.mozilla.com., A 52.88.57.64, A 34.208.7.8, A 52.35.162.72, A 34.214.242.76, A 34.210.48.174, A 52.36.39.89
us-west-2.compute.amazonaws.com (52.88.57.64)
ocsp.digicert.com (93.184.220.29)
cs9.wac.phicdn.net (93.184.220.29)

And finally when on the fsf's page the new connections made were:

www.fsf.org (208.118.235.174)
svnweb.fsf.org (208.118.235.30)
ocsp.usertrust.com (178.255.83.1)
ocsp.comodoca.com (178.255.83.1)

--------------

Btw, m8 Joe, may I ask you where you going with that gun in your hand? ;)

heyjoe
Offline
Joined: 01/09/2018

So basically you proved the results of my tests. The first 3 hosts you listed look like the hosts which contain the lists for uMatrx (without uMatrix there would not be connections to them). But opening preferences again shows connections to hosts which the user has not explicitly asked for.

Still trust Firefox and Mozilla?

> Btw, m8 Joe, may I ask you where you going with that gun in your hand? ;)

I'm goin' down to shoot my old lady
You know I caught her messin' 'round with another man.

:)

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>So basically you proved the results of my tests. The first 3 hosts you listed look like the hosts which contain the lists for uMatrx (without uMatrix there would not be connections to them).

Yes, I believe so.

>Still trust Firefox and Mozilla?

I never did in the first place. As I said I think I have quite some issues at trusting. I am suspicious and pessimist by nature.

>I'm goin' down to shoot my old lady
You know I caught her messin' 'round with another man.

That's exactly what I thought, but it was worth asking :)

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Yeah, as I said a truly libre and privacy friendly browser would not come with a ton of antiprivacy nonsense and a user should not have to do such a hard work to 'clean it up'.

Taking a look at outgoing connections is not enough to deem how privacy-respectful a feature is. And that feature has advantages too. A compromise has to be sought. What I am saying is: details matter.

Take Safe Browsing for example. The feature you manually disable after copying pyllyukko's user.js. That feature aims to warn a user who is about to access a page that is known for phishing or about to download known malware. Let us agree it is a useful feature.

Now, you know Google is actually managing the lists of pages known for phishing or of known malware. If you stop your investigation at that point, you may believe that every URL that ends up in your address bar is sent to Google along with your IP address. *That* would be a privacy nightmare not worth the enhanced security... but SafeBrowsing, in Firefox, does not work that way.

https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ explains how it works. And anybody can check whether it is true, thanks to freedom 1. In the case of phishing:

  1. Every 30 minutes, Firefox downloads, from a Safe Browsing server, a list of 4-byte hashes of URLs, which were deemed unsafe since the last update;
  2. Whenever the user is about to visit a page, the hash of its URL (excluding what is following a possible "?" in the URL) is compared with those in the local lists (no outgoing connection here);
  3. If it is not found, the page is displayed; otherwise the 4-byte hash is sent to a Safe Browsing server which returns all unsafe URLs matching the hash (there may be several: hashes suffer from collisions) and Firefox locally checks whether one of them is the URL to be accessed (if so, the warning is displayed; otherwise the page);
  4. To enhance privacy, Firefox requests, from time to time, the URLs of random hashes taken in the list.

So, through Safe Browsing, Google only knows:

  1. every 30 minutes, that an IP address has a Web browser opened;
  2. that the user may (or not: because Firefox adds noise) have visited a URL whose hash was sent: it may be one of the unsafe pages having this hash or a safe page with the same hash.

Not the privacy nightmare a naive implementation would yield. Safe Browsing's protection against malware is more intrusive. To block malware, even if it comes from unlisted pages, metadata about all binaries Firefox is about to download are sent to a Safe Browsing server. The risk of installing malware for GNU/Linux is probably not worth the privacy loss. That is why Abrowser disables that part of Safe Browsing by default.

You see: a compromise is sought between security, privacy, performance and ease of use (Firefox's preferences only propose a global switch to disable Safe Browsing as a whole). The balance between those features (again: security, privacy, performance, ease of use, ... are features/capabilities, not freedoms) cannot suit every user. But it not "antiprivacy nonsense": for most users, being warned that a page is phishing (maybe imitating the page of your bank) is worth having Google know every 30 minutes that they have a Web browser opened and having it possibly guess (with a rather small probability) that they visited some specific pages.

Especially when Google has many more reliable ways to profile users (i.e., I very much doubt Google uses Safe Browsing to do so): the advertisement it displays on most of the Web, the Google+ buttons, the Google fonts most of the Web pages download from Google, Google Analytics, which dominates the market, etc.

In Firefox's preferences, the check box "Allow Firefox to send technical and interaction data to Mozilla" globally enables/disables Mozilla's telemetry. heyjoe's bug, filed against the "telemetry" component, pretended the opposite. He had not understood that the settings in about:config depend on each other: if datareporting.healthreport.uploadEnabled (the setting that can be set from the preferences) is false, no telemetry is sent, whatever the values of other entries in about:config that stands for more specific tunings of the telemetry component. That is why the bug was closed with the status "WORKSFORME". Telemetry allows the developers to discover bugs and know how the browser is used. They can then make it evolve the way the community wants it to evolve. https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c4 says "[Mozilla] only collect[s] anonymous usage statistics like how often Firefox crashes and how quickly the javascript garbage collector runs". It continues:

But you don't have to trust us, you can check:
If you enjoy reading bugs, please browse "Toolkit::Telemetry" for bugs about preferences and what they do. If you enjoy reading C++ and JavaScript, please browse the source code to toolkit/components/telemetry/ and examine the constraints we place on collection in TelemetryHistogram.cpp and the constraints on sending in TelemetrySend.jsm. If you enjoy looking at graphs, you can see the daily aggregated versions of the data we collect at https://telemetry.mozilla.org

That is the beauty of freedom 1. I have not sought to understand how telemetry works (like I did for Safe Browsing). If the collected are indeed anonymous (I doubt Mozilla would lie: any programmer can check), the gains brought by telemetry can supersede its minor anti-privacy side effects. Again: details matter. Looking at outgoing connections is not enough.

heyjoe
Offline
Joined: 01/09/2018

> Taking a look at outgoing connections is not enough to deem how privacy-respectful a feature is. And that feature has advantages too.

The problem with this statement is that you know (or rather can check) only what happens on the sending side. So you don't have enough data to evaluate the advantages in relation to what you sacrifice in order to receive them. That is a basic test which shows if there is a communication or not. Nothing more or less. If there is communication and it is not anonymized through TOR (it is not) - that obviously is a privacy issue. That is quite simple.

> A compromise has to be sought.

Why? Are privacy and security 2 incompatible mutually exclusive concepts? Or rather because someone has designed a program in a way in which you must sacrifice one for the other? If you seek for compromise what happens is giving up freedom in exchange for convenience?

> What I am saying is: details matter.

Yes, they do - but only in their entirity. Only then one can match the details to the big picture. Otherwise we can look at an isolated beautiful "print('Hello world')" and admire how clean and safe it is. Meanwhile Intel ME can be sending data to organization X "User N, located ... is currently admiring the source code of Hello world".

> Take Safe Browsing for example... Let us agree it is a useful feature.

There are organizations which consider that censoring entire geographic regions from accessing particular websites is a useful feature for the safety of the region. Should we agree to that too? It's a fact, not an article. There is enough evidence that the price people pay for using all kinds of "useful features" is pretty high.

That said: I do agree that having a blacklist may be useful. But I disagree to the centralized nature of it held in the hands of a single entity which can control it. As long as we cannot check for ourselves what exactly is happening on the other side of the wire it is all wishful thinking.

> Now, you know Google is actually managing the lists of pages known for phishing or of known malware. If you stop your investigation at that point, you may believe that every URL that ends up in your address bar is sent to Google along with your IP address. *That* would be a privacy nightmare not worth the enhanced security... but SafeBrowsing, in Firefox, does not work that way.

> https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ explains how it works. And anybody can check whether it is true, thanks to freedom 1.

Suppose I am the victim. I (a layman) don't know. I (a non-programmer) have not checked the source code. I (an average user) am forced to trust because there is a huge mountain of information which I need to dig in order to find out the truth, it is growing every day and a lifetime wouldn't suffice for it. But still I refuse to trust articles and want truth, not words, because I don't want to depend on another. I don't want my child (if I have one) to be tracked, logged, turned into a cog of a huge machine. What am I to do? You see - the question is much bigger than F0-4.

The particular article you linked says:

'Google explicitly states that the information collected as part of operating the Safe Browsing service "is only used to flag malicious activity and is never used anywhere else at Google" and that "Safe Browsing requests won't be associated with your Google Account"'

Ok, Google states that. They state all kinds of things. Even without that: We all know very well that each server stores logs. Also one doesn't need to be a professor to know how this works with a company part of PRISM program. What do you think happens when NSA comes and says "We will take these servers to search them"? Will Google will say "sorry, we won't allow you to do that because we have written this and that on a web page"? If we believe that, we can easily install Microsoft Windows and turn on Windows Defender because it is a useful feature.

> Mozilla's telemetry. heyjoe's bug, filed against the "telemetry" component, pretended the opposite. He had not understood that the settings in about:config depend on each other: if datareporting.healthreport.uploadEnabled (the setting that can be set from the preferences) is false, no telemetry is sent, whatever the values of other entries in about:config that stands for more specific tunings of the telemetry component.

My test does not pretend anything - it proves something, providing actual, verifiable facts. It seems you have not read the bug report comments carefully because one of the attached logs clearly shows: after additional disabling of various telemetry flags in about:config the amount of packets detected by tcpdump is reduced almost in half. This means that those additional settings do something and they are not insignificant in relation to other disabled flags.

> So, through Safe Browsing, Google only knows:

> every 30 minutes, that an IP address has a Web browser opened;

Even if we assume that we know what Google knows (which we don't) that 'only' piece is still a form of analytics. And it is not anonymized at user end but again the user has to trust a company. Of course Mozilla and Google will say "we are nice guys". But the very fact that telemetry was created in the first place is a clever trick. For the improving of a program there is absolutely no need to know that user X is currently online and has his browser open.

> You see: a compromise is sought between security, privacy, performance and ease of use (Firefox's preferences only propose a global switch to disable Safe Browsing as a whole). The balance between those features (again: security, privacy, performance, ease of use, ... are features/capabilities, not freedoms) cannot suit every user. But it not "antiprivacy nonsense": for most users, being warned that a page is phishing (maybe imitating the page of your bank) is worth having Google know every 30 minutes that they have a Web browser opened and having it possibly guess (with a rather small probability) that they visited some specific pages.

I don't see one should install a surveillence camera in one's bedroom, taking and uploading snapshots every 30 minutes just to inform organization X that he is (or is not) having sex right now, so that organization X can send a message "You are with a (non) trustful partner". Security and privacy are not a matter of compromise between the two. If one has to compromise that is poor design, therefor dependency, not freedom.

> That is the beauty of freedom 1. I have not sought to understand how telemetry works (like I did for Safe Browsing).

Are you saying you have actually studied the full code of Firefox and do it for every new release?

> If the collected are indeed anonymous, the gains brought by telemetry can supersede its minor anti-privacy side effects. Again: details matter. Looking at outgoing connections is not enough.

Looking at details: there is no anonymity if they know your IP address. I also asked explicitly in the Chromium report if that can be anonymized on user's side and the answer was not "Yes", on the contrary: they even added that they also store a cookie for the browser session:

https://bugs.chromium.org/p/chromium/issues/detail?id=795526#c8
(read @2, question is in previous comment)

Mozilla also receives your IP address even if they don't send it to Google (which we have no way to know). Surely they do share it with Amazon, Akamai etc.

---
If you haven't - I highly recommend that you read the book "When Google met WikiLeaks".

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

The problem with this statement is that you know (or rather can check) only what happens on the sending side.

That is correct. But there is no magic: if you send little information, then little information is received on the other side. If you add noise, the receiver can exploit it even less.

That is a basic test which shows if there is a communication or not.

Too basic. Looking at what is communicated is relevant.

If there is communication and it is not anonymized through TOR (it is not) - that obviously is a privacy issue. That is quite simple.

If you consider that having the receiver know your Web browser is opened, then yes. And you should be able to disable the service it provides to stop that communication... but if that service is useful and cannot be achieved on your own computer (it is not SaaSS), then it does require communication and you may decide it is worth giving the information required to get the service.

Are privacy and security 2 incompatible mutually exclusive concepts? Or rather because someone has designed a program in a way in which you must sacrifice one for the other?

It is physically impossible to request information from a third party without communication. For example, you cannot ask whether a site is phishing without communication. You have to either choose privacy (no communication) over security (no warning about phishing) or the opposite (communicating the relevant information to receive the warnings). To make that choice, looking at what is actually communicated (how much privacy is sacrificed) is relevant to most users. If you consider that no service is worth communicating your IP address, then, really, there is no need to look at what is communicated... and you should stay offline (when you access this forum, Trisquel knows about it, your ISP too). Since you are online, you actually accept to send the relevant information (lose some privacy) to do whatever you do online.

If you seek for compromise what happens is giving up freedom in exchange for convenience?

You need not compromise on freedom. You should always stay in control of your own life. In computing, that means only using free software. There is no physical impossibility here (whereas requesting information without communication is impossible): every piece of software can be and should be free software.

Meanwhile Intel ME can be sending data to organization X "User N, located ... is currently admiring the source code of Hello world".

Yes. Intel ME, like any piece of software, can be and should be free software.

There are organizations which consider that censoring entire geographic regions from accessing particular websites is a useful feature for the safety of the region. Should we agree to that too?

No. And that has absolutely nothing to do with our conversation.

There is enough evidence that the price people pay for using all kinds of "useful features" is pretty high.

"All kinds of useful features" is too general to state anything about them. Again: details matter. I explained you the price of receiving warnings about phishing. You can consider that price too high. Other users, most users I believe, consider it is not. I have Safe Browsing disabled because I do not think I need it. However, I let it enabled on my parents' computer (that I administrate).

I disagree to the centralized nature of it held in the hands of a single entity which can control it.

There is a performance compromise too. I do not think (I may be wrong) anybody knows how to have a distributed Safe Browsing system that would not significantly slow down page loading. Do you know?

As long as we cannot check for ourselves what exactly is happening on the other side of the wire it is all wishful thinking.

There is no magic: if you send little information, then little information is received on the other side. If you add noise (like Firefox does with Safe Browsing), the receiver can exploit it even less.

uppose I am the victim. I (a layman) don't know. I (a non-programmer) have not checked the source code. I (an average user) am forced to trust because there is a huge mountain of information which I need to dig in order to find out the truth, it is growing every day and a lifetime wouldn't suffice for it. But still I refuse to trust articles and want truth, not words, because I don't want to depend on another. I don't want my child (if I have one) to be tracked, logged, turned into a cog of a huge machine. What am I to do?

You trust the community. Even if you were a programmer, it is impossible to read all the software you run: a life time is not enough. Exercising a collective control over the software is the reason for freedom 3.

If you do not want to trust the community, then you should stop using software. I see no other possibility. The four freedoms do not solve all problems but it is the best we have.

We all know very well that each server stores logs. Also one doesn't need to be a professor to know how this works with a company part of PRISM program. What do you think happens when NSA comes and says "We will take these servers to search them"?

The logs can only contain the information that was received. In the case of Safe Browsing's phishing protection: what IP had a Web browser opened at what time (with a 30-minute precision) and hashes of some URLs (without what is following "?", if present) that the browser may have visited, or not. Hashes associated with (a) phishing page(s). But the user may have actually visited a safe page with the same hash. If you think that the phishing protection is not worth giving up that information, then disable it. Again: I believe most users consider it is worth it.

If we believe that, we can easily install Microsoft Windows and turn on Windows Defender because it is a useful feature.

Windows is proprietary software. Its users are denied the essential freedom to know what it is actually doing. The worst should be assumed.

My test does not pretend anything - it proves something, providing actual, verifiable facts.

Your bug reports for Firefox's Telemetry component says: "If the user says "No" to data reporting one expects no data will be sent (and home directory will not be filled with unnecessary data) without the permission and knowledge of the user". So, yes, you pretended telemetry was not disabled after unchecking "Allow Firefox to send technical and interaction data to Mozilla".

And your test actually shows no connection to incoming.telemetry.mozilla.org: Telemetry was disabled, as expected.

This means that those additional settings do something and they are not insignificant in relation to other disabled flags.

Not the additional *telemetry* settings, no. Georg Fritzsche explained it to you in https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c11

Even if we assume that we know what Google knows (which we don't) that 'only' piece is still a form of analytics.

We do know what Google receives through Safe Browsing. Safe Browsing is documented and Firefox's source code can be studied. Your text then jumps to telemetry again. Do you understand they are separate components? No telemetry data is sent to Google.

But the very fact that telemetry was created in the first place is a clever trick. For the improving of a program there is absolutely no need to know that user X is currently online and has his browser open.

It is useful to know how a program is used, what was its state when it crashed, etc. to improve it. With telemetry enabled, the program itself sends the data. So the receiver knows it is currently used.

I don't see one should install a surveillence camera in one's bedroom, taking and uploading snapshots every 30 minutes just to inform organization X that he is (or is not) having sex right now, so that organization X can send a message "You are with a (non) trustful partner".

What information is sent matters to decide whether the service is worth the loss in privacy. Your example makes it clearer. If, instead of sending the camera snapshots, you would have a Safe-Browsing-like system (you receive from time to time the hashes of the ids of the non-trustful partners, you send the hash of your partner if it is in the list to get the actual names of the corresponding non-trustful partners, you send random hashes to make it harder for the service to guess who your partners are), the system would be more respectful of your privacy.

Security and privacy are not a matter of compromise between the two. If one has to compromise that is poor design, therefor dependency, not freedom.

Communicating to request (security) information from a third party is not poor design. It is physically impossible to do request information from a third party without communicating.

Also, poor design never implies a loss of freedom. Imperfection is not the same as oppression: https://www.gnu.org/philosophy/imperfection-isnt-oppression.html

Are you saying you have actually studied the full code of Firefox and do it for every new release

I have only read documentation on the matter. I could take a look at the source code though. Any programmer could. Many certainly have. That alone makes it improbable that Mozilla would be lying when describing Firefox's implementation: its reputation is at stake.

Mozilla also receives your IP address even if they don't send it to Google (which we have no way to know). Surely they do share it with Amazon, Akamai etc.

Do you have any evidence to ground your accusations?

heyjoe
Offline
Joined: 01/09/2018

> But there is no magic: if you send little information, then little information is received on the other side. If you add noise, the receiver can exploit it even less.

You send your IP address. That's more than enough. You can't add noise to that. Also it is technically stupid (inefficient) to deliberately create noise and burden a system just because it is designed poorly.

> Too basic. Looking at what is communicated is relevant.

Well, basic or not - this is within my capabilities. Considering that nobody seems to have done even that, I think it has certain value.

> If you consider that having the receiver know your Web browser is opened, then yes.

I do, so yes. The word 'private' means not shared. If you are sharing - there is no privacy.

> And you should be able to disable the service it provides to stop that communication... but if that service is useful and cannot be achieved on your own computer (it is not SaaSS), then it does require communication and you may decide it is worth giving the information required to get the service.

Obviously certain services cannot be disabled, otherwise the background chatter would happen. Also it is possible to make the blacklist for safe browsing decentralized. But they didn't do it and there is not even a hint that they will.

> It is physically impossible to request information from a third party without communication...

I know that. But the question is that in this particular case we are sending info to companies for which we know to be part of the PRISM and much more than that. Considering that Big Brother created systems which modify even the HTTP headers for the purpose of eavesdropping, saying that "they can gather much more through G+ buttons than through this" may not be quite valid (and still - we don't know, we never will).

In any case, technically it is possible to get information without loosing privacy. Example: you turn on the radio and you listen to music. Nobody is geolocating you, storing cookies on your radio receiver and all the rest of it. I think it should be possible to create a privacy respecting network based on this principle. I would be interested to discuss this further with people who are more technically knowledgeable than me.

> You need not compromise on freedom. You should always stay in control of your own life.

Control means regulation, i.e. conforming within rules, i.e. limitation. Freedom means no limitations. So one doesn't get freedom through control. It's a long topic.

> There is no physical impossibility here (whereas requesting information without communication is impossible): every piece of software can be and should be free software.

I would be interested to know your thoughts in the other thread I opened yestrday:

https://trisquel.info/en/forum/freedom-security-technology-what-can-we-do

> And that has absolutely nothing to do with our conversation.

It has a lot to do because not only the details matter but also the big picture which contains much more important details (otherwise we wouldn't be here and the whole idea of FOSS wouldnt exist).

> "All kinds of useful features" is too general to state anything about them.

Did you expect me to enumerate each and every spyware? Please, I know you are intelligent enough to understand what I mean.

> You can consider that price too high. Other users, most users I believe, consider it is not.

Of course. But the issue here is not what I consider, I am not important. The issue is that the whole system is designed in a way to encourage negligence and loss of privacy.

> However, I let it enabled on my parents' computer (that I administrate).

Same here.

> I do not think (I may be wrong) anybody knows how to have a distributed Safe Browsing system that would not significantly slow down page loading. Do you know?

The first thing that comes to mind - torrents, mirrors (like we have for FOSS). There are other means too perhaps. Example: encouraging ISPs to keep a local mirror on the gateways, proxies. It is possible.

> You trust the community... freedom 3.

The problem is that trust implies faith which is not facts. And that can be exploited. We can discuss that in the other thread where I raise that question. Also the issue here is: the community (Mozilla etc) ignores the facts just because they prefered to fight over the definition of words. This is another example that F3 doesn't necessarily work.

> The four freedoms do not solve all problems but it is the best we have.

Yes. But it seems to me they are not enough any more. Much more is necessary nowadays.

> Windows is proprietary software. Its users are denied the essential freedom to know what it is actually doing. The worst should be assumed.

Google's servers are not less proprietary. Why don't you assume the same for them?

> Your bug reports ...

You are critical and that is a good thing. But you don't show anything better which makes the former insignificant. I have taken the time to test other browsers too and shared the results in this thread. What actual tests have you done yourself? Please share with us, so we can do them too. Prove me wrong, I would be happy to see that sending my IP address periodically with "noise" to Mozilla, Amazon or whoever is worth it.

> Not the additional *telemetry* settings, no.

You don't seem to understand that my complaint is about the _indirect_ telemetry (privacy breach) resulting from the background chattering. Also that same guy who replied in https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c16 that this is not documented. He didn't provide any clear evidence what are these communications for. In fact he said

"I'd like these to be documented better publically in the future, i'll check what we can do."

which means that nobody (except Mozilla) really knows what is going on (even they needed time to check). So excercising the freedom 1 is a next to impossible effort which obviously nobody would waste time on. You see - this is another example that the four freedoms are not enough. They may have been in the 90s or in 00s but in an age of mass surveillence - they are not.

> Do you understand they are separate components? No telemetry data is sent to Google.

Telemetry means remote measuring. Measuring means getting the value of a physical quantity and comparing it to a standard value.

In the bug report I mention _indirect_ telemetry which is the process of: the program sending user's IP address + other data (we don't know what) for unknown/undocumented purpose. It still is telemetry because it provides a measure (identifiable, detectable, comparable data). Mozilla may not call it 'telemetry' according to their limited definition but in actuality it is exactly that. In that sense - they are playing with words in order to avoid the physical fact. So it is not me who uses the word wrongly but them. They give new meaning to the words and argue over them just for the sake of argumentation. But no argumentation can abolish the facts.

> It is useful to know how a program is used, what was its state when it crashed, etc. to improve it.

Do KDE programs measure you all the time? I haven't noticed that. I have noticed though that when they crash there is a specific button which you press "Send data report". Does that make those programs worse? The field of "improvement" is an open door to exploting the user. Watch this:

https://media.ccc.de/v/34c3-9077-humans_as_software_extensions#webm

> ... the system would be more respectful of your privacy.

Which implies that there are levels of privacy respect. I reject to agree to that. It either respects privacy or not. "I respect your privacy and I won't take snapshots but I will know that you are currently in your bedroom" is just meaningless.

> It is physically impossible to do request information from a third party without communicating.

Turn on your radio.

> Also, poor design never implies a loss of freedom. Imperfection is not the same as oppression: https://www.gnu.org/philosophy/imperfection-isnt-oppression.html

The word intelligence means to read between the lines. If everything we say is just aimed to conform to the words of someone else we deny the possibility of looking at things (not at words) and discussing them intelligently, without any bias. Freedom is not conformity. It is something much bigger than F0-4. I have deep respect for what RMS says and does but that doesn't mean one should stop there.

This article is from 2014. Since then a lot has happened in the world and cleverly playing with words against actual issues does not resolve the issue. One of the biggest issues we face (and RMS will agree to that) is mass surveillence. Today we have a system in which not only imperfections are used as backdoors but even more - we see how that system deliberately creates imperfections to infect the computers at hardware level which even the perfect FOSS cannot fix. So again - we must look at facts, not at articles. Still:

"You can urge the program's developers to turn their attention to the missing feature when they have time for more work."

I have already done that, to my capacity.

> I have only read documentation on the matter.

So it is theoretical, a non-fact. I have read many articles about how good this or that browser is. None of the authors have ever done any detailed testing. Also Mozilla's programmer clearly said that what I raised is not documented publicly.

> I could take a look at the source code though.

Do it, then we can talk. Show us lines of code which prove that my test is wrong and that Mozilla, Amazon, Google etc don't receive our IP addresses and other info. Mozilla's programmer didn't show that.

> That alone makes it improbable that Mozilla would be lying when describing Firefox's implementation: its reputation is at stake.

The bigger and more powerful an entity becomes the less important the factor of reputation. When the entity has gained power at another level what others say has very little influence. Unless you think that the organizations who spy on the whole world care about their reputation.

> Do you have any evidence to ground your accusations?

Have you even looked at the logs attached to the bug report? They show it.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

In any case, technically it is possible to get information without loosing privacy. Example: you turn on the radio and you listen to music.

For Safe Browsing that would mean continuously broadcasting to to all online systems hundreds of thousands of unsafe URLs: https://support.google.com/transparencyreport/answer/7381518/#size-of-blacklist

*That* (not adding noise) would be extremely inefficient. And why stopping there? By your logic, every website should continuously broadcast whatever it hosts to all online systems!

Freedom means no limitations.

No it does not. You are not less free because you cannot fly, for instance. Freedom means "exemption from *external* control, interference, regulation, etc." (emphasis is mine): www.dictionary.com/browse/freedom

As I wrote: being in control of your *own* life.

Same here.

So you agree that the enhanced security your parents get is worth the privacy they give up? Don't you think most users are more like your parents and less like you?

The first thing that comes to mind - torrents, mirrors (like we have for FOSS). There are other means too perhaps. Example: encouraging ISPs to keep a local mirror on the gateways, proxies. It is possible.

Distributing the lists is not the hard part. Creating them is. It involves crawling the Web and processing every page (Google does so in parallel virtual machines): https://www.usenix.org/legacy/events/hotbots07/tech/full_papers/provos/provos.pdf

The problem is that trust implies faith which is not facts.

Trusting nobody, not even free software communities, and not being a programmer, you should stop using software. All of it.

Google's servers are not less proprietary.

Google's server (the software they run on their side) is trivially free: there is one single user and it has all four freedoms. On the contrary, Windows is distributed to many users that do not have the control they deserve on it. Maybe you wanted to write "Google's services" but services cannot be said free/proprietary: https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html

I would be happy to see that sending my IP address periodically with "noise" to Mozilla, Amazon or whoever is worth it.

You apparently think it is worth it on your parents' computer.

which means that nobody (except Mozilla) really knows what is going on (even they needed time to check). So excercising the freedom 1 is a next to impossible effort which obviously nobody would waste time on.

That is not correct.

Telemetry means remote measuring. Measuring means getting the value of a physical quantity and comparing it to a standard value.

You file a bug in the "telemetry" component of Firefox. Whether you like it or not, "telemetry" means something precise in this context: it is the component that collects usage information and sent it to Mozilla, the source code in toolkit/components/telemetry/. To argue for general policy changes, you were invited to write to https://lists.mozilla.org/listinfo/governance

They give new meaning to the words and argue over them just for the sake of argumentation.

How should Firefox's telemetry component be called?

Which implies that there are levels of privacy respect.

Of course there is. You may agree to show your ID to take a plane but you would not accept nude pictures of you to be taken and published. There are levels of security too. And of ease of use. And of performance. Etc. Often, trade-offs between those features (again: they are not freedoms) must be sought. 100% privacy would mean not interacting with anybody. Ever.

One of the biggest issues we face (and RMS will agree to that) is mass surveillence.

It is. But RMS would not agree, not in 2014 and not now, that the free software definition has anything to do with what the software does or does not. Neither that it should.

Today we have a system in which not only imperfections are used as backdoors but even more - we see how that system deliberately creates imperfections to infect the computers at hardware level which even the perfect FOSS cannot fix.

Free software developers are humans. They make errors. Sometimes bugs that become security vulnerabilities. We cannot promise you to write bug-free programs. But we can respect your freedoms. Letting you control, individually and collectively, the software you use. Including to fix bugs.

Also Mozilla's programmer clearly said that what I raised is not documented publicly.

What matters for freedom 1 is access to the source code. Anyway, even when there is documentation (such as in Safe Browsing's case), you are not happy. You want to understand the source code by yourself without being a programmer. You want programmer to make bug-free program. You want 100% privacy + 100% security + 100% ease of use + 100% performance + etc. You want the impossible. Worse, you claim that software that does not provide that disrespects your freedoms. By the way, you are not the first one to confuse freedom and features, hence RMS' article "Imperfection is not the same as oppression". In France, there even is an association called "Liberté 0" (Freedom 0) that pretends that software that is inaccessible to all kind of handicapped people does not respect freedom 0. RMS publicly said they confuse freedom with features.

Unless you think that the organizations who spy on the whole world care about their reputation.

The spyware are not in free software distributed to the spied users, who can discover the spyware by freedom 1.

Have you even looked at the logs attached to the bug report? They show it.

No. You were talking about Mozilla sharing with Amazon, Akamai, ... IP addresses Mozilla received through telemetry. Not about your Web browser (not Mozilla) communicating with third parties to provide other services than telemetry. The privacy implications of every other service should be independently assessed to deem the trade-off "positive for most users given the added value of the service" or "negative for most users". I know you disagree, but I will repeat it: details matter.

heyjoe
Offline
Joined: 01/09/2018

> *That* (not adding noise) would be extremely inefficient. And why stopping there? By your logic, every website should continuously broadcast whatever they host to all online systems!

And by your logic it is much more efficient that the clients (which are always more than the servers) broadcast all kinds of personally identifying info, that special software and hardware should be made to ensure security, that that should be further infected by the organizations which prefer the "efficient" way of doing things etc. I question that. And I question it on a bigger scale. I don't know if you understand what I am saying. That's why I opened the other thread.

> No it does not.

Yes, it does. One cannot be limited, attached, conditioned, dependent, restrained and free.

> You are not less free because you cannot fly, for instance.

Yes, you are - physically. Otherwise man wouldn't invent flying devices.

> Freedom means "exemption from *external* control, interference, regulation, etc." (emphasis is mine): www.dictionary.com/browse/freedom

This source is wrong. If one excercises control psychologically, i.e. inwardly, one is not free. Examples: fear, self censorship, suppression etc. You may better check the original original (etymological) meaning:

https://www.etymonline.com/word/free

"exempt from; not in bondage, acting of one's own will," (read the rest for yourself, there is no mention of external whatsoever)

Also https://en.wiktionary.org/wiki/free mentions many times unconstrained, as well as confirms "to be enjoyed without limitations; unrestricted;"

The earliest know meaning of freedom is from Sanskrit and means love.

> As I wrote: being in control of your *own* life.

But do you own life? Is there anyone who does? Is ownership something actual or a concept created by thought? You see - man creates the idea of ownership (this is my land/cow/food/nation/data), then separates the whole world into pieces, they inevitably conflict with each other. Then man tries to impose strict restrictions to those peaces, to _control_ them harder and harder till absolute tyrany is achieved. And all that business of "personal and national security" creates more insecurity, some good people create FOSS systems with the hope to escape the tyrany but it is not freedom. It is a fight for the control. I wonder if you understand what I am saying. The reaction to non-freedom is not freedom. Freedom has no opposite. I don't want to get too off-topic. Again - I welcome you to discuss things in the other thread as I am really intersted to talk with technically knowledgeable people about what we can do about our real freedom.

So "to control one's own life" really means conformity to certain patter (adopted from an external source or invented for oneself). It is not freedom.

> So you agree that the enhanced security your parents get is worth the privacy they give up?

Unfortunately yes. It is the least worse for the moment.

> Don't you think most users are like your parents and less like you?

And that is due to the poor design. Technology as it is makes people more stupid, more dependent and less free. I don't even need to give examples, do I?

> Distributing the lists is not the hard part. Creating them is.

There is no need to create them. It is possible to have TOR-ed nodes which pull them and host them.

BTW I wonder if you have ever asked yourself why all the malware exists but I won't go into that question here. Let's just say - with a good design it wouldn't be hard. It may even be unnecessary. Example: in Windows you need antivirus programs. In Linux - unlikely + there is fairly low interest in creating viruses. Why? Because of better overall design. Same for defragmentation programs etc.

> Trusting nobody, not even free software communities, and not being a programmer, you should stop using software. All of it.

Exactly. But nobody pulls the cord (except RMS perhaps). Personally I have started programming about 30 years ago (Commodore 64, then another 8-bit computer, then 8086 etc) and although I neither made it into a profession nor I do it actively, I have a fairly good view on how hardware and software works, so at least I don't try to do something which may be dangerous. Still I don't claim to be no expert, technology moves too fast to follow every aspect of it. That's why I was saying previously - if one is a general layman, things are very very dangerous.

> Google's server (the software they run on their side) is trivially free: there is one single user and it has all four freedoms.

Where is the source code? Can anyone download and install it? If yes - then we can outstrip Google. BTW sth interesting which I saw today in tcpdump: when i open https://duckduckgo.com/html/ - many connections to amazonaws.com :)

> On the contrary, Windows is distributed to many users that do not have the control they deserve on it. Maybe you wanted to write "Google's services" but services cannot be said free/proprietary: https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html

No, I didn't want to say that. I think services can be privacy respecting without having to trust a mid-man. Encrypted peer-to-peer connections, broadcasting, things like that.

> You apparently think it is worth it on your parents' computer.

It is not worth it. It is the least worse. - 2 quite different things.

> That is not correct.

Then I am waiting to see the lines of code with explanation proving that it is incorrect, so that everyone can understand it. So far I read only accusations about how bad my bug report is and about good theories in the articles of various people.

> How should Firefox's telemetry component be called?

Nothing. There shold be no telemetry. I already said that.

> You may agree to show your ID to take a plane but you would not accept nude pictures of you to be taken and published.

You are mixing different things.

1. You don't agree to show your ID because you are free to do or not. It's the law. Supposedly: that is for the safety of society. However as we see that this system is also used for tracking and not always for catching a terrorist. But there is no escape from it. If you want to fly - they must know who you are.

2. No law requires from you to show your nude pics, so that is up to you only. Breaching that privacy would not be good for society.

So these are not levels of privacy but a different forms of non-privacy. Perhaps we are used to introduce a level of privacy based on the degree of harm it may expose oneself to but that seems incorrect and even dangerous because it can be exploited through conceptualization (for the sake of establishing trust and breaking into privacy easier).

> There are levels of security too. And of ease of use. And of performance. Etc. Often, trade-offs between those features (again: they are not freedoms) must be sought. 100% privacy would mean not interacting with anybody. Ever.

That's why I question the whole idea of security through isolation - which is the current model established in computers. But we cannot be secure when we are isolated and the more we isolate, the more we strengthen the conflict. One man cannot live without other people. We are secure only when we are together, one isolated man cannot do anything in this world. But strangely man likes to isolate - separate nations, separate countries, seperate religions, separate this or that. Our whole culture is based on separation which inevitably creates conflict. It is really a big mess.

> We cannot promise you to write bug-free programs. But we can respect your freedoms. Letting you control, individually and collectively, the software you use. Including to fix bugs.

Neither telemetry, nor Ubuntu's case are bugs. Trying to justify these privacy violating things by evaluating them through FSF's 4 freedoms is meaningless. I think I have spent enough time to explain that, so I won't do it again. I hope you don't mind.

> ... You want the impossible.

What I want I have done and it is not based on theories or quotes. I invited you to do something better and to share the results - that would be useful for the community. It is up to you, up to your free time and desire. But merely criticizing my bug reports hardly has any value. You may try to prove verbally whatever you want, provide the best articles from the most respectable sources but that won't eradicate the packets shown by tcpdump. Firefox (and its clones) communicate with hosts without user initiating that explicitly, that is a privacy issue. Chromium developers have confirmed it in a reply from today that nothing should be sent, even though for their browser only a single packet is sent to translate.google.com upon opening of settings - definitely possible to fix. Brave's developers also confirmed that this is a privacy issue. The rest of the results for the browsers I tested are also shared in this thread.

This is my last lengthy post in this thread. I feel like I am writing a book.