Web Browser

162 replies [Last post]
MD. SHAHIDUL ISLAM
Offline
Joined: 10/14/2015

In Trisquel, firefox alternative-> IceCat.
But What is the alternative of Chromium?
Chromium is not a free software?

jules_verne
Offline
Joined: 01/02/2017

I am currently using Palemoon. Can't complain so far... Works pretty well. Maybe you would like to give it a try?

MD. SHAHIDUL ISLAM
Offline
Joined: 10/14/2015

But Palemoon is not free software.

bobstechsite

I am a member!

Offline
Joined: 12/10/2017

Having had a quick look, it seems to be under Mozilla Public License v2. https://www.palemoon.org/licensing.shtml. According to GNU, that's free software: https://www.gnu.org/licenses/license-list.en.html#MPL-2.0

Edit: On closer inspection you are right. In section 1.5 they included the “Incompatible With Secondary Licenses” clause. Due levels of facepalm.

jules_verne
Offline
Joined: 01/02/2017

What a shame.

jxself
Offline
Joined: 09/13/2010

It has the same problem as Firefox, where freedom #2 (the ability to make exact copies) has been limited to non-commercial purposes. https://www.palemoon.org/redist.shtml

https://libreplanet.org/wiki/Libre_Browsers_Libre_Formats#Browsers_that_might_seem_free.2C_but_are_not

https://jxself.org/mozilla_trademark.shtml

Because that loophole is open, it allows room for a derivative to be free but the original version itself would still only have 3 (or maybe 3.5) of those 4 freedoms, depending on how you count.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Indeed. And using the same source, here is the free software status of Chromium (the original question):

Chromium might or might not be free. During the last review, the copyright or license of some code was unclear. It also has a similiar problem to Iceweasel and Firefox in which it links to proprietary plugins. (Chromium should NOT be confused with Google Chrome, which shares a codebase with Chromium but is not free software.)

For details on the license issues, see the "Blocked on" list on the left of https://bugs.chromium.org/p/chromium/issues/detail?id=28291

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> and as a whole Chromium so far seems the most
> privacy respecting browser

As I understand it Chromium has freedom issues, which doesn't surprise me since the project seems committed not to freedom but to ensuring that its proprietary counterpart Chrome benefits from all free software included in Chromium, only including pushover-licensed free software and avoiding the work of free software developers who have used the GPL to protect their labor from exploitation.

Firefox has known issues, but as free software can be modified to remove any antifeatures. Have you tried the same privacy tests on any other Firefox forks? Tor Browser should be the most privacy-respecting. Abrowser should also be better than vanilla Firefox.

> Also looking at most recent issues of Spectre and Meltdown -
> personally I have blocked all JS in chromium.

You are wise to avoid JS.

> Currently I am also looking for RSS reader which won't load any
> JS.

Liferea's internal browser has JS enabled by default, but it can be disbled under Tools->Preferences->Browser.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Could you please explain what freedom issues (apart from the one mentioned
> by me) there are? I have always thought Chromium is FLOSS.

See Magic Banana and Supertramp's posts.

> But I am not a programmer. And it seems no programmer has taken care to
> remove them

I wasn't suggesting that you yourself do it. I was referring to Firefox derivatives, including Abrowser, IceCat, and Tor Browser. From reading your bug report, it appears that Mozilla is unwilling to make the reasonable change you requested. However, the three browsers I listed are more likely to address the issue if brought to their attention. It sounds like you've already done this for Icecat and gotten a promising response. I suggest doing the same for Tor Browser. If the data is not sent through the Tor network or contains identifying data then it is deanonymitizing and I'm sure they would take it seriously.

> yet the vendors claim it is free software respecting privacy

There are two claims in there, as freedom (in the software sense) and privacy are to important but separate issues. I agree that Firefox does not adequately respect privacy, but it is free software which is why it is possible to create Firefox derivatives that improve the software with respect to privacy. You've found one issue that has not yet been fixed in Icecat, Abrowser (I just checked), or Tor Browser (more info needed to know if deanonymitizing in this case) but there is nothing stopping them from fixing the issue now. If Firefox were proprietary no one would be allowed to fix any of these issues.

> Perhaps I need to find an command
> line tool or get rid of RSS totally...

I recently started using newsbeuter. It's very easy to configure. Run it once to generate ~/.newsbeuter/ and save a list of links to feeds as ~/.newsbeuter/urls.

> ETA: FWIW this whole thing makes me question the FOSS software as a whole.

It is possible for free software to include antifeatures, and it's true that community control over the software doesn't immediately eliminate all antifeatures. However, at least it is possible to audit and improve the software. With proprietary software we are truly at the developers mercy and only have their word that the software contains no malicious functionality. It's similar to how science works. It is possible for a study to be flawed or for results to be forged, but if the research is public and subject to peer review it is possible to refute falsehoods, which also incentivizes researchers to be accurate and truthful in the first place. If scientists were allowed to keep their methedology a secret so that no one could attempt to replicate their results we would simply have to trust what they say is the truth. Public information, whether it is code or any other kind of information, is not necessarily perfect, but it is far more reliable than privatized information.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

There are two claims in there, as freedom (in the software sense) and privacy are to important but separate issues. I agree that Firefox does not adequately respect privacy, but it is free software which is why it is possible to create Firefox derivatives that improve the software with respect to privacy.

Well said. heyjoe raises interesting privacy concerns. It is unfortunate he pretends they are freedom issues. They are not. That makes his arguments look bad, including on Mozilla's bug tracker:

It is a shame that generally a useful technical investigation is made all but useless by waving "freedom 0" around here. Your freedom is about the user using the program in any way you like - not having the program or the vendor DO exactly what YOU what. Hence the other freedoms to achieve that.
https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c16

https://www.gnu.org/philosophy/imperfection-isnt-oppression.html starts with:

When a free program lacks capabilities that users want, that is unfortunate; we urge people to add what is missing. Some would go further and claim that a program is not even free software if it lacks certain functionality — that it denies freedom 0 (the freedom to run the program as you wish) to users or uses that it does not support. This argument is misguided because it is based on identifying capacity with freedom, and imperfection with oppression.

The issues heyjoe raises are not lacks of capabilities but undesired capabilities or, to be more precise, capabilities whose side effects (potential spying) makes them undesirable. Yet, the same rationale applies. Ubuntu's spyware was a similar issue (although worse imho: even the main goal of the capability was not laudable) as those heyjoe points. The conclusion of https://www.gnu.org/philosophy/ubuntu-spyware is not that freedom 0 is tainted. Not at all. It is:

What's at stake is whether our community can effectively use the argument based on proprietary spyware. If we can only say, “free software won't spy on you, unless it's Ubuntu,” that's much less powerful than saying, “free software won't spy on you.”

Another problem, that https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c14 clearly states, is that Firefox/Chromium's bug tracker is not the place where policies are discussed. They are places for specific technical issues. And heyjoe does not seem to understand even simple technical explanations (e.g., that the check box "Allow Firefox to send technical and interaction data to Mozilla" switches datareporting.healthreport.uploadEnabled and that, once "false", all "telemetry" configs become moot: no telemetry is sent).

Finally, I do not understand heyjoe's conclusion, in this thread:

Mozilla seems not to care at all. Chromium developers replied much more sanely and as a whole Chromium so far seems the most privacy respecting browser

On Mozilla's side he got an invitation to argue for policy changes in https://lists.mozilla.org/listinfo/governance and several statements like:

No user should ever have to go into about:config to do anything as important as preserve their privacy. We take user control and user privacy too seriously to hide it away. It's the reason we have such rigorous review on the data we _do_ ask to collect, and the reason we only collect anonymous usage statistics
https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c4

On Chromium's side:

I guess your feature request boils down to "Create a setup in Chrome such that not network communication happens in the background." I acknowledge this feature request but don't think that it is very likely to become a priority soon.
https://bugs.chromium.org/p/chromium/issues/detail?id=795526#c2

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I see a big danger in this. It implies that free software can be
> malicious to the user and still be called free software.

You make a similar point to the one RMS makes in the Ubuntu article Magic Banana linked to, which I encourage you to read if you haven't already. It is for this reason that he suggests people shun Ubuntu, while acknowledging that they had not infringed on user freedom to modify the software, which is why Trisquel was able to remove the spyware features. I was not defending Mozilla's privacy violations by calling it free software. I was clarifying the terms we are using so that our criticisms are accurate.

> normally free is a
> associated with ethical, so that is the expectation.

Freedom (in the general sense) is an aspect of ethics that in my view does include privacy. However, because RMS coined the term 'free software', it is generally associated with his definition, which is very specific.

> That's why I mention freedom 0 in the comments.

Again, RMS's definitions are very specific, and I think you misunderstand his definition of freedom 0. If I give you a shovel that is too long for you to use comfortably, perhaps you can not use the shovel as you wish in its current form. It may seem that this infringes on freedom 0, and you may get frustrated if I were to refuse to make the shovel shorter. However, I am simply refusing to perform labor I do not wish to perform. I would be infringing on freedom 0 if I told you that you may only use the shovel with certain kinds of soil during certain hours of the day and that anything valuable you find while digging you must give to me. I would also be infringing on freedom 1 if I told you that you may not shorten the shovel, freedom 2 if I told you that you may not lend the shovel to your friend or create a new shovel for her, and freedom 3 if I told you that the new shovel you create for her may not be better than the one I gave you.

I'm not trying to get too semantic on you. I just want to clarify the definition of freedom 0 because I think you had a very good point in the Mozilla thread and it was unfortunate that they jumped on your misuse of the term as a way to derail what youwere saying.

> The other question is - how come an average nobody, not even a
> network expert, could make such a simple test (which seems
> essential and fairly easy to my mind) and professional top
> programmers or sysadmins never did that

Whether they never

> words creating the impression of absolute
> cleanness in which the user can be completely safe, like a baby
> in the hands of a good loving mother.

It is a mistake to think that way. Free software is less likely to be malicious that proprietary software because a community of many people who may review the source code is less likely to conspire than a single party, and because malicious functionality may be removed by community members with the knowledge and time to do so. However, that does not mean you should blindly trust free software. Healthy skepticism is part of the process by which a community can find faults with and improve software. If Mozilla won't make the improvement you suggest and you lack the knowledge to do it yourself, you can approach a more privacy-minded Firefox derivative like Icecat (as you have done and got a positive response), Abrowser, or Tor Browser.

> How can a
> free/libre thing be "respecting your freedom" if it contains a
> product which connects to Amazon, Akamai etc. on first run,
> without even asking you or without even telling you that it will
> do that?

This is a huge privacy concern, and I consider privacy to be a freedom in the general sense of the word. Again though, in the context of software 'freedom' is associated with RMS's four freedoms, and that is what we mean when we call something 'free software'. That does not mean that we shouldn't critize Mozilla if they do something that tarnishes the reputation of free software

> I have read some threads with lots of criticism about
> Purism, about how they carefully structure the language to create
> the impression of cleanness, security and safety.

Even with Purism, it is important to be accurate in our criticisms. When Purism claims that they use a completely libre BIOS they are being dishonest, but there is nothing wrong with them claiming that their Debian-derived distro PureOS is libre because it is, and they can be commended for creating a libre distro without defending their claims about their BIOS. Similarly, Mozilla is telling the truth when they describe Firefox as 'free software' (meaning software that respects the four freedoms) but it appears that they do not respect privacy as well as they claim.

> different? It is either clean or not clean. We cannot mix clean
> water and dirty water and advertise that it is clean water.
> Otherwise the words free and ethical are already polluted and we
> need new words, which in turn will get polluted too etc. I wonder
> if I am making myself clear :)
>
> the company
> "respecting user privacy" would rather send me to talk to another
> one who doesn't care.

If you are referring to the fact that the Mozilla representative tried to refer you to someone else, I believe that is because a bug report is not the place to request a policy change. You wouldn't go to an Apple store and demand that one of the employees make Apple stop using sweatshop labor to create their iPhones. The best they could do is refer you to someone higher up, not that they would necessarily care either.

> I have uninstalled
> Firefox, to me it is that simple. When one sees a venomous snake
> one doesn't argue with it - one stays away from it, doesn't one?

There were already reasons to use a privacy-minded Firefox derivative rather than vanilla Firefox. You've discovered another one, and I'll bet that if you bring this issue to the attention of the Abrowser and Tor Browser developers they will be willing to clean up after Mozilla as they already do. However, switching to Chromium because one of their developers told you what you wanted to hear (the Mozilla developer who referred you to someone who had some control over the policy was actually being more helpful) is not a good solution. When it comes to privacy, no company has a worse track record than Google. Mozilla is flawed, but not nearly as bad. You're much better off with a privacy-minded Firefox derivative. Honestly, if you really care about privacy Tor Browser is your only option. You can't have privacy without anonymity.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I understand that (even without the excellent shovel example) and
> I am questioning the effect of it because accompanied by talks
> about ethics and non-harmfulness 1) that creates the false
> implication of something friendly, safe etc. 2) people easily
> 'buy' free/safe/secure things. In other words - it can be
> exploited quite easily.

Yes, I agree with your point, and it's similar to RMS's point which I why I suggested the article, not because I thought were unware of the Ubuntu issue itself. My only point is that "This Firefox antifeature is an invasion of privacy" will be a more effective argument than "The fact that this feature can't be disabled without editing the source code violates freedom 0."

> Of course. That's why it is essential that not only Ubuntu but
> browsers should also be exposed. I find it disturbing that IceCat
> was released by people who are so strict and critical to ethics.

It sounds like RMS took your report seriously and I believe they will fix it.

> I would be interested to read that claim as I haven't found any
> explicit evidence of it. They don't claim anywhere they use
> Libreboot but it seems to be a forthcoming step in future:
> https://puri.sm/learn/freedom-roadmap/

I don't want to get too sidetracked talking about Purism here, but they don't claim to use libreboot. On the page for their latest Librem laptop they imply that the laptop is entirely libre but to not disclose what BIOS they use. I found another page on their website acknowledging that they use coreboot but erroneously claiming that coreboot is completely libre, when it contains proprietary blobs. There is also a near-zero chance that Purism will ever use libreboot, because post-2010 Intel chips will probably never be supported. If Purism claimed that they plan to use libreboot I would be skeptical, but I'm not aware of them having made that claim.

> I don't know how to test Tor Browser with tcpdump due to the
> specific way it connects to the network.

I don't know either, but I would contact them with your Icecat results (since both Icecat and Tor Browser are based on ESR) and ask them if they are aware of the issue and whether it affects Tor Browser.

> As for Abrowser - I
> can't find it on openSUSE's repos, neither I find it by DDGing
> for it. Where can I download it?

Abrowser is from the same developer as Trisquel. It is the default browser in Trisquel and the Trisquel-derived Uruk. I'm having trouble finding it via DDG too because there is apparently an IE-based browser by the same name. I don't have time to look further right now but will get back to you.

> Or
> can you show a test which demonstrate that Chromium leaks data to
> Google? Or any other freedom related issue?

Most of what I know about Chromium comes from what Magic Banana and others have shared on this forum, including in this thread and others, regarding why Chromium is excluded from Trisquel. Magic Banana's link in this thread is on its own reason enough. The bug Supertramp links to is apparently closed but alarming. I understand that Chromium is currently being investigated by jxself, so perhaps a libre build will be possible in the future, but until them I'm not going to trust the Chromium developers to declare that their software is libre given (1) the material Magic Banana links to and (2) the fact that they have no real incentive to care about freedom and only even attempt to meet the weaker "open source" definition for strategic reasons.

> As for Firefox again: of course is free in the "legal sense"
> (just like Ubuntu) but if one prides oneself to be an integral
> part of an organization which respects user privacy it is
> absolutely unacceptable to:

Ubuntu is not quite as free in the sense that Firefox is, since it contains and recommends proprietary software (see https://www.gnu.org/distros/common-distros.html), where Firefox recommends but does not contain proprietary software, but I agree with your overall point.

> Due to all this I am reluctant to use any product by Mozilla.
> Still we use it on our phones because otherwise we would have to
> use Google Chrome (as I don't know of Chromium for Android).

I'm about to get a little off-topic, but if you are using Android you might consider switching to Replicant (if you are okay with aquiring and using an older device) or LineageOS (not 100% libre like Replicant but much better than Android and supports more devices than Replicant). I have a Replicant phone that I only carry when I absolutely have to and never use for browsing the web, so I haven't really looked into what its default browser is based on. It isn't Firefox, and it is definitely not Chrome, but it may be Chromium-based. If you live in North America you might want to look into JMP (https://jmp.chat) as an alternative to carrying a cell phone at all.

> If one is not extra careful, even through
> Tor one can expose a traceable pattern.

No, Tor is not foolproof and anyone who uses it should read this first (https://www.torproject.org/download/download-easy.html.en#warning) but using it responsibly is better than taking no steps to preserve your anonymity, or in the cases where you do identify yourself, by logging into an account for instance, to prevent your location from being revealed or having your traffic associated with other activities you do wish to be anonymous.

> I think they are different things. When you go to your home you
> have privacy. You can have a private conversation with someone in
> a public location. That doesn't mean you need to hide your face
> or remove the name from your front door in order to do that,
> right?

They are indeed different things, but one is a precondition for the other in many situations. Your home analogy doesn't apply well because use of the internet is a public interaction that is not confined to your personal computer. Having a private conversation in public is a better analogy, so let's go with that. In that case, assuming you are not being eavesdroped on, you do not need to cover your face to have privacy from a third party, but you would need to cover your face to have privacy from the person you are talking to. Why would you want to do this? Suppose you want to receive information from this person without giving them any information about yourself. This is perhaps not a common situation on the street, but very common when browsing the internet. The act of communication inherently requires giving some information, and in some situations the only way to complete the exchange without the other party learning something about you is if they don't know who the information is coming from. Of course, if the information is unique enough you may be 'unmasked' even while your face is hidden, which is why it is also important to avoid providing identifying information, leave JavaScript disabled, and refain from changing the default Tor Browser configuration in a detectable way. Back to your private conversation analogy, there is also 'eavesdropping' on the internet and using Tor can help protect you from that, although again it is not foolproof. Here's a good link (https://www.eff.org/pages/tor-and-https). Forgive me if you already know about all this.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

I don't have time to respond to everything here right now, so I'm going to respond to the simple stuff now and get back to you on the complicated stuff later.

> Maybe the 4 freedoms are not enough and we need a new form
> of evaluating qualities which considers the deeper issues of
> today.

What's wrong with just calling it "privacy"? Privacy is important enough on its own that I don't think we need to reframe the discussion in ways that might cause confusion.

> If you have Trisquel you could probably repeat the test for
> yourself and share the result.

From your bug reports it sounds like you had two findings. The first was the logs in ~/.mozilla, which I can confirm exist in Abrowser. I briefly attempted your second test, but the command immediately exited and /tmp/tcpdump.log was not created, so I must have done something wrong. I will figure it out when I have more time.

> Now you have actual facts from tcpdump too :)

According to your bug reports neither Firefox nor Chromium passed this test, so I don't see how it is an argument for either.

If I understand correctly, your test creates a lower-bound, not an upper-bound, on what data is sent. It doesn't seem to prove that no additional data is sent by Firefox or Chromium during browsing, just that this data at minimum is sent on startup.

> It seems invalid because current version of Chromium doesn't do
> what that bug describes.
...
> This is a valid concern but the question is: why would you trust
> a "free software" which sends packets to Amazon etc. or would you
> use one which is weaker (OSS) but shows better privacy?

I said that it had been closed, but it's alarming that it ever happened. If Chromium were downstream from Chrome it could have been something implemented in Chrome that Chromium developers simply did not notice. However, Chrome is downstream, so this was apparently intentional. That makes me unwilling to trust Chromium developers that there there are no similar issues in Chromium not yet discoved by the Debian community. However, right now I am more concerned with the issues linked to by Magic Banana, since they are active and haven't been adequately addressed after several years.

> but considering that Replicant is not 100% deblobbed

Replicant, the operating system, is 100% libre. You are likely referring to the modem or bootloader that the device itself uses regardless of what operating system it runs.

> Maybe we can rather
> wait for the Librem 5 phone? :P

Maybe the emoticon there was meant to indicate that this is a joke, but since I'm not familiar with Purism's phones I took a quick look at the page on their site (https://puri.sm/shop/librem-5) and just sighed. I don't have time to pick the whole thing apart, so I'll just focus on the big lie "Does Not Track You". If pressed in the matter, I'm sure they'd say that only the main operating system PureOS (like Replicant) does not track you, but they're clearly trying to imply that the phone itself won't track you, which it will whenever the modem is turned on. A kill switch for the modem is a good idea (the Neo 900 will have kill switches too) but most people will choose to leave it on so that they can receive calls. I hope anyone who buys this phone is informed that they must turn the modem off to avoid being tracked.

I suggest looking into JMP if you live in North America (unfortunately it is not available elsewhere yet). It allows you to send and receive calls/texts from a device that has no modem, so that you can actually avoid being tracked. For now you have to rely on being in range of WiFi, although the main developer Denver Gingerich is now working on a radio mesh that if adopted by enough people in year area would allow you to use JMP without being in range of WiFi. That's at least a few years out though.

> One problem which I see is that one cannot use login-based sites

In this case the advantage of using Tor is that you do not reveal your location. This is especially important if it is a site or account you use frequently (like an email provider) as otherwise they can track you to the point of detecting behavioral patterns.

> you need an email
> address (or phone no.) to create a login

You can you a temporary email address that self destructs when you're done with it (see link in next point).

> 2) I cannot find any
> email service provider where one can register for free without
> javascript.

Here is a good resource that also links to some disposable email address sites that do not require proprietary JavaScript. https://www.fsf.org/resources/webmail-systems

> We hate to give information yet we want to
> receive freely available one.
...
> How is that different from what PRISM does?

Asymmetrical protections are warranted when one party has much more power than the other, and when one of those parties is an individual and the other is a corporation, human rights only apply to the individual. We can't really harm, manipulate, or profile Google, Amazon, Facebook, Apple, even Mozilla, with the information we get from using their websites, browsers, or other software. However, they can do a great deal with the information they get from use. Moreover, they have the power of aggregating data about many users, while we don't have the power to aggregate data about many browsers, for instance. And finally, while the individuals who work for these companies deserve privacy and we are not entitled to their personal information, the corporations they work for are not people (sorry Mitt) and are not entitled to human rights. This is why I think it was reasonable for you to request in your bug reports that Google and Mozilla not collect or send your personal information, even though you benefit from receiving information through their browsers.

> The other day I've been thinking about a new way of
> communication. A new network if you will. AFAIK UDP does not
> require response from the other peer. So in that sense: what if
> we have a network of anonymous UDP peers sending encrytped info.
> It will be available to all other nodes but only those which know
> how to read it (the recepient) will be able to. Of course this is
> just a very rough concept but maybe worth considering... Share
> your thoughts please.

I'd be very interested to hear more about this but don't have time to ask follow-up questions at the moment.

> Thanks. I find it amusing that the page ask to enable Javascript :)

You are right not to have Javascript allowed by default. On this particular page the Javascript is free software, so if you don't trust the EFF you don't have to. You can inspect the source code yourself or show it to someone else with more knowledge.

Or better yet, screw JavaScript. If you don't care whether the page is interactive and don't mind an extra minute to collect the information, the urls to the four images can be found in the text following the JS message (you can often navigate JavaShit heavy sites this way. It works especially well in a command line browser like lynx or elinks). If you haven't already done this, here they are:

No Tor and No HTTPS: https://www.eff.org/files/tor-https-0.png
No Tor and HTTPS: https://www.eff.org/files/tor-https-1.png
Tor and No HTTPS: https://www.eff.org/files/tor-https-2.png
Tor and HTTPS: https://www.eff.org/files/tor-https-3.png

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

Just a heads up that the way you've started quoting text does work in the mailing list making this very difficult to read.

> Nothing wrong at all. I just wanted to accent...

I think we basically agree here. I brought this up to explain why invoking 'freedom 0' was not effective in the Mozilla thread, and we're past that.

> Hence my idea about a new network.

This is probably worth starting a new thread over.

> You can also try wireshark.

Will do.

> That is in no way different from Ubuntu's case or from Mozilla's telemetry.

Yes, I avoid Ubuntu and Firefox as well. I use modified versions (Trisquel and Tor Browser) by more privacy- and freedom-friendly developers. I would also be open a similarly modified version of Chromium but am not aware of one.

> Chromium does not send packets to any third party on startup.

Am I missing something? You filed a bug report because it does, right?

> Why are you more concerned about licensing while your browser is sending packets to company X, Y, Z?

I am concerned with both. While software freedom and privacy are two different issues, lack of software freedom makes it easier for software to abuse its users, including by invading their privacy. I would be interested to know what packets are sent from Tor Browser and how. If they contain no identifying information and are sent through the Tor network then they do not invade my privacy because the information has nothing to do with me and no one knows it came from me. Of course, I would feel more comfortable with it not being sent at all, but it's certainly not worth switching to Chromium over.

I suggest that you approach the Tor developers as you have with Mozilla, Google, and RMS. I can do it myself if you don't have time, but you'd be able to do it much more quickly because you've already learned how to run these tests and articulate your findings.

> Purism's phone...
> It is still not produced, so nobody can possibly evaluate it.

If the device connects to the cell network, we do not need to evaluate the device to know that it will track you.

> But from what I know there will be complete hardware separation between the modem and the rest of the system. So you can use it as a pocket libre computer, hopefully without any coreboot or whatever firmware blobs, otherwise it won't be much different from a Samsung + Replicant.

If they made a pocket libre computer with no modem I'd be fine with them saying it doesn't track you. If it's a phone it does. Good modem isolation can limit the amount of information that your modem accesses, but the modem only needs to connect the cell network for you to be tracked.

> So basically the only tracking will be possible through the location of the phone based on nearby mobile stations (which perhaps cannot be avoided if one wants to talk to anybody).
...
> I don't but thanks for the info. What you describe is similar to Librem5.

No, it's completely different. I won't lengthen this message by explaining JMP since you don't live in North America and the information won't benefit you right now, but unlike what Purism is proposing, JMP requires no modem or connection to the cell network. Purism's marketing for their phones hasn't really been on my radar until now, but many people are already ignorant of the issues with cell phones and Purism could do some real damage if they spread misinformation just to sell their product.

> FB (and many other sites) won't allow you to sign up/in with a disposable email address (they seem to recognize the domains).

As an experiment I tried making a Facebook account through Tor with a disposable email address. It rejected the first domain I tried but accepted the second one. However, it eventually wouldn't let me advance without uploading a picture of my face, at which point I gave up. Anyway, the fact that Facebook rejects some disposable email address is far from the only reason to avoid Facebook. I avoid any site that prevents me from accessing it anonymously.

> I can't find any site which gives disposable email without JS, so there is still no possibility for complete untraceable anonymity

The one's linked to from the FSF use libre JavaScript. If you don't trust the FSF's evaluation of the code, you can review it yourself or find someone who can. JavaScript is a programming language like any other. Avoiding every single instance of JavaScript is unnecessary. We don't need to avoid every single instance of C just because some proprietary and/or malicious software is written in that language. Unless the JS on those sites compromises anonymity (which it might. I never learned JavaScript and have not audited the code, relying on the FSF's judgement) it is not an obstacle to anonymity.

> So far I haven't found a single online service provider who can guarantee a clean and completely tested system

Sure, really the only way to be certain is to use your own server. But if you can't do that, some are certainly better than others. You're right that parts of the FSF page are out of date. Here's some recent discussion of email providers on this forum, if you're interested.

https://trisquel.info/en/forum/what-service-do-you-recommend-replace-openmailbox
https://trisquel.info/en/forum/posteo-vs-tutanota-vs-openmailbox

> we still need to communicate with the majority who use PRISMed services and have no idea what end-to-end encryption is.

Totally.

> So considering the mid-man is always flawed (in one way or another) and that end points are already infected, freedom/privacy for one's own computer becomes a petty little affair.

If you are freedom- and privacy- focused you can greatly mitigate risk and harm to yourself. The fact that we can't at this time perfectly solve every problem does not make those actions petty.

> My previous comment was... Our current approach to security is through isolation and isolation itself creates separate conflicting sides.

I basically agree with your point about isolation, but feel like it's a stretch to apply it to what we are talking about. It comes across as if you are trying to dismiss the importance of anonymity by arguing that privacy is antisocial. I'm sure that this is not what you mean, since you obviously care about privacy and it was the fact that Chromium and Firefox were transmitting information that you wanted to keep to yourself that got you involved in this thread.

> It is amazing how very few good designed sites are out there.

Right?! I see otherwise static pages that make navigation impossible without JS by using cute buttons that look identical to an image with a link, because why? You aren't getting your money's worth unless the web developer you hire uses JS in your ugly webpage? You're afraid that if your page loads too quickly people won't have time to emotionally prepare themselves to have to click 8 more links to find the information they were looking for?

What I'd like is a browser that has no JS by default, and when you visit a page with JS it says

"asshats.com would like you to install
- nonsense.js (proprietary license, no source code available)
- slightly-more-ethical-nonsense.js (GPLv3, view source code)
Would you like to install this software?"

That way sites wouldn't be able to control the narrative with crap like "Whoops! we think you're a bot because you aren't letting us install something on your personal computer. Maybe your browser sucks? Try installing a *modern* browser like Google Chrome. Remember kids: don't jailbreak your device and don't use encryption. Without us you wouldn't know what to buy!" "Aw, shucks. I don't want to have an Incomplete Browsing Experience(tm). Better enable this futuristic JavaScript so that Facebook can manipulate my dopamine levels and more efficiently insert itself into my personal relationships. I know, I know, but it's just so convenient!"

https://nonfree.news/2017/10/27/full-stack-developer-discovers-language-that-isnt-javascript

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

Ugh. I spent a long time writing a message and then accidentally deleted it. I can't afford the time it would take to fully reconstruct it, so this will not be the full response that many of your points deserve.

The forum is mirrored to a mailing list which you can join here: https://listas.trisquel.info/mailman/listinfo/

I understand that the forum is being reworked. In the meantime, to ensure that forum posts are readable for mailing list users, avoid relying on html for coherence and update your comments by replying to them instead of editing them.

If you want to start a thread that will be of interest to people here but that you are afraid is too far off-topic from Trisquel, the Troll Lounge is good for meaningful but off-topic discussions.

Although Tor Browser is as libre as Firefox and more so than Chromium, the reason I use is for privacy. I agree that we *shouldn't* need anonymity to protect our privacy, but right now we do. If Tor Browser sends the same data Firefox does and it is either deanonymizing or not sent through the Tor network then that is a serious bug. (If you find that this is the case, I'm sure it can be addressed if you report it here: https://trac.torproject.org/projects/tor) However, if the data is not identifying and is sent through the Tor network than it is irrelevant as far as privacy is concerned, eliminating Chromium's advantage on this one point. When it comes to other potential privacy issies, I see Chromium as far more risky than Tor Browser. In many situations on the internet the only way to protect your privacy is to avoid them entirely, or engage with them anonymously. The former option is crippling, and more isolating than the latter. Outside the context of the issue you are testing among browsers, Google and Chromium have a far worse track record than Mozilla and Firefox, and while Tor developers have an incentive to find and fix privacy issues from Firefox, Chromium developers have an incentive to create as many privacy issues as they can get away with and only have an incentive to remove them after they get caught and if there is enough outrage. Unless Firefox has an extraordinarily massive flaw we are unaware of that cannot be fixed in Tor Browser, the hypothetical privacy gained from switching to Chromium, assuming it is better overall than Firefox in situations outside of the one you are testing, is far less than the actual privacy lost by failing to protect my privacy from many parties, not just Google and Mozilla, with anonymity.

I understand your point about this not being a long-term solution. Many of your points are about identifying things that are not long-term solutions, and that is valuable because without long-term planning the good guys have no chance of winning. However, if the bad guys win anyway then all that will have mattered is mitigation of the harm to our lives, our communities, and the people we care about, so I do not consider mitigating actions petty. We have to do both.

As you point out, the best long term solutions are those that replace important but harmful technologies, rather than isolate ourselves from them. Just as important as the new technologies is a path toward transitioning from the old technologies. I see Denver Gingerich's work with JMP and WOM to be a very promising plan. It is already possible to use JMP to send and receive texts and calls without a SIM card. No need to choose between isolating yourself and being tracked. Having integrated with the cell network, the next steps are to create advantages to using JMP over connecting the cell network directly, and finally replace it. Good old EEE. Thanks Micro$oft. Diaspora takes a similar approach with respect to Facebook, but I am more skeptical of it. I have some ideas about ethical and pracical social media that I am still organizing and are outside the scope of this thread.

As for JavaScript, you are right to avoid it when you can. However, no individual can review every line of code in all software they use, whether it's JS for a disposable email address or the Linux kernel. JavaScript is unique in that many people install JavaScript programs everyday with out knowing it (hence my suggestion for how browsers could better frame the issue for uninformed users), but if you are as cautious about installing software written in JavaScript as you are with any other software it is no worse than C or Python. This is a good essay that probably won't tell you anything you don't already know about the problem but has some good insight as to possible solutions: https://onpon4.github.io/other/kill-js

> even with the risk of my scepticism being considered close to insanity :)

You aren't insane. The world is. That said, don't let perfect be the enemy of the less-awful-option-until-we-maybe-solve-the-problem-for-real-one-day.

I didn't touch the capitalism stuff because at some point thread has to start winding down. :) I'm really interested to hear your results with Tor Browser, and I really apprecitate the time and energy you're putting into this. As for some of the other issues we've touched on, they might be better explored in new threads. I look forward to hearing more from you in this forum.

calher

I am a member!

Offline
Joined: 06/19/2015

> > The one's linked to from the FSF use libre JavaScript...
>
> I know that. I also do a little JS programming myself but that is not
> important. LibreJS is just as good as 'free software' which may send packets
> to Amazon. I don't see myself auditing every JavaScript code on every
> non-chached HTTP request just because it is open for evaluation. So this
> basically still comes down to enforcing trust. The more I look, the more I
> think we need a technology which does not in any way require from a layman
> user to trust anybody. Maybe we should open a new thread.

Yes, JavaScript management is still broken and needs a solution.

The simplest solution, according to the FSF (and I agree) is to package
all the JavaScript for a given site as its own WebExtension, and package
that WebExtension for a given distro in that distro's package manager.
Package managers already provide extensions for other programs, such as
Pidgin, Emacs and Firefox.

This would complement/go in line with already-existing WebExtensions
which do almost the same thing. What is being proposed is basically a
more thorough version of things like Reddit Enhancement Suite.

apt install webjs-lutim
apt install webjs-vault
apt install webjs-modernpaste-fedora
apt install webjs-liberapay
apt install webjs-etherpad-riseup
apt install webjs-ytdlweb-youtube

--
Caleb Herbert
OpenPGP public key: http://bluehome.net/csh/pubkey

ADFENO
Offline
Joined: 12/31/2012

Please note that we discussed client-side software so far, not database
nor server-side software. ;)

2018-01-20T11:47:55+0100 name at domain wrote:
> Imagine a billion websites submitting a billion web extensions to each
> and every distro and requiring each user to install them (especially
> in a browser which doesn't support WebExtensions). But why stop there?
> Let's also distribute the full backends and DB skeletons of the
> websites as packages in distros! Then the user can install the website
> on their own machine and be absolutely sure that everything is
> FSF-compliant. After all - that is "The simplest solution". :)

calher

I am a member!

Offline
Joined: 06/19/2015
ADFENO
Offline
Joined: 12/31/2012

And it's where these basic websites for paying bills get the most focus
of web-vandals, because these websites have automatic client-side
software being forced to end-user which just want to "get the bills
paid".

What you should do instead is contact the website owners and tell them
to change to a solution which doesn't require any client-side software
besides a browser with HTML and CSS support and no JS, extensions nor
plug-ins. If you are not a programmer or not a web developer, tell them
to contact libreplanet-discuss (this forum, trisquel-users, isn't for
this kind of requests unfortunatelly), with more and more people doing
the same for a given company they will eventually give it a try, if they
ignore you, you have a reason to not use their disservice anymore. ;)

2018-01-12T01:17:01+0100 name at domain wrote:
> What's wrong with just calling it "privacy"? Privacy is important
> enough on its own that I don't think we need to reframe the discussion
> in ways that might cause confusion.
> Nothing wrong at all. I just wanted to accent on the fact that for
> people privacy (as a form of personal security) is more important then
> the ability to inspect/change/redistribute. That's why I think we need
> stronger criterion when evaluating the quality of software (or
> hardware). As discussed here, just being free (in the FSF sense) is
> obviously not enough and with the state of what is happening in the
> world we need new things. Hence my idea about a new network.
>
> I will figure it out when I have more time.
> You can also try wireshark.
>
> It doesn't seem to prove that no additional data is sent by Firefox or
> Chromium during browsing, just that this data at minimum is sent on
> startup.
> I don't know what lower/upper-bond means but the very fact that any
> browser which sends these packets without the user initiating
> explicitly that communication is enough for me to mark it not privacy
> respecting and not consider it for further testing. Of course you are
> right - we need to test how it works during browsing. Perhaps the best
> thing to do would be to keep it simple - e.g. opening remote txt or
> html without scripts or extensions and looking at tcpdump. Let me know
> if you have any better idea.
>
> I said that it had been closed, but it's alarming that it ever happened.
>
> That is in no way different from Ubuntu's case or from Mozilla's
> telemetry. In such scenario, when flaws are all around, all we can do
> is look at facts as they are right now: Chromium does not send packets
> to any third party on startup. Konqueror sends no packets at all on
> startup but has other issues as it seems.
>
> However, right now I am more concerned with the issues linked to by
> Magic Banana, since they are active and haven't been adequately
> addressed after several years.
> I am honestly having a difficulty in understanding what you
> mean. Aren't they primarily licensing issues? Why are you more
> concerned about licensing while your browser is sending packets to
> company X, Y, Z? Please explain as I may be missing something.
>
> Replicant, the operating system, is 100% libre. You are likely
> referring to the modem or bootloader that the device itself uses
> regardless of what operating system it runs.
> Exactly.
>
> Purism's phone...
> It is still not produced, so nobody can possibly evaluate it. But from
> what I know there will be complete hardware separation between the
> modem and the rest of the system. So you can use it as a pocket libre
> computer, hopefully without any coreboot or whatever firmware blobs,
> otherwise it won't be much different from a Samsung + Replicant. Also
> from what I have heard, it would be able to use the mobile network as
> a pipe, to make encrytped phone calls. So basically the only tracking
> will be possible through the location of the phone based on nearby
> mobile stations (which perhaps cannot be avoided if one wants to talk
> to anybody).
>
> I suggest looking into JMP if you live in North America
> I don't but thanks for the info. What you describe is similar to Librem5.
>
> In this case the advantage of using Tor is that you do not reveal your
> location. This is especially important if it is a site or account you
> use frequently (like an email provider) as otherwise they can track
> you to the point of detecting behavioral patterns.
> Sure. You can probably even use Facebook anonymously but FB (and many
> other sites) won't allow you to sign up/in with a disposable email
> address (they seem to recognize the domains). I know the FSF page
> which you linked but it seems dated. From all the recommended ones
> only safe-mail.net seems to work without JS but it requires a current
> email address and I can't find any site which gives disposable email
> without JS, so there is still no possibility for complete untraceable
> anonymity. As for Kolabnow - I have been in touch with these guys and
> asked them if they have cleaned their systems from Intel ME,
> proprietary BIOS, what is their approach to quantum resistant security
> etc. The answer was "We are still learning to ride the bike" and some
> advertising that they use only FOSS. I explained further that security
> at ring 0-3 means nothing when a system is flawed at ring -3 and they
> told me the would forward my concerns to some operations
> department. ProtonMail's answer was even worse. So far I haven't found
> a single online service provider who can guarantee a clean and
> completely tested system and without that there can be no privacy,
> regardless of how deep the server may be buried in the Alps (or
> wherever). And considering the most recent side-channel bugs, things
> are really out of hand, globally. I think it is a much bigger problem
> than cleaning up ones own machine(s) as we still need to communicate
> with the majority who use PRISMed services and have no idea what
> end-to-end encryption is. So considering the mid-man is always flawed
> (in one way or another) and that end points are already infected,
> freedom/privacy for one's own computer becomes a petty little affair.
>
> Asymmetrical protections...
> My previous comment was about your example of 2 people having a
> private discussion in a public place and one of them hiding his
> face. My point was: that is unnatural and will never work, it will
> always lead to conflicts. Our current approach to security is through
> isolation and isolation itself creates separate conflicting sides. So
> we cannot be secure through isolation. We are naturally secure when we
> are together - when we think together, work together, share
> together. I am not proposing communism (that's an illusory ideal which
> didn't work) but perhaps we need to fix ourselves as species first,
> not technology (which is just the product of what we are). Just
> thinking...
>
> Thanks for the links to EFF's images. I enable JS in private mode
> (i.e. temporarily) for individual sites when it is absolutely
> necessary (e.g. to pay some bills) and for my local web server on
> which I do some front-end web dev. But as a whole I browse with JS,
> cookies and 3rd-party images and CSS blocked. It is amazing how very
> few good designed sites are out there. Most of the web is really
> terrible, just like the increasing length of my posts :)

ADFENO
Offline
Joined: 12/31/2012

> When you quote automatically whole (especially lengthy posts) it is
> difficult to follow what exactly you are commenting on (without

Sorry, I'll do trim-posting now. :D

> I have sent this using the Contact link on this site. No reply so
> far. No fix either. Hopefully someone will look into it.

I tried to look it up, and it doesn't seem that your issue was sent
using the issue tracker, so I made this one:

https://trisquel.info/en/issues/23884

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>It seems invalid because current version of Chromium doesn't do what that bug describes.

It's a matter of trust. If you still trust them after something like that, your trust is easy. Mine is very difficult.
If you believe it was an unintentional bug then I would go so far as to call you gullible.

-----------------

As far as the tcpdump test, I just did it and twice. Nothing showed up. Zero (0). Firefox is pinging nothing, no background connection whatsoever.

Now, I do need to make it clear that I am one of those guys that prefer spending 50 hours of their time if need be in order to make it right. Several, and by several I mean a huge ton of modifications were applied in about:config. The only addon installed is noscript. The version of the browser is 57.0.4

You can see the connections it makes in about:networking too.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> Several, and by several I mean a huge ton of
> modifications were applied in about:config.

Is there an easy way for you to share your about:config?

Something else occurs to me. I'm not knowledgable enough to know if this is possible, but could it be the distro? You use Debian, right? Perhaps they've done something differently from OpenSUSE either in their build of Firefox or elsewhere in the distro? When I have time to figure out tcpdump I'll see if the issue occurs in Trisquel.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>Is there an easy way for you to share your about:config?

Well, I can describe my procedure, yes.

>You use Debian, right? Perhaps they've done something differently from OpenSUSE either in their build of Firefox or elsewhere in the distro?

Yes, although I am not talking about Firefox ESR packaged by Deb devs but the tar you download directly from the Mozilla website.

As the mate Joe points out and I could not agree more a user should not spend incredible amounts of their time into figuring out how to make their browser privacy decent. Third party cookies anyone? Phoning home to google constantly because of muh security? That is indeed huge bullshit. I agree with (was it?) Lunduke when he says Mozilla is nothing else but business. Open sores business. Fact is, their browser is the best worst choice we have right now. I mean, you can use lynx for your browser if you want only text but year 1986 is long gone, unfortunately.

I prefer not to share the inner workings of my network but I am pretty confident I got the tcpdump right.. so yeah, you don't need to trust my words, do the following and see for yourself. Point is, to sum it up, FF can be made truly privacy respecting, chromium on the other side ... not.

There is a fork of it called ungoogled-chromium, you might want to take a look at that one too (I don't recommend it, just saying) -> https://github.com/Eloston/ungoogled-chromium
----------------

In the past I spent hours reading about those 'hidden' settings in about:config, now I do not need to do that anymore thanks to this guy ->

https://github.com/pyllyukko/user.js/

His user.js is very very good and gets updated when new crap gets added by Mouzilloua.
Very good but not perfect, you will need to apply some additional modifications but don't worry it is just a few.

Place the user.js in the relevant folder. Open your browser and in about:config write 'safebrowsing'.
Disable them all and remove every gooobles url (make it blank), as in:

browser.safebrowsing.downloads.remote.enabled false
browser.safebrowsing.downloads.remote.url (blank)

Disable the captive portal feature

network.captive-portal-service.enabled

As far as background connections that would be all, if memory serves me right. I also recommend you change your user agent to that of the TorBB, it will lower your fingerprint considerably (according to the eff's panopticlick that is)

general.useragent.override Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0

This last one is a 'string' you create by yourself (right click - new - string)

Do bear in mind that addons will make background connections so you should test your browser without them.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>BTW I am looking for a way to search/browse Youtube without JS. Any ideas?

mps-youtube, you'll find the project on github, it's a very sweet program.

>When Firefox starts: Show your home page (I would set it to blank)

agreed, indeed I did that too :)

>Check spelling as you type: ON (I don't know if that includes any connections but I would leave it of for the test)

It doesn't AFAIK.

>Allow Firefox to automatically install updates (recommended): ON (I would set it to OFF for the test)

It will make just one connection each 24 hours AFAIK

>Default search engine: Google (and all the other PRISM ones are inabled too)

Yeah.. You can easily remove those via GUI though. Google throws hundreds of thousands of greens at them in exchange of user data, u know, open sores biz..

>Always use private browsing mode: ON (inconvenient)

How is that inconvenient? I have done so for years. Well, I have also not allowed js (except for very very few websites) for years, I know I am a strange guy.. But in which way is it 'inconvenient'?

>Accept cookies from websites: ON (should be OFF with only exceptions allowed, when needed)

I don't know.. I mean, I know it will get you a higher fingerprint (eff panopticlick again) to disable cookies, and it is inconvenient in that many websites won't work properly. Also, if private browsing, as soon as you close your browser all of them get purged. I close my browser very often. I don't like having programs I don't use opened.

>Tracking protection block list: Disconnect.me basic (perhaps should be 'strict'?)

Indeed I set it to strict (remember I only use noscript, no adblocker addon whatsoever - in fact I find it unnecessary being javascript always turned off here and adds are basically just javascript nowadays, rarely a plain image file..)

>Send "Do Not Track": Only when using Tracking Protection (should be "Always")

Well, it is a nonsense useless feature anyway, isn't it? I mean no shark is gonna respect it, let's be realistic. But yeah I did set it to always :P

>Prevent accessibility services from accessing your browser: OFF

Indeed, via GUI again

>Block dangerous and deceptive content: ON (this requires connection to Google hosts where the blacklists are hosted)

Yeah, as mentioned already, disable every reference to goobles and to 'safe' browsing (always makes me lul - **safe** browsing, sponsored by google)

>Query OCSP responder services: ON (this also requires connection to hosts)

True

>telemetry

That one also in the GUI. In about:config it is toolkit.telemetry.enabled. Telemetry, again, should not be enabled by default..

>browser.safebrowsing.allowOverride

Yes, leave that one as it is (true)

>Another thing which I notice. Even after closing the browser and waiting for some minutes (process terminated) tcpdump shows packets related to fsf.org hosts and also to the OCSP hosts. I don't know why this is happening and why the computer is trying to connect to those hosts without any software asking for it. Any ideas?

As you said above, you'll inevitably connect to hosts if you want it to work but why in the world would it make connections when the browser is closed I have no idea. Is that even possible? I mean, are you sure ones you closed the browser it's process was correctly killed? That is strange.

>Closed Firefox and ran it again. Without opening any web pages whatsoever I go to Preferences and immediately tcpdump shows a load of connections to amazonaws.com, mozilla.com, phicdn.net, digicert.com...

That's even stranger. Are you testing this without any addon?

>Always use private browsing mode is again ON and Accept cookies is ON too (although turned off before restart). Another attempt and another fail. I go to prefs.js and remove

Hmm, do note that user.js has the precedence AFAIK, so you will need to change those inside that file (user.js) and not
prefs.js

>still on / back on

Yeah, I believe you'll need to set the modifications you want to be permanent into user.js. See, if you have say browser.safebrowsing.allowOverride set to false in user.js and you modify it in about:config or prefs.js (which is the same) to set it to 'true' when you restart the browser user.js will override it.

>After 42 minutes of tuning a program which refuses to respect my preferences and which clearly does background communication as per my earlier test, all I can do is wipe it away from my system

No, mate, again - user.js overrides prefs.js :)

------

Wow, this was long. I believe this is the longest comment in my over 3 years here (and I am a daily -and quite verbose- visitor..). But it is nice to see that I am not the only one who has spent time on achieving the almost impossible: getting a decent browser out of Firefox. Cheers colleague :)

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>but I really don't have the nerves right now.

Yeah, as I said a truly libre and privacy friendly browser would not come with a ton of antiprivacy nonsense and a user should not have to do such a hard work to 'clean it up'.

>Can you please test on your system the opening of Preferences and the browsing to https://fsf.org/robots.txt? What results do you get for each?

Will do later, I'm curious.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

Ok, I know I should have tested without any addon but I installed umatrix (which btw is absolutely magnificent). So I tested it with noscript and umatrix and all my mods, basically the browser as I use it.

I opened the browser and the connections made were the following:

hosts-file.net (107.22.171.143)
someonewhocares.org (209.97.222.140) (turing.theorem.ca)
winhelp2002.mvps.org (216.155.126.40) (mars.olymp.mvps.org)

Then, when going into preferencse the new connections I see are:

aus5.mozilla.org
balrog-aus5.r53-2.services.mozilla.com., A 52.88.57.64, A 34.208.7.8, A 52.35.162.72, A 34.214.242.76, A 34.210.48.174, A 52.36.39.89
us-west-2.compute.amazonaws.com (52.88.57.64)
ocsp.digicert.com (93.184.220.29)
cs9.wac.phicdn.net (93.184.220.29)

And finally when on the fsf's page the new connections made were:

www.fsf.org (208.118.235.174)
svnweb.fsf.org (208.118.235.30)
ocsp.usertrust.com (178.255.83.1)
ocsp.comodoca.com (178.255.83.1)

--------------

Btw, m8 Joe, may I ask you where you going with that gun in your hand? ;)

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>So basically you proved the results of my tests. The first 3 hosts you listed look like the hosts which contain the lists for uMatrx (without uMatrix there would not be connections to them).

Yes, I believe so.

>Still trust Firefox and Mozilla?

I never did in the first place. As I said I think I have quite some issues at trusting. I am suspicious and pessimist by nature.

>I'm goin' down to shoot my old lady
You know I caught her messin' 'round with another man.

That's exactly what I thought, but it was worth asking :)

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Yeah, as I said a truly libre and privacy friendly browser would not come with a ton of antiprivacy nonsense and a user should not have to do such a hard work to 'clean it up'.

Taking a look at outgoing connections is not enough to deem how privacy-respectful a feature is. And that feature has advantages too. A compromise has to be sought. What I am saying is: details matter.

Take Safe Browsing for example. The feature you manually disable after copying pyllyukko's user.js. That feature aims to warn a user who is about to access a page that is known for phishing or about to download known malware. Let us agree it is a useful feature.

Now, you know Google is actually managing the lists of pages known for phishing or of known malware. If you stop your investigation at that point, you may believe that every URL that ends up in your address bar is sent to Google along with your IP address. *That* would be a privacy nightmare not worth the enhanced security... but SafeBrowsing, in Firefox, does not work that way.

https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-firefox/ explains how it works. And anybody can check whether it is true, thanks to freedom 1. In the case of phishing:

  1. Every 30 minutes, Firefox downloads, from a Safe Browsing server, a list of 4-byte hashes of URLs, which were deemed unsafe since the last update;
  2. Whenever the user is about to visit a page, the hash of its URL (excluding what is following a possible "?" in the URL) is compared with those in the local lists (no outgoing connection here);
  3. If it is not found, the page is displayed; otherwise the 4-byte hash is sent to a Safe Browsing server which returns all unsafe URLs matching the hash (there may be several: hashes suffer from collisions) and Firefox locally checks whether one of them is the URL to be accessed (if so, the warning is displayed; otherwise the page);
  4. To enhance privacy, Firefox requests, from time to time, the URLs of random hashes taken in the list.

So, through Safe Browsing, Google only knows:

  1. every 30 minutes, that an IP address has a Web browser opened;
  2. that the user may (or not: because Firefox adds noise) have visited a URL whose hash was sent: it may be one of the unsafe pages having this hash or a safe page with the same hash.

Not the privacy nightmare a naive implementation would yield. Safe Browsing's protection against malware is more intrusive. To block malware, even if it comes from unlisted pages, metadata about all binaries Firefox is about to download are sent to a Safe Browsing server. The risk of installing malware for GNU/Linux is probably not worth the privacy loss. That is why Abrowser disables that part of Safe Browsing by default.

You see: a compromise is sought between security, privacy, performance and ease of use (Firefox's preferences only propose a global switch to disable Safe Browsing as a whole). The balance between those features (again: security, privacy, performance, ease of use, ... are features/capabilities, not freedoms) cannot suit every user. But it not "antiprivacy nonsense": for most users, being warned that a page is phishing (maybe imitating the page of your bank) is worth having Google know every 30 minutes that they have a Web browser opened and having it possibly guess (with a rather small probability) that they visited some specific pages.

Especially when Google has many more reliable ways to profile users (i.e., I very much doubt Google uses Safe Browsing to do so): the advertisement it displays on most of the Web, the Google+ buttons, the Google fonts most of the Web pages download from Google, Google Analytics, which dominates the market, etc.

In Firefox's preferences, the check box "Allow Firefox to send technical and interaction data to Mozilla" globally enables/disables Mozilla's telemetry. heyjoe's bug, filed against the "telemetry" component, pretended the opposite. He had not understood that the settings in about:config depend on each other: if datareporting.healthreport.uploadEnabled (the setting that can be set from the preferences) is false, no telemetry is sent, whatever the values of other entries in about:config that stands for more specific tunings of the telemetry component. That is why the bug was closed with the status "WORKSFORME". Telemetry allows the developers to discover bugs and know how the browser is used. They can then make it evolve the way the community wants it to evolve. https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c4 says "[Mozilla] only collect[s] anonymous usage statistics like how often Firefox crashes and how quickly the javascript garbage collector runs". It continues:

But you don't have to trust us, you can check:
If you enjoy reading bugs, please browse "Toolkit::Telemetry" for bugs about preferences and what they do. If you enjoy reading C++ and JavaScript, please browse the source code to toolkit/components/telemetry/ and examine the constraints we place on collection in TelemetryHistogram.cpp and the constraints on sending in TelemetrySend.jsm. If you enjoy looking at graphs, you can see the daily aggregated versions of the data we collect at https://telemetry.mozilla.org

That is the beauty of freedom 1. I have not sought to understand how telemetry works (like I did for Safe Browsing). If the collected are indeed anonymous (I doubt Mozilla would lie: any programmer can check), the gains brought by telemetry can supersede its minor anti-privacy side effects. Again: details matter. Looking at outgoing connections is not enough.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

The problem with this statement is that you know (or rather can check) only what happens on the sending side.

That is correct. But there is no magic: if you send little information, then little information is received on the other side. If you add noise, the receiver can exploit it even less.

That is a basic test which shows if there is a communication or not.

Too basic. Looking at what is communicated is relevant.

If there is communication and it is not anonymized through TOR (it is not) - that obviously is a privacy issue. That is quite simple.

If you consider that having the receiver know your Web browser is opened, then yes. And you should be able to disable the service it provides to stop that communication... but if that service is useful and cannot be achieved on your own computer (it is not SaaSS), then it does require communication and you may decide it is worth giving the information required to get the service.

Are privacy and security 2 incompatible mutually exclusive concepts? Or rather because someone has designed a program in a way in which you must sacrifice one for the other?

It is physically impossible to request information from a third party without communication. For example, you cannot ask whether a site is phishing without communication. You have to either choose privacy (no communication) over security (no warning about phishing) or the opposite (communicating the relevant information to receive the warnings). To make that choice, looking at what is actually communicated (how much privacy is sacrificed) is relevant to most users. If you consider that no service is worth communicating your IP address, then, really, there is no need to look at what is communicated... and you should stay offline (when you access this forum, Trisquel knows about it, your ISP too). Since you are online, you actually accept to send the relevant information (lose some privacy) to do whatever you do online.

If you seek for compromise what happens is giving up freedom in exchange for convenience?

You need not compromise on freedom. You should always stay in control of your own life. In computing, that means only using free software. There is no physical impossibility here (whereas requesting information without communication is impossible): every piece of software can be and should be free software.

Meanwhile Intel ME can be sending data to organization X "User N, located ... is currently admiring the source code of Hello world".

Yes. Intel ME, like any piece of software, can be and should be free software.

There are organizations which consider that censoring entire geographic regions from accessing particular websites is a useful feature for the safety of the region. Should we agree to that too?

No. And that has absolutely nothing to do with our conversation.

There is enough evidence that the price people pay for using all kinds of "useful features" is pretty high.

"All kinds of useful features" is too general to state anything about them. Again: details matter. I explained you the price of receiving warnings about phishing. You can consider that price too high. Other users, most users I believe, consider it is not. I have Safe Browsing disabled because I do not think I need it. However, I let it enabled on my parents' computer (that I administrate).

I disagree to the centralized nature of it held in the hands of a single entity which can control it.

There is a performance compromise too. I do not think (I may be wrong) anybody knows how to have a distributed Safe Browsing system that would not significantly slow down page loading. Do you know?

As long as we cannot check for ourselves what exactly is happening on the other side of the wire it is all wishful thinking.

There is no magic: if you send little information, then little information is received on the other side. If you add noise (like Firefox does with Safe Browsing), the receiver can exploit it even less.

uppose I am the victim. I (a layman) don't know. I (a non-programmer) have not checked the source code. I (an average user) am forced to trust because there is a huge mountain of information which I need to dig in order to find out the truth, it is growing every day and a lifetime wouldn't suffice for it. But still I refuse to trust articles and want truth, not words, because I don't want to depend on another. I don't want my child (if I have one) to be tracked, logged, turned into a cog of a huge machine. What am I to do?

You trust the community. Even if you were a programmer, it is impossible to read all the software you run: a life time is not enough. Exercising a collective control over the software is the reason for freedom 3.

If you do not want to trust the community, then you should stop using software. I see no other possibility. The four freedoms do not solve all problems but it is the best we have.

We all know very well that each server stores logs. Also one doesn't need to be a professor to know how this works with a company part of PRISM program. What do you think happens when NSA comes and says "We will take these servers to search them"?

The logs can only contain the information that was received. In the case of Safe Browsing's phishing protection: what IP had a Web browser opened at what time (with a 30-minute precision) and hashes of some URLs (without what is following "?", if present) that the browser may have visited, or not. Hashes associated with (a) phishing page(s). But the user may have actually visited a safe page with the same hash. If you think that the phishing protection is not worth giving up that information, then disable it. Again: I believe most users consider it is worth it.

If we believe that, we can easily install Microsoft Windows and turn on Windows Defender because it is a useful feature.

Windows is proprietary software. Its users are denied the essential freedom to know what it is actually doing. The worst should be assumed.

My test does not pretend anything - it proves something, providing actual, verifiable facts.

Your bug reports for Firefox's Telemetry component says: "If the user says "No" to data reporting one expects no data will be sent (and home directory will not be filled with unnecessary data) without the permission and knowledge of the user". So, yes, you pretended telemetry was not disabled after unchecking "Allow Firefox to send technical and interaction data to Mozilla".

And your test actually shows no connection to incoming.telemetry.mozilla.org: Telemetry was disabled, as expected.

This means that those additional settings do something and they are not insignificant in relation to other disabled flags.

Not the additional *telemetry* settings, no. Georg Fritzsche explained it to you in https://bugzilla.mozilla.org/show_bug.cgi?id=1424781#c11

Even if we assume that we know what Google knows (which we don't) that 'only' piece is still a form of analytics.

We do know what Google receives through Safe Browsing. Safe Browsing is documented and Firefox's source code can be studied. Your text then jumps to telemetry again. Do you understand they are separate components? No telemetry data is sent to Google.

But the very fact that telemetry was created in the first place is a clever trick. For the improving of a program there is absolutely no need to know that user X is currently online and has his browser open.

It is useful to know how a program is used, what was its state when it crashed, etc. to improve it. With telemetry enabled, the program itself sends the data. So the receiver knows it is currently used.

I don't see one should install a surveillence camera in one's bedroom, taking and uploading snapshots every 30 minutes just to inform organization X that he is (or is not) having sex right now, so that organization X can send a message "You are with a (non) trustful partner".

What information is sent matters to decide whether the service is worth the loss in privacy. Your example makes it clearer. If, instead of sending the camera snapshots, you would have a Safe-Browsing-like system (you receive from time to time the hashes of the ids of the non-trustful partners, you send the hash of your partner if it is in the list to get the actual names of the corresponding non-trustful partners, you send random hashes to make it harder for the service to guess who your partners are), the system would be more respectful of your privacy.

Security and privacy are not a matter of compromise between the two. If one has to compromise that is poor design, therefor dependency, not freedom.

Communicating to request (security) information from a third party is not poor design. It is physically impossible to do request information from a third party without communicating.

Also, poor design never implies a loss of freedom. Imperfection is not the same as oppression: https://www.gnu.org/philosophy/imperfection-isnt-oppression.html

Are you saying you have actually studied the full code of Firefox and do it for every new release

I have only read documentation on the matter. I could take a look at the source code though. Any programmer could. Many certainly have. That alone makes it improbable that Mozilla would be lying when describing Firefox's implementation: its reputation is at stake.

Mozilla also receives your IP address even if they don't send it to Google (which we have no way to know). Surely they do share it with Amazon, Akamai etc.

Do you have any evidence to ground your accusations?

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

In any case, technically it is possible to get information without loosing privacy. Example: you turn on the radio and you listen to music.

For Safe Browsing that would mean continuously broadcasting to to all online systems hundreds of thousands of unsafe URLs: https://support.google.com/transparencyreport/answer/7381518/#size-of-blacklist

*That* (not adding noise) would be extremely inefficient. And why stopping there? By your logic, every website should continuously broadcast whatever it hosts to all online systems!

Freedom means no limitations.

No it does not. You are not less free because you cannot fly, for instance. Freedom means "exemption from *external* control, interference, regulation, etc." (emphasis is mine): www.dictionary.com/browse/freedom

As I wrote: being in control of your *own* life.

Same here.

So you agree that the enhanced security your parents get is worth the privacy they give up? Don't you think most users are more like your parents and less like you?

The first thing that comes to mind - torrents, mirrors (like we have for FOSS). There are other means too perhaps. Example: encouraging ISPs to keep a local mirror on the gateways, proxies. It is possible.

Distributing the lists is not the hard part. Creating them is. It involves crawling the Web and processing every page (Google does so in parallel virtual machines): https://www.usenix.org/legacy/events/hotbots07/tech/full_papers/provos/provos.pdf

The problem is that trust implies faith which is not facts.

Trusting nobody, not even free software communities, and not being a programmer, you should stop using software. All of it.

Google's servers are not less proprietary.

Google's server (the software they run on their side) is trivially free: there is one single user and it has all four freedoms. On the contrary, Windows is distributed to many users that do not have the control they deserve on it. Maybe you wanted to write "Google's services" but services cannot be said free/proprietary: https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html

I would be happy to see that sending my IP address periodically with "noise" to Mozilla, Amazon or whoever is worth it.

You apparently think it is worth it on your parents' computer.

which means that nobody (except Mozilla) really knows what is going on (even they needed time to check). So excercising the freedom 1 is a next to impossible effort which obviously nobody would waste time on.

That is not correct.

Telemetry means remote measuring. Measuring means getting the value of a physical quantity and comparing it to a standard value.

You file a bug in the "telemetry" component of Firefox. Whether you like it or not, "telemetry" means something precise in this context: it is the component that collects usage information and sent it to Mozilla, the source code in toolkit/components/telemetry/. To argue for general policy changes, you were invited to write to https://lists.mozilla.org/listinfo/governance

They give new meaning to the words and argue over them just for the sake of argumentation.

How should Firefox's telemetry component be called?

Which implies that there are levels of privacy respect.

Of course there is. You may agree to show your ID to take a plane but you would not accept nude pictures of you to be taken and published. There are levels of security too. And of ease of use. And of performance. Etc. Often, trade-offs between those features (again: they are not freedoms) must be sought. 100% privacy would mean not interacting with anybody. Ever.

One of the biggest issues we face (and RMS will agree to that) is mass surveillence.

It is. But RMS would not agree, not in 2014 and not now, that the free software definition has anything to do with what the software does or does not. Neither that it should.

Today we have a system in which not only imperfections are used as backdoors but even more - we see how that system deliberately creates imperfections to infect the computers at hardware level which even the perfect FOSS cannot fix.

Free software developers are humans. They make errors. Sometimes bugs that become security vulnerabilities. We cannot promise you to write bug-free programs. But we can respect your freedoms. Letting you control, individually and collectively, the software you use. Including to fix bugs.

Also Mozilla's programmer clearly said that what I raised is not documented publicly.

What matters for freedom 1 is access to the source code. Anyway, even when there is documentation (such as in Safe Browsing's case), you are not happy. You want to understand the source code by yourself without being a programmer. You want programmer to make bug-free program. You want 100% privacy + 100% security + 100% ease of use + 100% performance + etc. You want the impossible. Worse, you claim that software that does not provide that disrespects your freedoms. By the way, you are not the first one to confuse freedom and features, hence RMS' article "Imperfection is not the same as oppression". In France, there even is an association called "Liberté 0" (Freedom 0) that pretends that software that is inaccessible to all kind of handicapped people does not respect freedom 0. RMS publicly said they confuse freedom with features.

Unless you think that the organizations who spy on the whole world care about their reputation.

The spyware are not in free software distributed to the spied users, who can discover the spyware by freedom 1.

Have you even looked at the logs attached to the bug report? They show it.

No. You were talking about Mozilla sharing with Amazon, Akamai, ... IP addresses Mozilla received through telemetry. Not about your Web browser (not Mozilla) communicating with third parties to provide other services than telemetry. The privacy implications of every other service should be independently assessed to deem the trade-off "positive for most users given the added value of the service" or "negative for most users". I know you disagree, but I will repeat it: details matter.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I don't know if you understand what I am saying.

I do not. Since you are redefining words, it is not surprising. The definition of freedom you list match the one I gave you. They do not say "freedom means no limitation" (like you wrote). That is fortunate because your definition is useless: since there are impossible things (going back in time, turning yourself into a tomato, etc.), nobody is and can ever be "free" by your definition!

Freedom has no opposite.

Yes, it has: slavery. Freedom is having no master, "exempt from; not in bondage, acting of one's own will" (the definition *you* chose). It is not "being unlimited".

It is the least worse for the moment.

So, you now recognize that there are "levels of privacy respects"? I mean if it was 0/1, like you pretended earlier, writing "the least worse for the moment" would make no sense.

And that is due to the poor design.

What? Why is "the poor design" (of what?) the reason people are more at risk of being duped by phishing?

It is possible to have TOR-ed nodes which pull them and host them.

That is against the Terms of Service (see my reply to SuperTramp83).

Exactly. But nobody pulls the cord (except RMS perhaps).

Contrary to you, RMS trusts the free software community. He believes in in the collective control of the software through freedom 3. He neither reads nor wants to read all the source code of the programs he uses.

Still I don't claim to be no expert, technology moves too fast to follow every aspect of it.

That is true for everybody. We are all limited, i.e., nobody is free and can be free by your useless definition of freedom. Yet you want the source code of every program to be understandable by everybody, even non-programmers. It is simply impossible.

Where is the source code?

In the hands of its only user, Google, that is in control, as it should: https://www.gnu.org/philosophy/network-services-arent-free-or-nonfree.html

I think services can be privacy respecting without having to trust a mid-man.

Yes, they can. But being privacy-preserving has nothing to do with being free/proprietary. They are two separate (and both important) issues.

Then I am waiting to see the lines of code with explanation proving that it is incorrect, so that everyone can understand it.

It is incorrect that "excercising the freedom 1 is a next to impossible effort which obviously nobody would waste time on" (as you wrote). Take https://hg.mozilla.org/mozilla-central/file/tip/toolkit/components/telemetry/TelemetryScalar.cpp as a random example. Many different people edited that file (they necessarily studied it before doing so) and there are certainly many more users who read it without proposing changes: https://hg.mozilla.org/mozilla-central/log/tip/toolkit/components/telemetry/TelemetryScalar.cpp

You are mixing different things.

My sentence was not clear: airports that force you to enter a body scanner (where you almost appear naked) are *more* invasive than those only requiring your ID. There are "levels of privacy respects".

Trying to justify these privacy violating things by evaluating them through FSF's 4 freedoms is meaningless.

Indeed. I repeat that since the beginning: privacy is a feature, not a freedom. That does not mean it is not important. It is just a separate issue. Software should always be free, controlled by its users. Any piece of software can be free: its authors only have to distribute it under a free software license. In contrast, we cannot expect the software to be 100% secure + 100% privacy-respectful + 100% efficient + 100% user-friendly + 100% accessible + 100% localized + 100% [add here your favorite feature]. Not only it requires a lot of work but it is usually impossible to have all that. There are physical limitations. There are trade-offs too.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

You have been making many points that are insightful and worth talking about in themselves but that don't support a clear argument. This is perhaps a pitfall of the point-by-point forum response style that I also tend toward. However, the timing and frequency with which you temporarily reframe the discussion with interesting but tangential points comes across as evasive, which is perhaps why Magic Banana is not patient to follow them all. I think it will help if for now you can stick to topics that support your most important arguments.

If I follow correctly, your main point is that the four freedoms and community control of software are insufficient to be 100% certain that software is privacy-respecting. Magic Banana and I have each acknowledged this, but have asked if you know of a better solution apart from avoiding software (including Linux, GNU, and Chromium) altogether. Your responses have touched on a wide array of issues, but none that address this question.

Perhaps your secondary argument is that the design of the Internet is flawed because it requires compromises between security, privacy, and convenience. I agree that an internet without such physical limitaions would be objectively better, but in the absence of a concrete suggestion for one, wishing that the Internet behaved like radio or cherry picking definitions of 'freedom' that are ambiguous as to whether it is the absence of imposed or natural limitations is unproductive. Ealier in this thread, you mentioned that you have some ideas about this.

> Hence my idea about a new network.

Sharing these might get the conversation back on track.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> The clarifications I made just for the sake
> of better mutual understanding, not in order to oppose for the
> sport of it (which would be quite silly).

I believe you.

> Initially I shared my findings then tried to explain that careful
> observation, questioning, testing (and _not_ trusting an
> authority) is what leads to truth.

I appreciate that, but since then you have seemed to only mistrust free software developers by default, refusing to accept their software if you can't understand every line of code yourself to prove that it is perfect, while you seem quite trusting of Google, putting the burden on people here who aren't even interested in non-free software like Chromium to use their time to audit it for you to prove that it *isn't* perfect.

> You seem to expect me to give
> an answer to all these questions which I may not have or for which
> others may be aware of recent researches on the matter and so on.

No, I had honestly misunderstood you as having said that you had some sort of suggestion. I wasn't trying to be flippant. It is fine to point out a problem even though you don't have a solution yourself, as long as your approach is conducive to finding a solution.

> We can all together look at the deeper issues and hopefully come
> to something. That's why I opened the other thread (as suggested
> in the Troll Lounge) as this is not web browser and not Trisquel
> related:

Your new thread, like your comments here, is about an important topic. However, it doesn't really add anything new. We already know that no software is perfect, even software under community control. A specific proposal (even if it is not a complete solution) to improve it would be interestng, but simply saying that you don't think software is privacy-repsecting enough doesn't help anyone to improve it.

I think you have touched on some ideas that are concretely helpful, but seem to have gotten sidetracked by broad questions with no helpful answers. I suggest staying focused. Take any questions you have about browsers to the developers, keeping in mind that the specific situation you are testing is not the be-all-end-all and that as Magic Banana as explained there are some compromises inherent to the system (browser developers do not get to decide how the internet works), but that if their decisions are making some users unhappy they may address or at least explain them, and that if the browser is free software than a fork may be able and more willing to make a change that the original developer is not.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Chromium seems just as non-free as Firefox considering the link shared by another poster (https://libreplanet.org/wiki/Libre_Browsers_Libre_Formats#Browsers_that_might_seem_free.2C_but_are_not) yet for some reason people mention it as free, prefer it, fork it and make browsers using the same flawed code which obviously leads to the same privacy issues in the forks.

The forks do not have the (real) *freedom* issues that the link points out. Privacy issues are not freedom issues.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I discuss _privacy_ issues.

In the excerpt I quoted, https://libreplanet.org/wiki/Libre_Browsers_Libre_Formats#Browsers_that_might_seem_free.2C_but_are_not is not about privacy. At all. Just a precision in my post: not all Firefox derivatives do not suffer from the freedom issues that the link points out. But Abrowser and IceCat are OK: 100% free as in freedom.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I don't mistrust a particular group of people. I question
> the value of trust as a whole.

Yes, you have argued that because it is impossible to be 100% certain that a piece of software is privacy-respecting, we cannot trust free software to respect our privacy. This in itself is sound, if your conlcusion is to avoid all software. However, your solution is to use Chromium, which in addition to its freedom issues has the same inherent problem that you cannot review every line of code. If you don't believe in trust, why make an exception for Google?

> The only people from whom I asked to check
> their code are the developers which is what bug reports are for.

I had thought I remembered you asking someone in this thread to to prove that Chromium is flawed by reviewing the source code, but skimming back though the thread the closest thing I see is asking Magic Banana to investigate the Firefox source code, so I may have been mistaken.

> You said you had no time to ask further. Was I supposed to
> elaborate without anyone being interested? Or to open a thread about it and
> talk to myself?

I didn't have time to ask more about it at that moment, but I was and still am interested. If you have the time and desire I encourage you to start a more specifc thread describing it.

> I am questioning the whole approach of looking at everything in
> problem-solution pairs. We already have technology based on that.

Can you explain what you mean by this? The way I interpret it, everything you say after this is ridiculous, so I'd rather that you clarify before I assume that I understand and risk putting words in your mouth.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>reviewing the source code of Chromium

Over 18 million LOC, good luck! ;-)

But you can still review teh FieryFox. After all, that one has only 35.7 million :')

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

sloccount "only" finds 9.1 million lines of code in https://archive.mozilla.org/pub/firefox/releases/57.0.4/source/firefox-57.0.4.source.tar.xz :

$ sloccount firefox/
(...)
SLOC Directory SLOC-by-Language (Sorted)
1455904 media cpp=721654,ansic=571438,asm=95277,python=40386,java=13344,
sh=9841,perl=2410,objc=895,xml=384,lisp=258,sed=17
1112010 gfx cpp=875484,ansic=186829,asm=43360,python=3053,yacc=1737,
lex=951,sh=329,objc=123,perl=112,xml=22,awk=10
890116 dom cpp=857389,python=27930,xml=4623,perl=89,sh=85
766429 security ansic=530818,cpp=155678,asm=48901,sh=17876,python=6211,
xml=4679,perl=1856,lex=306,yacc=79,sed=15,csh=10
699234 js cpp=625919,ansic=38409,asm=12643,sh=12341,python=9018,
exp=499,perl=376,xml=29
574349 third_party ansic=313892,python=83331,cpp=79774,xml=54230,asm=21179,
sh=15902,perl=2317,ada=1681,pascal=1138,cs=879,exp=22,awk=4
471389 modules cpp=269920,ansic=189121,python=6774,sh=3957,xml=1132,
perl=340,awk=142,sed=3
387225 layout cpp=378933,python=4561,xml=2717,perl=513,sh=501
325043 mobile java=296871,xml=26932,python=759,cpp=424,sh=57
324290 intl cpp=284757,ansic=30062,sh=3935,perl=3358,xml=1905,
python=255,sed=18
300401 testing python=196969,xml=75531,cpp=19160,ansic=4495,perl=2959,
sh=676,php=444,ruby=150,csh=17
299856 toolkit cpp=224818,xml=35203,ansic=21372,sh=11029,python=4056,
objc=2799,asm=372,perl=204,ruby=3
267014 netwerk cpp=182180,ansic=84551,python=257,sh=26
126832 db ansic=126832
123144 xpcom cpp=114588,python=4058,asm=3027,ansic=1429,perl=42
122439 widget cpp=116317,ansic=6122
120401 nsprpub ansic=112756,sh=3474,cpp=2802,asm=826,perl=405,python=138
117148 ipc ansic=54399,cpp=53748,python=8466,sh=535
114541 browser cpp=85427,xml=23658,python=5402,sh=54
60582 parser cpp=36285,java=12610,ansic=11668,xml=19
58302 accessible cpp=57597,ansic=267,xml=255,python=183
52690 editor cpp=48291,python=4382,sh=17
50635 python python=49672,xml=895,sh=68
35605 image cpp=35452,ansic=153
32536 mfbt cpp=29541,ansic=2915,sh=80
32214 tools cpp=26016,python=3957,perl=1269,sh=972
28242 other-licenses cpp=22434,ansic=3083,python=2612,pascal=113
25167 extensions cpp=24951,sh=216
22581 build python=8529,cpp=8380,sh=3710,java=1637,ansic=317,
perl=8
20683 docshell cpp=20660,perl=21,xml=2
18734 servo python=17854,sh=531,java=256,xml=67,ansic=26
16720 taskcluster python=13477,sh=2866,xml=377
14779 uriloader cpp=14779
10824 storage cpp=10824
10568 mozglue cpp=10251,ansic=303,python=14
9780 memory cpp=7647,ansic=1214,python=919
9417 rdf cpp=9417
8646 xpfe cpp=7316,xml=1330
4197 caps cpp=4197
3952 config python=2852,ansic=659,perl=405,asm=34,xml=2
2980 devtools cpp=2883,python=78,sh=12,xml=7
2959 hal cpp=2959
2214 chrome cpp=2214
2043 view cpp=2043
1070 startupcache cpp=1070
751 services cpp=471,xml=200,python=80
397 top_dir python=226,sh=171
130 embedding objc=74,sh=37,cpp=19
9 probes python=9
0 gradle (none)
Totals grouped by language (dominant language first):
cpp: 5434669 (59.48%)
ansic: 2293130 (25.10%)
python: 506468 (5.54%)
java: 324718 (3.55%)
xml: 234199 (2.56%)
asm: 225619 (2.47%)
sh: 89298 (0.98%)
perl: 16684 (0.18%)
objc: 3891 (0.04%)
yacc: 1816 (0.02%)
ada: 1681 (0.02%)
lex: 1257 (0.01%)
pascal: 1251 (0.01%)
cs: 879 (0.01%)
exp: 521 (0.01%)
php: 444 (0.00%)
lisp: 258 (0.00%)
awk: 156 (0.00%)
ruby: 153 (0.00%)
sed: 53 (0.00%)
csh: 27 (0.00%)
Total Physical Source Lines of Code (SLOC) = 9,137,172
Development Effort Estimate, Person-Years (Person-Months) = 2,883.25 (34,599.01)
(Basic COCOMO model, Person-Months = 2.4 * (KSLOC**1.05))
Schedule Estimate, Years (Months) = 11.06 (132.67)
(Basic COCOMO model, Months = 2.5 * (person-months**0.38))
Estimated Average Number of Developers (Effort/Schedule) = 260.78
Total Estimated Cost to Develop = $ 389,487,939
(average salary = $56,286/year, overhead = 2.40).
SLOCCount, Copyright (C) 2001-2004 David A. Wheeler
SLOCCount is Open Source Software/Free Software, licensed under the GNU GPL.
SLOCCount comes with ABSOLUTELY NO WARRANTY, and you are welcome to
redistribute it under certain conditions as specified by the GNU GPL license;
see the documentation for details.
Please credit this data as "generated using David A. Wheeler's 'SLOCCount'."

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

I don't even know what sloccount is.. I was using openhub, teh website to determine how much are there.

*only* 9 million? Awesome, I'll throw a party \o/
Netsurf according to openhub has soem 200.000 lines of code, if memory serves. To bad websites are poorly rendered and everythin is mixed up. Was it not for this I'd use it exclusively. Highly recommended browser.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>Good luck with exercising freedom 1 with this :)

The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.

Why?

>Why

Coz it's fast like hell? Coz it's as fast as Links2 or Dillo but much more usable?

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>How does it behave on the tcpdump test?

Haven't tested it yet. Very lazy right now. Maybe tomorrow.

calher

I am a member!

Offline
Joined: 06/19/2015

> Coz it's fast like hell? Coz it's as fast as Links2 or Dillo but much more
> usable?

Hell yeah, it is! Links2 sux.

--
Caleb Herbert
OpenPGP public key: http://bluehome.net/csh/pubkey

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> If you are asking "Why do you trust Google" - I don't.

You use Chromium desite not understanding every line of source code. You have argued, and I agree, that this requires trust.

> https://trisquel.info/en/forum/thoughts-about-new-type-network

Great post. I'll probably stop following this thread less closely now and focus on the new one.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I use it just because I haven't found anything better (privacy-wise).

I understand how you've come to that conclusion. I won't tell you to change your decision, but I will explain why I respond differently. The secondary reason is that I find it very unlikely that Chromium is the most privacy-respecting browser overall. It is a mistake to judge browsers by a single criterion. You must consider all known factors, and estimate the unknown based on the past and the track record of the browser and developer. However, even if I knew for a fact that Chromium were the most privacy-respecting browser, I would respond the same way I do in other situations where non-free software is superior to free software in some way: First I woud assess whether the better feature is important or something I can do without (in the case of privacy it is important), and if the feature is important I would find the best free alternative and request the feature. I may donate to help the feature get implemented. If the feature would take a great deal of work it may be necessary to organize a crowdfunding campaign. If the feature were something I absolutely could not live with out I may use the proprietary software as little as possible as a short term solution, but I would not give up on the free replacement, because I should not have to trade my freedom for privacy or any other feature.

>
> FWIW I also use Google Apps... as I still can't find the perfect
> alternative to it. But I don't trust it, I use it - and they use
> me more.

I often have to use Google Drive for collaborative editing. When this happens I try to use a computer at my school or library instead of my personal machine, but I really wish I knew of a replacement that people would be willing to switch to (suggesting git would not go over well).

calher

I am a member!

Offline
Joined: 06/19/2015

On Thu, 2018-01-18 at 10:47 +0100, name at domain wrote:
> I also learned to download files with public access from Google Drive without
> having to log in to Google Drive or use of JS. If the link is to a file, it
> can easily be converted to a direct link. Here is a bash script line which
> does that:
>
> echo $1 | sed -r -e
> 's/(https:\/\/drive\.google\.com\/)file\/d\/([^/]+)\/view/echo
> "\1uc?id=\2\&e=download"/ge'

Is this code snippet copyrightable?

Does anybody remember the snippet to download a native Google Docs doc
as OpenDocument or PDF?

--
Caleb Herbert
OpenPGP public key: http://bluehome.net/csh/pubkey

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> I think I have already done that. Right now I find Chromium least worse
> because of the results of the test

Perhaps it is because of your time investment in your test that you weight your test far too heavily. Your complaints are reasonable, but there is also a reasonable explanation for why those compromises are made, even if we disagree with Mozilla that the compromises are worth it. Firefox and its derivatives would be better than they are now if it were easier to configure for full privacy, but this one situation is not so damning that it is automatically worse than Chromium.

> + the ability to use uBO and uMatrix

These addons are available in FF derivatives, and uBO is even installed by default in Abrowser, so you do not need to rely on a developer whose business model is selling your privacy.

> Tor is slow

I'm sure that Chromium is significantly faster than Tor Browser, but I value freedom and privacy over convenience.

> (and some sites won't work with it).

Some sites accidentally blacklist some exit relays and you'll have to switch to another relay, but I assume you are referring to sites that systemically blacklist all Tor relays (Yelp and support.apple.com are a few that I've noticed). If you value your privacy I suggest that you avoid such sites, as their only motivation for forcing you to identify yourself is if they intend to collect information about you. No matter how good your browser is, it also takes safe browsing habits to protect your privacy.

> Let's not forget also that browsers
> like IceCat and other forks which have not updated their code up to FF 57
> basis still don't have the new fixes about Meltdown for example.

Meltdown has been patched in the Linux kernel, but Abrowser is based on 57 anyway, and unlike Chromium has no profit incentive to violate your privacy and no history of doing so in a very serious way.

> I think we should also mention without any bias that Google's experts are
> very good at security.

Security and privacy are both important but are different. As Magic Banana has pointed out they are sometimes at odds with each other, forcing a compromise. In Google's case they are almost always at odds with each other, as their first solution for security is generally to compromise privacy. Any account you have with them or info you store with them, they protect by tracking your location and locking your account when it is accessed from a suspicious location (or through Tor). The only way to unlock your account is with a phone number, so if you don't give them your phone number you risk losing access to your data. Magic Banana pointed out that the reason phishing blacklists can't be decentralized the way you want them to be is that Google won't allow it. That's the problem with a company who doesn't value your right to privacy (and in Google's case, your privacy is their product): They have no reason to seek security solutions that protect your privacy, and be avoiding them it gives them an excuse to violate your privacy in the name of "saftey." It's a trap.

As you have correctly pointed out, using software you have not written or fully audited yourself relies on trust. Trust always comes with risk, and you must evaluate that risk based on how untrustworthy the developer is. Firefox is not fully trustworthy (though far more so than Google, since they have a better track record and their business model does not rely on violating your privacy), but if serious privacy disrespeecting features slipped into Tor Browser, Abrowser, or Icecat it would be by accident and there is probability (though not certainty) that the developers can catch and fix it. This reduces the probabilty of a serious privacy violation in those browsers. Chromium, on the other hand has already been proven to have a serious privacy violation, and it was only removed after they got caught, so there is no reason to believe that they will remove any additional ones until they get caught again. Why would they? If Google created a privacy-respecting alternative to Chrome, they would lose money, so they would be fools not to insert as many antiprivacy antifeatures as they think they can get away with. Of course, Chromium is not an "alternative" to Chrome. It is the part of Chrome's development process that exploits the labor of free software developers. This is another reason not to remove privacy issues from Chromium: it would create the extra work of putting them back into Chrome.

Finally, you are the one who says that we should not settle for short-term solutions, and relying on the least privacy-respecting company in the world to protect your privacy is not a long-term solution.

> I have bookmarked (in order to look at later) https://nextcloud.com/

Cool, I'll take a look.

> I also learned to download files with public access from Google Drive
> without having to log in to Google Drive or use of JS. If the link is to a
> file, it can easily be converted to a direct link. Here is a bash script
> line which does that:
>
> echo $1 | sed -r -e
> 's/(https:\/\/drive\.google\.com\/)file\/d\/([^/]+)\/view/echo
> "\1uc?id=\2\&e=download"/ge'

Awesome!

> So back to your comment: yes, long term you are absolutely right, that's why
> I filed all this bug reports. But right at this moment Chromium works
> better.

Fair enough. I don't fully agree, but I get where you're coming from. I'll drop it now because at some point this thread to needs to wind down (see screenshot) and I look forward to moving onto future discussions.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

> FWIW in EU GDPR which starts to apply in May 2018 the IP address is now
> considered personal data, legally and must be anonymized. So software
> vendors who provide such "features" or who close tickets because they are
> not in the mood will perhaps be forced to comply with all that. Or who knows
> what other tricks they may have to escape from that.

I'm sure they'll do their best to get around it, but this is still good news. If only laws like this had a prayer of passing in the US.

> I am unaware of that history for Chromium especially. As long as there is no

See the bug Supertramp posted much earlier in this thread.

> I am unaware of that history for Chromium especially. As long as there is no
> proof that the _current_ versions of Chromium do anything malicious refusing
> to look at actuality because of something in the past makes no sense. It
> would be like rejecting to trust SSL because in the past there was
> Heartbleed or anything along these lines.

If the SSL intentionally created Heartbleed, only fixed it because they got caught, and had a profit incentive to do so again, then yes, you would be a fool to trust them.

> They have all the reasons to create trust because
> trust is what allows them to break privacy deeper. And it would be
> absolutely silly on their side to do it blatantly in an open source project
> like Chromium.

They've already done it at least once, yet someone as privacy-conscious as you is willing to use their browser because that particular issue has been fixed. Most people do not think as critically as you do about privacy, or even care at all, so I doubt that next time will have a signficant impact either.

> I think you should really face the present and leave the past in the past.
...
> doesn't work for privacy and security. Privacy and security are about
> certainty. It is not about having only 1 spy camera in your bedroom compared
> to 3. It is 0 or anything else.

Unfortunately, you don't have certainty with any browser, so there is no choice to account for probability, and the past is very relevant.

> https://www.youtube.com/watch?v=qMALm1VthGY

I never said they were, but thanks. This looks interesting and I'll watch in when I have the chance.

> Speaking of privacy and security: Please remove it. I prefer my email
> address not to be publicly visible. :)

You're right. I'm sorry for that oversight. I've gotten used to knowing people by their email address and didn't think. I can't edit a comment that has been replied to, but I'll email a mod and ask them to remove the screenshot. You should know though that the mailing list is publicly archived. https://listas.trisquel.info/pipermail/trisquel-users/

> And yes - this discussion is pretty much finished.

Yeah, I think we'll have to agree to disagree on Chromium. We'll get further with the more pressing issues we agree on. Feel free to make one more response if you'd like the last word and then I'll let it go.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017
calher

I am a member!

Offline
Joined: 06/19/2015

On Thu, 2018-01-18 at 01:57 +0100, name at domain wrote:
> > You use Chromium desite not understanding every line of source code. You
> have argued, and I agree, that this requires trust.
>
> I use it just because I haven't found anything better (privacy-wise).

Appeal to Futility. :-(

> FWIW I also use Google Apps... as I still can't find the perfect alternative
> to it. But I don't trust it, I use it - and they use me more.

What do you use Google apps for? Which ones do you use?

I used Gmail, Docs and Drive primarily. Evolution, LibreOffice and a
shiny SFTP client/file manager plugin met my needs.

--
Caleb Herbert
OpenPGP public key: http://bluehome.net/csh/pubkey

calher

I am a member!

Offline
Joined: 06/19/2015

> I appreciate that, but since then you have seemed to only mistrust free software developers by default, refusing to accept their software if you can't understand every line of code yourself to prove that it is perfect, while you seem quite trusting of Google, putting the burden on people here who aren't even interested in non-free software like Chromium to use their time to audit it for you to prove that it *isn't* perfect.

To top it off, Chromium's codebase is even larger and harder to
understand than Mozilla's. And that's saying a lot, because Firefox is
hard to build.

--
Caleb Herbert
OpenPGP public key: http://bluehome.net/csh/pubkey

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>Taking a look at outgoing connections is not enough to deem how privacy-respectful a feature is.

I was referring to the already mentioned nonsense like third party cookies enabled by default or google sponsored 'safe' browsing etc..

>That feature aims to warn a user who is about to access a page that is known for phishing or about to download known malware. Let us agree it is a useful feature.

I don't agree. It is nonsense. Mozilla should host their own servers for any purpose they deem important enough as to be included by default in their browser.