No.253
I don't wanna be that guy, but I would say that using a web browser at all is a security/privacy risk.
From what I see in discussions around this topic, the more secure and private alternatives basically mean not using certain features (cookies, javascript, unencrypted http, flash, old crypto), blocking off this and that all over the place, teaching yourself not to give out anything about yourself, making everything about you look so common it's hard to idenfity, etc. Bonus points for doing everything with someone else's identity, be it your neighbors wifi, a corporation's public wifi, or something like tor.
Using thoroughly audited FOSS software and hardware and all those things people do these days for security/privacy is just like removing the icing from the "risk" cake. Most of the cake is not under your influence at all, and the only way to remove most of it is restricting your actions: chill like it's a chilling effect. Some of the cake remains even if you don't use the internet at all.
No.254
>>253So if I understand you correctly, using audited FOSS software is not as important as just using general security practices and trying not to stand out. However the FOSS software is still important to this goal.
No.258
I use SeaMonkey, but most of the tabs I have open are on Otter Browser. For anonymity, you'll want to just use TOR Browser all the time if you can. If you have good habits online which is hard enough to do by itself, you can configure Firefox-based browsers to be pretty private at the cost of standing out and being less anonymous. And there's always using it in a VM.
No.259
>>258How is otter browser? I've heard of it but never tried it out. Is its performance comparable to the other browsers?
No.261
I've always struggled to wrap my mind around how so many people that claim to support FOSS use Chrome.
Chrome is a closed source browser by a for-profit corporation. Firefox is an open source browser by a non-profit organization. Why would anyone not use Firefox? Also Chromium is not a real alternative. What does it matter if it's open source if that source just shoves their spyware in your face?
I personally use the Adguard, Blender, Disconnect, HTTPS Everywhere, and No Resource URI Leak addons for Firefox, but I can already hear the screeching over Adguard and Disconnect. If you have a problem with those two addons, just modify your hosts file and use the same adfilters in uBlock Origin.
I highly recommend checking out the following text file:
https://pastebin.com/raw/0AjC2mcD No.263
>>254Sort of. A part of the security/privacy risk lies is software and hardware that collects data about you (whether for customization, research, selling or gov't abuse), and makes unexpected forms of access possible (bad design, maintenance or gov't backdoors).
All of these seem to stem from convenience, corporate interest, corporate stupidity and gov't interest. You can mitigate most of this with open source everything that doesn't do this, and doesn't even implement things it finds harmful. This is about all that software and hardware choices can get you, there is no software whatsoever that will magically protect you from bad things like the spaceship's force shield in sci-fi movies. (Those who think there are any cool tools out there that can get them further are likely stuck in fiction.)
So now that things are clear on your end, there's the rest of the world: evil ISPs that watch you, VPN's you can't trust, Tor that is compromised left and right, websites that log your activity, ads that track you, services that are in the stone age security-wise and other users who don't respect your wishes. Leaving your audited FOSS safe haven for any reason is a possible security risk, saying or doing things will compromise your privacy. Ways to mitigate this always change with the landscape, and any advice on it is temporary - those that
settle for any practice and consider it safe have signed up for that uncomfortable moment when it ceases to be so, and people start tweeting like mad, but it's too late. Some people mitigate this problem by ignoring or accepting the risks and weakening of their privacy, others turn to asceticism in the forms of not using services, being pseudonymous and avoiding activity related to themselves, not communicating with IRL acquaintances, etc. Software can't really help you with this, it's pure discipline.
The third and most difficult part is not online, but outside: governments, public cameras, and people who talk about you to other people. The only way to avoid these systems is controlling them.
I kinda ended up saying the same things again, but now that I typed it all out I'd rather post it.
No.264
>>261
>Also Chromium is not a real alternative. What does it matter if it's open source if that source just shoves their spyware in your face?It's almost criminal how there isn't a reputable, reliable, de-googled chromium build. It seems that every chromium fork is either just replacing Google's spyware with another company's, or it's someone's side project and is usually behind in security patches.
No.265
>>264After that event where Chromium was downloading a binary blob without user consent that was related with the computer's microphone, it can't be trusted. Even people that compiled directly from the sources were affected.
No.266
>>265Yeah, I remember that. It was horrifying how so many tech-savvy people were okay with that. "Oh, it's Google, so it's okay. They know all about me from my Gmail account anyway!"
Friggin' Google apologists.
No.268
>>259It's a WIP Webkit replication of old Opera and pretty speedy when it comes to most things. It's still lacking in some features that may be deal-breakers if you're going to use it as a primary browser like no YouTube fullscreen, no webm support, no userscripts (unlike Opera 12), etc but does have rudimentary ad-block built-in. It likes to crash every so often too, but it always recovers your tabs at least. It is annoying though that JS sometimes won't work on the first load on for example 4chan so you need to refresh the page. I would say it ticks enough boxes to be used as a trusty secondary browser or basic browser.
The support forum:
http://thedndsanctuary.eu/index.php?board=9.0 No.269
>>252Really love palemoon but it's a little outdated. Last time I tried using it soley youtube wasn't working correctly with it.
I know it would never happen but I'd love to see a recode with a more recent firefox. Not sure if that's even possible.
I myself jump between Opera and Waterfox. Currently on opera though.
No.276
>>269The last good thing Opera did was release Opera Mobile. Have you looked at Vivaldi in the last year?
No.278
>>265FIrefox with uMatrix,
uMatrix is just the bomb, being able to selectively control components and site features, its made my browsing so much more faster.
No.279
Idk how you guys feels about Brave but I've been using that on mobile and desktop up until it stopped being able to block YouTube ads. Not sure if it's been corrected since as I switched back to Firefox with plugins on desktop and don't watch YouTube on mobile.
What's the averages Lain's opinion on Brave?
No.281
>>278This is what I'm using as well. uMatrix was exactly the extension I wanted, implemented better than I could have come up with.
No.284
>>276Downloading Vivaldi right now. I'll report how I feel about it later.
No.286
I don't understand Vivaldi, it looks like its niche is people who want a lightweight proprietary browser that they can customize but don't want to risk using software that respects their privacy and freedom.
No.287
>>282:
Isn't Comodo the one that's actually less secure because it has same origin policy off by default, along with other issues? Or am I thinking of something else? I just remember something being fishy about that name.
No.288
>>287Sorry for double post, but yeah, that's the one, I looked it up afterwards. Plus it switches you too comodo's DNS… Plus their update cycle is super slow. They just had a new update this month, but before that, it was like 6 months.
You're better off just using chromium. It has most the same stuff stripped out but doesn't have the shady history, and gets security updates more often.
No.289
>>279Brave's devs are a bunch of two-faced lying liars. They make a big deal out of privacy and adblocking features when promoting the browser to users, and then turn right around and tell advertisers how great it is for their business.
No.291
Should i set HTTPS everywhere to block all unencrypted requests? Will it help anything?
>>284>>276>>286I've tested Vivaldi a few times and every time I run into an issue. Generally minor things like the tab title on an image not loading, a bit of hanging, or high cpu usage. The options it gives you are pretty nice but the browser feels like its lacking optimization.
No.293
surf, by suckless. no tabs, you type urls into dmenu, everything is done with Ctrl-something. It fits very well my expectations for a computer program. It's got like some crazy small number of LOC and I betcha it's all writ in C, because when we program like it's 1975 on a 2010s computer, soykaf runs faster than Sonic on Adderal
No.295
>>291I'm
>>284 and so far after about half a day of usage I'm loving it. Feels like a mix of opera and firefox. So far no performance issues and I have a soykafty computer so that's the main thing I look for and why I like palemoon so much.
The customization and interface are really nice. One of my biggest issues with opera was no themes not even a dark one to default on. I like how simple the themes are on vivaldi. It uses chrome apps like opera as well so it's convenient for that.
No.315
>>314Oh wow I must have missed that. I'm liking Vivaldi a lot though. I might go back to opera eventually since i flip and flop from one browser to another pretty often.
No.385
>>314this alongside the pop-out YouTube video support made me switch from Chrome.
Using Duckduckgo as my default search engine too, feels nice to stray away from Google products
No.404
>>385You can get the pop out video with a script and dark themes can be applied in both firefox and pale moon. I never really saw the point in opera.
No.450
>>411 is me
I want to add that I switched from Firefox because QupZilla integrates better into my desktop and is more lightweight.
That's not to say FF is bad though - if you want to have privacy-focused addons (or any addons really), it's still the best out there.
No.456
>>450
>That's not to say FF is bad though - if you want to have privacy-focused addons (or any addons really), it's still the best out there.This is what keeps me on Firefox. All those lightweight alternative browsers are interesting projects. I don't even mind the occasional rendering weirdness on some sites. But all too often they're missing critical privacy features, like being able to block third-party cookies.
No.457
>>252I have a wacked out browser history of use. I used firefox, got sick, went out on like, jumanji, luakit, qutebrowser. Lots of others.
Those work, but it seems sadly that a lot of parallel effort is happening in making the 'ultimate haxx0r's browser or whatever, replete with vim bindings and extensions (that might be cool if there was a large enough community to write them) and all sorts of fun. This means we have a few browsers that all fill the same niche–poorly. And then the dev gets bored and the project dies.
>>456makes a really good point.
If all of these developers were working on one project, or if you just had that many dev's on one similar project, there would be a large enough community to keep up to pace with security things, and maybe fix the rendering issues and just, make a browser like they all want to make it.
But as it stands there are not many browsers with the communities behind them needed to support a good modern browser. Probably the best out there centres on firefox, and has a pretty large sprawling familly of offshots, pentadactyl and tor browser and firefox dev editions and whatever.
Firefox family browsers are not the browsers I want. But they are, today, the browsers I need.
(posted from Tor-Browser)
No.458
Safari with Tampermonkey and https everywhere
or
chromium with ublock, tampermonkey, and https everywhere
No.727
>>456QupZilla-lainon again
You can set it to block third party cookies and JavaScript.
No.730
>>727Thanks for the suggestion, Qupzilla is nice. I think I'm going to use it exclusively for a week or so to really give it a fair test. There isn't a debian 9 package just yet, but the appimage download seems to work nicely.
No.756
I mostly use Pale Moon but recently I felt like checking out Sea Monkey. I kinda like it. I'll use them both.
No.867
I've been looking for a browser that I'm sure hasn't been fucked, tbh I think I should just write my own. I've done it before but only basic stuff. I have some free time in November when I can sit down for a week and write it.
No.871
Safari, and Chromium. Safari is pretty secure fast and stable. Plus its finally getting built in adblock. I like how it can pause plugins and stuff on tabs in the background. it also lasts two to three times longer on battery than using chromium or firefox.
No.882
How does Otter compare to Vivaldi, besides the licensing? Aside from both being successor projects to Opera, are they even comparable?
No.883
>>879Care to explain how sites can track you when Tor isolates circuits per domain and has no unique fingerprintable information? Of course, assuming you have good anonymity practices, don't give identifying information to those sites, and assume new identities often.
No.885
>>883 Impossible isn't the right word.
No.891
>>883absence of information is in itself information.
but yeah, practice good opsec. it's always the stupid soykaf that gets people arrested; and it's almost always the oldschool police work that busts them not the super csi cyber soykaf.
No.926
>>876I'm going to assume you are running a GNU/Linux distribution. But as a windows user what would be the best way to go about properly sand-boxing my browser or any application for that matter? Also what icecat about:config / addons are you using?
No.928
IceCat is probably the best starting point for now.
Essential addons:
-Random Agent Spoofer (with proper configuration)
-uMatrix (with properly strict configuration and constant ruleset babysitting)
-Canvas Defender (unfortunately closed source, but uniquely alters Canvas fingerprint rather than disabling)
Optional addons:
-uBlock Origin
-FoxyProxy
-Privacy Badger (but this really almost never does anything)
-Calomel SSL Validation
No.931
>>926I don't really know, you may check Sandboxie, but it's closed source.
The most important add-on is uMatrix.
For the config settings, you may look here
https://jm42.github.io/compare-user.js/ and check what those do on the Mozilla Zine so you can make your choises.
>>928The problem with IceCat is that it often doesn't get security updates in a reasonable time.
uMatrix can randomly spoof your User Agent.
No.936
I use qutebrowser.
At the end of the day all browsers and the web as a whole is complete soykaf and therefore should be avoided at all costs. However when I do access the web I prefer to it with a decent interface(in general not just looks) and qutebrowser supplies that.
No.941
Random Agent Spoofer can do a lot more than spoof useragent. It can spoof "profiles" of multiple values within a fingerprint that you would expect to find together. For example, if you spoof Safari on an iPhone it can spoof those javascript values, iPhone screen resolution, etc. RAS also has miscellaneous other useful privacy-oriented features such as referrer spoofing and a bunch of about:config stuff.
No.942
>>941Nice, good tip. Fits with my theory that misinfo is better than no info.
No.943
>>940>implying that I have javascript enabledThere are thousands of ways to fingerprint you if you have javascript.
>>941 Well, it's probably not enough since a tracker can still know that you're using Firefox and get your real OS from the resource URI scheme with other details as well.
See
https://browserleaks.com/firefoxAlso CSS media queries will leak your true screen resolution, even with JS disabled.
https://browserleaks.com/css No.950
>>943True. Also, headers are still sent in the order that firefox-based browsers send them even if the values are spoofed.
RAS remains useful for at least spoofing a more common profile than your default, and as a suite of other stuff. If you really wanted to convincingly switch around, maybe VMs would work? Really, a new browser should just be developed altogether. Firefox is gay anyway.
Another thing to worry about is OS fingerprinting methods that have nothing to do with the browser at all, but instead exploit differences in how TCP/IP is implemented by different OSes. This kind of fingerprinting is usually used against servers, but it cleverly appears on the Browserleaks "IP Address" page (
https://browserleaks.com/ip) under the label "Passive, SYN". How you defeat this method depends on your OS. In Linux, it usually involves a kernel module or patch. In BSD, it may involve network or firewall configuration.
No.951
>>950yep… maybe something based on Servo and written in Rust?
No.987
>>986Oh yeah, and JS was enabled
No.1220
I use Pale Moon mainly, but I also have qupzilla and lame Firefox as a backup. I wish something came out of the Opera 12.15 source code leak.
>>269How long has it been since you tried it?
It is now working fine with it.
Youtube tends to change things randomly and I've had issues even with mainstream browsers.
No.1222
Firefox with uBlock Origin, uMatrix, decentraleyes, cookies autodelete smartHTTPS, greasemonkey VimFx and autistic about:config
I'd like to try icecat but I'm too lazy to switch right now even though mozilla make me increasingly nervous with all their political stances I don't care about/don't want to support.
I want to come back to the time tech was only about tech pls
No.1225
>>1222I don't know enough about this stuff. Is there any reason to be cautious about decentraleyes? Seems like it's intercepting for a bunch of widely used libraries instead of pulling from the source. Is there a danger of the devs slipping in a little extra code into one of the libs and hijacking you across a bunch of sites?
I have no reason to believe they would, but something about it feels a bit man-in-the-middle to me
No.1229
I'm using Epic browser and Vivaldi for now. Firefox and it's forks are fugged up on my PC and I have issues with them opening up. Also with all the recent fuckery I'm just not sure there is a browser out there for me. So far I like Vivaldi, but who knows how long till they cave in to the hivemind.
I just want a browser that has decent extension support, is fast, and the developers don't need to go on a political crusade just because Donald Trump is the President of the US.
No.1238
SeaMonkey is the only real option nowadays. At least for someone that actually cares about being censored or spied on.
>>261>Why would anyone use Sorosfox?ftfy
No.1241
>>1238>SeamonkeyYou.. can't be serious can you?
I don't think you understand but using a open source browser almost completely eliminates being spied on ,
You can read code , you can remove things you don't like and you can do a bunch of other soykaf as well.
Using soykafty obscure browsers isn't doing much, more often those are the browsers that will be targeted due to people thinking just because they are small and obscure they won't be spied on, those are the type of people they are wanting to target.
No.1242
>>1241>>1241SeaMonkey was created to continue what Mozilla and Netscape left behind, which is an internet suite. So it's not exactly proper to just called it a browser when it's more than just an internet browser. It's a very unique product and has its place in the world.
No.1246
Mothra.
No.1247
>>1241Opensource being safe is very dangerous statement to believe in. True, everyone can view the source, but that doesn't mean they will. (Spoiler: They won't.)
And the fact that "hey everyone can view the source" make people believe it's safe is making it even more dangerous.
No.1248
I'm fond of Iron as a fortified chromium.
The cloud part of it is optional and so can run as a standalone if desired.
No.1249
>>1247You might not,
But I check the code.
No.1250
qutebrowser
just werks
No.1252
>>457>And then the dev gets bored and the project dies.That is not the case with QuteBrowser. The dev is chill as hell and likes his project.
No.1257
>>1247True enough but then, that is slightly better than what the average user does (trusting companies because they are the
norm and/or famous enough). Hell, most of us have one way or another compromised their security due to software-related issues or are already compromises due to our hardware.
>>882One "just werkz" using Google's engine and the other one is open-source with fucked up priorities, yet also refusing to use Opera 12.15 source code release for their advantage.
No.1441
I started using qutebrowser today, I switched from firefox. It's very comfy and the vim bindings are nice
No.1444
>>1441What about add-blocking? Has it been implemented yet?
No.1456
>Browser
Firefox
>Extensions
Ublock Origin
Https Everywhere
Privacy Badger
Decentraleyes
Cookie AutoDelete
No.1457
I use qutebrowser with around 40 000 domains on /etc/hosts as my adblock
No.1460
I use surf, a browser made by the suckless group. Its selling point is that it's dead simple, absolutely no-nonsense.
https://surf.suckless.orgAd-blocking: use /etc/hosts
Disable scripts: run with -s
Renderer: webkit
Visual interface: non-existent
Extensions: apply any of the many patches available (e.g., I like
https://surf.suckless.org/patches/searchengines) to the source code and recompile.
Configuration: edit config.h and recompile
I believe it also has wayland support.
No.1463
>>1456Once
https://brave.com has these functionality built in by default I will switch for good
No.1484
>>1460>webkitThat's when I knew it was bollocks and stuck to lynx
No.1485
What do you think of the new Firefox? It does seem to be faster but private browsing seems to be broken. If I open a link in a new tab all the cookies from the other tab are gone, it's very annoying.
No.1486
>>1485I haven't had any problem except for people not porting addons.
i checked cookies and they work fine for me.
No.1487
>>>>1485
aside from having to modifiy more stuff than usual in the userchrome since most of my UI addons don't work anymore, it's noticeably faster on my toaster. Still a ressource hog but all the browsers are these these days, it's better than vivaldi though.
The most annoying so far is the lack of a mean to configure custom keybindings, there's no way to do it natively and all the vimlike extensions I've tried suck compared to vimfx. Dunno about private browsing I don't use it
No.1495
>>1487>The most annoying so far is the lack of a mean to configure custom keybindingsThe lack of user control of keybindings has always been a soykafshow on Firefox. The firefox devs seem to believe that websites ought to have total control over keybindings so that all those wonderful benevolent web app developers can be happy, and that users need to shut up and bend over because users can't be trusted to control keybindings.
Witness the 11-year-long conversation on this topic:
https://bugzilla.mozilla.org/show_bug.cgi?id=380637. It was only recently marked as resolved, with the "resolution" being to allow websites to control shortcuts by default, with an obscure toggle to block keybinding hijacking on a site-by-site-only basis.
I'm getting really fucking sick and tired of this "all hail web devs, fuck user privacy and control" crap by Mozilla.
No.1502
>>1486If I go on /all/ and open a few threads in different tabs, each of them get a different password. They used to have the same password. If I post with a specific password in one of them, it gets saved in that tab, and the others also pick it up after a refresh, however every new tab still gets a new one. It's pretty annoying.