unixsheikh.com/articles/choose-your-browser-carefully.html#firefox

Choose your browser carefully

Published on 2020-10-20. Modified on 2020-10-20

Privacy on the Internet is important because privacy risks range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Many companies, such as Google, track which websites people visit and then use the information, for instance by sending advertising based on one's web browsing history. Sometimes prices on products are changed on the same website, depending on tracking information, and two people may view the exact same product on the exact same website yet be presented with very different prices.

Update: 2020-10-20: I will try to keep this article updated with relevant
information as much as possible. I know several other browsers exist, but if
they are not mentioned on this list I have either not had a change to
investigate them thoroughly yet (but fully intent to do so), they are closed
source browsers and completely irrelevant (such as Microsoft Edge or Opera),
or they are not actively maintained - which in most cases when it comes to GUI
based browsers is pretty important. I will also not be looking at browsers
that only work on Microsoft Windows or macOS, even if they are Open Source.

Table of contents

• Mozilla Firefox
• Google Chrome and Chromium
• Brave
• Palemoon
• Waterfox
• Real privacy respecting browsers
  • GNU IceCat
  • ungoogled-chromium
  • Falkon
  • Epiphany and Eolie
  • Tor browser
  • Other browsers
• Relevant extensions to Firefox and Chromium based browsers
• Conclusions
• Appendix
  • Controlling Firefox
  • Blocking DoH via a firewall

Mozilla Firefox

In the past I have always supported Mozilla and promoted Firefox, but Mozilla has made some pretty controversial decisions as of late and I no longer feel that Mozilla is an organization that deserves any support.

Firefox is promoted by Mozilla as a privacy respecting browser, but in my
opinion this is highly misleading. Firefox "phones home" every time you start
it up even when you have disabled telemetry and automatic updates of
extensions. Domains such as mozilla.org, cloudfront.net,
firefox.settings.services.mozilla.com (see:
https://bugzilla.mozilla.org/show_bug.cgi?id=1598562#c12),
autopush.prod.mozaws.net, detectportal.firefox.com and
location.services.mozilla.com are visited each time you start Firefox.

In 2017 Mozilla made a deal with Cliqz where approximately 1% of users downloading Firefox in Germany would receive a version with Cliqz software included. And in 2018 Mozilla revealed that they had no data on the number of Firefox installations with disabled Telemetry.

Finally, we need better insight into our opt-out rates for telemetry. We use
telemetry to ensure new features improve your user experience and to guide
Mozilla’s business decisions. However, an unknown portion of our users do
not report telemetry for a variety of reasons. This means we may not have
data that is representative of our entire population.

Mozilla then developed the Telemetry Coverage system and distributed it to 1% of the Firefox installations. The system is automatically installed and designed to inform Mozilla whether Telemetry is enabled in the browser.

Mozilla also developed a Windows-only scheduled task which runs in the background once a day for each installation of Firefox installed on a computer running Microsoft Windows. The task collects information related to the system's current and previous default browser setting and the operating system locale and version.

This is a list of some of the things that Mozilla collects:
https://www.mozilla.org/en-US/privacy/firefox/#suggest-relevant-content.

On Mozillas website we can read (when I originally wrote this article) that "We put people over profit", and "a product to support user privacy". However, with their decision to make Cloudflare the default DNS provider for DNS over HTTPS, they are definitely not supporting user privacy or putting people over profit!

DNS over HTTPS is by itself bad enough, and highly criticized with good reason, but by combining it with a US based company like Cloudflare makes it even worse.

Cloudflare has made an agreement with Mozilla that when it acts as a DNS resolver for Firefox, that:

• DNS requests will be stored as part of Cloudflare's "temporary" logs which are permanently deleted within 24 hours.
• Cloudflare will also collect and store the following information as part of its permanent logs:
  • Total number of requests processed by each Cloudflare co-location facility.
  • Aggregate list of all domain names requested.
  • Samples of domain names queried along with the times of such queries.
• Information stored in Cloudflare's permanent logs will be anonymized and may be held indefinitely by Cloudflare for its own internal research and development purposes.

Anyone who has worked with DNS servers knows what goes into such logs and in
order for Cloudflare to keep their promise they need to: Delete the DNS
requests information, but at the same time somehow still contain "anonymized"
logs of the total number of requests, a list of all domain names requested, a
so-called "sample" of complete DNS queries along with date and time.

This mean that even if Cloudflare could be trusted and they have the best of
intentions, they will still log everything the first 24 hours. If Cloudflare
is ever compromised all these logs could be copied and distributed over a
period of time.

Furthermore, the actual wording of the agreement is such that the technical
procedure for how they actually do this can only be guessed at. How do they
plan to anonymize the data? Is the "sample" 99.9% of all the queries, or is it
1%?

Last, but not least, Cloudflare is an American company subject to American
law, a law that pretty much undermines the foundation of any kind of privacy.

Cloudflare will not retain or sell or transfer to any third party (except as
may be required by law) any personal information, IP addresses or other user
identifiers from the DNS queries sent from the Firefox browser to the
Cloudflare Resolver for Firefox;

Real privacy means no data retention, no logging, and no phoning home.
Period!

Mozilla should be ashamed! They are promoting Firefox as a product to support user privacy, yet at the same time they make Google the default search engine in the browser because Google pays them and Cloudflare the default DNS over HTTPS resolver.

Firefox in itself has long been submitting data to the Mozilla foundation via
its "Data Collection and Use" gathering. Even though this data is "technical
and interaction data", the data collection is opt-out, meaning that you have
to remember to disable it rather than enable it. This also means that the very
first time you start up Firefox, it has already connected to the Mozilla
foundation before you can disable the data collection. If you forget to
disable the data collection and later disable it, you'll get the following
information from Firefox: "You're no longer allowing Mozilla to capture
technical and interaction data. All past data will be deleted within 30 days."
There is no option to delete the data gathering right away.

That is why when Snowden blew the whistle and revealed that we were all being
watched, he didn't recommend Firefox, he suggested the Tor browser instead.

This is an example of a tcpdump of a few of the requests Firefox makes even
when telemetry and automatic updates are completely disabled (I have shortened
and cleaned up the result for readability):

detectportal.firefox.com
detectportal.prod.mozaws.net
detectportal.firefox.com-v2.edgesuite.net
a1089.dscd.akamai.net
mozilla.org
location.services.mozilla.com
content-signature-2.cdn.mozilla.net
locprod1-elb-eu-west-1.prod.mozaws.net
d2nxq2uap88usk.cloudfront.net
firefox.settings.services.mozilla.com
push.services.mozilla.com
ec2-52-35-220-92.us-west-2.compute.amazonaws.com
ec2-34-242-33-12.eu-west-1.compute.amazonaws.com
server-13-33-240-52.hel50.r.cloudfront.net
shavar.services.mozilla.com

Mozilla: No, thank you!

Google Chrome and Chromium

It is important to know that Google's Chrome or Chromium are even worse than
Firefox. Every time you start Chrome or Chromium the browser contacts Google
and almost every key press performed in the browsers address field is
submitted to Google.

This is a shortened and cleaned up output from a tcpdump when Chromium is
started up:

redirector.gvt1.com
www.google.com
accounts.google.com
r1---sn-25g3oxu-j2ie.gvt1.com
ams15s40-in-f14.1e100.net
ams15s40-in-f13.1e100.net
ams16s31-in-f3.1e100.net
fonts.googleapis.com
www.gstatic.com
gstaticadssl.l.google.com
apis.google.com
plus.l.google.com
ogs.google.com
www3.l.google.com

I wont address any of the Chrome/Chromium related privacy problems as the
Internet is filled with relevant articles about the problems with Google and
their famous privacy compromising policies.

Brave

The Brave browser is often recommended by people as a privacy respecting alternative to both Firefox and Chrome, but this is a mistake. Brave is no better that the alternatives.

People are being mislead by the empty promises of privacy, but Brave not only also "phones home" it also hijacks links and insert affiliate codes, which was found out by Cryptonator1337 on Twitter. Furthermore the "anonymously monitoring of user attention" and "rewards publishers accordingly with Basic Attention Token (BAT) crypto currency" is not something that should be recommended.

Another privacy issue that was discovered regarding Brave was that clearing the history doesn't remove "Top Sites" on the new tab page.

No, the Brave browser is not a privacy respecting browser.

Palemoon

Palemoon is also sometimes recommended by people as a privacy respecting browser, but Palemoon is not even promoted as a privacy respecting browser so I don't know where that comes from. Palemoon also "phones home" and it also connects to Google every time it is started up just like Chrome.

Waterfox

Waterfox is yet another browser that people sometimes recommended as a privacy respecting browser, but that is also not correct.

Not only does Waterfox connect to a ton of domains when it is started, it also clearly stated in the project privacy policy that "If our organizational structure or status changes (if we undergo a restructuring, are acquired, or go bankrupt) we may pass your information to a successor."

Furthermore it is stated that "If you engage with our social media accounts,
such as Twitter and Facebook, we may receive personal information about you.
If you use these networks, their privacy policies apply, and you are
encouraged to read them." and "We may use cookies, third party web analytics,
device information, and IP addresses for functionality and to better
understand user interaction with our products, services, and communications."
and "We may also use cookies and/or IP addresses, to help us understand in the
aggregate how users engage with our products, services, communications,
websites, online campaigns and other platforms."

So no, Waterfox is also not a privacy respecting browser.

Real privacy respecting browsers

Update 2020-10-20: I will update this list and provide more detailed
information as time permits.

Besides from reading the source code a tcpdump also reveals, to the best of
my ability and without any extended monitoring, that none of these browser
collect any data what so ever. Some of the browsers, such as GNU IceCat, do
"phone home", but this is only to check if a new version of the browser is
available. Even though "phoning home" to check for updates is very useful, it
still should be opt-in and not something that is done automatically without
the user explicitly permitting this.

GNU IceCat

GNU IceCat is the GNU version of the Firefox browser and it is extremely privacy focused. The browser comes with a bunch of extensions that sometimes may brake functionality on different websites, but it is possible to disable those extensions and then install alternative extensions.

Because IceCat is based upon an older version of Firefox not all extensions
will work, which can be very annoying if you depend upon sometime that is very
useful. I personally like to use a Vim-like navigation extension in order to
avoid the mouse as much as possible, but my favorite extension for Firefox
doesn't work on IceCat.

IceCat is one of the better replacements for Firefox and it is actively
maintained.

ungoogled-chromium

ungoogled-chromium

ungoogled-chromium is a drop-in replacement for Chromium. The project removes
all background requests to any Google web services while running the browser.
They also remove all uses of pre-made binaries from the source code, and
replace them with user-provided alternatives when possible. They disable
features that inhibit control and transparency, and add or modify features
that promote them. Everything is implemented as configuration flags, patches,
and custom scripts.

ungoogled-chromium is however problematic unless you compile it yourself,
which can be a very time consuming task. The downloadable binaries are
provided by anyone who are willing to build and submit them. This means that
authenticity cannot be guaranteed! There is always a risk that the binaries
may have been tampered with. So, if you decide to use ungoogled-chromium I
highly recommend that you compile it yourself!

Falkon

Another very nice browser is Falkon - it also fully respect privacy and I use it on all the websites where I cannot avoid JavaScript, but still require access. Falkom has a limited amount of extensibility, but already comes with a bunch of very useful extensions build-in, such as an ad-blocker.

Falkon is a KDE web browser using the QtWebEngine rendering engine. It aims to be a lightweight web browser available through all major platforms.

Epiphany and Eolie

Epiphany and Eolie are both from the GNOME project. But browsers are nice, but they tend to be very slow and crash and freeze a lot in my experience.

Tor browser

You can read about the Tor Browser on Wikipedia

Other browsers

Below is a list of other browsers worth looking at. In time I will extend the
list with more relevant information and more browsers.

• Midori
• Konqueror
• qutebrowser
• surf
• vimb
• Links
• Min

Relevant extensions to Firefox and Chromium based browsers

Whether you run with ungoogled-chromium or IceCat or something else I highly recommend the uBlock Origin extension and the NoScript extension. With those two extensions you can control pretty much everything privacy related with these two browsers.

Conclusions

In my humble opinion it is absolutely mind-boggling how poor the current state
of the Internet is regarding privacy issues. Almost no matter what website you
visit you cannot avoid getting a microscope shoved up your ass (yes, I said
it!) by some web developer who insists on running Google Analytics on the
website instead of using something as simple as the build-in web server
statistics, or at least one of the much better Open Source and completely
privacy respecting alternatives.

It is not that ads are bad in themselves. It is a fact that ads drive a huge
part of the economics behind the Internet and many websites and YouTube
content creators depend upon the income of ads. However, it is the way the ad
business is conducted that is very problematic - in some cases even borderline
immoral and highly controversial. The companies that run ad business need to
understand that many users will actually allow ads, what users will not allow
is to be spied upon and tracked without consent. These companies need to ask
for permission and they need to run a completely open door policy such that
all user data is transparent and available to the user. They also need to stop
manipulating prices based upon previous purchases, which in real life is
called cheating, not business!

The Mozilla foundation is no longer the trusted organization they once were.
Today it has become a "business" that depend upon revenue from big
corporations like Google, which is why we're witnessing a slow but steady move
away from proper conduct. If the foundation want to gain the trust of the
users once more, they need to either remove all the privacy compromising code
in Firefox, or at least make all options available in the "preferences" with
the default of "opt-in", meaning that the user has the choice to activate
updates, feedback based upon telemetry, etc., but these settings must be
deactivated by default. They also need to make the DNS over HTTPS an opt-in
option and remove Cloudflare from the browser! If they cannot figure this out
they deserve to be completely boycotted because they promote themselves as a
privacy based organization that protect the users, which is an outright lie!

However, the real cause of the problem lies with us - the Internet users. We
seriously need to stop using the bad browsers and we need to stop visiting all
the bad websites that requires the bad browsers!

Once you stop visiting the bad websites you no longer need a complex browser
like Firefox or Chromium and once you don't need a complex browser you no
longer have to worry about privacy issues - at least not from the browser
point of view. I know that this is easier said than done, but I do believe
that the power lies in the hands of the users and we need to make a choice
every time we use technology.

This is no different from boycotting harmful products because you care about
yourself and your family health, or because you care about how animals are
treated. We - the consumers - have the final say. When we boycott all the bad
stuff, the producers have no choice but to stop the production because there
are no more customers.

I don't use Facebook, Instagram, or any of the other options that requires a browser that is more complex than the operating system running on my computer. I download videos from YouTube using youtube-dl simply because they are much more pleasant to watch in mpv media player. And when a website don't work because I have JavaScript disabled, and that particular website doesn't really have any functionality that requires it, I simply boycott the website, I don't turn on JavaScript but try to find an alternative solution that simply works without.

Twitter works without JavaScript, some webmail solutions like the one Yandex provides (I don't know anything about their privacy policy) offers a light version without JavaScript - and you will be surprised at how much faster everything becomes without JavaScript enabled.

Maybe you have given up and stopped caring, and I fully understand why someone
would do that, but please remember that more serious issues are at stake here.
What we're facing now is nothing compared to how bad things can get and most
likely will get if we don't do something today. As long as we have a choice we
should try to care about the deeper implications and not give away our
freedoms to companies like Google, Microsoft or controversial foundations like
Mozilla.

Appendix

Controlling Firefox's DNS over HTTPS

Please note that I don't recommend using Firefox, but in case you want to
know, this is how you can control Firefox's DNS over HTTPS.

Mozilla has removed the option of disabling automatic updates, forcing users
to get automatic updates, which if you're in the middle of some important
work, will make Firefox stop opening up any new URLs until you have restarted
the browser. Windows 10 anyone?

While this exists in order to protect users, most users are quite capable of
just letting Firefox remind them of an upgrade and then upgrade manually.

Because many corporations need extensive control Mozilla has created a
something called "policy support" which can be implemented using a JSON file
called policies.json. This file is a cross-platform compatible file that
makes it the preferred method for enterprise environments to control Firefox
in different environments.

By using the policies.json file you can control a great amount of how
Firefox works, including the DNS over HTTPS feature.

On Arch Linux Firefox gets installed in /usr/lib/firefox/.

On FreeBSD Firefox gets installed in /usr/local/lib/firefox/.

If a subdirectory called distribution doesn't exist you need to manually
create it. Then create the policies.json file in that directory.

On the README for the policies templates you can find a list of options to control.

I have created a policies.json that looks like this:

{
  "policies": {
    "DisableAppUpdate": true,
    "DisableFirefoxAccounts": true,
    "DisableTelemetry": true,
    "DNSOverHTTPS": {
      "Enabled": false,
      "Locked": true
    },
    "DontCheckDefaultBrowser": true,
    "NetworkPrediction": false,
    "PromptForDownloadLocation": true,
    "SearchEngines": {
      "PreventInstalls": true
    },
    "SearchSuggestEnabled": false
  }
}

You need to restart Firefox in order for the settings to take place. You can
view your settings by typing about:policies in the address bar.

As long as the option to control Firefox, you should make sure that you have
created the policies.json file before you open up Firefox for the first time
after a fresh installation in order to prevent the telemetry from working the
first time you use the browser.

Also notice that not all options are working on the lasest edition of Firefox,
some only work on the ESR edition.

Blocking DoH via a firewall

No matter what kind of firewall you're running, you can at least block the
known public DoH servers.

A good list with both domain names (for DNS blocking) and IP addresses (for
firewall blocking) is available at:
https://github.com/oneoffdallas/dohservers

Please consider making a pull request if you know something is missing.

If you use the Packet Filter (PF) firewall from OpenBSD, which is also
available on FreeBSD, you can drop packages without any delay in the response
time.

If you have any comments or corrections please feel free to email them to me. Also, if you found this content useful consider supporting me onPatreon ;)