Browser Revamp

[TommyTran732]

Discussion: #298 (comment)

Closes: #273
Closes: #69
Closes: #243
Closes: #245
Closes: https://github.com/privacyguides/privacyguides.org/discussions/90

[netlify]

✔️ Deploy Preview for privacyguides ready!

🔨 Explore the source changes: e78a8a4

🔍 Inspect the deploy log: https://app.netlify.com/sites/privacyguides/deploys/61a78a35dd5b660007feb879

😎 Browse the preview: https://deploy-preview-309--privacyguides.netlify.app

[TommyTran732]

Er yeah I am basically done with my part, if anyone has anything else to add, feel free to make suggestions

[SkewedZeppelin]

uBlock Origin recommendation was removed?
The "enumerating badness" argument is defeatist imo.
Even if you can't block all trackers or what not, you still drastically minimize execution of untrusted content and connections.
And the Tor Browser excuse for not adding uBlock Origin boils down to "we don't want people thinking Tor is just Firefox with an adblocker".
Even though adding uBlock Origin to Tor Browser would directly increase security, and reduce load on the network.
I mean the TBB devs went out of their way to disable the Firefox default tracking protection list.
Asinine.

Librewolf is still mentioned in Firefox section.

[dngray]

uBlock Origin recommendation was removed?

It's not, things are being moved around.

Librewolf is still mentioned in Firefox section.

Still a WIP, we're also learning the new layout engine @jonaharagon left us :)

[Thorin-Oakenpants]

And the Tor Browser excuse for not adding uBlock Origin boils down to "we don't want people thinking Tor is just Firefox with an adblocker". Even though adding uBlock Origin to Tor Browser would directly increase security, and reduce load on the network. I mean the TBB devs went out of their way to disable the Firefox default tracking protection list. Asinine.

That's not why TB doesn't have any content/tracker blocking

• they already have FPI so it's not a major concern in that regard
• ETP is/was a bit "complicated" (and has changed a lot since including defaults) - a lot of parts and concerns/issues
• DNT was an issue (comes with TP)
• uBO outbound connections and customizing of lists and fingerprinting of that (they have a higher threat model)
• uBO some default lists were using insecure hosts
• ethics? politics? gk (at least) feels somewhat strongly about not interfering in ad income (e.g. some blogger who relies on that)... in other words, that this is not TB's problem - also see DNT (gk and almost everyone I know hated it with a passion)

That said, there have been tickets at Tor Project for some time about adding uBO/ETP - for the exact reasons you said: Reduce the attack surface. And reduce latency and load on the tor network - but the reason for any impetus behind that now, is that it is one step of many towards getting Tor into Firefox: disclosure: I spent a week with the Tor Project guys, including Roger Dingledine, Mike Perry, gk, sysrqb etc (the big guns) working on this (well, they were, I tagged along) and then at a meeting with them and eka that discussed all of this - steps to get Tor Window Mode into Firefox.

Not that Tor Project don't want to do that anyway (and there are other ways they have reduced latency etc) - but they are a small team, resources are scarce, and the timeline is somewhat dictated by other factors. They can't just throw an extension in or stop ripping out/blocking ETP - it's going to take time, analysis, testing.

Not looking to get into a discussion, just though I would share my insight

[freddy-m]

Might be worth mentioning FLOC under Chrome 'anti recommendation' (as per #19), if we're still doing those.

[TommyTran732]

Might be worth mentioning FLOC under Chrome 'anti recommendation' (as per #19), if we're still doing those.

If you are talking about the Privacy Sandbox, then yeah, I think we really need to look deep into it

Interestingly enough however, it is enabled by default in Bromite

[dngray]

Interestingly enough however, it is enabled by default in Bromite

No it's not:

• Permanently Disable Floc bromite/bromite#1582
• bromite/bromite@d9876e2#diff-06572a96a58dc510037d5efa622f9bec8519bc1beab13c9f251e97e657a9d4edR3

[SkewedZeppelin]

Here is SVG for Mull:
mull.svg.txt

[dngray]

Here is SVG for Mull:
mull.svg.txt

Thanks, just note, we're still thinking about this one, (I pushed that update late at night).

I'm kinda thinking for language reasons, (and it not being on google play) it might be better to mention it as a footnote. We could possibly do the same with LW.

[TommyTran732]

Here is SVG for Mull:
mull.svg.txt

Thanks, just note, we're still thinking about this one, (I pushed that update late at night).

I'm kinda thinking for language reasons, (and it not being on google play) it might be better to mention it as a footnote. We could possibly do the same with LW.

I am not in favor of recommending Fenix. If we are going to recommend a Firefox based browser on Android at all, I think Mull should be recommended directly instead of Fenix.

Likewise, if Arkenfox didn't exist (or if Mozilla drops user.js support), then I would drop Firefox as a recommendation and switch to Librewolf.

I also want to mention Fission. Chromium has been doing site process isolation since 2019, and Fission appears to be working fine. I am using it everyday and have noticed 0 issues whatsoever. There is no reason for it to be off.

Firefox with ETP alone is not good enough, IMO.

[TommyTran732]

Also, this gives more argument on Firefox on Android beyond just the increased attack surface of having 2 browser engines like I mentioned: https://grapheneos.org/usage#web-browsing

To make the matters worse, Fission does not work on Android at all: https://www.reddit.com/r/firefox/comments/mmkqrc/so_i_was_testing_fissionautostart_in_ff_nightly/

I don't think we should recommend Firefox at all on Android, or at the very least, wait until it's available.

[dngray]

@TommyTran732 these are valid points. I think with the switch to Fenix, there is a bit of catching up on Android before Firefox there is at parity with desktop. Only reason I haven't mentioned Fission is because I expect it to be enabled very soon (on desktop).

Re Mull, only reason I'm kinda against mentioning LW/Mull as main cards is because afaik they still have the same problems Firefox does, and they don't work on most locales other than en-US. It's also worth noting that Firefox on Android does support things like uBO, which, is awesome especially when used in hardmode.

That being said, there shouldn't be any reason we can't recommend it on iOS as everything there is webkit anyway.

Less options is better so I'm not opposed to cutting it. If we reintroduce it, we will discuss that at a later date.

[TommyTran732]

@dngray I think we need a rebase here

[elitejake]

Could you change Brave's logo to SVG?

I ran this one through scour.

[TommyTran732]

Could you change Brave's logo to SVG?

I ran this one through scour.

Done

[TommyTran732]

@dngray @freddy-m

This is ready for review and merge. The Matrix group helped me proof read and fix up typos with the last few commits :)

[dngray]

Regarding Brave, going to just take that off this PR, it really shouldn't be with legacy content migration.

We'll put it in a branch for further discussion separately.

[freddy-m]

I take we're not doing 'anti-recommendations' anymore then lol

[dngray]

I take we're not doing 'anti-recommendations' anymore then lol

Basically some of the anti-recommendation reasons weren't terribly good. (Particularly the Brave one).

We may revisit this in the future though.

[Thorin-Oakenpants]

remove mention of addons

Still one there in the Tor card

[dngray]

remove mention of addons

Still one there in the Tor card

Done... bleh the things I miss.

[ghost]

What about browsers for iOS?
If you recommend sticking to Safari, why not make it clear? Maybe just a note under the "Mobile Recommendations"

[dngray]

What about browsers for iOS?

We're still discussing solutions there. It's worth noting all browsers on iOS have to use the Webkit engine.

At this point we're thinking Firefox at least offers ETP (with 4 different blocking lists) and some other features that might be worthwhile. It can clear all cookies and website data on close and can even clear with a single click. It also allows you to add search engines, which you can't do in safari. Telemetry can also be disabled.

We're also looking at Firefox Focus as

• cookies and site data cleared by default or with a click vs going to the settings and clearing stuff from two different places.
• ETP can be controlled per-blocking-list vs standard or strict mode.
• less bloat, 20mb vs 86mb.
• single telemetry button vs separated telemetry and studies button.
• no suggested yt, twitter etc in the home page.

I want to check some things with iOS users like @jonaharagon at some point regarding these recommendations.

[PhysicsIsAwesome]

https://deploy-preview-309--privacyguides.netlify.app/browsers/

The rewrite preview is a lot more reasonable than the old version. But the page seems a bit overloaded. Maybe it is a good idea to put the settings and notes in some kind of submenu instead?
Is there a reason, that JIT disabling is recommended on Bromite, but not on Firefox and is it important enough to be mentioned?
Firefox runs with Wayland by default on major Linux distributions with a Wayland-enabled DE (can be checked via about:support). So mentioning this flag could lead to more confusion, than help.

[dngray]

Is there a reason, that JIT disabling is recommended on Bromite, but not on Firefox and is it important enough to be mentioned?

Not so much it's recommended, rather it is an optional security enhancement that comes at the cost of performance. Most browsers don't allow you to disable it. I think only Vanadium, Bromite and Hexavalent have options for that. Microsoft is indicating edge might have an option too.

Firefox requires you to mess with about about:config these are the options.

We're still deciding whether or not we should mention it.

Firefox runs with Wayland by default on major Linux distributions with a Wayland-enabled DE (can be checked via about:support). So mentioning this flag could lead to more confusion, than help.

Last I checked that wasn't the case. Would need to verify that.

[qua3k]

Browser exploits rely on being able to call VirtualAlloc or VirtualProtect to easily copy shellcode into memory; Chrome enables ACG and CET shadow stacks in the renderer when JIT compilation is disabled, preventing an attacker from generating their own code after hijacking the control flow as is the norm. It's going to cause significant pain for attackers and should be enabled by default if the browser easily allows site opt-out in settings such as Edge is now. There is no equivalent W ⊕ X policy on Linux but Hexavalent is researching modifying the seccomp policy to do the same.

[dngray]

@qua3k I don't doubt there is risk. However I think enabling/disabling it has pros and cons. Enabling does grant better security, but it does seem that is a fingerprintable metric. Obviously things that require WASM aren't going to work at all, and some things may work with less performance. So seems to me like security vs privacy/performance.

Most browsers don't allow for disabling it. Firefox doesn't have an exposed UI element so you'd have to set about:config options, meanwhile there is no option on iOS where everything is Webkit.

I'm thinking if my understanding is correct elaborating on that and putting it in the blog article. For the Bromite card we might then just say "consider disabling", (and cross link to the blog article).

[csagan5]

Interestingly enough however, it is enabled by default in Bromite

It has never been enabled/effective on Bromite; some UI remnants were present but the underlying code was deleted/disabled since the very first day FLoC was released upstream in Chromium.