Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Feature Suggestion | Browser Battles #887

Closed
angela-d opened this issue Apr 25, 2019 · 24 comments
Closed

✨ Feature Suggestion | Browser Battles #887

angela-d opened this issue Apr 25, 2019 · 24 comments

Comments

@angela-d
Copy link

@angela-d angela-d commented Apr 25, 2019

Description:

#856 has become too long.

Since there is seemingly an endless debate on what browsers are featured, could the moderators / team members of PTIO finally lay it out on what requirements have to be met in order for a browser to be featured?

Alot of the arguments are stemming from what appears to be personal preference. Why Brave and Firefox? Both aren't pro-privacy by any stretch of the imagination (I think the end goal for Brave is to get there, but it doesn't appear as though they're there yet - any topic I've seen about Google components seems to have indirect answers for how much remains or was taken out.)

None of the three are perfect for privacy, yet being featured on a site like PTIO, many users take the suggestion at face value.

  • If somebody logs into their bank account while using Tor, is Tor still the best suggestion?
  • Even though Mozilla has privacy blunder after privacy blunder, should they still be a top recommendation?
  • Even though Brave Phones home to Google they're a top mention?

I am not arguing for removal of any of these browsers, they all have good and bad attributes -- the reason I cite these examples:

  • Why aren't any of the smaller, open source projects offered alongside them, that may not have these same issues?

Many arguments point to the fact Pale Moon, Waterfox, IceCat or Seamonkey have smaller teams and/or aren't "privacy focused" (but Mozilla is? You have to spend a half hour disabling crap on a vanilla Firefox install)

Why aren't there a list of pro's & cons for the top mentions plus smaller alternatives?

What if the developer of Pale Moon or Waterfox die?

What if Mozilla sells out to Google? (As they have and will continue to do!) My counter-argument:

  • If you throw a list of facts at the visitor and explain the pros & cons / project size, the user makes an informed choice.
  • Sure, the user may never return to PTIO to see if the suggestion was revoked, but so what? You gave them all you know about the project(s) and the user decided for themselves how much risk they wish to take based on the level of privacy they expect from their browser
  • As it stands, these 3 browsers are recommended without any real reason, short of a brief synopsis as to why they're listed. You're luring people into a false sense of privacy.

I don't think there's a one-size fits all browser for privacy. None of the top 3, or even Pale Moon, Waterfox or IceCat fit every scenario for every person. Each person should be able to arm themselves with knowledge and make an informed decision. As of right now, you're essentially telling them 3 large projects are all that's out there. What's the purpose of keeping smaller projects from being listed?

I've seen Brave referred to as basically a shoe-in, "because some users prefer a Chrome base, if we exclude them, we'll drive them right back to Chrome" - so why not Ungoogled Chromium, too? Why does it have to be Brave and no other Chromium-based forks?

@abbluiz

This comment has been minimized.

Copy link
Contributor

@abbluiz abbluiz commented Apr 26, 2019

If one is inclined, one can install Firefox with all the defaults set to be privacy-focused. I would suggest working on a guide on how to install Firefox with all the default config set to good privacy options. PTIO could mantain their own version of user.js file or Firefox install script and the user would be one click/script run away of having a better privacy-focused browser

@Mikaela

This comment has been minimized.

Copy link
Member

@Mikaela Mikaela commented Apr 26, 2019

Potential duplicate or subset of #780 ?

@angela-d

This comment has been minimized.

Copy link
Author

@angela-d angela-d commented Apr 26, 2019

@Mikaela I would say its a subset. My post is primarily a suggestion to list the smaller forks alongside the bigger projects - with facts of why the browser was suggested.

@abbluiz

If one is inclined, one can install Firefox with all the defaults set to be privacy-focused.

You can do a lot to Firefox to make it private - but my point is that those are not defaults and such changes are not sanctioned by Mozilla. So championing Firefox as a privacy king is nonsense.

Lately (business as usual, for them), Mozilla's been doing very questionable things regarding privacy, such as enabling ping tracking by default and defaulting DNS queries to Cloudflare.

@beerisgood

This comment has been minimized.

Copy link

@beerisgood beerisgood commented Apr 27, 2019

@angela-d so you prefer a non customized browser against a fully customized?

Yes Mozilla make some bad things but at same time good things too.

Also it's better to use Mozilla/cloudflare DNS then Google DNS. Can you chance that in chrome/ chromium forks?

@angela-d

This comment has been minimized.

Copy link
Author

@angela-d angela-d commented Apr 27, 2019

@angela-d so you prefer a non customized browser against a fully customized?

I am not sure where you would get that from.

Also it's better to use Mozilla/cloudflare DNS then Google DNS. Can you chance that in chrome/ chromium forks?

You're missing my point. Why aren't any of the smaller forks listed? Be in Firefox forks or Chromium forks.

@JonahAragon

This comment has been minimized.

Copy link
Member

@JonahAragon JonahAragon commented Apr 27, 2019

Can you chance that in chrome/ chromium forks?

Chrome does not have built-in DNS servers at all, unlike Firefox. Chrome will use your system's DNS servers, as all browsers should. DNS is an OS issue, not a browser issue, so I'm not sure why Mozilla is messing with it in the first place. I 100% agree Mozilla has been making some super questionable decisions lately with regard to privacy.

@beerisgood

This comment has been minimized.

Copy link

@beerisgood beerisgood commented Apr 28, 2019

@angela-d forks aren't listed because of security. They're always behind the mainline

@JonahAragon If Google doesn't use their DNS yet (which i can't believe), they will include it. Please test it:
https://dnsleaktest.com & https://www.grc.com/dns/dns.htm
Also even if Mozilla/ Cloudflare DNS isn't the best, it still protect your DNS with encryption and it can be changed/ disabled

@angela-d

This comment has been minimized.

Copy link
Author

@angela-d angela-d commented Apr 28, 2019

@angela-d forks aren't listed because of security. They're always behind the mainline

The argument can also be made, privacy tools is about privacy first; while collaborative, privacy and security are not the same thing.

Which is also why I suggest a chart, comparing pros & cons of the big browsers alongside the small forks. Let the user decide which best fits their threat model.

Mozilla proves time and again they're treading dangerous waters with users' privacy.

If Google doesn't use their DNS yet (which i can't believe)

Why is it hard to believe? DNS should be a networking/OS issue and the browser has no business touching it, unless the user goes ahead and makes the change themselves. The fact Google isn't meddling with it, should be an indication of out insane it is that Mozilla thinks this is a good idea. If it were opt-in, it would be - but one can't expect that to be the case (like Pocket) once it becomes a feature. Mozilla knows best.

@beerisgood

This comment has been minimized.

Copy link

@beerisgood beerisgood commented Apr 28, 2019

It's so hard to believe cause Google gives a shit about privacy.
Mozilla have some bad configs too but you can change/ config everything. Not so in chrome/ chromium

@angela-d

This comment has been minimized.

Copy link
Author

@angela-d angela-d commented Apr 29, 2019

Mozilla have some bad configs too but you can change/ config everything.

For now. The route they're headed, this is not a promised future. Hence the request for an explanation as to why smaller forks are not also posted.

Not so in chrome/ chromium

I won't disagree, but if the justification for Brave being posted is because it has a Chromium base, what's wrong with Ungoogled Chromium, too?

@beerisgood

This comment has been minimized.

Copy link

@beerisgood beerisgood commented Apr 29, 2019

Ungoogled Chromium is Chromium too and even doesn't remove all Google shit.

Edge restart, building on chromium may the only build which remove all Google stuff.
No other done this yet

@Atavic

This comment has been minimized.

Copy link

@Atavic Atavic commented May 1, 2019

If somebody logs into their bank account while using Tor, is Tor still the best suggestion?

That's a wrong use of Tor.

Even though Mozilla has privacy blunder after privacy blunder, should they still be a top recommendation?

Debatable, still the leading alternative to Google.

Even though Brave Phones home to Google they're a top mention?

Moreover Brave is a walled garden.

IceCat is the best choice, it has privacy addons bundled.

@angela-d

This comment has been minimized.

Copy link
Author

@angela-d angela-d commented May 1, 2019

If somebody logs into their bank account while using Tor, is Tor still the best suggestion?

That's a wrong use of Tor.

Sure it is, but how its displayed on PTIO, a privacy newbie would not know that.

IceCat is the best choice, it has privacy addons bundled.

That's debatable too, as its updated more infrequently than Waterfox and stuff the non-free JS extension that is default will be overwhelming to your average user, since the majority of the web now runs on bloated JS code.

The point of this thread is to get info from Privacy Tools mods/team members to explain why no smaller forks are listed. Which is superior or Mozilla vs Chromium-based I don't think is very relevant! They all have their flaws and some have better strengths than others in some areas. None are perfect.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented May 3, 2019

To be honest, I think that the criticisms towards Mozilla here are a bit overstated. They have certainly made some blunders in the past, but these can more accurately be described as tone-deaf PR blunders rather than privacy blunders.

Regarding Mozilla's use of Google Analytics and Cloudflare, they have special contracts with both of these companies that require them to treat user data gathered in a strict, separate way that respects user privacy. To suggest that they do otherwise is conspiracy theory type thinking, given the compliance requirements in that sort of contract, the substantial penalties within it, and the lack of evidence that there is any breach. Companies do obey contracts and have large legal and compliance teams for this very purpose. I would suggest that Privacy Tools needs to adopt an evidence-based approach in this regard.

In particular, using Cloudflare DoH is actually a big win for user privacy imo, because users can get their DNS traffic encrypted within the browser, gain the benefit of encrypted sni and DNSSEC and be certain that Cloudflare is contractually required to respect their privacy. Relying on users to make these private choices and configurations regarding DNS is just not realistic given how difficult these can be to setup and given that most users have never heard of DNS. Relying on sane default platform choices is also not going to happen for the majority of users when most platforms are owned by advertising and proprietary software companies. Given that for most people, this is the only way in the foreseeable future for their DNS traffic to be encrypted, this should be considered a net win. Doubly so, when there are an increasing number of jurisdictions with mandatory data retention and ISP commercial data gathering. There is some legitimate risk that the small amount of data that Cloudflare is able to collect will be subpoenaed, but this could happen to an ISP or other DNS or VPN provider as well. Many ISPs and GPAs rely on unencrypted DNS traffic to track and retain, censor and maliciously impersonate in the status quo regardless.

Regarding the Firefox forks (excepting Icecat and Tor Browser), I have always encouraged users not to use them. The improvements that Waterfox makes can be done through preferences, or a user.js file, as all of the eme, telemetry and pocket features can be disabled if a user is so inclined. Clang is also already the primary compiler for all tier 1 Firefox platforms.

In exchange for it's marginally better defaults, the tradeoff is essentially getting to forking Python 2 level of insane. XUL and NPAPI are both completely unmaintained. What used to be supported by a team of professional developers and a massive dedicated security team, is now being supported by only a handful of community developers with no security team. This is not sustainable, and the only reason widespread breaches haven't occurred is that the userbase is too small. The other issue is the tardiness and selectivity of security updates, given the size of the dev team and the differences from upstream.

Palemoon is even worse, as almost every factor discussed regarding Waterfox applies to Palemoon on a much larger scale. As they are not even attempting to keep up with upstream, they are already incompatible with a large portion of the web. Due to this large divergence from upstream, their maintenance burden is much higher, and maintaining security is much harder for the same reasons as above, with similar limitations in their project. Even the addon situation is not great as the userbase is so small that many of the few addons that remain compatible are essentially just languishing without substantial development, and many users have always resorted to old unmaintained addons.

Given the the big security disadvantages of the forks, compared to the small benefit in waterfox of perhaps more private defaults, it cannot be recommended. Palemoon perhaps also has marginally more private defaults, but no part of it could be considered "sane". If users really want to make these changes to Firefox, then a user.js file is the way to go.

Decent security practices are also a key feature in maintaining privacy and are a key responsibility of a project like this that makes recommendations that users trust.

I won't even get into the fact that I don't think any Chromium-based browser should be recommended here.

@Thorin-Oakenpants

This comment has been minimized.

Copy link

@Thorin-Oakenpants Thorin-Oakenpants commented May 3, 2019

Everything @chinaar said.

I know we hold Mozilla to a higher standard, but lets put things in perspective. So Mozilla made a blooper with e.g. Mr Robot, maybe screwed up the PR on it afterwards. As long as they learn from it (and they supposedly have by building in internal checks). And yet chrome do way more nefarious things, intentionally, and while they do get attention, just shrug it off, roll it back partially (or not at all) and everyone forgets about it. Mozilla, oh no .. lets bring up this old chestnut every time. Perspective on some of these things please, that's all I'm saying :)

As for other decisions: my answer is always:

before you criticize someone, walk a mile in their shoes. Then criticize them, because one, you'll be a mile away, and two, you'll have their shoes

Only those who make the decisions are probably fully informed. I for one have never run a company with thousands of employees, or controlled the design of web tech / UI that touches on hundreds of millions of daily users. I've never tried to compete with a competitor that has tens of billions of dollars to use against me. And so on.

So what if they use google as a default search engine for most of their regions. It's a commercial deal that helps ensure Mozilla can keep going - and that's important for diversity in the browser space. Who else could pay them the money that google does? No-one! The thing is, it's easy to change your search engine. And they include DDG. I'm playing devils' advocate here, looking at this in their shoes, that's all.

So what if they collect telemetry (how else can they improve the product and stay competitive) - I for one actually trust them. You can always turn (almost all of) it off via the UI. You can actually look up and use their telemetry. Imagine how far behind the curve they would be if they couldn't keep making anonymized data buckets to know when to deprecate a cipher, or increase the minimum TLS. Or make thousands of tiny improvements in speed, etc. Telemetry is simply required if you expect them to compete: with a default on,but with an opt-out on first run: otherwise no one would turn it on and it becomes pointless: they do no different than any other major browser AFAIK. Again, I'm wearing their shoes.

Google Analytics used in the browser (Activity Stream, Get Addons panel, AMO) - they have a special deal for that (see chinaar's post above about how sacred deals are and the shitstorm that would happen if broken and made public). Why use GA: probably because it's cost effective rather than roll their own. Again, just stepping in their shoes - do they care about privacy? Yup, they did a special deal.

Same with Safe Browsing: the work that has gone into that to add noise to part hashes, strip identifying parameters, to isolate it from other web content, and to actually remove the use of and block a google cookie in SBv4 (FF57+), and more.

So as for the browser not being private: I disagree. Who else has containers? Who else is actively building in anti-fingerprinting and first party isolation (as part of the Tor Uplift)? They're been working on Next Gen Local Storage (for well over a year) to combine all persistent data and make it easy for end users to manage. They're adding more Tracking Protection lists, and will be turning them on by default in the near future. I could probably list 2 or 3 dozen other items, but lets not get off track.

A major browser needs to ship working for all users, and all websites. So sure, it will never be as "private" as a niche product / fork. But I'll just repeat what @chinaar said

The improvements that .... makes can be done through preferences, or a user.js file

No-one has such an easy and large config selection as Firefox (well, they put almost everything behind prefs anyway, for testing and rollouts). Trust me, and I've been living in Firefox's code for the last 8 years, you can almost do everything that the Tor Browser does just with prefs - obviously excluding the Tor protocol itself, and there are some patches / areas that still need help. It just takes time. They were hampered by XUL - now they're able to actually move forward.

I've looked at what other browsers do for fingerprinting (it's my specialty, so to speak), and no-one comes close to FF. Safari did a couple of neat things FF hasn't yet. Brave is (usually poor;y doing some things FF already perfected.

At the end of the day, it is seriously NOT hard to provide a sane list of a few prefs for users. With respect (please don't take this as an affront: I don't expect anyone to always be an expert), the PTIO list, has been pretty horrible IMO - I've kept an eye on it for years: the battery one was only just removed. Other options are really suspect: e.g. disabling Safe Browsing is the worst thing you could recommend (and I can tell you why if someone want to talk about it: there are zero privacy issues with those prefs: I know: we have checked, we had contact with the Mozilla engineer who worked on all this, and he's super pro-privacy etc). There are others. It's not too bad.

Someone asked me in that other thread, about what to do with promoting the two user.js files up prominent with the browsers: and my answer would be

  • PK's one basically hasn't changed in years. And a third of it is full of deprecated items.
  • Both ghacks and PKs are way too advanced, so no, hell no, don't lump that (a huge user.js) on the average user by making them super prominent, or without a big ass EXPERTS warning or something
  • Privacy Settings extension is a waste of time since legacy extensions got the boot

But, if you want an actual sane user.js based on my many many years of Firefox knowledge (disclaimer: I am an active participant in the Tor Uplift, and Tor Project - but not an employee), then I would be happy to provide one. So to whoever it was who hollered at me last time - just ask, otherwise I have plenty of other things to do

💋 and ❤️ 's at everyone. Hope no-one takes offense at my words (I can be a little blunt at times: I hate beating around the bush, and I'm shit at writing). Here to help if you want to use me.

PS: I was only commenting on Firefox, and that I think Waterfox, Palemoon and other FF forks (Tor excepted) are a waste of time as recommendations: because you can already control FF to an extremely high degree. Chromium stuff: I couldn't care less and know even less about them. FF, I think I've read a billion lines of code and tested a million things. I know more about FF than I do about myself. Use me if you want it.

@beerisgood

This comment has been minimized.

Copy link

@beerisgood beerisgood commented May 3, 2019

Please pin/ mark/ sticky THAT post from @chinaar and @Thorin-Oakenpants
Awesome! 👍

@Thorin-Oakenpants

This comment has been minimized.

Copy link

@Thorin-Oakenpants Thorin-Oakenpants commented May 3, 2019

^^ oh it was @five-c-d : hell no, do not stick the PK or ghacks user.js in the "worth mentioning" (whatever that means exactly), but hell yeah, link to them at some point (with an advanced user warning or something)

What I can do is create a https://github.com/ghacksuserjs organization new repo e.g. privacytoolsio-user.js .. and make it super duper simple, super small, very very sane prefs (FF/ESR60+) - even if it's just for you to inspect and approve. Assuming it passes muster, I can add a PTIO member/admin and give them admin rights to maintain it. Or you can copy it (and I can ditch mine), stick it under your own umbrella. Up to you. That's all you need.

  • Tor: and link to this page - don't try and re-invent the wheel and tell people "how to use it"
  • Firefox - with link 1 - a user.js (small) 2 - extension list (small) 3 - warning: ghack/pk user.js
  • chromium forks?

I say small, because you don;t need much in extensions if you set your prefs right, and also because you don't want to overwhelm people.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented May 3, 2019

@Thorin-Oakenpants agreed, please do open an issue with a newly proposed user.js for PTIO. I think it would be of great benefit, as I also think that many of the current user.js files are not sane.

EDIT: I've removed my points regarding Gecko v Blink, as I don't want to derail the thread.

@Thorin-Oakenpants

This comment has been minimized.

Copy link

@Thorin-Oakenpants Thorin-Oakenpants commented May 3, 2019

not that i'm going to hang around in this thread, but let's not get off topic

I won't even get into the fact that I don't think any Chromium-based browser should be recommended here.

What happened to that? 😀 I disagree. Forget about all the politics and everything else, and just focus on the goals in mind

  • privacy ability and ease of adding that privacy
  • secure (the main browers all are)
  • maintained

If a chromium browser meets that, then FFS recommend it

I'm out of here, unsubscribed. If someone who runs PTIO wants to get on contact with me, you know where to find me

@angela-d

This comment has been minimized.

Copy link
Author

@angela-d angela-d commented May 3, 2019

It is a weird a user drops in here defending Mozilla and then has their account deleted.

Deleted user:

To be honest, I think that the criticisms towards Mozilla here are a bit overstated.

Not relevant to the topic of this thread.

Regarding Mozilla's use of Google Analytics and Cloudflare, they have special contracts with both of these companies that require them to treat user data gathered in a strict, separate way that respects user privacy.

As a user, I object to a third party handling my browsing data. I want my browser to be a BROWSER and nothing more.

and the lack of evidence that there is any breach

So there has to be a breach before a user is labled a "conspiracy theorist" for not wanting their data passed around like a cheap whore?

Companies do obey contracts and have large legal and compliance teams for this very purpose.

I do not trust any of them. I don't want them having my data unless I choose to give it to them.

In particular, using Cloudflare DoH is actually a big win for user privacy imo, because users can get their DNS traffic encrypted within the browser,

This is not a browser's job. A browser's job is to get the user onto the web.

Relying on users to make these private choices and configurations regarding DNS is just not realistic given how difficult these can be to setup

Are you serious? Any user that cares about privacy in the first place is going to find a way to change those. Those that do not care, are using Chrome or Google's DNS. Mozilla sticking their nose into this is an underhanded attack on their user's data and privacy. Cloudlfare has their tentacles in enough of the web as it is, why are we putting yet MORE eggs into their basket?

This is how single points of failures tend to begin.

@JonahAragon

This comment has been minimized.

Copy link
Member

@JonahAragon JonahAragon commented May 3, 2019

and then has their account deleted

Or deleted it themselves. No conspiracy necessary.

@Kcchouette

This comment has been minimized.

Copy link
Contributor

@Kcchouette Kcchouette commented Jun 16, 2019

Best is Mozilla Firefox coming from the tor bundles. You can disable tor starting from the tor bundles browser by following theses steps: https://superuser.com/a/1117660

@gitbugged

This comment has been minimized.

Copy link

@gitbugged gitbugged commented Aug 6, 2019

Palemoon is even worse, as almost every factor discussed regarding Waterfox applies to Palemoon on a much larger scale. As they are not even attempting to keep up with upstream, they are already incompatible with a large portion of the web. Due to this large divergence from upstream, their maintenance burden is much higher, and maintaining security is much harder...

The upstream changelog seems to disagree with this ghostly opinion. PM has gotten security updates regularly and EMCA2019 was already implemented. It doesn't have telemetry and a bunch of other anti-features that FF has either. Less bloat means less vulnerabilities.

@blacklight447-ptio

This comment has been minimized.

Copy link
Member

@blacklight447-ptio blacklight447-ptio commented Sep 3, 2019

I don't think a set of requirements would age well with browsers, mostly because constantly new issue will popping up. also, its not a bad thing that people keep opening issues, as it keeps calling browers back on the chopping board every once in a while to see if they are still indeed the best choice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.