Posted inSoftware / ToMl

Choose your browser carefully

editor by editor0

Choose your browser carefully

Published on 2020-10-20. Updated on 2020-10-22
Privacy on the Internet is important because privacy risks range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Many companies, such as Google, track which websites people visit and then use the information, for instance by sending advertising based on one’s web browsing history. Sometimes prices on products are changed on the same website, depending on tracking information, and two people may view the exact same product on the exact same website yet be presented with very different prices.

Table of contents

Introduction

This article isn’t specifically about privacy issues only, it’s about promises that are being broken, which might be about privacy. It is also about the lack of user freedom, as in the choice to enable or disable features, such as automatic updates, or forced usage of third party services, or software that the user generally is unaware of or don’t have a say about.

Privacy as a subject regarding the usage of services on the Internet is a very difficult subject to deal with. Not only can it be difficult to actually define privacy, but it also requires a balance between freedom of choice by the users, security and usability. Naturally you need to be able to use the browser on the Internet and as such you will always leave some kind of trail behind, and this article is not about how you can hide your tracks. What I am addressing in this article are browsers that are either promoted as “privacy respecting” by the developers or in general are considered to be so, mostly due to misunderstanding or misinformation, while it is very clear they are not.

Some browsers either directly violate users by collecting telemetric data without consent, or you have to opt-out rather than opt-in, or they bounce around the Internet visiting places in the background without you knowing, using third party services that operates with a privacy policy you either cannot trust or that are directly violating your privacy, or they have integrated third party software that do some of these things.

I will try to keep this article updated with relevant information as much as possible. I know several other browsers exist, but if they are not mentioned on this list I have either not had a change to investigate them, they are closed source and completely irrelevant (such as Microsoft Edge or Opera), or they are not actively maintained, or they are irrelevant “one mans show” which cannot be trusted for some reason or another.

I will also not be looking at browsers that only work on Microsoft Windows or macOS, even if they are Open Source. Both Microsoft Windows and macOS are highly controversial and completely untrustworthy operating systems.

Also please note that just because the developers of a browser are promising that their browser is privacy respecting doesn’t mean that you can trust the information. As you will see with the examples of some of the browsers below even developers some times compromise user privacy perhaps without even thinking about it.

I also want to make a strong advice to people recommending browsers to other people without investigation or knowledge. The privacy related channel on Reddit is filled with wrong recommendations regarding privacy respecting browsers and many people are merely guessing or blindly trusting the information the browser producers are publishing. Neither Mozilla Firefox, Google Chrome or Chromium, Brave, Waterfox, or several of the other recommended browsers truly respect privacy. They all do some form of telemetry and/or privacy compromising actions without the user consenting to it or even knowing about it.

Also, privacy doesn’t mean that you simply pull out telemetry from Firefox, rebrand it, and then ship it. Privacy is more than that. Unless the browser is automatically checking for an updated version, and the website isn’t logging that request, it cannot be considered truly private if the browser starts bouncing around on the Internet visiting all kinds of places without the user has done anything more than open the browser up! Every time the browser makes a DNS request, that DNS request is in most cases logged unless the user actively does something to mitigate that – such as using a trusted VPN or non-logging DNS service. Furthermore, the Mozilla add-on CDN is logging user activity, as is Amazon Cloudfront, so if the browser visits these places without the user explicitly pushes a “check for updates” option, the browser is compromising user privacy. The point is that the user needs to have the choice to disable automatic updates of both browser and extensions and that nothing happens until the user actively has accepted that.

I intent to add more browsers to this list as time permits so keep coming back for more updated information. Also, if you discover any mistakes on my part, feel free to email me about it so that I can correct the information.

Third party clones

Several third party clones of Firefox and Chromium exist that are branded and promoted as secure and privacy respecting alternatives that cannot fully be trusted for some reason or another. The code base for both Firefox and Chromium are huge and many skillful people work on the code every day. Having a “one mans show” or a small team of developers diverted clone running on your computer that are months behind security updates does not improve neither your privacy nor your security in any way.

Even when these small teams work fast they are still often many days behind security updates, which is a big problem. Just as an example, on January 23, 2018, Mozilla released Firefox 58 and Firefox ESR 52.6 with a bunch of security updates. Three days later, the Waterfox clone project was working on integrating these patches. On February 1, 2018, Waterfox 56.0.4 was released with these patches. Waterfox users had to wait nine days for security patches from a minor release!

Privacy compromising browsers

Mozilla Firefox

In the past I have always supported Mozilla and promoted Firefox, but Mozilla has made some pretty controversial decisions as of late and I no longer feel that Mozilla is an organization that deserves any support.

Firefox is promoted by Mozilla as a privacy respecting browser, but this is highly misleading. Firefox “phones home” every time you start it up even when you have disabled telemetry and automatic updates of extensions. Domains such as mozilla.org, cloudfront.net, firefox.settings.services.mozilla.com (see: https://bugzilla.mozilla.org/show_bug.cgi?id=1598562#c12), autopush.prod.mozaws.net, detectportal.firefox.com and location.services.mozilla.com are visited each time you start Firefox.

In 2017 Mozilla made a deal with Cliqz where approximately 1% of users downloading Firefox in Germany would receive a version with Cliqz software included. And in 2018 Mozilla revealed that they had no data on the number of Firefox installations with disabled Telemetry.

Finally, we need better insight into our opt-out rates for telemetry. We use telemetry to ensure new features improve your user experience and to guide Mozilla’s business decisions. However, an unknown portion of our users do not report telemetry for a variety of reasons. This means we may not have data that is representative of our entire population.

Mozilla then developed the Telemetry Coverage system and distributed it to 1% of the Firefox installations. The system is automatically installed and designed to inform Mozilla whether telemetry is enabled in the browser.

Mozilla also developed a Windows-only scheduled task which runs in the background once a day for each installation of Firefox installed on a computer running Microsoft Windows. The task collects information related to the system’s current and previous default browser setting and the operating system locale and version.

This is a list of some of the things that Mozilla collects: https://www.mozilla.org/en-US/privacy/firefox/#suggest-relevant-content.

On the Mozilla website we can read (when I originally started writing this article) that We put people over profit, and a product to support user privacy. We can also read in the Mozilla manifesto, in the fourth principle, that Individuals’ security and privacy on the internet are fundamental and must not be treated as optional. However, with their decision to make Cloudflare the default DNS provider for DNS over HTTPS, they are definitely not supporting user privacy or putting people over profit!

DNS over HTTPS is by itself bad enough, and highly criticized with good reason, but combining it with a US based company like Cloudflare makes it even worse.

Cloudflare has made an agreement with Mozilla that when it acts as a DNS resolver for Firefox, that:

  • DNS requests will be stored as part of Cloudflare’s “temporary” logs which are permanently deleted within 24 hours.
  • Cloudflare will also collect and store the following information as part of its permanent logs:
    • Total number of requests processed by each Cloudflare co-location facility.
    • Aggregate list of all domain names requested.
    • Samples of domain names queried along with the times of such queries.
  • Information stored in Cloudflare’s permanent logs will be anonymized and may be held indefinitely by Cloudflare for its own internal research and development purposes.

Anyone who has worked with DNS servers knows what goes into such logs and in order for Cloudflare to keep their promise they need to: Delete the DNS requests information, but at the same time somehow still keep “anonymized” logs of the total number of requests, a list of all domain names requested, a so-called “sample” of complete DNS queries along with date and time.

This means that even if Cloudflare could be trusted and they have the best of intentions, they will still log everything the first 24 hours. If Cloudflare is ever compromised all these logs could be copied and distributed over a period of time.

Furthermore, the actual wording of the agreement is such that the technical procedure for how they actually do this can only be guessed at. How do they plan to anonymize the data? Is the “sample” 99.9% of all the queries, or is it 1%?

Last, but not least, Cloudflare is an American company subject to American law, a law that pretty much undermines the foundation of any kind of privacy.

Cloudflare will not retain or sell or transfer to any third party (except as may be required by law) any personal information, IP addresses or other user identifiers from the DNS queries sent from the Firefox browser to the Cloudflare Resolver for Firefox;

Real privacy means:

  • No logging
  • No data retention
  • No phoning home without consent before doing so
  • No user opt-out telemetry, it has to be opt-in
  • Real and 100% transparency regarding what data is collected
  • Absolutely no integration of company based services such as Google Search or Cloudflare DNS

Period!

Mozilla should be ashamed! They are promoting Firefox as a product to support user privacy and freedom, yet at the same time they make Google the default search engine in the browser because Google pays them and Cloudflare the default DNS over HTTPS resolver.

Firefox in itself has long been submitting data to the Mozilla foundation via its “Data Collection and Use” gathering. Even though this data is “technical and interaction data”, the data collection is opt-out, meaning that you have to remember to disable it rather than enable it. This also means that the very first time you start up Firefox, it has already connected to the Mozilla foundation before you can disable the data collection. If you forget to disable the data collection and later disable it, you’ll get the following information from Firefox: You’re no longer allowing Mozilla to capture technical and interaction data. All past data will be deleted within 30 days. There is no option to delete the data gathering right away.

This is an example of some of the destination addresses a network analysis reveals about some of the DNS and HTTPS requests Firefox makes even when telemetry and automatic updates are completely disabled:

  • detectportal.firefox.com
  • detectportal.prod.mozaws.net
  • detectportal.firefox.com-v2.edgesuite.net
  • a1089.dscd.akamai.net
  • mozilla.org
  • location.services.mozilla.com
  • content-signature-2.cdn.mozilla.net
  • locprod1-elb-eu-west-1.prod.mozaws.net
  • d2nxq2uap88usk.cloudfront.net
  • firefox.settings.services.mozilla.com
  • push.services.mozilla.com
  • ec2-52-35-220-92.us-west-2.compute.amazonaws.com
  • ec2-34-242-33-12.eu-west-1.compute.amazonaws.com
  • server-13-33-240-52.hel50.r.cloudfront.net
  • shavar.services.mozilla.com

Message to Mozilla: No, thank you! You have clearly lost your way and it will be your downfall if you do not change! It was the power of the users that once made Mozilla Firefox defeat Microsoft’s Internet Explorer – I wish that you would remember and respect that! We have supported you and promoted you for a very long time. Eventually a true privacy respecting, community driven Open Source alternative will exist, and you will loose all your users and all your support!

Other recommended reading regarding Mozilla and Firefox:

Google Chrome and Chromium

Google’s Chrome and Chromium browsers are even worse than Firefox. Every time you start Chrome or Chromium the browser contacts Google and almost every key press performed in the browsers address field is submitted as part of the data collection send to Google.

Chrome is worse than Chromium because Chrome contains closed source and it is impossible to know exactly what data is send to Google. In principle Google could be reading all your passwords when you login to a service online!

This is an example of some of the destination addresses a network analysis reveals about some of the DNS and HTTPS requests Chromium on Linux makes when it is first started:

  • redirector.gvt1.com
  • www.google.com
  • accounts.google.com
  • r1—sn-25g3oxu-j2ie.gvt1.com
  • ams15s40-in-f14.1e100.net
  • ams15s40-in-f13.1e100.net
  • ams16s31-in-f3.1e100.net
  • fonts.googleapis.com
  • www.gstatic.com
  • gstaticadssl.l.google.com
  • apis.google.com
  • plus.l.google.com
  • ogs.google.com
  • www3.l.google.com

I will not address many of the specific Chrome/Chromium related privacy problems as Google has become very famous for their privacy compromising policies regarding all their products and services. They at least openly proclaim that they monitor every step you take and they do not hide that fact.

On the Google Privacy & Terms page we can clearly read: We collect information to provide better services to all our users — from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful, the people who matter most to you online, or which YouTube videos you might like. and When you’re not signed in to a Google Account, we store the information we collect with unique identifiers tied to the browser, application, or device you’re using.

This means that Google is openly trying to fingerprinting you and track your every move, even when you’re not logged into a Google account or even using Chrome or Chromium.

Google once had their famous slogan Do no evil! But that no longer exists. Whenever you use any of Googles products or services you automatically forfeit your privacy. If you don’t like it, don’t use their stuff, they say. However, it is not that simple. Google has managed to sneak their spying software on to almost every website on the Internet and you have to manually and proactively take measures to ensure that Google cannot track you.

Brave

The Brave browser is often recommended by people as a privacy respecting alternative to both Firefox and Chrome, but this is a mistake. Brave is no better that the alternatives.

People are being mislead by the empty promises of privacy. Brave not only also “phones home” it also hijacks links and insert affiliate codes, which was found out by Cryptonator1337 on Twitter. Furthermore the “anonymously monitoring of user attention” and “rewards publishers accordingly with Basic Attention Token (BAT) crypto currency” is not something that should be recommended.

Another privacy issue that was discovered regarding Brave was that clearing the history doesn’t remove “Top Sites” on the new tab page.

No, the Brave browser is not a privacy respecting browser.

Palemoon

Palemoon is also sometimes recommended by people as a privacy respecting browser, but Palemoon is not even promoted as a privacy respecting browser so I don’t know where that comes from. Palemoon also “phones home” and it also connects to Google every time it is started up just like Chromium.

Waterfox

Waterfox is yet another browser that people sometimes recommended as a privacy respecting browser, but that is also not correct.

Not only does Waterfox connect to a ton of domains when it is started, such as both Mozilla add-on CDN and Amazon Cloudfront, but it is also clearly stated in the project privacy policy that If our organizational structure or status changes (if we undergo a restructuring, are acquired, or go bankrupt) we may pass your information to a successor.

Furthermore it is stated that If you engage with our social media accounts, such as Twitter and Facebook, we may receive personal information about you. If you use these networks, their privacy policies apply, and you are encouraged to read them. and We may use cookies, third party web analytics, device information, and IP addresses for functionality and to better understand user interaction with our products, services, and communications. and We may also use cookies and/or IP addresses, to help us understand in the aggregate how users engage with our products, services, communications, websites, online campaigns and other platforms.

So no, Waterfox is also not a privacy respecting browser.

Librewolf

Librewolf is promoted as the community-maintained fork of Librefox: a privacy and security-focused browser however Librewolf is suffering from the same problems as Waterfox.

Librewolf is a set of scripts and patches that removes the Firefox telemetry feature among other things. However, a network dump reveals that the very first time Librewolf is started it immediately contacts the Mozilla add-on CDN, Amazon Cloudfront, and several other places even though automatic updates of extensions is disabled by default.

The network dump reveals some of the following domains and IP addresses (I have shortened the list):

  • addons.cdn.mozilla.net
  • server-13-33-240-122.hel50.r.cloudfront.net
  • ec2-34-253-97-22.eu-west-1.compute.amazonaws.com
  • content-signature-2.cdn.mozilla.net
  • rt4bb146-89-147.routit.net
  • invidio.us
  • static.213-133-100-23.clients.your-server.de
  • 132.145.233.26
  • 52.142.124.215
  • 167.99.237.63
  • 194.187.168.100

While it is true that the project themselves do not collect any telemetry, the domains that the browser visits the very first time you open up the browser do log these requests.

Librewolf should not be bouncing around on the Internet without the user explicitly asking it to do so.

GNOME Web (formerly Epiphany) and Eolie

GNOME Web is a good example of how complicated and difficult things can really get.

GNOME Web is a web browser from the GNOME project. When you read the information on the website it is stated that by default GNOME Web tries to be privacy respecting and the project receives no funding from advertisers. The project aim to offer the best out-of-the-box privacy settings of any general purpose web browser. However, they actually fail miserably at this.

A network analysis reveals that GNOME Web contacts the easylist-downloads.adblockplus.org domain the first time it is started up, which I guess is in order to check whether the browser is running with the latest ad blocking filters. On the AdBlock Plus FAQ website it clearly states that AdBlock Plus collects personal information and that this information is used by the company eyeo GmbH (Germany). It is further revealed in the Privacy Policy that quite a lot of personal data is collected.

It is problematic that the GNOME project promotes GNOME Web as a privacy respecting browser yet at the same time integrates an ad blocker from a company that is clearly compromising user privacy.

All the problems related to GNOME Web is also valid for Eolie.

Neither GNOME Web nor Eolie are true privacy respecting browsers.

Midori Browser

The Midori Browser is an Open Source lightweight web browser that uses the WebKit rendering engine and the GTK2 or GTK3 interface. Midori is part of the Xfce desktop environment and was developed to follow the Xfce principle of making the most out of available resources. Midori is the default browser in a bunch of Linux distributions.

In 2019, the Midori project was merged with the Astian Foundation and one problematic issue regarding the privacy of Midori is that things may now change without notice.

On the Privacy Policy (in Spanish) the Astian Foundation states that The Astian Group is committed to the security and privacy of its users’ data. When we ask you to fill in the fields of personal information with which you can be identified, we do so ensuring that it will only be used in accordance with the terms of this document. However, this Privacy Policy may change over time or be updated, so we recommend and emphasize that you continually review this page to ensure that you agree with said changes.

At the same time the foundation also writes that The content of the website is provided to the public as it appears or as it is available. We do not represent or promise anything with regard to the content of the website including its accuracy, completeness, advice given or statement made through the website or any other future-oriented. Therefore, we do not have any responsibility derived from the use that you or any person makes of the material or content of the website. which is another way to disclaim responsibility.

I have not looked through the source code of Midory, but a network analysis reveals that as soon as you enable the ad blocking extension in the Extensions tab a couple of requests are made to Amazon Cloudfront. No matter what this is used for Amazon Cloudfront is logging and compromising user privacy.

I find the privacy policy of the Astian Foundation dubious and see no reason to promote the Midori Browser when much better alternatives such as Falkon exists. Last but not least, I have used Midori in the past, before it was merged with the Astian Foundation but have always found Midori unstable. It tends to freeze and crash a lot in my experience.

Other problematic browsers

I will not make a list of all problematic browsers in the world as that makes very little sense, but I think a couple of the Open Source browsers that are normally viewed as privacy respecting or freedom respecting, but that suffers from some of the same problems as the browsers listed above, is worth noting. I will also not address the specific issues I have found on these browsers, but will simply put them on the list.

Privacy respecting browsers

Besides from reading the source code network analysis also reveal, to the best of my ability and without any extended or prolonged monitoring, that none of these browsers or solutions compromise user privacy.

Falkon

Falkon is a very nice independent browser that fully respect privacy and it is a browser that really deserves a lot more attention and a lot more support!

Falkon is a KDE web browser using the QtWebEngine rendering engine. It aims to be a lightweight web browser available through all major platforms.

Falkon comes with a bunch of very useful build-in extensions, such as a custom ad blocker and Greasemonkey. Extensions to Greasemonkey can be found at https://greasyfork.org/, https://openuserjs.org/ and at GitHub.

I have tested Falkon and used it on a daily basis for an extended period of time and it has performed very nicely. Occasionally Falkon may choke if it enters a website that makes heavy usage of JavaScript, such as Google Maps for example, but I haven’t experienced any crashes while using the browser.

GNU IceCat

GNU IceCat is the GNU version of the Firefox ESR (Extended Support Release) browser and it is extremely privacy focused. Firefox ESR does not come with the latest features but it has the latest security and stability fixes. The browser comes with a bunch of extensions that sometimes may brake functionality on different websites, but it is possible to control these extensions. It is also possible to disable extensions and in some cases install alternative extensions.

IceCat is one of the better replacements for Firefox, truly privacy based, and it doesn’t do anything unless you actively want it to as the default settings are truly opt-in options.

Even though I have listed IceCat here as a useful alternative to Firefox, I also have very strong reservations and I do not (as of writing) recommend that you use IceCat.

The development on IceCat is active, but it is also pretty slow as only a small team of people is working on it. The current stable version of IceCat is based upon the 60.8 version of Firefox ESR, which has reached it’s EOL (end of line at 2019-10-22) and it no longer gets any security fixes if any security bugs are found that affects that version of the browser.

The recent version of Firefox ESR is 78.4.0 (as of writing). You can still download IceCat based upon 78.4.0, but you have to download the source code and compile it yourself, and it is not considered a “stable” release, meaning that the changes the GNU team makes to Firefox has not yet been fully implemented. Arch Linux has an AUR for the latest IceCat build for the latest version of Firefox ESR.

I have still decided to list IceCat here because it is such a good project and it deserves more support and help. Besides, most security bugs are introduced into Firefox with the development of new features, and fixed very soon afterwards, and since the ESR version doesn’t get any new features, it is still pretty secure as is.

If you should decide to use IceCat I advice you to keep track of the development of IceCat very closely and to monitor potential security issues found in the current Firefox ESR that might also affect the old 60.x version. If a security bug is found in the current version of Firefox ESR, it doesn’t automatically mean that it affects the 60.x version because it might only be related to a feature that exist in the new version. I hope that the GNU IceCat project will receive better support in the future.

ungoogled-chromium

ungoogled-chromium is a drop-in replacement for Chromium. It is not a diverted clone, but a set of scripts and patches that remove all background requests to any Google web services while running the browser. They also remove all uses of pre-made binaries from the source code, and replace them with user-provided alternatives when possible. They disable features that inhibit control and transparency, and add or modify features that promote them. Everything is implemented as configuration flags, patches, and custom scripts.

I have listed ungoogled-chromium here as a useful alternative to Chromium, because the resulting browser do indeed respect privacy, but I also have some reservations. The team behind ungoogled-chromium is pretty small, but they do a pretty good job at tracking security updates to Chromium. However, it is very important to note that they will always be behind. Even waiting a single day or two for an update to an actively exploitable bug is critically problematic when you’re dealing with the latest version of software. However, this is often also the case with packages from the different Linux distributions! Distributions such as Arch Linux and Debian GNU/Linux release security fixes very fast, but other distributions are often days behind, some even weeks or months. It all depends on man power and resources.

As such I don’t believe that the ungoogled-chromium project should be discarded because of the small size, they are after all not cloning and making diverting changes to Chromium, they are only patching the Google stuff out of it.

Because of the nature of the project and because of their track record regarding security fixes I have decided to list ungoogled-chromium here.

However, another very important issue with ungoogled-chromium is that unless you compile the browser yourself, which can be very time consuming, you cannot be sure about the downloadable binaries. The binaries are provided by anyone who are willing to build and submit them. This means that authenticity cannot be guaranteed and there is always a risk that the binaries may have been tampered with!

Until the project finds a way to pre-build the binaries in a trustworthy manner I highly recommend that you only compile it yourself!

Tweaking Firefox – the best solution

Even though I don’t generally recommend Firefox it is still one of the most extensible and tweakable browsers in the world, which makes it possible to increase the privacy in Firefox considerably by using different configurations and tweaks without having to patch the source code. And this is one of the things that makes Firefox really great. Generally Firefox as a product is not the problem, the Mozilla Foundation is. When you tweak Firefox you not only run with the latest version of Firefox, but you also get a true privacy respecting browser.

Firefox is unique in this way as no other browser, as far as I know, allows for so much tweaking without patching. Tweaks are settings that control Firefox’s behavior. Some can be set from the options interface, which can be in about:config, but others are called “hidden preferences” which will only show when they are set by the user.

Tweaking Firefox is not for everyone however. It requires you to spend time studying the different settings you can manipulate and understanding how they work. But your not alone, many people do this, and one of the best ways to do it is to use the Arkenfox user.js project. One of the benefits of tweaking Firefox is that you get to better understand what exactly your browser is doing and how it works.

The “Arkenfox user.js” project provides a comprehensive user.js template for configuration and hardening Firefox. It is very actively maintained by some very skillful people including an active Mozilla developer and a developer from the Tor project.

The “Arkenfox user.js” is very well documented, but before you dive into the project I recommend you take a look at The Firefox Privacy Guide for Dummies! or the more extensive version Firefox Configuration Guide for Privacy Freaks and Performance Buffs

Controlling Firefox’s DNS over HTTPS

Mozilla has removed the option of disabling automatic updates, forcing users to get automatic updates, which if you’re in the middle of some important work, will make Firefox stop opening up any new URLs until you have restarted the browser. Windows 10 anyone?

While this exists in order to protect users, most users are quite capable of just letting Firefox remind them of an upgrade and then upgrade manually.

Because many corporations need extensive control Mozilla has created a something called “policy support” which can be implemented using a JSON file called policies.json. This file is a cross-platform compatible file that makes it the preferred method for enterprise environments to control Firefox in different environments.

By using the policies.json file you can control a great amount of how Firefox works, including the DNS over HTTPS feature.

On Arch Linux Firefox gets installed in /usr/lib/firefox/.

On FreeBSD Firefox gets installed in /usr/local/lib/firefox/.

If a subdirectory called distribution doesn’t exist you need to manually create it. Then create the policies.json file in that directory.

On the README for the policies templates you can find a list of options to control.

I have created a policies.json that looks like this:

{
  "policies": {
    "DisableAppUpdate": true,
    "DisableFirefoxAccounts": true,
    "DisableTelemetry": true,
    "DNSOverHTTPS": {
      "Enabled": false,
      "Locked": true
    },
    "DontCheckDefaultBrowser": true,
    "NetworkPrediction": false,
    "PromptForDownloadLocation": true,
    "SearchEngines": {
      "PreventInstalls": true
    },
    "SearchSuggestEnabled": false
  }
}

You need to restart Firefox in order for the settings to take place. You can view your settings by typing about:policies in the address bar.

As long as the option to control Firefox, you should make sure that you have created the policies.json file before you open up Firefox for the first time after a fresh installation in order to prevent the telemetry from working the first time you use the browser.

Also notice that not all options are working on the latest version of Firefox, some only work on the ESR edition.

Last, but not least, all these options are also controllable using the “user.js” settings file.

Blocking DoH via a firewall

No matter what kind of firewall you’re running, you can at least block the known public DoH servers.

A good list with both domain names (for DNS blocking) and IP addresses (for firewall blocking) is available at: https://github.com/oneoffdallas/dohservers

Please consider making a pull request if you know something is missing.

If you use the Packet Filter (PF) firewall from OpenBSD, which is also available on FreeBSD, you can drop packages without any delay in the response time.

Other okay browsers

These are some of the other browsers that’s worth taking a look at. I haven’t investigated these browsers thoroughly, but as far as I know they do not pose any serious problems.

Conclusions

In my humble opinion it is absolutely mind-boggling how poor the current state of the Internet is regarding privacy issues. Almost no matter what website you visit you cannot avoid getting a microscope shoved up your ass (yes, I said it!) by some web developer who insists on running Google Analytics on the website (some even though they are not even running any Google Ads) instead of using something as simple as the build-in web server statistics, or at least one of the much better Open Source and completely privacy respecting alternatives.

It is not that ads are bad in themselves. It is a fact that ads drive a huge part of the economics behind the Internet and many websites and YouTube content creators depend upon the income of ads. However, it is the way the ad business is conducted that is very problematic – in some cases even borderline immoral and highly controversial. The companies that run ad businesses need to understand that many users will actually allow ads, what users will not allow is to be spied upon and tracked without consent. These companies need to ask for permission and they need to run a completely open door policy such that all user data is transparent and available to the user. They also need to stop manipulating prices based upon tracking information, which in real life is called cheating, not business!

The Mozilla foundation is no longer the trusted organization they once were. Today it has become a “business” that depend upon revenue from big corporations like Google, which is why we’re witnessing a slow but steady move away from proper conduct. If the foundation wants to gain the trust of the users once more, they need to either remove all the privacy compromising code in Firefox, or at least make all options available in the “preferences” with the default of “opt-in”, meaning that the user has the choice to activate updates, activate feedback based upon telemetry, etc., but these settings must be deactivated by default. They also need to make the DNS over HTTPS an opt-in option and remove Cloudflare from the browser! Furthermore they need to stop lying to the users. If they cannot figure this out they deserve to be completely boycotted because they promote themselves as a privacy based organization that protect the users, which is an outright lie!

With all that said it is important to understand that the real problem lies with us – the Internet users. We seriously need to stop using the bad browsers and we need to either stop visiting all the bad websites or at least disable JavaScript on these websites! We need to educate ourselves and others better in the technology we’re using.

Once you eliminate JavaScript from running in the browser you no longer need a complex browser like Firefox or Chromium and once you don’t need a complex browser you no longer have to worry as much about privacy issues – at least not from the browser point of view. I know that this is easier said than done, and I also know that companies will still collect as much data as possible about you (such as your IP address), but without a bad browser or JavaScript enabled the fingerprinting tactics becomes much more difficult to implement. I firmly believe that the power lies in the hands of the users and we need to make a choice every time we use technology. This is no different from boycotting harmful products because you care about yourself and your family health, or because you care about how animals are treated. We – the consumers – have the final say. When we boycott all the bad stuff, the producers have no choice but to stop the production because there are no more customers.

— source unixsheikh.com | 2020-10-20

Leave a Reply

Your email address will not be published. Required fields are marked *