Added An Alternative to Firefox #30
Conversation
|
Brave isn't that good but also already listed on https://madaidans-insecurities.github.io/security-privacy-advice.html#browser |
|
Yes, but I think we shall mention any other browser on the same page if we don't recommend Firefox for those using it. This is the case which I faced too. And Brave is the closest to both privacy and security, than any other one, available on all platforms. |
No. Best one is default one on your PC which means Safari for Apple devices, Edge for Windows, Chrome for Android. Goal is hiding in the masses instead of using random browsers and/ or using suspicious browsers. |
|
Well if you test what is your browser on Brave, it shows you Chrome in all the sites, due to its Chromium base. Most of the sites don't recognize Brave (because it's a newbie!) and makes it a good choice. This means all most all the sites you visit see you as a Chrome user. So, technically you're hided in the crowd! |
That’s not true. You can identify every Browser, don’t matter if some generic user agent is used or not. In fact it’s even worse. |
|
Okay @beerisgood, except from hiding in the crowd, Safari/Chrome/Edge can't be a private choice due to their parent company's privacy practices, as they write browsing & search history, IP address, and what not! |
|
As per what you said, then Tor can't be a private choice too, as when you use Tor, you glow out in the crowd, so Tor can't be a private choice either! |
|
This leads to tell me that privacy doesn't exists! (at least until Firefox becomes secure) |
Privacy theatre from „privacy“ communities. In Safari and Edge you can control telemetry and they’re also list every established connections. all browser get stuff you list as that’s how browser work. Also ask yourself: did you want trust another party (browser) or keep your data on that company your OS is from. |
Yes, I can't fully trust any browser, unless I make my own one.
I don't use Google services. |
Which wouldn’t make any sense.
No YouTube? Google Captcha? |
Yep, no YouTube (but I know how to watch YouTube without YouTube!), I don't face much CAPTCHA's until I am on a blacklisted IP (happens with Tor) |
|
May I just ask what browser you're using @beerisgood? |
i use Edge on Windows and Safari on iOS & iPadOS |
That doesn't mean you are not using it. Many website include code from Google, Facebook etc., often not easily visible, but you share your data with them. If you don't see much Google Captcha, this just means that Google already knows enough about you to guarantee that you are human. |
@beerisgood Fingerprinting can be much more complicated than you think! You can't fully hide in the crowd. Things like screen resolution, browser version, timezone, pixel ratio etc. also matter. They vary from user to user. Do you think you can hide from these? You actually don't know you can't hide at all! Your comments are lacking context. You are just thinking of using the default browser with default settings make you random! Use https://fingerprintjs.com and I bet you cant change your unique ID, until you don't reinstall your browser! (remember to delete all data too!) This unique ID can be used to identify you to a great extent. I'll also tell you how you can change this. Open Firefox, enable |
These tests are nonsense and don’t Display real Tracking which is used on server side
Firefox is worst browser and using this custom setting only makes you unique. You don’t understand how fingerprinting works |
No, these unique fingerprint ID's could also be used by websites to identify you. And many sites already do this practice, see on https://fingerprintjs.com. The problem is you can't even change these ID's! |
„Could be used“ is privacy theatre. read https://grapheneos.org/usage#web-browsing & https://madaidans-insecurities.github.io/browser-tracking.html |
Correction: It's not it could be used, but it's actually used by websites like ebay, booking.com, agoda, yahoo, coinbase etc.
Explanation? |
|
Btw after the Tor browser, which browser has the best fingerprinting protection? (Possibly Brave?) |
@beerisgood: Oh, but the Egde browser is not privacy-friendly. As with the rest of the system, telemetry can only be reduced but not completely disabled. Also, every URL (including parameters) will be transmitted to Microsoft. Firefox solves this better. There, malicious URLs (Google Safe Browsing) are downloaded from Mozilla every 30 minutes and are compared locally. I do not know how safari does that. |
Not true. You can read about all used connections on Microsoft docs.
Also wrong. Read Microsoft docs.
Can be disabled but is privacy theatre.
Firefox is the worst browser in protecting you against malware and phishing. |
? |
? |
Definitely not Brave. It's a joke and fingerprinting their users is very easy.
read the links i posted and stop spamming with single words. |
Brave provides randomization, which changes our fingerprint periodically. Isn't this a benefit? and Tor uses generalization, which makes all the users the same! Nevertheless, suppose I'm using my OS's default browser, what about the screen resolution (depends on screen size of all users), timezone (depends on country), browser version (depends on the version of the browser which people use), pixel ratio (vary from screen to screen), don't they differ? Can't we be identified uniquely using these. Even hiding in popular browsers, we can be identified easily. Sites like fingerprintjs.com, assign a unique ID to every visitor and the websites, using fingerprintjs.com uniquely identify us (as the ID can't be changed!) My conclusion is that the 3rd party bot protection services are also now so advanced that it is impossible to prevent fingerpinting. My opinion is that this is ultimately a waste of time & resources, because it is a battle that can't be won.
Your provided links, don't tell how changing these unique ID only makes it worse! |
Doesn't work. In fact, it only ends in uniqueness. Server-side tracking is also used since years. Using client modification only makes it worse for you.
Don't work neither as most user modify their browser settings and/ or install extensions. Tor browser only works if settings aren't changed.
Not important. Don't fall to these fingerprint test sites nonsense and privacy theatre generally.
|
@beerisgood Perhaps you are confusing things. You can switch off the optional diagnostic data, but not the required diagnostic data. The button for this is missing. See screenshot:
@beerisgood Who said I wanted to disable it? Sure you can, but why? I'm only talking about the technical implementation for matching with malicious domains. Local matching is definitely better than sending the complete URL with parameters to the cloud. I don't know why this should be privacy theatre... 🤦♂️ |
No, @735trv, it compares locally though Firefox sends a unique identifier called 'wrkey' to Google with all the details, every time it scans the file you downloaded!
https://www.mozilla.org/en-US/privacy/firefox/ See this 👉 http://electroholiker.de/?p=1594 for wrkey, it's old but still true! (it's in German, please translate it).
Brave handles this properly, instead of connecting to Google SafeBrowsing, it connects to a Brave-run server (which doesn't keeps any logs or collects IP address) to check for malwares. See this 👉 https://support.brave.com/hc/en-us/articles/360017989132-How-do-I-change-my-Privacy-Settings- |
|
@Nihal247: First, there is a difference between downloading a file and visiting a website. Second, any application that wants to use Google Safe Browsing needs an API Key. Brave needs one too, see here. Maybe the But that's not the point, because both browsers use the same endpoint to download the hashed list of bad domains: It doesn't matter if you do it with a Brave proxy or fetch it directly from Google, because in both cases the comparison happens locally.
|
Thanks for letting me know, but Brave's SafeBrowsing check is still better than Firefox's! (Don't glorify Firefox's security checks here, it's the worse in the security criteria!). |
Why? Where is the difference? Both use the same endpoint and both need API keys to get the lists.
I'm only talking about using Google Safe Browsing. |
After using the API keys to get the list and after comparing, Firefox sends certain information like URL, name, file, origin, size, cryptographic hash etc. to Google. After using the API keys to get the list and after comparing Brave sends nothing to Google (as Brave-run server doesn't keeps any logs and just compares!). The difference here is what information is sent over to Google. |
|
Brave does the same, but sends everything through a proxy, see brave/brave-browser#6267. A proxy can have advantages but also disadvantages. Whether you see a MitM as an advantage or disadvantage depends on what you want. Correct, Firefox sends the same information without proxy directly to Google, but only
https://wiki.mozilla.org/Security/Features/Application_Reputation_Design_Doc#High-level_overview If I want to communicate with an interface, then I should communicate directly with this interface and do not route the traffic through other servers. However, everyone can do that as he wants. In my opinion, such an interface is useless (doesn't matter if offered by Google, Microsoft, Mozilla, Apple, AWS, Norton, Kaspersky or anything else). But that was not my point in this comment, because both browsers get the list and check locally. Edge (and others) does this very miserably, comparing nothing and sending every address to Google or Microsoft and matching it there. I think that the difference between local and remote is very important and you'll agree. |
|
I agree, but Firefox sending all the above mentioned information only on Windows shouldn't be taken lightly, as majority of its users are on Windows. However, do we know why Firefox sends this information without a proxy only on Windows? |
I think it's because, as you say, many people use Windows. Especially people who have low or very low experience with computers. Executable files can be run in Windows with a double click. If they are downloaded via the browser, even with just one click. On other OS normally not. Maybe you can find an answer here:
The ToS of Google APIs contain:
Maybe Brave has the permission to use a proxy (or they don't care) and Mozilla didn't get the permission. However, here is an issue at Mozilla with a priority of P5, which is very low. Doesn't look like this is needed by many. Maybe because it can be disabled easily. |
|
The article is solely a security comparison; it is not the suitable place for recommendations. There is a separate security advice page for that. |
I have added Brave as an alternative to Firefox, if you have another cross-platform private & secure browser in mind, you may add that one too.
The section is called 'Alternative to Firefox'