this post was submitted on 26 Dec 2024
29 points (96.8% liked)

Privacy

32482 readers
300 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I am in the privacy game for about 2 years now and I've become the go-to on privacy questions in my family (which makes me proud, cuz this means, I am not just this privacy nut that cant be reached on whatsapp :D). I was asked about a browser for Graphene OS. Clearly I recommended the one I use atm, which is Waterfox (was recommended once in this comm). The person who asked me is using bromite (which looks good too). After thinking about the recommendation, there is one open question:

Does it really matter which alternate browser you choose, if it is of course not something like Google Chrome, Mozilla Firefox or Safari (especially regarding the outcome in this comm, where someone compared Chromium and Firefox without any real conclusion)? Also doesnt it also come down to the plugins? Like, what difference does it make, if I use Waterfox or Bromite, if I also use Privacy Badger, uBlock Origin and maybe JShelter?

Hope too read a lot of your toughts on this :)

Update 1: Thanks for your replies so far. It's always amazing to get the greater picture on something. Good point with the plug-ins. Also I might give Vanadium another chance.

top 15 comments
sorted by: hot top controversial new old
[–] some_guy@lemmy.sdf.org 6 points 1 day ago

Keep in mind that when you use an offshoot browser that doesn't have a lot of users, this also makes you easier to identify. How many people use Waterfox? Sure, I have it installed and sometimes use it. You use it. But the small number of users makes us more unique, not less. The plugins that you use further enable fingerprinting, as do hardware specs such as screen size / resolution.

I am not an expert in this area. I think there's a lot going on that hasn't been considered.

[–] vk6flab@lemmy.radio 20 points 1 day ago (2 children)

Excluding Chrome, Firefox and Safari means that you are now relying on some random developer to understand security and privacy and as a software developer for over 40 years I can tell you that this is a fools errand.

Don't get me wrong, the big three absolutely have privacy issues, but they can be mitigated in many different ways without compromising on security.

For example, you can force DNS requests to one of your choosing, you can run them in incognito mode, refuse cookies, run them inside user accounts without personal information, etc.

I tend to run individual instances of a browser in incognito mode and am very conscious of which tabs are open in which instance, so websites cannot steal information from other tabs.

[–] skarn@discuss.tchncs.de 4 points 1 day ago (1 children)

I tend to run individual instances of a browser in incognito mode and am very conscious of which tabs are open in which instance, so websites cannot steal information from other tabs.

Isn't that the purpose of Firefox's multi-account containers? Compartimentalising cookies to prevent cross pollination?

Noob here, just asking honestly.

[–] vk6flab@lemmy.radio 1 points 1 day ago

I don't know. When I built this, several years ago, none of that existed.

[–] LazerDickMcCheese@sh.itjust.works 6 points 1 day ago (1 children)

You can even run the browser in a docker container if you're extremely paranoid (I'm on the verge)

[–] vk6flab@lemmy.radio 2 points 1 day ago (1 children)

That's precisely what I do.

[–] Neptr@lemmy.blahaj.zone 1 points 1 day ago (1 children)

Docker guest still shares a kernel with host. Use a custom OCI runtimes like kata-containers (VM) or gVisor/sydbox-oci (unprivileged application kernel) to reduce the kernel attack surface and protect against privelege escalation.

[–] vk6flab@lemmy.radio 1 points 1 day ago (1 children)

This is true.

However, I'm running trusted software, not the backyard efforts of someone randomly selected off the internet.

Additionally, the Docker container is running on a dedicated Debian virtual machine with only Docker installed.

What's of deeper concern is that all instances are running on X11 which means that they all share information via the clipboard for example.

[–] Neptr@lemmy.blahaj.zone 1 points 1 day ago (1 children)

You could set up Wayland probably. Just make sure you use GNOME (Mutter) since it is the only Wayland DE that protects the screencopy API.

[–] vk6flab@lemmy.radio 1 points 1 day ago (1 children)

So far the Wayland implementation requires embedded X11 which puts everything in the same environment again.

I've not yet discovered how to run separate Wayland screens across the network from a Docker container and I'm also not sure if either Chrome or Firefox actually support native Wayland, from memory they didn't last time I checked.

[–] Neptr@lemmy.blahaj.zone 2 points 1 day ago

Both Firefox and Chromium support native Wayland.

Also, this might lead you in the right direction for remote Wayland apps: https://github.com/wayland-transpositor/wprs

[–] Der_Fossyler@feddit.org 5 points 1 day ago (1 children)

I'm using Mull but am going to switch to Fennec with arkenfox hardening and ublock enabled in the future.

IMO don't use too many privacy plugins like ublock, privacy badger and jshelter. Ublock can also block individual scripts in expert mode and therefore reduce your fingerprint to a minimum. Additionally more extensions also mean more consumed ressources.

I would also reccommend a secure dns filter like nextdns or the one from mullwad. I use Rethink dns for the configuration. https://www.f-droid.org/en/packages/com.celzero.bravedns/

Here is a site from Germany that handles many privacy topics and has a section for dns servers: https://www.kuketz-blog.de/empfehlungsecke/#dns

[–] andylicious1337@lemmy.world 2 points 12 hours ago

thx for the link to the website, I will have a look into it. I also use Rethink with NextDNS, but still a good thing to have a link with recommendations.

[–] TherapyGary@lemmy.blahaj.zone 11 points 1 day ago* (last edited 1 day ago)

The built in browser on GrapheneOS, Vanadium, is great.

If they're using Bromite, that's a problem because Bromite ended development like a year ago, and they should at least switch to Cromite

Edit: A problem with all the plugins is that it creates a unique fingerprint, which Cromite and Vanadium prevent by not doing plugins/extensions and instead using built-in ad blocking (which can/should be supplemented with a decent VPN and/or DNS level ad blocking)

[–] QuazarOmega@lemy.lol 2 points 1 day ago

someone compared Chromium and Firefox without any real conclusion

Are we talking about mobile or desktop? Because, as of now, Chromium is still winning on mobile