Remove Firefox & Add Brave #2419
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#2419
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I recommend removing Firefox from "Browser Recommendation for all OS's", because of various security reasons and include 'Brave' as it's alternative. I have provided all the reasons below 👇 for this purpose.
Reason to remove Firefox 👉 No doubt, it’s privacy friendly, though it’s missing some important security features like ‘Site Isolation’, which means websites in Firefox can access each others’ data. From this vulnerability, users’ privacy is greatly compromised. Apart from this, it has a really immature sandboxing process, lacking win32k lockdown on Windows, and numerous sandbox escapes on Linux & Android. With other numerous exploit mitigations. It would be too long to explain all the security issues here. You can take a look at https://nihal247.github.io to know about all these vulnerabilities. Privacy can’t be achieved at all, if security is compromised. I think Firefox should be removed from this list, though not the Tor Browser, as it provides real anonymity and privacy for users. Well I can hear some of you, we recommend 'Hardened Firefox', but by modifying it, we are consistently increasing the fingerprint, making us unique over the internet and can be easily identified. This significantly worsens users' privacy and is problematic for many reasons.
Reasons to add Brave 👉 1. Brave doesn't writes your browsing and search history.
2. IP Address is not collected too.
3. Brave connects it's users to a Brave-run server for Safe Browsing feature (which doesn't keeps any logs), instead of connecting to Google.
4. Brave discourage the use of DRM (provided by Google) and disables it by default.
5. Protects against browser fingerprinting and even offers fingerprint randomization.
6. Has the missing security features of Firefox, helping in real privacy gain! due to it's Chromium base.
7. Even recommends users' to choose a private search engine like DuckDuckGo, in Private Windows and earlier on welcome page (before introducing it's own search engine 'Brave Search').
8. Data collected from Brave Rewards & Sync is still encrypted (although I don't recommend using both!).
9. Tells about disabling Telemetry on it's welcome window, unlike not telling about Telemetry in Firefox, unless we manually check in settings.
10. Automatically upgrades to HTTPS version of sites.
11. Accessible to Tor Network (though I recommend using the Tor Browser for this purpose!).
12. Blocks third party cookies by default.
13. Blocks Ads & Trackers by default.
14. Available on all major platforms (Windows, macOS, Linux, Android & iOS).
15. No personally-identifiable data is collected while automatically checking for update.
Sorry for making you read so much! I hope to get response, instead of being ignored!
I know you guys have to work a lot for replacing 'Firefox' as it's there in the code numerous times and is deeply integrated, but spreading it to the masses, is overwhelming, it reduces security, and privacy at the cost of security isn't any good! Apart from that 'Hardening Firefox' will only reduce your privacy and make you 'unique', over the sites you visit, means you could be easily identified. Morally, for this purpose we should remove Firefox!
Sorry, I know some of you're deep Firefox lovers!
I would love to hear your opinions, and let me know if I'm wrong somewhere, Thanks!
I wanted to write an article explaining why madaidan is wrong, but I remembered PTIO can't even recommend brave for some reasons. So I'm gonna go with: they're staying with firefox because there's no better alternative.
Bro, bro, bro, bro.... 'Hardening Firefox' is only making you less private! Try to understand you are being unique and could be easily identified.
Why you think PTIO can't recommend Brave, I know some of you suspect it's business model and rewards system, but as other non-profit browsers mentioned by PTIO are financially struggling, it appears that Brave’s business model is securing this browser’s future and ability to continue to innovate its products. Apart from that, Madaidan is not wrong! He has given several security issues that actually exists, like 'Site Isolation'!
Can you provide the reasons pls
It's not about the business model, Brave maintainers requested for its removal. For me it just seems because they one that once they're here, there will be an eye on their project and they can't play with it as they want. Just read about its history and how many times they did some shady stuff and got caught for it.
Fission exists and I've been using it since like 4 months. It works like a charm and will be available for beta in the next release AFAIK. All these theoretical security measures did nothing when an exploit was there. Read Discussion from Firefox Engineers and from the whonix team here:
https://matrix.to/#/!anEyEXBYVSlveMBsbt:mozilla.org/$qIt3ueIv2k_-3KkblXQk-IZK02v8tkUdY5DKsW9oOhw?via=mozilla.org&via=matrix.org
https://app.element.io/#/room/!DAzdivXKbExPfeQEjo:mozilla.org/$PjXxc3-cWjQQS4_8gdIcJWoS6G06aQK7usjdjVWFHmI
https://forums.whonix.org/t/chromium-browser-for-kicksecure-discussions-not-whonix/10388/84
This is not a proper way of understanding the privacy practices of a company!
It's good you're using Fission, but its not mature than Chromium's! This is available if you change the flag. Average users don't know how to do this. And this is just one of the security issues present. There are numerous more vulnerabilities present!
Apart from that, I assume you're using 'Hardened Firefox' (as default Firefox has no privacy gain!), so you're already less private! (unique fingerprint), what are your thoughts on this?
@Nihal247 first why not just give original madaiden article link? But for your claims i agree using firefox not only has no privacy gain but also is a harm to users privacy, when you reccomend firefox to somebody you shouldn't expect them to go into about:config page and mess with a lot settings that not only makes the firefox bad user experience even worse but will also make them extremely unique and a suspicious target for most sites (lets not forget the official stable firefox isn't even allow android users to go into that page probably because of your recommendations that broke thier browser experience and thier complaints about thier problems on fenix repo).
Mozilla themselves are not to be trusted too they have alot of telemetry and trackers that need firefox to be patched and configured through about:config to remove (even then you can't be sure there is no leak to mozilla services). All of this just to make yourself stand out amongst huge mass of chromium users (firefox market share is like less than 5 percent?) , and all of these aside even torbrowser isn't that good against fingerprinting (you can try this on a proper test https://abrahamjuliot.github.io/creepjs/ ) or in other words no browser is immune to java script fingerprinting unless they disable java script ( imaging asking an average joe to disable java script and thier experience after they do what you said).
So in the end i reccomend to keep this issue open until we come to good conclusion i'm not a big fan of brave and definitely against thier strategies but they are a big team (acually very few of them work on security or privacy and most are developing thier advertising system) but i would say it's the best available option to recommend to average users when you reccomend fire fox most people will have a bad experience compared to chrome and they also have to mess alot with configs and settings just to change back to chrome after a few days. Brave is very acceptable compared to both chrome and firefox it's just works and dosen't need to be configured this is exactly what and average user needs, yes i know chromium fingerprint resistance is extremely weak compared to firefox yet if you've used the above test you would know fingerprinting can be much more complex than what you thought and tbh firefox will only ruins your privacy by standing out against chromium users.
Recommending users to install several addons is also not a good privacy and security practice brave has this covered by using https everywhere and adblocker the only extentions and average user will need.
Ofcourse we can also recommend ungoogled chromium and bromite to desktop and android users but not only they aren't maintained enough they can also be hard to use for a normal user.
At the end i remember a few guys going into brave github and trolling thier team with trash talks and hate speech instead of having a nice conversation about privacy concerns on brave that eventually lead to thier team asking to remove thier software from ptio.
This really need to be considered as using firefox doesn't improve privacy and breaks average users browsing experience, we should at least consider recommending a chromium browser like ugc (which is most private) in addition to firefox (maybe find a windows maintainer for it in the meantime?).
I totally agree @AadenA, and here you go for the original link 👉 https://madaidans-insecurities.github.io/firefox-chromium (sorry I didn't provided as the link wasn't remembered!). A 'Hardened Firefox' doesn't only makes us unique but also worsens user experience. We shouldn't judge anyone based on their history, who knows if they've improved? I have seen people who don't understand privacy and security and blindly recommend Privacytoolsio's Firefox tweaks, without the knowledge that this only makes them less private. I think we should at least remove the 'Firefox Tweaks' section as early as possible, as this is just making people stand out in the masses! And yeah I'll definitely keep this issue open till we arrive at a final conclusion!
Hey @Nihal247, I'm honestly not going to start talking about why some of your points are wrong or do not align with PT's view since they have been discussed in multiple issues a myriad of other times, you can look for some named Firefox, Brave and the about:config (this last one deals with fingerpriting) if you are interested in the technicalities of the why not. I am not part of the PT team but I can already asure you they are going to close this issue, so if you want to let it open and wait for that, that's okay, otherwise I would close it myself.
Hey @LongJohn-Silver, it would be better if you tell where am I wrong (because I just want to know!), otherwise just closing issues because of one's state of mind isn't anything which this website is all about! If I'm wrong tell me the reasons straightforward! I'm not gonna look what others don't see what I see. I just want the simple answer that how 'Hardened Firefox' with missing 'Security features' can be a privacy gain, whereas Brave's 'Security Features' with 'Fingerprint Randomization' isn't! Everyone just looks on a single thing, 'Brave's Rewards System and their Business Model', how the hell this can tell a company's actual privacy practices? this really can't be understood by me! This is just random cherry-picking from those who think 'Chromium-based browsers can't provide real privacy', whereas a 'Tweaked Firefox' could, but actually with no real privacy gain, but only uniqueness!
It would be better if someone just explains how a 'Hardened Firefox' can give real privacy, and not uniqueness!
@Nihal247 if you trully seek a private browser i recommend you to use ungoogled chromium, vanadium and bromite ( these are your options on a reasonably private os ) if you use windows just stick to edge as trying to achieve even a minimum amount of privacy is almost impossible in windows (ltsc can provide that but it compromises security and not everyone can get thier hands on it), i recommended to add brave just as an alternative besides firefox since it would be a better option for normal users (vanilla firefox dosen't really strike you as either a private or trustable browser just like brave) and don't forget there isn't a browser that can evade fingerprinting (try the link in my last comment) unless using distros like whonix or tails in disposable vm's on private and secure hosts like qubes. i'm certain this would not be considered since folks at ptio try to support and endorse firefox to save it from it's demise (especially because tor browser dependancy on firefox and possibility of google taking even more questionable action's when are left without any rivals) so i'm pretty much sure they would close this issue without considering it.
@AadenA, I've already used Ungoogled Chromium though I didn't liked it (because it's not well maintained and has no auto-updates). It's not suitable for a day-to-day use case. I personally neither use Firefox nor Edge (I know Edge is the most secure browser). I have Brave as my primary browser (because of a good mixture of privacy & security). May I ask what browser you prefer (or specifically use)?
It's sad they just blindly recommend Firefox, without knowing it's actual reality of being not private!
But I definitely want to know this answer from them!
@Nihal247 i have several devices with different setups for different needs but just to give you an idea: ugc and tor (linux), edge and chrome (windows), chrome, vanadium(android).
@AadenA what is your recommendation on macOS & iOS?
what about keep firefox and add brave?
No @katzeprior, keeping Firefox, with tweaks will only reduce the privacy of users!, we shall remove it. Think how many people would've followed the tweaks of Privacytoolsio's and have became unique, for this purpose we need to remove Firefox (as vanilla Firefox provides no privacy benefit but only security issues), and replace it by Brave.
Firefox is the last common-use browser that don't use Chromium's engine but it's own. If users want an out-of-the-box privacy browser they should just install LibreWolf.
So what? this is non-sense to oppose Chromium without any constructive reasons! (after all it's open-source too)
Yes, we can remove Firefox and add Brave and LibreWolf (though LibreWolf's doesn't functions properly with all it's components!)
But I recommend not to use browsers like 'LibreWolf', as it has a really small user-base (not more than 1,000,000!), and websites can identify us from it's unique user agent!
The ultimate goal is to hide in the Chromium crowd for real privacy, which Brave provides and not Firefox's forks!
@Nihal247 When Chromium is the only one left and they change something you don't like you have no other option and they can do whatever they want without having to worry about losing users.
edit: after all its mainly developed by google.
@katzeprior, whatever Google adds to Chromium isn't necessary that it would be added by other Chromium based browsers too. This is one of the many reasons why Chromium-based browsers gets separated from Chrome! For example, Google introduced FLoC, in it's browsers (FLoC is a privacy concern!), but browsers like Brave and Vivaldi (which are Chromium-based!) officially refused to implement it in their browsers (in fact no other browser implemented FLoC!), I know FLoC was availabe for Firefox and Safari also, but this shows Chromium-based browsers have control of what they want to add in their browsers.
You may read this article to know more about it👇
https://www.howtogeek.com/724441/what-is-googles-floc-and-how-will-it-track-you-online
@Nihal247 I completely understand your need for this knowledge, it's just that it has already been discussed quite a few times and I don't have the time to explain everything, plus I'm not so smart as other people who have explained in other issues with a better technical background.
I'll say something that I think hasn't been said much on why it is better to recommend Firefox against any Chromium based browser, and it's the fact that except for Apple proprietary one, it's the only non-Chromium based browser on Earth, if we lose it, that's it, we're merciless against Google, so in my opinion it's a thousand times better to support them.
Yes @LongJohn-Silver, I understand the importance of having a non-proprietary & open-source rendering engine. But why are you taking that just not recommending Firefox on PTIO, will lead to it's demise? (even I don't want it's demise and that's why I recommend Tor) The ones who're loyal to Mozilla, will continue to use Firefox, irrespective of the real private & secure choice. I feel it will be useful for those, who are coming to this new privacy and security sphere and will help in to make them realize what's real privacy and security. I'm not forcing you or anyone to ditch Firefox for Brave, but to make you understand about 'fingerprint uniqueness' and to recommend the one which is a real private & secure choice! (because that's PTIO about)
I'll keep this issue opened till I don't get a strong reason telling using 'Tweaked Firefox' is private and doesn't makes us unique (or till it doesn't gets closed by maintainers!).
It depends on the configuration of browser, by using tweaked Firefox, we remain super unique, but using vanilla Firefox (hidden in Firefox crowd but it's smaller than Chromium's!, and also compromises security) or Brave (hidden in the massive Chromium crowd) you're not unique!
Using Firefox is unsecure, even if you resist fingerprinting and block scripts. Even using uBlock Origin can't prevent fingerprinting at all, till javascript is disabled. (Think asking an average user to disable JS, and imagine their experience!).
It doesn't fools, you can still be identified. Use this link 👉 https://brax.me/geo/ and see that your Fingerprint remains the same after each browser restart. Brave provides the only solution to this through Fingerprint Randomization, which changes your fingerprint with every browser restart, and hence you can't be tracked by the websites.
i think brax.me is broken because my fingerprint is even different on a simple refresh.
Yes, I just checked for it now, and this was the same case!
Nevertheless, you can use any other correct fingerprint test also, and you'll find your fingerprint changes with every browser restart, when using Brave. But doesn't happens the same with Firefox or any other one.
This is not how fingerprinting works! You can only hide yourself in a crowd if this is a predefined crowd where all are the same. This is not the case for vanilla firefox nor for chrom* (IP, Canvas, WebGL, devpixelratio, screen dimensions, screen orientation, timezone, ...). You are unique if you use vanilla firefox!
the most
It fools naive scripts. Advanced script can still identify you, that correct. But it's the same for Brave.
Go to https://fingerprintjs.com/ restart Brave, see same ID. Delete everything (
${HOME}/.cache/BraveSoftwareand${HOME}/.config/BraveSoftware), see same ID. Open private window with Tor, see same ID.EDIT: Do the same with firefox and RFP, see different IDs every time.
There are no "correct fingerprinting tests"!
I already know it, just didn't went to detail, as my fingers have became lazy 😂
Then why uBlock Origin on Brave didn't changed the unique ID?
Well, do we know why fingerprint randomization doesn't works here?
Yes, it's different to my surprise!
well https://fingerprintjs.com/ seems very accurate, if it's not perfect!
i get the same id every time with fingerprintjs.com on firefox, what did i do wrong?
@katzeprior You need to 1. clear cookies and 2. use RFP or CB.
IDK but it shows that even Brave's protections do to protect to 100%.
What an absolutely loaded BS question. Would you like it if I blew into Brave's issues tracker and stated "Brave is shit, prove me wrong", and then cherry pick out of context snippets.
You're the one claiming "tweaked FF isn't private and makes you more unique" - and you are wrong. How about YOU answer the question that YOU have brought up at least three times. You can't. And I'll tell you why: you are conflating all privacy measures with fingerprinting when they are orthogonal - and even in fingerprinting, when you do nothing, you have high entropy, you can hardly make it worse.
I've give you one example of a change in Firefox that does more for privacy than everything else Brave has done put together: combined with Firefox's network partitioning [1] (on for all by default since FF85) which does far more than any other browser by a country mile, if you change ETP to strict mode, this also partitions all web site data [2] to eTLD+1, along with smart blocking, heuristics and shims. Job done, now almost all current website tracking techniques are mitigated. No other browser can do this.
And that's just ONE change. I could name a HUNDRED other changes (no other browser lets you do tweak this much) that make Firefox more private and secure, without making fingerprintng entropy any worse.
[1] https://groups.google.com/g/mozilla.dev.platform/c/uDYrtq1Ne3A
and you can add Websockets to that list in FF92
[2]
You don't even know what Firefox does. Over half the items in your 15-bulletpoint Brave list, Firefox also does. The other half if fluff and/or lacks context. If you were genuine, and not coming in with a pre-defined biased mindset and agenda, you also would have been balanced and listed all the things Firefox does that Brave doesn't.
You are also being deliberately misleading on the security issues: your comments lack context. You cannot compare the security of two such complex beasts as a whole: security is a many layered thing. How about chrome (and I assume chromium when I say chrome) having EIGHT, yes EIGHT, zero-day exploits patched this year that were IN THE WILD. Chrome 93 just patched 27 security fixes. Twenty-fucking-seven - of which FIVE, yes FIVE, are the highest severity and USE AFTER FREE, yet again. How about 75% of chrome's severe security bugs coming from memory issues (use after free) due to C++. On the other hand, 10% of Firefox is now written in Rust, and AFAIK from last check, approx 0% in chromium (it's a rounding error). Every browser can do better, and you can look at things in isolation and say "that's cool, we should do that", but you can't really compare them wholesale like you did.
In reality, main stream browsers are already very secure. The security issues you are talking about are welcome, and it's not like Firefox is sitting on its ass - Fission is very complex, win32 lockdown is almost there, then there's RDD changes and numerous other improvements, including the backend. For the record, it took chrome six years to implement site isolation. Firefox started fission in earnest about two and a half years ago, so that's pretty impressive, seeing as they're already starting to ship it to beta
As someone who works with fingerprinting, you haven't got a clue how any of this works. That link (and I collaborate with abraham quite a bit: he even uses some of my methods, and me his) actually proves that Brave doesn't hold up against advanced scripts - Tor Browser does. Do you even know what that test is doing?
And you have the audacity to just trash Tor Browser as inferior to Brave .. because you think randomizing is some sort of magic bullet, and you clearly have an agenda to make Brave look the best at everything. I can tell you for a fact that all of Brave's randomizing can be detected. Not to be confused with revealing real values, just that the randomizing does not fool everyone, and that fingerprints ultimately come down to lowered entropy. Brave has stated that their aim is to only fool naive scripts. Tor Browser on the other hand, aims to defeat any script. Combine this with the fact that Brave doesn't cover anywhere enough metrics yet - compared to Tor Browser (95% of which is part of RFP), which covers enough to make fingerprints useless ... and hundreds and thousands of researchers, tests, real-world studies, papers, PhDs, etc ... not to mention science and math ... that show that Tor Browser holds up - and you are full of shit.
You don't have a clue what you are talking about
@Nihal247 i never bought or will ever buy anything from apple so can't reccomend anything for thier platform.
BTW use this test for fingerprinting and see if your browsers can actually avoid fingerprinting :
https://abrahamjuliot.github.io/creepjs/
@Thorin-Oakenpants i compared brave to firefox not tor, there isn't any browser that can be compared to tor(I just said even tor can be fingerprinted), i'm not a fan of brave i don't use thier software they introduce many bugs in chromium with thier additions i just said if we suggest vanilla firefox we can also suggest brave, as i mentioned in my first post chromium browsers are worst against fingerprinting, my whole point of participating in this conversion was to support the addition of a chromium browser that can improve privacy compared to chrome since most people can't be satisfied by firefox quality, so recommending a chromium browser would prevent most of them from going back to chrome.
Oh almost forgot some of the partitioning you mentioned not avilable in chromium are actually there they are not yet enabled by default since google dosen't want to break thier users browser experience(as always🤦♂️).
@AadenA , my post and all contents were for OP, who is shit-stirring, shilling, cherry-picking, and time-wasting with regurgitated snippets found on the internet, posted by other idiots, and acting like a know-it-all
I have no interest whatsoever in what PTIO recommends, but this whole thread is a waste of time, because Brave will NOT be listed for the aforementioned reasons. The is entire thread is a waste of time.
I'll close this, but what when Firefox actually dies?
Firefox will not die because G has a interest that it exists as alternative to chromium based browser. Because as long as Firefox exists they can say "no we don't have a monopoly, look there's firefox".