So let's set some foundations: Chrome and Chromium are google botnet. That's obvious. Brave has recently been discovered to be making major compromises despite their claimed focus on privacy. They're botnet. bleepingcomputer.com/news/security/facebook-twitter-trackers-whitelisted-by-brave-browser/ Firefox has built-in telemetry. This can to some extent be disabled by the user, through the micromanagement of dozens upon dozens of about:config and user.js values. Firefox is also notorious for slipping in stuff behind users' backs. Never forget this. itsfoss.com/firefox-looking-glass-controversy/ ghacks.net/2017/10/06/mozilla-to-launch-firefox-cliqz-experiment-with-data-collecting/ It would seem that Moz://a doesn't have any concept of 'opt-in'. If they're willing to do this shit without telling users, what makes you think they won't silently revert your config changes and pass it off as one of their 'experiments'? Long story short, Firefox is botnet. Safari, IE/Edge, Opera, and Vivaldi are proprietary. [insert loonix webkitgtk/qtwebengine browser] is too barebones. Doesn't have any capacity for privacy/tracking protection besides occasionally a very basic adblocker.
With all of that being said, where do we go from here? What other browser options exist? What do you think of the above kikery?
Compile FF yourself, disable crap at ./configure time.
Jackson Collins
lol learn 2 code
Julian Wood
>I'll make the logo
Zachary Roberts
What happened to that moonman browser anyway?
Daniel Hughes
How do you disable telemetry at compile time? What other modifications do you do during compiling?
Xavier Baker
Does it even matter anymore? The web itself is fucked, all Gecko based browsers will eventually die together with Firefox and Google will have a monopoly with their Blink engine (except on Apple products, which force the usage of Webkit).
>No botnet GNU IceCat (slow, sucks shit) Ungoogled Chromium (chrome without botnet, no auto updates or google integration AT ALL) TOR Browser (80% of the internet breaks, nobody can track you - unless you're retarded) >I dont care about botnet Might as well use the best version of the respective engines Vivaldi (chromium based) Firefox Nightly
Check the patchset which essentially makes IceCat. Some can be done with configure flags, others need code removed.
Nicholas White
Use ungoogled chromium, icecat, or palemoon. These are your best options for non text based browsers. I would say TOR too, but we all know TOR is a honeypot.
use Firefox if you’re not a brainlet, otherwise Iridium
Charles Ward
>but we all know TOR is a honeypot. explain. TOR browser is generally considered across the security community as being the best way to access the darkweb/use onion routing. More specifically, most will recommend you use Tails, which uses the standard TOR browser as its browsing option.
Matthew Fisher
Also, I like your suggestion of Icecat. I definitely trust GNU more than Moz://a at this point to not screw up user privacy.
Gavin Robinson
i use falkon but it krashes all the fucking time waterfox with all the fingerprinting shit turned off is based enough for most usage i may need to switch back to pale meme
Tyler Taylor
ungoogled-chromium
Oliver Walker
>krashes kringe
Robert Johnson
i have ungoogled chromium its pretty ok you forgot to mention opera 12.8
Jace Scott
>How do you disable telemetry at compile time? You can prevent pings from being sent to Mozilla by adding ac_add_options MOZ_TELEMETRY_REPORTING=0 to your mozconfig. I don't know how to disable the creation of pings though. The IceCat devs probably had to edit the source code for that. >What other modifications do you do during compiling? I disable a bunch of stuff like the updater, the crashreporter, WebRTC, EME, etc. and enable more extensive optimization (including PGO; never get LTO to work though).
Xavier Powell
>I don't know how to disable the creation of pings though. The IceCat devs probably had to edit the source code for that. Scratch that. Apparently any information collection in about:telemetry gets disabled by setting toolkit.telemetry.unified to false, but only if toolkit.telemetry.enabled is also false (I use FF Beta for which it's locked to true; that's why I was confused).
James Ward
Opera is closed source
Jeremiah Rivera
Yeah but if you compile ungoogled-chromium from source how do you update it? Just check every few weeks if there's an update and recompile it?
Andrew Watson
>Just check every few weeks if there's an update and recompile it? That's pretty much how it works, yes.
Colton Robinson
Sooo then you have to update extensions manually as well? Downloading and installing the CRX file everytime? jeez
Ian Martinez
No idea. I don't use Ungoogled-Chromium.
David Ortiz
Seriously someone with the knowhow here just make one. Fully open source, transparent updates. If theres anything a tech retard can do to help ill do some dirty work.
Michael Evans
There are many niche browsers like that out there. The problem is that they can't compete with the big browsers in terms of functionality (modern browser engines are massive projects), have no proper addon support (because it takes a big community to get that going) and stand out like a sore thumb when it comes to trackers. If you don't mind these drawbacks then look into Dillo, NetSurf, Netrunner, etc.
It's even more botnet than Chrome itself since it can be fingerprinted easier. That's also why stuff like Brave, from day one on was bigger botnet than Chrome.
Jackson Adams
Icecat 60 is very good. Much better than icecat 52.
Tyler Anderson
Congratulations by using Icecat or Librefox you fall for the typical brainlet filters. Their developers have no clue how fingerprinting works.
By using anything that isn't standard Firefox with resistFingerprinting enabled you inevitably give away your entire browsing history to Google and countless other advertisers and trackers.
That's also why Ungoogled Chromium is non ironically worse than Google Chrome for privacy. Imagine how many people run either browser worldwide.
Ethan Turner
I'm satisfied with Vivaldi, for now. Nice-looking browser, it's not closed-source, the authors have expressed disapproval against Google, and others.
Austin Rivera
hf being fingerprinted everywhere and instantly uniquely targeted by even the shittiest scripts worldwide. Either use stock Firefox and toggle the config yourself or just don't bother and use Chrome.
David Perez
All tracking can be stopped by disabling images, css, and javascript.
Hudson Rodriguez
>What is fingerprinting
Samuel Bell
Wrong. Imagine how many people worldwide do this. Should be easy to guess how easy it makes you be fingerprinted especially with some other vectors left open that do not need images,css or javascript.
The best way to avoid tracking is to non ironically load all ads and trackers as long as you have a non unique fingerprint
Robert Ortiz
Wrong reply?
Aaron Fisher
Nah, he's implying you shouldn't use anything but FF with privacy.resistFingerprinting enabled or Tor, because everything else makes you easy to track because of a unique browser fingerprint.
Eli Martin
>no mention of cURL
Jack Ward
Ah. Actually, I did thought about this matter before. I'm using an extension called Canvas Fingerprint Defender. It adopts a different fake value each time it does its job, instead simply blocking. I'm satisfied with it.
I know Vivaldi and other Chromium-based browsers are more on spying than Firefox, but I really like it and its unique visual and structure. Anyway, I will switch to this, if Vivaldi gets affected by the effect that shutdown uBlock Origin. github.com/muslayev/icecat-win64/
Furrymoon is just so much more economic with resource use that I can't drop it.
Jackson Collins
Both Icecat and your mentioned extension makes you more unique. As already said either use Tor or Firefox with resistFingerprinting enabled or use Google Chrome itself. There is no in between.
>fingerprinting is too easy >many websites require javascript >by enabling javascript you lose privacy even further >it's possible to track via. css as well >ad blocking isn't enough anymore >isp's get your dns requests, they know which domains you visit >google working on recaptcha v3 where website owners send your data to them during server request. you Jow Forums google. you will never even interface with google anymore, they will get their data directly from the server. >google probably working internally on AI to track users more reliably with even less data
it's over boys. it was fun while it lasted. the only thing that can save the web is a complete overhaul from ground up, scrapping the entire ecosystem as it is (html, css, javascript).
>FF with privacy.resistFingerprinting enabled >Firefox with resistFingerprinting enabled >yes, use an actual botnet browser with telemetry up the fucking ass that phones home to CIAniggers constantly and is shady as hell, all in the name of avoiding """fingerprinting""" >just submit, goyim Seriously, fuck off. If this is about user agent fuckery, it's called an extension. You can use extensions to change the user agent to whatever normie shit you want, while still having actual, legit privacy. Don't tell users to install a fucking unethical spyware botnet browser just to maybe avoid one part of what can track you. Did you not read the fucking OP?
IPFS would be even worse. Imagine companies like Cloudflare/Google/Spywareinc./etc. all pinning IPFS sites. They'd know exactly which sites you are using even without serving ads or trackers, and not only them, but everyone who is interested. We need something that's: a. not web based b. very limited in what it can send about your machine, i.e nothing (why the fuck is it even possible for someone to get your list of fonts and send it to them via. javascript?) c. still allow rich content without all that web garbage d. able to replace most of the web and offer advantages over it (give companies / individuals good reasons to adopt it) e. led by a committee that actually cares about privacy and their users and doesn't sell out like the web consortium f. entirely declarative g. extremely fast to render (html/css is fucking bloated and dated)
Let's say it as it is: the web is a platform that allows you to easily download a client program to interface with a server via. js and display data via. html/css, nothing more.
I'm 100% certain there are better and more efficient ways to do this than use this abomination that the web has become.
Wyatt Bailey
what are you even proposing? the only thing i could think of that comes close to this would be using a dedicated program to render content that is obtained via ftp or irc or other non http/s means which i wouldnt even be opposed to but its not business friendly. there is never going to be something as feature and content rich as the modern web without the downsidses we have right now. wikipedia cant run on some NEETs hobby server link for http problems: spyware.neocities.org/articles/http.html
Zachary Campbell
>Safari, IE/Edge, Opera, and Vivaldi are proprietary. All the source code for Vivaldi is available though. Go look at it if you're so worried
David Edwards
>Not using Yandex in 2019
Imagine being worried about the Kremlin stockpiling your info rather than the U.S.
Austin Gonzalez
Yandex is a search engine, not a browser.
Robert Powell
Is there a comprehensive guide on how to disable all telemetry and configure Firefox for maximum privacy?
Unless your willing to ditch basically all modern web functions and use a bare bones browser everything is fucked
Brody Harris
Revive netrunner.
Colton Allen
I just decided that vimb is good enough
Jordan Morales
There are far more things to consider when it comes to fingerprinting than your user agent. Are you blocking cookies? Are you blocking Javascript? What system fonts can a website use? What system language are you using? Is your browser sending DNT requests? And so on. Making your browser not stand out is difficult and IMO not worth the effort. Might as well stand out and use whatever browser you want. The web is already fucked.
Adam Smith
Go through ghack's user.js. They are very extensive and have a good documentation. It's important to understand what you are tweaking instead of mindless copying. You might also want to compile FF yourself.
Matthew Jones
I'm honestly considering it. Getting some bare bones browser and keeping one of the big ones as backup. It would probably improve my browsing habits as well.
>I definitely trust GNU You should't trust GNU for anything, but OK.
Carter Parker
I'm a brainlet. Can you explain what you mean by fingerprinting and why do you claim browsers like Icecat/Librefox/Ungoogled Chromium are the worst at it?
Wyatt Hughes
>You should't trust GNU for anything why?
Jacob Hill
He's saying that sites can identify you by how unique your setup is. If you have certain config changes, extensions, user agents, or browser itself that are not the norm, the theory is that you are more 'unique', and sites can actually determine who you are based on that.
It's a kike scam though. Yes, fingerprinting can be a method of discovering who you are, but the proposed methods of decreasing fingerprintability are to dramatically decrease your privacy in other areas. "Just use TelemetryBrowser, user," "Just disable your privacy extensions, user," "Umm, Chrome is ackshually MORE private, user," "Just submit, goyim." In other words, I don't buy it.
Andrew Martinez
isn't ungoogled chromium reports itself as chrome?
Isn't that a cancelled debian project? afaik they now just use 'firefox'. Also, 'Iceweasel' is different from 'Icecat'
>History >GNU IceCat was formerly known as GNU IceWeasel but changed its name in 2008 to avoid confusion with Debian IceWeasel (who was rebranded back to Firefox in 2017)
So in summary: GNU wanted to make a fork because they wanted to make it a secure and private browser. Debian wanted to make a fork because fuck knows why. There was a bit of confusion because they both wanted to call it Iceweasel. GNU agreed to call theirs Icecat. So now there are 3 browsers: Firefox, Debian Iceweasel, and GNU Icecat. Debian gave up Iceweasel a while ago. So now there's 2 browsers: Firefox and Icecat.
Hunter Campbell
Debian made a fork because they weren't allowed to use the official Firefox name and logo on their repos. So they just changed those, there weren't any more modifications.
Jack Parker
Exactly my point.
John Sanchez
If you want just privacy then sure use your little fork But if you need both security and privacy then you'll want to be up to date all the time asap Mozilla are the one rolling out security updates to firefox first Just remember how they rolled out a patch right the next day after meltdown and spectre came out And regarding privacy did you forget fitefox is open source? Sure you'll need to click some options, but only the FIRST TIME you run it after installing >disable statistics sharing from the options That should be enough, but if you're paranoid you can also >about:config >disable all telemetry >disable all experiments There, you just made your own little waterfox, but with instant security updates, now stop being a mindless cuck and stop posting that gay shit
But you didn't address the real problems of firefox: Mozilla's evil, lie-by-omission practices. Again, if they're willing to do this shit without telling users, what makes you think they won't silently revert your config changes and pass it off as one of their 'experiments'? Long story short, Firefox is botnet.
Jaxson Robinson
aren't addons on FF a valid requisite to overriding some of those issues? i would imagine they automatically freeze the changes from happening, unless I'm mistaken.
Parker Kelly
>aren't addons on FF a valid requisite to overriding some of those issues? There are some addons that allow you to quickly toggle certain tweaks without having to go to about:config, but they aren't necessary. It's easier to enforce tweaks by using a user.js. That'll revert all listed about:config entries to the specified value at startup. The bigger problem is when Mozilla changes the role of those entries, deprecates them or ties them to some other setting that might change the expected behavior. That's nothing they do on a whim though (or even can; the process of deprecating toolkit.telemetry.enabled is still going after years).
Luis King
>That's nothing they do on a whim though >Moz://a doesn't randomly decide to fuck with users on a whim oh you sweet summer child
Jose Bennett
Debian likes to apply their own patches and can’t use firefox branding with a modified source code, so they rebranded it as their own.
Eli Gonzalez
They may decide randomly, but you still get some heads-up either through a statement or a discussion on FF's Bugzilla.
Thomas Reed
Great, so now you have to constantly keep tabs on that, and also hope they don't modify their statements after the fact. This is their statement now. support.mozilla.org/en-US/kb/lookingglass As you can see, they state that this is opt-in. IT WASN'T OPT-IN when it was first rolled out. People just ended up with a random extension installed on them without their consent. They make mention of that in a little sidenote, but that note inherently points out that the shield studies are opt-out. They are opt-out because they are enabled on a fresh Firefox install, and you have to manually disable them. Once again, something that you have to disable, and once again something I wouldn't put it past them to revert with an update at some point.
Caleb Turner
>They are opt-out because they are enabled on a fresh Firefox install, and you have to manually disable them. Once again, something that you have to disable, and once again something I wouldn't put it past them to revert with an update at some point. That's what the user.js is for.
Blake Hernandez
>it's possible to track via. css as well Is nothing sacred? How long until they implement an image format which ties to your processor ID, MAC address, ISP domain and shit?
Falkon if you want to avoid Moz://a codebase completely, Icecat if you like Firefox but don't want botnet
Dominic Mitchell
Mhm. Even if you had the most generic setup, you could be identified by other factors.
Christopher Morales
That's my point. Having the 'unique' setup blocks those other identifying factors like telemetry, ads, third-party cookies, unnecessary tracking javascripts, etc. But doing that also apparently makes you more vulnerable to being 'fingerprinted'. Overall, I think the best option would be to use a unique privacy-protecting setup, and then fake the other stuff through the use of a user-agent spoofer and/or other methods.
