I just want to mention kuketz-blog.de, he did loots of Browsertests including an intercept proxy and actually analyzing the content.
Great resource to look for a MITM analysis.
Be aware that these tests are not all-encompassing browser tests and instead mainly focus on analyzing the connections made by browsers and data sent. It mainly doesn’t take security into consideration and privacy features like state partitioning and fingerprinting mitigations. That basically explains the questionable recommendations.
What questionable recommendation?
For example: Linux Mint, Fennec, Privacy Browser, Adblocker Apps, recommending to disable FF’s resistFingerprinting and use a anti-fingerprinting extension instead and a few more.
What I find very positive is that he has listened a few times to my explanations why something is wrong and he has corrected some things already. Also his MITM traffic analysis are quite cool.
I mean Kuketz covers a huge range of topics, so I don’t blame him for not being an expert on every privacy/security topic at all, because that’s simply impossible. Nevertheless it will spread some misinformation further and sometimes it would’ve been better to not give a recommendation regarding a topic than to give a questionable one.
His forum was one of the worst experiences I had in a while. Full of misinformation. Most users (including moderators) have no clue about security whatsoever and if you write something which doesn’t fit into their simple worldview of “open-source/Linux=secure, everything else insecure” you wont have a good time there. Again not directly Kuketz’s fault, because he can’t correct everything and just provides a platform for discussion. Nevertheless people expect the information to be somewhat right because they trust Kuketz to a certain degree.
So you would disagree that for example a user agent randomizer addon would in practice be better than RFP? Most websites dont seem to care about all the ways they COULD get your OS and browser, and still say I am using Firefox ESR on Windows.
Thid may be nice, but why not use Chrome on Windows instead, or Edge? On Android it would also be Chrome?
Would suck as websites would see less reasons to support Gecko, but I think in practice having a randomized fingerprint is pretty good.
Dont know for sure what extensions he recommends, but I think to remember that there was some good discussion of that controversy.
Linux mint… meh. Its nice but very old. I stay with Fedora Kinoite, which will be very secure soon and its already a lot better than traditional Linux and very new.
Of course. A user agent randomizer doesn’t actually randomize the user agent, but only the user agent string. It actually makes you stand out, because not many users do this, can get easily detected and the rest of the fingerprinting surface is still huge. RFP is what is used in Tor browser, so it’s the technically superior technology. Extensions are limited in what they can do and actually be fingerprinted including many of their settings. RFP doesn’t suffer from being limited through extension APIs.
Not inheritantly better than making it more uniform.
It’s not significantly more secure than most other distros. The immutability is not cryptographically verified from a root of trust, also many parts are still mutable or mutable after reboot. It also pushes people to use Flatpaks, many of which are unofficial, outdated or with modified builds.
Thank god it isn’t just me. I spent a few hours desperately trying to refute some bs against 90 % of the people commenting there, but it was hopeless. They act like if your device makes one connection to Google once, all of your data has just been made fully public. Their concept of security seems to be synonymous to privacy. Open source good, proprietary bad, no nuance and no exceptions, ever.
Those are the type of privacy advocates that make me scared that someone who really needs security/privacy because of their threat model might follow their advice. It’s not that bad for Kuketz of course, but I do think the way he sometimes ignores important aspects is irresponsible and can do actual harm. There’s a reason why he attracted the audience he did.