Delete Safari and change mobile browser criteria

Website

Short description

Delete Safari in mobile browser recommendation and change mobile browser criteria to include MUST be open source

Why I think this tool should be added

I donot understand why mobile browser criteria doesnot contain
Must be open-source software.
As desktop browser criteria. Is it specially made for iOS? I don’t think we should change browser criteria for a closed OS because it does not allow other browser engine. I suggest we delete Safari guide.

Section on Privacy Guides

Mobile browser

This topic has been addressed on multiple occasions [1, 2, 3].

To summarize: All iOS browsers currently employ Apple’s WebKit engine, which is actually open source. Utilizing any browser other than Safari introduces an additional entity to be trusted within the system. The advantages of using an alternative browser to Safari on iOS are minimal, if not potentially detrimental [4]. This is particularly true when Safari is fortified and used in conjunction with a content blocker like AdGuard [5].

Given that there are no alternative browser engines available for iOS other than Apple’s WebKit, it is largely impractical to replace Safari at the moment.

This is unfair because you don’t recommend Edge on PC and Chrome on Android and safari on macOS. The criteria for both desktop browser and mobile browser should add native browser ALLOWED because they are all open source according to your explanation. Installing this party browsers on these platforms also add attack surface, especially when there’s no third party webview available.

I decide to stop contributing to my existing privacyguides.org PR from now on

Firstly, it is important to note that I am merely a forum member and do not represent the authors or staff members of PG. The perspectives I share are solely my own and reflect the conclusions of previous discussions within this forum.

Secondly, it is noteworthy that, unlike iOS, both Windows and Android platforms support multiple browser engines. This distinction is also highlighted in the recommendations for desktop and mobile browsers provided by PG [1, 2]. Consequently, PG officially recommends open-source browsers such as Mullvad and Firefox for desktop, or Mull and Brave for Android environments. It is anticipated that this section will be updated upon the introduction of the first iOS browser utilizing a non-WebKit engine.

Nonetheless, it is important to emphasize that the selection of a mobile browser should ultimately align with your individual personal trust and preferences, regardless of external recommendations. The absence of an application from PG’s recommendation list does not inherently indicate deficiencies in privacy or security. Instead, it signifies only, that based on the criteria established by PG, the listed applications are deemed the most optimal choices. Your personal criteria may deviate.

IMO This should be reconsidered. I believe that we should recommend Brave for iOS & reconsider our position on Safari. Allow me to explain.

I’ll first establish why I disagree with the reasoning PG currently provides:

According to PG:

We recommend Safari alongside a tracker-blocker like AdGuard on iOS, because all iOS browsers are forced to be based on Safari anyways. This reduces the number of parties you’re required to trust.

@patron ‘s comments above seem to echo this sentiment.

I find this logic highly flawed, particularly for one reason: We’re also recommending people install AdGuard on top of Safari anyways. Content blockers like AdGuard require deep & extensive access to the browser to do their job (See correction below). You are of course increasing the number of parties you trust there, there’s no way around that. You are putting trust in AdGuard. I personally have no issue trusting AdGuard here, but that’s irrelevant: let’s not ignore the fact that we are fundamentally increasing our attack surface & the parties we trust by installing their app & enabling their Safari extension.

Edit: See @BionicBison’s replies below, looks like this amount of access is only required for some advanced blocking? I think we might want to clarify & potentially recommend against this setting if we stick to current criteria.

With that being said, I still believe that we are increasing the parties we trust, because even without this advanced blocking enabled, we still have to trust AdGuard & filter maintainers not to implement any malicious filtering rules. Now back to my original points:

With that out of the way, I’ll now establish why I’m recommending Brave in particular and what benefits it brings over Safari.

Brave:

• Is Open Source

• Has stronger & more effective content blocking than AdGuard + Safari (Easy example of this off the top of my head is speedtest.net - On Safari, I see a banner asking to install the app even with AdGuard (& Annoyances filters enabled), meanwhile on Brave I don’t.)

• Brave’s content blocking on iOS also has support for removing URL tracking parameters - Apple appears to have added some form of this functionality to Safari fairly recently, but their list can’t be expanded and likely isn’t as effective as using a filter like AdGuard’s URL Tracking Protection (& potentially Actually Legitimate URL Shortener Tool if that’s now supported as well, need to test…)

• Supports adding custom filter lists & other basic functionality that AdGuard’s extension either lacks or locks behind a paywall

• Supports toggling JavaScript per-site

• Automatically redirects AMP pages

• Supports Global Privacy Control

• Allows adding custom search engines… (It is literally only possible to use 1/4 of the search engines we recommend on Safari without buying some kind of extension, which also even further increases attack surface & trust in another party…)

• Etc…

These features provide clear & meaningful improvements to user privacy, and I hope this outlines why I disagree with the notion that the benefit of using another browser over Safari on iOS is “minimal”.

I don’t think Safari is particularly a bad choice when it comes to a browser like this, but I feel like it’s silly to ignore the clear benefits that other browsers like Brave can provide.

I’m curious to hear what the community thinks about this.

I’m gonna disagree with a few points here, but I agree with the spirit that the reasoning is somewhat flawed. First, unless you enable AdGuard’s advanced blocking extension, it is implemented through content blockers. This provides the browser with a list of rules and lets it do the actual blocking, meaning AdGuard does not have access to your web activity. Second, I’ve had no issues with AdGuard blocking compared to Brave, so I also can’t say I agree with the claim that it’s less effective (I have the AdGuard annoyances filter enabled and it takes care of that Speedtest banner just fine).

With that out of the way, my thoughts on recommending Safari as the sole iOS browser largely echo yours. I also don’t quite understand the reasoning that using Brave adds trust rather than transferring it. Unless this is more complicated than I believe it to be, isn’t it a similar situation to Brave using Chromium on other platforms? It’s not like we would recommend using Chrome over Brave since “you’re trusting Google anyway.” Brave genuinely brings a lot to the table as previously mentioned (custom search engines being huge as Safari is directly incompatible with some of the search engine recommendations), which warrants adding it to the iOS browser recommendations in my opinion. I’m actually not opposed to it joining Safari rather than replacing it as Safari is pretty decent, though I’d understand if Safari was removed should an open-source requirement be added.

The iOS browser situation is an unfortunate one at the moment, but I don’t think it should stop us recommending trusted options that we already endorse for other platforms in the absence of glaring technical issues (the whole “adding trust” thing seems pedantic in this case). I would also like team members to weigh in on this again, as Brave has also simply come a long way in features since the whole Safari thing was decided.

Could just add brave as a general recommendation sure. I don’t want to remove Safari though, it has a lot of genuinely great privacy features including pretty much everything brave offers except for the built in content blocker which is easily remedied with a content blocker like adguard that requires no permissions to work and has no power in your browser other than supplying it with a list of URLs to block.

I don’t really understand why PG specifies certain browsers for certain operating systems as it is quite frankly. I think Safari is a fine browser on desktop as well.

Are you sure about this?

image828×1395 115 KB

This seems to imply that AdGuard can access website data, but maybe this permission is unnecessary & I’m missing something?

Could just add brave as a general recommendation sure. I don’t want to remove Safari though,

I would be fine leaving Safari as well which is why I didn’t explicitly say we should remove it, it does have some nice features (like Lockdown Mode integration & Profiles), but I do think we should re-asses the criteria & I’d understand if we remove it in favor of a FOSS requirement.

That extension is the aforementioned advanced protection. A large amount of AdGuard’s functionality can be accessed with that disabled, though blocking things like YouTube ads does require it. If you check the permissions of all the other AdGuard listings in Safari extensions settings, you’ll see the lack of access to your web activity.

In the interest of keeping Site Development threads focused, could you please open another Tool Suggestions thread for this?

Thanks for the correction, edited my original post, wasn’t aware of that.