Mullvad Browser provides the same anti-fingerprinting protections as Arkenfox out of the box, and does not require the use of Mullvad’s VPN to benefit from these protections. Coupled with a VPN, Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot. Arkenfox still has the advantage of being much more flexible, and allowing per-site exceptions for websites which you need to stay logged in to.
(Emphasis not in the original.) Then it would make more sense to recommend only FireFox + ArkenFox and not the MullvadBrowser because of the security fix delay of 1,5 Days MullvadBrowser vs FireFox Release QUickness.txt (3.2 KB). But that’s not the case. Why?
Some people might think:
“Didn’t you read the whole text you cited? There’s a passage that says: ‘Mullvad Browser can thwart more advanced tracking scripts which Arkenfox cannot‘!“
“Why do you ignore the next few words after your emphasis? Mullvad Browser provides the same anti-fingerprinting protections as Arkenfox out of the box! So it’s recommended for people who can’t configure FireFox with ArkenFox!“
I wan’t to counter these objections to this question:
That’s correct, but it says also Coupled with a VPN. So it’s advanced tracking scripts thwarting is a feature which the Browser gets with and only because of its VPN, not because of the Browser. Privacy Guides could just recommend using FireFox+ArkenFox with a VPN and it would be the same in that point.
Users who can’t configure FireFox with ArkenFox shouldn’t use MullvadBrowser because they can’t deal with broken websites (MullvadBrowser often break websites because of resistFingerprinting, Strict Enhanced Tracking Protection, disabled WebRTC etc. etc.). Instead, they should use Brave or FireFox with the Recommended FireFox Configuration.
To be clear. Mullvad browser is intended to be used with a VPN (it does not have to be Mullvads). It is not recommended to use it without one. Its odd to get stuck on this “coupled with a VPN” caveat as it should be assumed you are using a VPN if you use Mullvad Browser.
EDIT: adding quote from Mullvad FAQ for clarity.
The difference is the network used to access the internet. Tor Browser connects to the internet through the Tor Network. The Mullvad Browser is instead designed to be used with a VPN.
Sure, but it’s more or less a binary when it comes to naive scripts: either you are protected against them or you are not. The point is that you are protected against them the same in either case. Mullvad Browser also has protections against more advanced trackers.
I don’t think that’s accurate to say, you can protect specific values but saying you’re protected vs not protected doesn’t really make sense. You could spoof your canvas values for example but your real timezone might be exposed still.
Nobody should use Brave, honestly. The number of fingerprints Brave doesn’t cover is too high, especially after they removed Strict fingerprinting protection. Comparing this to Mullvad should be ragebait.
Browser recommendations definitely should be rephrased to avoid being misleading. Mullvad has more fingerprinting protections, Arkenfox has fewer, and Brave has even fewer. They’re all different.
My understanding is that Brave dropped strict partly because, when you go ham on anitfingerprinting in Brave, there is a scenario with protections up too high, you stop blending into anything and turn into a weird outlier. Which ironically, causes you to get fingerprinted.
At that point, the whole thing backfires and you become easier to separate from everyone else. So Brave shifted to a more balanced way about with a hybrid model where some things are standardized to blend into a larger crowd, and other values get randomized through farbling.
Form the way they described it, that actually made their antifingerprinting stronger, not weaker, even if it obviously still doesn’t operate on the same extreme level as something like Mullvad.
I don’t understand how this was supposed to help. The browser doesn’t protect against some important fingerprints. The browser has a market share below 1% and a unique user agent, with some users using default settings, while others use recommended or custom ones. Brave is still extremely easy to fingerprint, so I don’t understand who people are trying to fool by using this browser, especially VPN users using this browser. https://github.com/brave/brave-browser/issues/35646 https://community.brave.app/t/brave-fingerprinting-protection-not-entirely-foolproof/616901
Arkenfox isn’t much better by default, depending on system settings. Websites can detect system regional settings and time zone, which on some devices are very unique. But here at least this can be fixed with RFP or RFPTargets.
Security is a different issue. Banks are the only things I use the Chromium browser for: Google Chrome with the MetricsReportingEnabled disabled policy, without using any Google online services. I won’t trust such things to a browser like Brave, with its reputation. https://github.com/RKNF404/chromium-hardening-guide
Sure, but what protections exactly? When you use FireFox+ArkenFox and set RFP on, where‘s the difference between MullvadBrowser except the security fix delay which makes FireFox+ArkenFox better?
Because there‘s a „crowd“? Well then it would be better to recommend FireFox+ArkenFox with RFP on with a VPN, because then it would be just the same but without the security fix delay?
