Why is Firefox for Android considered not private enough?
Is it because you can’t configure it with the about:config page?
What if I use ublockorigin hard mode on Android as well?
Thanks for your thoughts!
1 Like
The problem is security, not privacy.
You can.
It’s recommended to use the default settings for uBO if you don’t want to stand out and increase your attack surface.
1 Like
I just read the whole thread and my opinion is similar to others, especially Jonah’s points and also this one: Revise statements on Gecko browsers (Android) to make security shortcomings clear - #54 by ddsn
There is one thing I don’t understand, probably because of my lack of knowledge. If I understood correctly, using uBO hardmode increases my fingerprinting (stand out and attack surface). Why using Brave and changing all sorts of settings wouldn’t, then?
1 Like
It would and does stand you out.
This seems contradictory then: Revise statements on Gecko browsers (Android) to make security shortcomings clear - #65 by SkewedZeppelin
I know it’s a pain to use hard mode on uBO, but I don’t mind being it a pain for a month or two until no page breaks anymore. I also feel like for a security stand point, that would be the best recommendation no?
The issue would then be fingerprinting, but I don’t understand how Brave is better when you have to tweak settings (and thus making you more stand out) then Firefox + uBO hard mode?
Thanks for your inputs!
Yeah, sure, use whatever you want; just understand the risks you’re taking.
Some people, like @sha123 are purely technical and operate on facts, and I think it makes sense to listen to those and not opinions.
My personal opinion is that Jonah and the others downplay the lack of security of Gecko-based browsers, and there is some bias involved just because Mull is Gecko-based and Chromium is a spooky boogeyman that will take over the world.
On the other hand, Mull is the best Gecko-based browser, and it makes sense to have it on Privacy Guides so people who choose to be ignorant about the security issues can pick the best possible choice and not just vanilla Firefox.
2 Likes
Obligatory reference: Firefox and Chromium | Madaidan's Insecurities
This was last updated in 2022 but still contains many relevant points today.
2 Likes
I’ve adjusted my browser according to my preferences, mainly based on the suggestions by him and Privacy Guides. I think it doesn’t matter that much unless you’re using Tor Browser, like others said, it’s up to you to decide. Escaping from fingerprinting is almost impossible, so you know.
Do you want to have the best privacy and also support Gecko-based browsers? Use Tor Browser, and then use a proper Chromium browser for everything else.
This. Since Tor is not convenient for daily-use I prefer Brave, other than that Tor is the best option.
1 Like
I was using Cromite as my daily-use browser, but decided that Brave is is better for me as it has forgetful browsing. Cromite doesn’t have bloats unlike Brave, that’s a positive point for Cromite. I also love the dev too, he’s active and always tries to answer every issue
@Lukas I like to go by facts too. From my understanding, the security risk of using Firefox is linked with navigating on “unknown” websites and a script running when you visit that website that could attack you (I’m summarizing from my readings on the other thread).
I understand lot of people don’t want to recommend uBO hardmode because it brakes pretty much every website in the beginning.
But if I am willing to make this sacrifice, and live with site breakings for one or two months, wouldn’t that be the “best” recommendation to make?
Thus, aside from fingerprinting, the security part would be covered?
Also, am I correct in my assumption that using uBO hardmode or changing all sort of settings on Brave as per this makes you stand out either way?
Pinging @sha123 as well.
Thanks to make me understand my lack of knowledge on the matter.
to be honest, you’re probably standing out already (i don’t think theres many fingerprinting protections on vanilla firefox for android compared to hardened browsers - see Browsers - DivestOS Mobile). so i dont think the downside is big enough to warrant not using it.
my reason for not using hard mode is that its too inconvenient, but it is a tradeoff.
although, i would recommend using mull over firefox for android. but not sure what @SkewedZeppelin thoughts are on hard mode for ublock
1 Like
also worth reading 3.3 Overrides [To RFP or Not] · arkenfox/user.js Wiki · GitHub
1 Like
How do you know in advance which first- and third-party resources can be trusted and can be safely whitelisted? Also why make your life more uncomfortable than needed?
Security measures in browsers are there to protect you independently of that, because you can’t know that for sure for every resource.
Nothing has changed since then. I stand by my point made in the proposal and wrote a lot to explain it.
1 Like
Security by badness enumeration has never worked, doesn’t work, and will never work. You need strong, systemic security and privacy features that protect you regardless of whether the site or a script is malicious or not.
Most of the time, either akamai related scripts, cloudfront or google.com (recaptcha) scripts will break websites. It’s a pain in the beginning, but really not that bad when you see the patterns. It’s also a learning exercise and eye-opening for me to get control on each tracker. It also gives me a sense of how much a certain company really cares about user privacy. I will even make financial decisions based on that fact alone. And it provides great security on top of that as well as privacy (so many websites work well with so many trackers off, it’s shocking). So, there are many reasons as to why I do it.
Interesting read. From what I understand, except using Tor or waiting for Mullvad Browser to have more users, it’s impossible to really protect against fingerprinting.
I have already another open topic on that though here
What is badness enumeration?
The way Ublock Origin’s dynamic filtering works is that you use noop rules instead of allow rules, which means that even if you noop a potentially malicious script, you won’t be automatically exposed because noop rules don’t override static filter lists. I would recommend reading Ublock Origin’s official documentation where this is explained in more detail.
Blocking third-party iframes or scrips by default is not security by badness enumeration. Relying on filter lists would be.
I know how it works.
2 Likes