I couldn’t find any recommendation on this medium’s recommendations page or in Mullvad’s own FAQs and blogs that the Mullvad Browser should only be used for general browsing. It is mentioned that the browser is designed to run in private browsing mode at all times. Mullvad VPN | Privacy is a universal right
In fact, this medium’s browser recommendations also recommend that the Firefox and Brave browsers be configured to run in private browsing mode at all times, but it is also noted that an exception setting can be made for sites where users want to remain logged in between sessions.
I use three browsers: Zen, Helium, and Mullvad.
I use Startpage, Perplexity and Google. I use one profile in Zen with different Firefox containers. Helium which is used for websites that doesn’t work perfectly in Firefox, and it is light and fast. I use Mullvad browser so that I can access websites that I don’t visit regularly, and which I don’t trust. It also has an kill switch. Mainly Zen browser, then helium for fast and light usage.
At a minimum, a password manager should be included to make browsing a bit more convenient.
Right, you can make exceptions to stay logged into websites if you want and that’s fine if that what you want to do, but that will make you stand out from the crowd of users just like anything else you change about the browser. I wasn’t saying that it wasn’t possible to stay logged into certain sites, only that when you do that, you’re hurting your privacy because of how Mullvad tries to keep you in the same crowd.
Using Mullvad for general browsing only is they only way other than the tor browser to protect yourself against advanced fingerprinting. No other browser can do that, which is why it’s better to use one of the other browsers to stay logged into any sites.
Zen Browser:
Decent privacy-respecting browsing. One container for regular accounts; another container for browsing. Extra extensions. Intended for productivity and ease-of-use.
Mullvad Browser:
Privacy-enhanced browsing. Anonymous account logins. No extra extensions. Regular and private windows for multiple context browsing, and/or a refreshed identity for new contexts.
Tor Browser:
Fully anonymous browsing. Anonymous account logins, one per session.
Brave Browser:
AI and backup browsing. Leo AI usage. A non-Firefox backup for loading broken web pages.
(Note: My setup is still evolving. It’s not perfect by any means. For instance, I’m figuring out best use cases for Mullvad currently. Should I login using multiple accounts in one session? Does regular and in-private browsing offer containerization? What’s the best way to enter passwords? These are just some of the questions on my mind.)
2 Likes
- Tor: general surfing / anonymous browsing
- Mulvad: Want to use Tor but need lower latency
- Brave: de-anonymized, logged-in account activity
- Vanadium/Trivalent: secure account activity, credit cards or sensitive information
- Firefox: your shitty website or payment portal refuses to work without rawdogging 1000 trackers but I can’t go without this service
- Edge: Work computer daily driver
7 Likes
What’s the current oopinion on Cromite? Has it improved from, say, 6 months ago?
Cromite is not a security-focused browser. Cromite has some problematic changes included which reduce privacy and security. For example, it includes the Eyeo filtering engine which has all the issues of Brave’s adblock-rs but is written in C++ (so memory unsafe), essentially increasing the attack surface massively. Additionally, Cromite enables Manifest V2 Extensions in full, which adds a lot of additional attack surface over Chrome/Chromium. So they add a very risky adblocking engine to avoid extensions, but then enable MV2 likely for the purpose of content blocking, which results in adding a bunch of attack surface with only the benefit of one or the other. With that said, the developer does seem very receptive and transparent to change for issues raised about Cromite.
Cromite also does not enable CFI on Android. It used to, but it caused issues.
Cromite, from what I have seen, is in the same spot as Brave. It doesn’t improve that much on-top of Chromium security-wise, mostly just a vague privacy and freedom promiting way. It has many of the same flaws as Brave and not as many of the same benefits. I wouldn’t call the browser security-focused currently, nor do I see a reason to use it for improved security over something like Chrome or a decent Chromium build.
1 Like
So?
Bro doesn’t speak highly of actually solid browsers so I’m not sure on what to make out of it….
Personally, I think that when we log in to an account with any browser, we already become as unique a user as possible. I also don’t think there is a large crowd that looks exactly alike. This is because there are different operating systems, different security levels, and different VPN providers, and there are even users who don’t use any VPN.
I think that if the Mullvad Browser was designed to be used only for general browsing, this should have been clearly stated in the support or FAQ pages. I don’t think there’s any downside to users using the pre-tweaked Mullvad Browser as they wish without changing the default settings. That way, they also hide their real time zone from websites. If the Arkenfox hardening is not installed, Firefox does not hide the operating system time zone from websites, just like Brave.
There is even a Tor support entry that mentions this very thing. It does not explicitly state here that Tor Browser should only be used for general browsing.
Logging in over Tor
Although Tor Browser is designed to enable total user anonymity on the web, there may be situations in which it makes sense to use Tor with websites that require usernames, passwords, or other identifying information.
If you log into a website using a regular browser, you also reveal your IP address and geographical location in the process. The same is often true when you send an email. Logging into your social networking or email accounts using Tor Browser allows you to choose exactly which information you reveal to the websites you browse. Logging in using Tor Browser is also useful if the website you are trying to reach is censored on your network.
When you log in to a website over Tor, there are several points you should bear in mind:
- See the Secure Connections page for important information on how to secure your connection when logging in.
- Tor Browser often makes your connection appear as though it is coming from an entirely different part of the world. Some websites, such as banks or email providers, might interpret this as a sign that your account has been hacked or compromised, and lock you out. The only way to resolve this is by following the site’s recommended procedure for account recovery, or contacting the operators and explaining the situation.
2 Likes
I have switched this around now:
- I use Vanadium for almost everything now that I’ve got self-signed certs to work. It has built-in dark mode I enabled which is helpful. The main downside is no extensions so I cannot use libredirect
- IronFox I mostly only use to push webpages from FireFox on my computer. I have libredirect enabled along w/ BetterOpenWith, tho so when I click on a reddit link in my RSS app, it opens the privacy-friendly site in IronFox instead of the stock website w/ the trackers/clutter
Name three solid browsers, bro.
Personal computing - Ubuntu laptop (most things), iPhone, and a W11 Pro gaming PC,
- Browsers: hardened Firefox with containers and Ublock Origin for most things, Brave for anything that refuses to work in FF. On the phone I alternate between Brave and Safari. Brave is really good for watching YouTube on iOS.
- Search engines: Qwant, DuckDuckGo and Brave search, in that order
Work computing - a W11 Enterprise laptop provided by my employer
- Browsers: We are limited to Microsoft Edge or Google Chrome. I prefer Edge because it backs up settings to my account so if I ever have to log into a different machine I don’t have to go through and harden browser settings again.
- Search engine: DuckDuckGo
- With rare exception, I have a strict separation of work vs. personal computing and no personal work is touched on this machine.
1 Like
Firefox here, so everything works.
As a search engine, I use Kagi.