What a doozy of a bad-faith response. People are just asking honest questions. Of course people understand that the safety level affects the fingerprint, but it was implied that having these three pools of users was fine.
Saying ‘safer’ should “die” while gatekeeping the knowledge of why and refusing to elaborate contributes absolutely nothing. See Hitchens’ razor. Also, from a purely logical standpoint, I cannot understand the harm in the safer mode; surely disabling JIT is better for security, even if it is not foolproof. These types of compromises are made in security all the time. Given that, and the minimal breakage of ‘safer,’ why should these saner settings not be made the default?
I simply asked a clarifying question to know what exactly the default settings were. This allowed me to confirm my settings were aligned with the “default” since the release notes and gitlab issue were completely unhelpful in this regard. Both resources simply use the term “default” without providing guidance what that value even is. For all I knew it was “Safest”.
I also shared an opinion that long term I suspect these options will be removed entirely. This is not unprecedented in the browser space.
Oh I am aware. But considering the setting is getting moved into the background would make it seem that it undesirable for people the change the setting, and I was personally just curious about the thought process behind the move, thats all :).
Out of curiosity does, does Mullvad (or the Tor Project if applicable) have any insight or vague idea of the approximate size of the the Mullvad Browser userbase?
I assume that precise metrics are difficult or impossible without at least some basic telemetry, but there are various roundabout ways to get a rough idea. When working through design decisions like this one, do you have any working assumption of the approximate size of the userbase?
Should be noted that js adds a lot more vectors for fingerprinting
the fact that users are discouraged to change the setting brings harm to people who have to use safer/safest, as these people now have a smaller crowd to blend in
The only metrics we have are number of download of the installers (and updaters, though we don’t currently track this one) and update ping (basically a specific file is downloaded when there are no update available).
The update ping is sent when the browser starts and after some time, when the browser has been opened for a specific amount of time I don’t remember.
I am curious what threat you’d be concerned about where it would make sense for you to change the setting to Safest in Mullvad Browser, but it wouldn’t make sense to use Tor Browser or Whonix.
I think most who would prefer safest mode would use Tor Browser. But I think there is probably a tiny minority of people who are interested in a (somewhat extreme) level of security, but who don’t prioritize privacy or anonymity to the same degree. But realistically these people are unlikely to be using Mullvad Browser in the first place.
its a bit muddier/more complicated when comparing ‘Standard’ vs ‘Safer’ mode. But ultimately Mullvad Browser must have (and always has had) a default. And I think ‘Standard’ mode’ is the option that is the best fit for the largest % of their userbase. People with a strong preference for something else are not prevented from choosing their preference in GUI settings like we’ve always been able to do.
Wouldn’t it be a reasonable assumption that in edge cases like this, that this person (Journalist, filing personal taxes) would be much more likely to use some fairly typical flavor of Chrome/Chromium in this scenario, or Safari + Lockdown mode. It seems like we are reaching for examples that fall well outside the class of threat models MB is designed for.
Yeah, probably. My point was more that I’m sure someone out there has a good reason for using Mullvad Browser in the safest mode, even if my hypothetical didn’t make much sense.
Votes are anonymous.
Security but not anonymity.