Mullvad and the Tor Project released a browser named “Mullvad Browser”. It is based on Firefox and is basically the Tor Browser without the Tor network, to achieve the goal, that every user of the browser has the same fingerprint without using the Tor network. Here is the blog site where they announced the browser:
i think its great, it voids the security argument for forks which typically have delayed updates, as its maintained by the tor project, and its config is solid out of the box since its tor. Though i suppose it might make you more fingerprintable, using the profile tor users go by, without tor. Depends on how many people are actually going to use it.
It seems interesting. I’ve tested it with Proton VPN and it works well, I’ve made some generic browsing and having uBlock enabled by default really helps usability against Tor browser. Fingerprint.com did return a different id at every restart of the browser, no dns or webrtc leaks detected.
It could be a nice middle ground between your everyday browsing and the anonymous browsing on tor and it could potentially make browser hardening useless.
Lets just see where this heads. But honestly it maybe good that a company with business model and larger user base is launching this. I think we all benefit from that.
Also forgot to say. I appreciate that Mullvad came from having a really non informed list of add-on recommendations before which i commented on a lot and now they seem to have taken a good direction.
edit (added from github issue): @jonaharagon I was going to ask what to we know about security patches on ESR are they delivered later than others? Delaying of features is not problem here.
I am also not sure it should replace arkenfox completely I still think arkenfox is a project that is worth to mention for advanced users with a complex thead model. Mullvad could possibly take up the spot at some point I think but it may also be good to be a bit slow in this and see how things will evolve first. I think you actually did cover the differences well.
I don’t think the arguments against LTS operating system releases are relevant here. Operating systems need to support a multitude of applications which all have wildly different release schedules than the underlying operating system does, and typically all an LTS operating system does is hold those application updates back in the package manager. A single application releasing an LTS/ESR version they maintain does not have the same issues, and receives the same security support as upstream.
Firefox ESR might be lacking features (which may or may not be security-relevant, Quantum for example) which are available in newer versions of Firefox, but now that we’re well past the Firefox Quantum release, I don’t think any of the features missing in ESR are things we care about?
Edit: It’s also important to remember that Mullvad Browser is a fork of Tor Browser and not a fork of Firefox ESR directly, so the only features that would be delayed are Mozilla-developed features. Tor Browser frequently (and currently) has privacy & security patches before upstream Firefox does, and as such Mullvad Browser would benefit from those regardless of Mozilla’s release schedule.
I do not think Mullvad browser should be our primary. Recommendation. The always private broesing mode means it will kick them out of their accounts on daily basis and letterboxing will not give them a very nice browsing experience.
I think it serves better as a secondary recommendation nexr to brave for users who know what they are getting in to.
I don’t necessarily think we should be making opinions about the desired user experience people have, that kind of falls under our guidelines at Threat Modeling: The First Step on Your Privacy Journey - Privacy Guides. If we’re only evaluating the order based on the technical privacy and security features, and the UX differences are clearly described and left up to user choice, then the proposed order in the PR makes the most sense to me IMO.
Well in my experience, most often we recommend stuff from more user friendly to less user friendly(roughly) same with the technical requirements being on the bottem of the page.
Which always made a natural flow for people to quickly look at the options they want, with more info for folks that are really interest further on the page.
The browser page is one of the first pages people visit. I am honestly afraid that they will blindly download Mullvad browser, have a bad experience, and become turned off by privacy friendly software in general.
I think that by putting Firefox on top, and Mullvad below that prevents that, while still listing both options.
I agree that most folks should first make a threat model, but the reality sadly is that most folks don’t so keeping in mind with the average user might want may not be a bad strategy.