That surprised me, because other people who are also very privacy-oriented have said that using always-private mode ‘doesn’t provide any benefit over the default cleaning mechanism‘ (from FireFox ‘Clean Cookies and Websitedata when FireFox is closed‘). In fact, they stated even more: ‘Instead it introduces many regressions, as it doesn’t respect cookie exceptions and installed addons, while also being fingerprintable.‘ (Source for both quotations: Frequently Asked Questions – LibreWolf ).
And these statements are further supported by the facts that privacytests dot org, which provides open source privacy tests of many popular browsers, sais that all websitedata is correctly state-partioned in the Mullvad-Browser, so every website gets its own “websitedata-jar“, which means that even if you would allow exceptions from websitedata erasing by closing the browser, no data would be shared through websites, only the one website with the exception could store and view first-party permanent browsing data, which brings you the big benefit of the ability to stay logged in certain websites you want.
So, what is the benefit, the meaning of the Mullvad-browser to set the always-private mode on instead of using the FireFox Websitedata cleaning mechanism, when it brings only benefits?
And why prevents always-private Mode “advanced forms of tracking” compared to the FireFox websitedata erase mechanism?
I’m not really good at english, sorry for mistakes.
While purely AI generated content is not permitted on this forum, I think its okay to have your own written up version + an AI version that fixes the poor English we can better understand what you mean (though do make sure the AI version is also accurately describing what you wanted to say.
I’m sorry, but I’ve read your post a few times today but I still don’t gather everything thoroughly. Please redo it if you can/are able to.
Is my English so bad that I sound like AI? I really did that question on my own!! Maybe I sound like AI because I read a lot of AI-stuff per day?…
Anyway, essentially, the question is: The Mullvad Browser enables the always-private mode by default. (Go to about:preferences#privacy and there’s “Use always private-mode“ by default checked.) And FireFox does have another cleaning mechanism to erase websitedata on closing, which is under about:preferences#privacy and there should be a checkbox named “Delete cookies and site data when Mullvad Browser is closed”. And with “Delete cookies and site data when Mullvad Browser is closed”, you can manage exceptions (websites that are allowed to store first-party cookies and websitedata) and stay logged in this way in certain websites you want. So that’s a big benefit of using this “Delete cookies and site data when Mullvad Browser is closed” instead of using “Use always private-mode“, where you can’t allow exceptions. Here comes the essential question: Why does Mullvad Browser enables this always private-mode by default and not instead this checkbox “Delete cookies and site data when Mullvad Browser is closed” where you can allow exceptions?
No you misunderstand me. I meant your English to is not good enough for me to understand so you could use AI to improve it and post again alongside your original version of the same post - in order for us to understand better what you’re trying to say.
Because Mullvad Browser’s use case is primarily for ephemeral browsing and not for everyday use for all your browsing needs/use cases. Mullvad Browser’s primary feature is to be fingerprint resistant as much as possible.
It is built different for a different purpose. That’s why there are a few differences between it and Firefox as it is developed with the Tor browser team.
I understand that the Mullvad Browser was designed for maximum fingerprinting resistance, but they still didn’t build in unnecessary things that don’t even make fingerprinting harder! In this case, it seems to me like something 100% unnecessary that you can’t make cookie exceptions, because cookie exceptions for specific websites wouldn’t increase your fingerprint at all thanks to FPI (First-Party Isolation)!
I see what you’re saying. And yeah, a use case for exceptions would be great but that’s not the case today.
Good news is, Mullvad Browser is developing more options to make the browser viable for everyday use including what you’re asking for. So I’d just say wait it out. They’re working on bettering it a lot.
But what more could they have done when you say this
But if there‘s really no privacy/security-benefit from using always private-mode, why sais Privacy Guides in the desktop browser recommendations, using always-private mode “prevent advanced forms of tracking“ (Privacy Respecting Web Browsers for PC and Mac - Privacy Guides)??
Private browsing helps prevent tracking by ensuring site data is wiped. Every time you start the browser, it is effectively a clean slate (other than stuff like bookmarks). If you want to retain some data, then obviously you should not use private browsing. The onus of course is then on you to carefully select what sites you find acceptable to retain data. Mullvad Browser is really meant for situations where you don’t want to retain anything. To me, it sounds like you want either hardened Firefox or LibreWolf.
Yes, but “Delete cookies and site data when Mullvad Browser is closed” would do the same except you would be able to manage exceptions. So why recommend Privacy Guides it when “Delete cookies and site data when Mullvad Browser is closed” is just the same but better?
Let’s say you used YouTube before it was bought by Google. Perhaps signing in was unpleasant. Perhaps the page wasn’t loading quickly because it was poorly designed. Either way, you decide to retain cookies and site data for it. This may be fine since the owners don’t care to track you. Maybe they track you but you trust the owners to be “good.” One day, Google buys YouTube. Now, because you have made an exception for YouTube, every time you use the browser, Google is able to track you and link your activity across browsing sessions. This is the sort of thing private browsing prevents. It prevents accidental exposure.
If you need to retain site data, just use a different browser that you know may accidentally allow tracking. Or simply accept that you may get tracked and don’t bother worrying about it.
That’s a very specific case, but yes, in that case, always private-mode would be better. But I’m pretty sure that is not what is meant by Privacy Guides when they wrote that “permanent private browsing mode […] is required to prevent advanced forms of tracking“ ( Privacy Respecting Web Browsers for PC and Mac - Privacy Guides ), because buying a website is not an advanced form of tracking.
Mullvad Browser is basically just the Tor Browser with a few changes. And I am sure Tor tweaks any issues you mentioned. If Tor didn’t properly sanitize, it would have been discovered
Like I said in my other reply, it is being used because Tor Browser uses it and they share a lot of the same codebase. This will change with the new Persistent mode feature. Tor Browser uses it to avoid writing anything to disk.
Thank you! That answers my question, why Mullvad Browser enables always private-mode by default!
But there‘s another important question left: Why does Privacy Guides recommend using always private-mode if there‘s a better option? [Privacy Guides wrote that “permanent private browsing mode […] is required to prevent advanced forms of tracking“ ( Privacy Respecting Web Browsers for PC and Mac - Privacy Guides )]
This is not even true - thanks to Total Cookie Protection, also known as First-Party Isolation (FPI), only the website you‘ve made the exception for can view and store permanent websitedata, and even that site can view only the websitedata he wrote himself, as I said before. So Google is not able to track you „every time you use the browser“, only if you visit YouTube, and even then very limited because YouTube can‘t view the Cookies and WebSiteData other websites created.
And as said before, I think, this thought experiment also isn‘t the answer to my question:
This is not even true - thanks to Total Cookie Protection, also known as First-Party Isolation (FPI), only the website you‘ve made the exception for can view and store permanent websitedata, and even that site can view only the websitedata he wrote himself, as I said before. So Google is not able to track you „every time you use the browser“, only if you visit YouTube, and even then very limited because YouTube can‘t view the Cookies and WebSiteData other websites created.
If Google owns YouTube, they can easily track you on YouTube across browsing sessions if you save site data. FPI does not do anything in that specific case.
Addtionally, if they own multiple sites or have scripts that get embedded everywhere (which Google of course does), while they won’t be able to directly track you across websites through shared cookies or whatever, if they do something like create a unique identifier stored locally by YouTube (or you just sign in) and you access it during a given session, they could store info about your device (IP, browser, etc.) server-side and potentially track you across websites on their server. Of course, it’d obviously be more error-prone since they’d be relying on more coarse information for the non-YouTube sites.
I’m pretty sure that is not what is meant by Privacy Guides when they wrote that “permanent private browsing mode […] is required to prevent advanced forms of tracking“ ( Privacy Respecting Web Browsers for PC and Mac - Privacy Guides ), because buying a website is not an advanced form of tracking.
I like how you’ve ignored the second half. Anyway, believe what you want to believe at this point. FPI is not some magic bullet that instantly evaporates Google’s (or Meta’s, or any other company with trackers everywhere) to track you across sites no matter what you do.
Sorry, but I really don’t know which second half you mean. I try to understand what you’re saying as best I can, and I know that FPI is definitely not a magic bullet that solves all privacy problems. Could you please tell me what you mean by the second part?
I really did that question on my own!! Maybe I sound like AI because I read a lot of AI-stuff per day?…