Zen Browser

bitosi · March 13, 2025, 6:19pm

The “practicality” of the issues, is that i and many others want the best privacy/security tools not something that’s “only slightly shitty” and have no good arguments for why using them is beneficial over the seemingly superior options.

TheDoc · March 13, 2025, 6:19pm

That’s totally fair, I was just trying to clearly lay out what the situation would be for those who chose to go against PG recommendations and use Zen instead. It looks like you know your stuff so apologies if my answer sounded patronizing.

For what it’s worth, it seems like the wording used was legally required of them by regulators. Mozilla totally failed in communicating why these changes were made and they should work to avoid causing panic in the future. My concern is if Firefox loses enough users, they will have a much more difficult time bringing in money and may collapse. This would take down all the Firefox forks with them. Not just LibreWolf, Zen Browser, and Floorp Browser, but also extremely important browsers like the the Tor Browser and Mullvad Browser.

ImTooPhaT · March 14, 2025, 5:18pm

If Mozilla has to share user data with any third-party companies, maybe that’s an example of “selling” data in some jurisdictions. My concern is that because they changed their ToS, they don’t have to abide by their ethics. So Mozilla can tell us that they would never sell our data, but if they do, it would still be within ToS. That’s why clear communication is important, and as you say, they failed.

Maybe this is the worst assumption made in bad faith, but I can’t trust anyone (not even myself) to interpret what Mozilla can do with our data. And because I may not keep up to date with whatever Mozilla is doing, it seems like a safe bet to avoid Mozilla products altogether.

Lets say Mozilla’s reputation is squeaky-clean and they’re not a controversial company, hypothetically, everyone who uses Firefox could still switch to a fork. What would happen then?

My understanding is that if Mozilla shuts down as a company, the source code would still be available, but it would have to be supported by the community. Isn’t that why Tor and Mullvad browsers are recommended over Librewolf? Because Tor and Mullvad are maintained by the Tor project whereas Librewolf has to get updates from Mozilla? At least that’s my understanding.

But I don’t think this would happen because there would be a lot more conversations about support Mozilla to keep Tor afloat. It seems like a lot of people who are anti-Mozilla are switching to Firefox forks rather than any Chromium browsers. And I think what’s more likely to stop Tor is if every government followed China’s example and blocks Tor.

TheDoc · March 14, 2025, 5:33pm

All Firefox forks are dependent on Mozilla to maintain the browser base. This includes basic browser functionality as well as security patches. The Firefox forks make various modifications or additions to this Firefox base, but I doubt they make frequent significant contributions upstream.

If Mozilla collapsed it very well could mean the end of Firefox and all their forks. It might be possible if all the Firefox forks got together to try and keep the final version of Firefox alive by patching important bugs and vulnerabilities, but I’m doubtful they’d be able to really move the browser forward. Mozilla already struggles to trail behind Chromium when it comes to supporting certain features so it’s very doubtful a rag tag coalition of forks could replace Mozilla in that work.

The best we could hope for in such a scenario is that a much larger organization comes in to help maintain and advance Firefox or whatever it’s successor would be. The only organization I have in mind that might be suitable could be The Linux Foundation but they might not have the resources for such a massive undertaking. It’s important to remember that modern web browsers are essentially as complex as operating systems and maintaining them requires plenty of resources.

jerm · March 22, 2025, 5:10pm

github.com/zen-browser/desktop

Telemtry and privacy issues with the browser

opened 12:41PM - 01 Mar 25 UTC

closed 11:08PM - 01 Mar 25 UTC

muzzah

### Captchas - [x] I have read the instructions. - [x] I have searched existing… issues and avoided creating duplicates. - [x] I am not filing an enhancement request. ### What happened? There are multiple privacy and telemtry issues with this browser. Please see the discussion forum for people raising these issues. It seems telemetry is very much still enabled (not just a we missed some things problem). Can we please get an explanation since you prominently market this browser as privacy focused? The documentation also does not detail anyrthing about what this browser does regarding things like fingerprinting. Either be very transparent about what you do and how you do it or please refrain from saying your privacy focused when it seems the browser is not. ### Reproducible? - [ ] I have checked that this issue cannot be reproduced on Mozilla Firefox. ### Version 1.8.2b ### What platform are you seeing the problem on? macOS - aarch64 ### Relevant log output if applicable ```shell ```

Unfortunately, the Zen Browser dev team has demonstrated both an unwillingness to engage with legitimate privacy concerns and a worrying level of technical incompetence in handling default preferences that directly affect browser’s security.

The lack of basic browser security practices is clearly illustrated by the remote debugging backdoor issue. By enabling Remote Debugging by default while explicitly disabling connection prompts, the maintainer created a serious security vulnerability. This configuration change opened an attack vector that malicious actors could exploit for remote code execution.

Sadly, these fundamental security mistakes, combined with the dismissive attitude toward user privacy are concerning issues that undermine my trust in the project as a whole. Users deserve a browser built with security and privacy as foundational principles, not as afterthoughts.

github.com/zen-browser/desktop

Comment by celenityy - Disable remote debugging by default

main ← celenityy:patch-1

@mauro-balades I (respectfully) disagree with your characterization of events. … > This config was NOT because of un-experience. Your statement directly below contradicts this: > Maybe I underestimated the actual risk of this? Yes, but again, it was probably on the first month of development, we learn from our mistakes How was this not `un-experience`? You yourself stated that it was early in development and that you underestimated the risks. Your [original reply](https://github.com/zen-browser/desktop/pull/927#issuecomment-2310910379) to this PR was even: > I thought it just allowede easier debugging, sorry This is `un-experience` by definition. > It was enabled due that zen was still a toy project and we needed people to easily open the debugger for easier bug fixing. This was due because zen was not in a daily drivable state and didn't gain any sort of popularity yet No, this *was* when Zen started gaining popularity and was being daily driven by people - which is how I found out about the project and filed this PR. > so we can now provide the most private and secure experience we can. Thanks Zen Browser still has major [privacy and security deficiencies](https://codeberg.org/celenity/Phoenix/wiki/Comparison) when compared to other projects of a similar nature, and it's even less private and secure than stock Firefox. For instance, you [exclude random social trackers from ETP](https://github.com/zen-browser/desktop/blob/dev/src/browser/app/profile/zen-browser.js#L280) and [allow unsigned extensions by default](https://github.com/zen-browser/desktop/blob/dev/src/browser/app/profile/zen-browser.js#L258). This is a major problem when you market your project as `privacy-focused` and make claims like this. I'm disappointed Zen still hasn't improved on this area ~7 months later. :/ Please stop misleading users. ___ I'm assuming that attention got brought to this PR and that you're under a lot of pressure, and my intention isn't to add to that. I just feel like at best you're forgetting what happened and unintentionally misrepresenting it, or at worst you're being dishonest to save face. I do hope that it's the former because I'd like to see Zen succeed - I do stand by my original points that I think Zen has a lot to offer in terms of customization, so it's unfortunate to see issues like this.

Zen Browser still has major privacy and security deficiencies when compared to other projects of a similar nature, and it’s even less private and secure than stock Firefox. For instance, you exclude random social trackers from ETP and allow unsigned extensions by default.

GorujoCY · March 22, 2025, 5:23pm

mm ouch
this is why we would definitely wait for the stable release. Should also warn the techlore community I guess
Edit: I took a look and I agree with the community that said it looks exaggerated, I would if possible just wait for concrete information or otherwise someone post one. It’s concerning but we also have to discern that this could actually just come from the stock Firefox itself and we recommend it with tweaks so and what actually comes from zen or doesn’t come at all.

certainty · March 24, 2025, 9:39am

Zen browser is better in UI/UX. Recommended configuration for Firefox can be applied to it.

Here are few issues I faced in Zen browser with Arkenfox

Arkenfox user.js can be applied but Zen comes with Betterfox ootb. So we need to know what is applied in it from Betterfox.
It comes with additional fonts which adds another fingerprinting(FP) vector.
Afai tested user_pref("security.nocertdb", true); FF didn’t allow me install extensions with caution label but Zen installs them without blocking due to broken certificate manager.

Again it has nice UI/UX but how far the developers are willing to make it privacy friendly depends on them and the users.

Average_Joe · May 5, 2025, 9:23am

Is this really true? I’m still researching Zen browser before I install it.

GorujoCY · May 5, 2025, 9:28am

no not really, should be fine if you want to use it really, as @certainty said, you can apply the recommended configuration, and maybe you can try applying Arkenfox on it.

bitosi · May 5, 2025, 9:49am

Yes, it is.
Its not a privacy focused browser. It rather focuses on improving UX. You have much better options like Mullvad Browser or Brave.
Depends on what you want though. But since you’re in this forum, i think MB or Brave will serve you better.

xe3 · May 5, 2025, 5:56pm

I don’t agree with the overly black & white, negative tone of their coments, but yes, stripping away the commentary/loaded language and focusing just the substance of what Bitosi said, I don’t think they are wrong:

“~~Zen is literally just firefox based slop~~ with zero real privacy/security work being done on it.”
- This is true as far as I know. Zen as a project has no focus on or comparative advantage in security or privacy. It’s security and privacy attributes are derived from two projects (1) Firefox itself (2) Betterfox, which is a hardening template for Firefox settings similar to but a bit more relaxed than Arkenfox.
“Zen is focused on improviing UX”
- That does seem to be where they are devoting the majority of their time/attention. From what I’ve seen, virtually all of the changes they make that are not attributable to upstream Firefox settings relate to UI, UX, and design related features. (and there is nothing wrong with that)

GorujoCY · May 6, 2025, 7:05pm

Thanks for that, that was the point of disagreeing, it wasnt the explaintation it was the exaggerated tone.
I still wonder if you can replace betterfox on it with arkenfox honestly.
but this exactly.

Topic		Replies	Views
Ladybird Browser Tool Suggestions waiting	42	4456	January 17, 2025
Servo Browser General software	5	727	March 1, 2025
Floorp (Desktop Web Browser) Tool Suggestions	14	5409	September 16, 2024
IronFox (a new Mull fork) Tool Suggestions waiting	36	14553	May 7, 2025
Is it good to use Vivaldi over Brave? Questions	5	1521	August 22, 2023

Zen Browser

Related topics