Privacy on the Internet is important because privacy risks range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Many companies, such as Google, track which websites people visit and then use the information, for instance by sending advertising based on one’s web browsing history. Sometimes prices on products are changed on the same website, depending on tracking information, and two people may view the exact same product on the exact same website yet be presented with very different prices.

  • CarrotsHaveEars@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    3 years ago

    While FF forks are good for privacy, I refuse to blindly trust them. I understand they are still open source but I doubt there are as many people as those who are actively reviewing FF’s code. I’d rather let FF do the telemetry (if I’m too lazy tweaking it) than some malicious code accidentally went into its more privacy-focused forks.

  • remyabel@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    3 years ago

    Librewolf should not be bouncing around on the Internet without the user explicitly asking it to do so.

    I find this argument to be too extreme. Librewolf already acknowledges that it still needs to connect to some essential services but tries to minimizes which. content-signature-2.cdn.mozilla.net for example is necessary for OCSP (and HTTPS) to work, I’ve seen some blocklists block it in the name of “blocking telemetry” but it causes massive breakage. Just listing domain names isn’t a very useful argument.

    • kixik@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      3 years ago

      Well, FF + Arkenfox, which is well regarded, doesn’t get rid of FF binary blobs. Librewolf does, and for the things the author complains about on Librewolf, can be tweaked, as they can be on FF. Being in favor of tweaking FF and discarding Librewolf sounds wrong to me. Librewolf reduces quite a bit the amount of tweaking, leaving you with a saner default than FF, its tweaks are based on Arkenfox, and you can still modify Librewolf as you wish. So I don’t agree with just discarding Librewolf, or any other FF derivative browser. Granted they all depend no FF’s success to keep on going, but they do have an impact on what the user is left out to tweak, and besides, they might, or might not (Librewolf does) remove binary blobs, which in the end you never know what they might do…

      • Seirdy@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 years ago

        The problem is that your offline CA stores won’t use OCSP revocation logs or certificate transparency. You need live updates for those. The latter is especially important, as without it you’re completely dependent on one group of CAs.

      • Jama@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        3 years ago

        Usually not so fast, download a list is still needed (e.g. if there are security problems with some CA). IMHO, a completely “mute” browser isn’t necessarily good, but of course every connection should be explained

        • Seirdy@lemmy.ml
          link
          fedilink
          arrow-up
          1
          ·
          3 years ago

          If you’re concerned about your browser “phoning home”, you can find out exactly what it’s chattering about using key logs and a packet sniffer (I recommend Wireshark or derivatives). Key logs are required for decrypting TLS traffic, and Firefox + Chromium support them.

        • Echedenyan@lemmy.ml
          link
          fedilink
          arrow-up
          0
          arrow-down
          1
          ·
          3 years ago

          Idk in which place that is not fast. Maybe if you don’t make maintenance to your OS very often.

  • PathOfSeg@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 years ago

    Considering the amount of conflict of interests and scare with using browser, I think the only, least risky way is to use someone else’s internet to browse or to use TUI browser.

    Then again, a non-programmer (i.e. me) would be having difficulties in removing privacy and security threats. For each exploit patched, I’d reckon there would have been dozen more circulating around the dark net. It’s a worry that has been looming behind my head. I think one of the more important aspects of security is to know what you are up against. It’s far easier to be secure on the internet if your goal is defined as “not being hacked by script kiddies” rather than broadly defining “government-agency sponsored, state-level threat” stuff.

    As long as you’re not a billionaire, I think the minimum steps to undertake is to limit your use of the internet. Kinda scary for a layman like me to see the internet and see everywhere that each click can get you hacked. Again, that sort of stuff would most likely apply to high value targets anyways… which I am not.

    • Seirdy@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      3 years ago

      The safety of TUI browsers is a bit overrated; most don’t do any sandboxing of content whatsoever and are run in an unsandboxed environment. Both of these are important for a piece of software that only exists to parse untrusted content from the most hostile environment known (the Web).

      Check a CVE database mirror for your favorite TUI browser; if it has a nontrivial number of users, it’ll have some vulns to its name. Especially noteworthy is Elinks, which I absolutely don’t recommend using.

      Personally: to read webpage from the terminal, I pipe curl or rdrview output into w3m that’s sandboxed using bubblewrap (bwrap(1)); I wrote this script to simplify it. I use that script to preview HTML emails as well. The sandboxed w3m is forbidden from performing a variety of tasks, including connecting to the network; curl handles that.