Web Browser privacy
 

Can the Web brower I use know what websites i've bookmarked.
Example Firefox, Opera, Vivaldi, Chromium.

If by "web browser", you mean the browser developers (because the web browser obviously knows your bookmarks), then as far as Mozilla goes, relating to Firefox, the best answer I have is "not as far as I know" (even if you're using Firefox Sync which uses encryption for the data you hold).

In saying that, if you are using Firefox and you want to review the security of your data regarding Mozilla, you should read this: https://www.mozilla.org/en-US/privacy/firefox/ and make any necessary configuration changes to Firefox to match your needs.

They certainly have the capability if they wanted to push an update and do that, and so can browser addons. Depending on the browser, your browser settings are stored in a cookie which can have PII (personally identifiable information) and these can be sent to second/third parties whom can corrolate to you.. The only cookie your browser should ever need to store on your computer is a first party non-identifying browser setting cookie, as such is the case in the DDG browser..

The keyphrase in that quote is "they are not stored in a personally identifiable way" so if your local cookie with all your bookmarks somehow did get stolen (via a sidejacking attack), then there would be no PII in that cookie that could uniquely browser fingerprint you. (as a sidenote I dont trust DDG as they were bought by Verizon who installed a supercookie on all their customers; you should use StartPage instead)..

yes, definitely, all of those, even DDG browser.
and with javascript it can be actively exploited.

To be honest, we are royally screwed browser wise. For now use this: https://gitlab.com/Puffles_the_Drago...tes/Firefox.md, but someone needs to write a minimal (pure C no bloat crap) and secure browser. Give me a few years, got a lot to learn. But someone has to do it... Have zero delusions, Firefox is just as bad as chrome and chromium is chrome. Mozilla is the same as Google, they are just less open about it and less obvious. TOR is nice, but lets be real it's protcol is adorable and the project has sold out for NSA money. Browser at this point? Do your best, have zero illusions w3m + proxychians going into i2p then tor is the best bet.

yeah, you talk the talk.
but really it's the internet that's a steaming pile of --- well, all sorts of sh!t.
Unfortunately, browsers need to deal with that.
Some of them being bloated beyond compare, or spying on you, is really just an afterthought in light of the real problem: to reliably display all the stuff that is the WWW. That's the real bloat, the real security hole.

Btw, atempts to "write a minimal (pure C no bloat crap) and secure browser. Give me a few years, got a lot to learn." do exist.
Just look at netsurf or dillo (i don't know if those are actually written in pure C but that's hardly the point). They can't even play youtube videos, and that's after decades of development.

The above is the only accurate statement in your post.
Unfortunately, I don't think OP has time to wait for you to grow up and learn.

Free and open source software is the most effective first step for ensuring your web browser is secure and protects your identity.
Mozilla who owns FF is also not a small niche company - so this ensures the browser will be well maintained and have timely updates.

Mozilla used to be Netscape. There is a documentary about how the company chose to resist Govt pressure to collect data. Netscape then jettisoned FF as free and open source just before it was killed off as a company.
So FF has a history of being loyal to the public rather than to big companies.
FF is the browser of choice for Debian - and Debian is also actively involved in maintaining FF.

If bookmarks are used to identify the user - then users can create several 'profiles' with FF.
Just input: 'about: profiles' in the address bar.
Each profile can then have different bookmarks and different browsing habits. Essentially the user becomes several people whose browsing habit is a little more difficult to identify.

I use Wikipedia as my search engine. I can then go to the Wikipedia page of most websites. On the Wikipedia page there will be a link with the websites address. This avoids using bookmarks.

Alternatively, a seperate file can be held on a hard disk with the address of every website the user wants.
The file can then be used to cut and paste the address onto the address bar of a web browser.

The FF home page allows links to websites to be stored there. This also avoids using the bookmarks toolbar.

Anyone who can honestly look at FireFox and Mozilla and say they are not as bad as Microsoft and Google is a fan boy. They have invested in maleware, injected maleware into users browsers many times and have done even worse things than google. I guess people have to justify the crappy situation we are in. Yes, browsers need to be bloated to run all the Javascript, PHP and other crap I and many others bloat and don't use. Browsers shouldn't be bloated peices of spyware just because some web devs think "OH we should make it easier for the users by adding a crap ton of animations and bs no one wants or needs. Just like in the 90s! Rememeber how we centralized the internet? How has that backfired?". At this point this conversation, much all others that take place about bloat and spyware, has become petty crap that isn't worth my (and hopefully your) time.

I know there is surf from suckless which is (I believe) pure C, however personally there are issues with it such. One thing I do love about FireFox is how addons (in some respects) are done. I like that they are downloaded and run off the system as aposed to being web extensions. I would love to see a minimal browser with at most js support that has that ability. To be 100% honest 99% precent of the bloat in browsers (and other software) is due to trying to make something main stream for everyone. This means the whole (easier for the user) screws the project in about all aspects.

Browsers don't run PHP. The servers interpret it and serve any resulting output.

Despite the truth that browsers have indeed become resource-hungry, it looks like you're having an uninformed rant. ;)

Please provide links to evidence about Mozilla's injection of "malware" into Firefox, any by "malware" I mean that something that actually does damage to your system, which is the definition of that term.

Seeing threats everywhere is just as bad as seeing threats nowhere. It means that you aren't able to discern the real threats when they happen.

I would, but for whatever reason:

A) people don't care or pay attention (MR. Robot, last week/month, last few years, germany etc)

B) All the blog posts and videos I had saved have been removed and idk why. I know Lunduke's got removed and then he moved it to patrion or whatever the site is called.

I have been ranting about this for sometime and with how little people seem to care it feels like telling a windows user about the keyloggers and spyware in it. I get no where and everyone gets mad. In short, not worth the effort to try to dig an archive of posts just have people wipe themselves with it tbh.

Alos, collecting ANY DATA AT ALL that I have not 100% consented to is a, well can't say it here.

Opera has you covered for privacy with it's free built in VPN.

I hate to be that person, but here we go. A) VPNs you didn't build aren't really something you should trust and I2P and TOR make VPNs kinda pointless. However, I don't know enough about Opera to make a real call on them. I haven't actually heard of them before and am sorta out of the loop opera wise so I will definitley check them out. Thank you for the suggestion.

If you can't back up your claims with evidence, and then are willing to argue about the validity of that evidence, don't rant about it. What's Germany got to do with it, anyway?

I never use VPN I just pointed out Opera has it built-in and because I always "hear" that a person should use vpn for privacy.

I think he meant Germany as in Cliqz
https://www.ghacks.net/2017/10/06/mo...ta-collecting/

Like I said, no one pays attention or cares about these things. As long as they can say "well *fill in app or company name* is actually *fill in whatever*" they are happy. People don't want real privacy or freedom. They just want enough freedom to feel free and enough privacy to feel private. All the evidenace (which includes the german government losing it after Mozilla broke their laws and injected maleware (which was written in JS) into specific users computers to see if they could do it without anyone noticing, then injecting malware js into build of FF to campign for a TV show, them investing into malware and injecting ads and things to collect data on users, etc) is not gone. I know just as well as you do why it is gone, as I have no idea. But that is the state of it. You can do and say with that what you wish, but there is nothing I can give you because it is gone. Want more info? Duckduckgo.com is a great place to look, if you manage to find any of the blog posts and videos that were removed (by whoever or whomeever be it youtube, their creators, etc) then please review it as it is important. But blind ignorance is not good for security.

Cheers, sfF. Didn't know about that, and wouldn't be happy about it if I were one of the affected users in Germany. Opt-in: fine. Opt-out, no thanks. I'm not saying that we don't have to keep our ears and eyes open in order to keep the developers honest. :)

I was unaware of that one, but a nice one to add to the list of the reasons they are bad. What I am referring to (when it comes to Germany) was about two or three years ago (I believe it was two or three years ago) Mozilla injected JavaScript into specific users build of FireFox in order to see if they would notice and to see if they could do it to everyone using FireFox. I don't recall everything the JavaScript did, however I remember it having something to do with phoning home browser history, clicks on pages and some other data. I haven't been able to find any of the articles and videos on it. However if anyone is able I would try to find the Bryan Lunduke video from awhile back, he has (or had) links to all the articles, blog posts and other evidence he used in his research. Sadly it isn't (to my knowledge) available on YouTube anymore.

I actually watched that video when it first came out: "Mozilla is not trustworthy" and you're right it's gone. However I did find this video:

https://www.youtube.com/watch?v=-nyQIUcCJfo

I can't watch it though, as I'm at work.

The guy in the video is right Mozilla can't be trusted, like he said if a person wants to give money give it to another browser.
Use Firefox they say Mozilla respects your privacy they say, don't use Opera they tell me the "Evil" Chinese will spy on you, lol Mozilla has been caught using spyware on users but as far as I know Opera has never done that.

Seriously, this is not how you discuss topics you feel strongly about.
uninformed emotional rant just gives those you are trying to convince a strong argument against you.
this is indeed damaging to the thing you're fighting for.

to use your own words:
"At this point this conversation, much all others that take place about bloat and spyware, has become petty crap that isn't worth my (and hopefully your) time."

Quote:

Originally Posted by FOSSilized_Daemon (Post 5998591) Anyone who can honestly look at FireFox and Mozilla and say they are not as bad as Microsoft and Google is a fan boy. They have invested in maleware, injected maleware into users browsers many times and have done even worse things than google. I guess people have to justify the crappy situation we are in. Yes, browsers need to be bloated to run all the Javascript, PHP and other crap I and many others bloat and don't use. Browsers shouldn't be bloated peices of spyware just because some web devs think "OH we should make it easier for the users by adding a crap ton of animations and bs no one wants or needs. Just like in the 90s! Rememeber how we centralized the internet? How has that backfired?". At this point this conversation, much all others that take place about bloat and spyware, has become petty crap that isn't worth my (and hopefully your) time.

Quote:

Originally Posted by FOSSilized_Daemon (Post 5998600) I know there is surf from suckless which is (I believe) pure C, however personally there are issues with it such. One thing I do love about FireFox is how addons (in some respects) are done. I like that they are downloaded and run off the system as aposed to being web extensions. I would love to see a minimal browser with at most js support that has that ability. To be 100% honest 99% precent of the bloat in browsers (and other software) is due to trying to make something main stream for everyone. This means the whole (easier for the user) screws the project in about all aspects.

Quote:

Originally Posted by FOSSilized_Daemon (Post 5998606) I would, but for whatever reason: A) people don't care or pay attention (MR. Robot, last week/month, last few years, germany etc) B) All the blog posts and videos I had saved have been removed and idk why. I know Lunduke's got removed and then he moved it to patrion or whatever the site is called. I have been ranting about this for sometime and with how little people seem to care it feels like telling a windows user about the keyloggers and spyware in it. I get no where and everyone gets mad. In short, not worth the effort to try to dig an archive of posts just have people wipe themselves with it tbh. Alos, collecting ANY DATA AT ALL that I have not 100% consented to is a, well can't say it here.

Quote:

Originally Posted by FOSSilized_Daemon (Post 5998615) Like I said, no one pays attention or cares about these things. As long as they can say "well *fill in app or company name* is actually *fill in whatever*" they are happy. People don't want real privacy or freedom. They just want enough freedom to feel free and enough privacy to feel private. All the evidenace (which includes the german government losing it after Mozilla broke their laws and injected maleware (which was written in JS) into specific users computers to see if they could do it without anyone noticing, then injecting malware js into build of FF to campign for a TV show, them investing into malware and injecting ads and things to collect data on users, etc) is not gone. I know just as well as you do why it is gone, as I have no idea. But that is the state of it. You can do and say with that what you wish, but there is nothing I can give you because it is gone. Want more info? Duckduckgo.com is a great place to look, if you manage to find any of the blog posts and videos that were removed (by whoever or whomeever be it youtube, their creators, etc) then please review it as it is important. But blind ignorance is not good for security.

Quote:

Originally Posted by FOSSilized_Daemon (Post 5998637) I was unaware of that one, but a nice one to add to the list of the reasons they are bad. What I am referring to (when it comes to Germany) was about two or three years ago (I believe it was two or three years ago) Mozilla injected JavaScript into specific users build of FireFox in order to see if they would notice and to see if they could do it to everyone using FireFox. I don't recall everything the JavaScript did, however I remember it having something to do with phoning home browser history, clicks on pages and some other data. I haven't been able to find any of the articles and videos on it. However if anyone is able I would try to find the Bryan Lunduke video from awhile back, he has (or had) links to all the articles, blog posts and other evidence he used in his research. Sadly it isn't (to my knowledge) available on YouTube anymore.

bla.

I do remember this incident, but it was a plugin, not JavaScript. The show was Mr. Robot.
Here are some articles and a statement from Mozilla.

Your link shows FF is working with the German company Cliqz to introduce a new addon.
The Cliqz addon will automatically retrieve relevant info from the net depending on the strings entered in the address bar.

Cliqz is paying Mozilla to test this addon.
Both Cliqz and Mozilla have security measures in place to protect users who try this addon.
During the short time this addon is being tested by a small group in Germany - the addon can be deactivated or disabled.

What is the problem here?
This is good news for Mozilla and FF users.
But I will go further and spell everything out for you:

your link to the ghacks page goes on to say:
Got it? The site is merely reporting on Mozilla's latest successful and profit-making activity.
This is important for FF users - because it ensures we continue to have the best product for free.
But ghacks needs to sensationalise and scaremonger in order to get more attention and more donations.
This is normal journalism.

Your link is not about web browser security - it's about interpreting info accurately.

Do you see how your coming across? Your not sounding very credible are you?

Security on the internet is a serious issue and should be treated seriously. Your not doing that.
You need to start your own thread about your own fears and concerns rather than hijacking this one.

OP would like to know about web browser privacy in general and bookmarks in particular.

Yes I know that it's a legit addon which is fine, but as the author said Mozilla has changed their stance on privacy by collecting more data on users, I never would have known about that if it wasn't for Styxhexenhammer666 video on how Mozilla is combating "Fake News", I got curious if they done other questionable things. I believe that it only installed if you enabled the setting for them to run tests so if users didn't like them doing that its their own fault.
I personally don't trust Mozilla after the recent news of them Forgetting to update certificates and their fix was to enable the testing setting box, seems intentional to me. NSA spy plan?
Edit: forgot his video link https://youtu.be/PK4h-l1PLGM

I believe dillo was C/C++ (no releases in a few years) and netsurf is definitely C.
http://www.netsurf-browser.org/

Almost everything similar to the above, which isn't a mozilla fork or the various "frontends" for the chromium/blink/webkit base, is not really a contender.

The reality is that google and it's blink layout engine / chromium base dominates, to the extent that all other browsers are irrelevant or becoming so. With the re-basing of Opera (12) "Presto" on chromium and more recently Microsoft's edge browser following suit - and firefox's "market share" diminishing, we are back to the browser mono-culture and with Mozilla as the only real competing tech.

I am not a fan of mozilla, I don't think they have done themselves any favours in recent times, but much of the smear you see written about them and the firefox browser is tech press click bait crap which plays into google's hands. While mozilla aren't perfect, the scenario where they cease to exist or their product becomes yet another front end for chromium / blink is not a good outcome. I fail to understand why some are so hasty to dig their graves, when google are doing much worse and making trillions doing it.

totally agree, also with this:
I would add that most people don't do it on purpose; they might even think that they need to "shake up the community" and "bring mozilla back on track" - but more often I suspect that it's simply easier to attack Firefox, because the information is more readily available. Shooting the Open in OpenSource in the back.

I think many people, with opinions on this, don't really grasp that modern web browsers are several millions lines of code projects built specifically to deal with:
This is why you have essentially blink/chromium/webkit - everything based on those and firefox and not much more. firefox just needs to die and the monoculture is complete.

While firefox was based on netscape code and modern webkit/blink on KHTML, things have moved on a lot since those days.

The WWW has become so utterly complex, that only a large organisation with a team of paid developers and corporate funding/sponsorship can afford to put together and maintain and develop a project like chromium. smaller entities, cannot hope to compete.

While firefox was based on the old netscape code (via the mozilla project) and blink/webkit has it's roots in KHTML things have moved on to the extent that "hobby projects", which might have been usable in the comparable sense, 10 years ago have now been left in the dust.

Compare the size of this early "firefird" source tarball with a modern release...

MozillaFirebird-source-0.6.1.tar.bz2 28M
firefox-67.0.source.tar.xz 269M

https://ftp.mozilla.org/pub/firebird/releases/0.6.1/
https://ftp.mozilla.org/pub/firefox/...s/67.0/source/

Rather than simply nothing but "bloat", it's the difference between browsing the web in 2003 compared to today.

Which web browser do you use?

I use a combination of firefox and chromium with the best privacy settings possible applied to both, script blocking via uMatrix.

Cliqz is a new privacy-minded web browser. The browser is a fork of FF - so it's free and open-source.
It also has its own built-in private search engine.

The Cliqz browser seems to be hardened against tracking from third-party websites. Also it says it doesn't pass on the users IP-address to third-parties unlike other browsers (I don't know if this includes FF).

Selling private user information to tracking companies is how a business makes money and stays alive.
This youtube vid Cliqz - designing a different ecosystem shows how Cliqz browser anonymises users but is still able to draw in advertising revenue.

There isn't an official linux version of Cliqz (cliqz.com).
That just doesn't make sense.

+1 for uMatrix (see my blog)!

I also had another, related lightbulb thought:
Often application developers "outsource" much of their work by writing their programs to run on web browsers (or electron), piling more weight onto browser engine developers' shoulders.

I'm always skeptical of these browser forks making grand claims and offering security and/or privacy as an out of the box "feature" which requires no knowledge, work, configuration or thinking on the part of the user... this one in particular is developed by a for profit company. They bought ghostery a few years back and open sourced it, but are notable as a company who's business model seems to be based around combining data mining and privacy...
Yes, the point is that web browsers have long since evolved well beyond an application which was solely for rendering html pages.

all i see is Ghostery (I haven't forgotten the scandal, and they can claim to be all better now all they want, I don't believe it) - and Burda Medien. Money, Money, Money.
Privacy as a buzzword to trap more users to get more data.
Just like Google. Some of that's also OpenSource.

Security and privacy are up to the user. No browser, not even Tor, can prevent you from getting knee-deep in the brown stuff if you don't follow proper precautions. Any browser which claims to market itself as a "secure browser" is either trying to capitalize off of industry buzzwords, referring to the process and care with which it was coded -- the most sensible answer, albeit still unlikely to prevent a user with his heart set on getting in trouble from doing so -- or outright lying.

Every time I hear the words "secure browser", I snicker on the inside and have an impulse to ask its developers for the date and details of their last EAL classification.

uMatrix is the same as uBlock Origin except it's 'designed for advanced users' (Wikipedia).
I don't think there's a meaningful difference between the two - and uBlock Origin has far more users.

On a smartphone, people easily download programs from an app store like google or apple.

A desktop should be just as convenient.
On a desktop computer, why would you want to make an app where people download it onto their hard-drive from an unknown 3rd-party website?
It is better if your app is simply an add-on to someone's trusted web browser.

Eh isn't that how most linux distros work? You download your stuff from trusted and signed repositories

Software companies need to eat. Just like you.

The internet is a market. You make money from it.
You don't exist just because you have pretty thoughts - like free privacy and anonymity.

Today, the internet means we have to pay for privacy and anonymity (e.g. VPN).
And then you need to make sure you pay the right people.

What is the Ghostery scandal?
What is Burda Medien?

Please tell us more - so we may learn.

Do you see how brainwashed we are?

Security and privacy should be guaranteed by your country (i.e. your own laws).

Search engines are a few keystrokes away...the info is out there.

If you call that "brainwashing", I'd hate to think what you don't call "brainwashing" ...

Why should "your country" guarantee your security and privacy ? What you're suggesting is likely to do the exact opposite. What makes you think the government is even interested in "guaranteeing" your security and privacy ? In a lot of countries they would like to take your privacy away, if anything. Why would you trust a third party to take care of your security and privacy ? That's just insane. What world do you live in ?

feeding the troll... oh well, why not, i'm bored. :rolleyes:

https://www.technologyreview.com/s/5...e-ad-industry/
https://en.wikipedia.org/wiki/Hubert_Burda_Media

please do not misquote wikipedia.
nowhere in that whole article does it say that those are the same - and rightly so, they aren't.
uMatrix gives the user much more control over what they block and what they let through.
And judging from your thoughtless loud-mouthing so far I don't think you'll ever be able to appreciate uMatrix and its superior powers. :shrugs:

Yes - but this simple method seems to be evolving.

With a web browser: add-ons are 3rd-party apps which bypass the scrutiny of the linux distro's repository.
It was widely known that some popular add-ons for FF could include spyware. So you had to be wary about which add-on you use. And the fewer - the better.

In this sense, installing a web-browser add-on has become similar to installing an app onto a smartphone.
Just recently, FF 60.6.2esr has said it has changed add-on rules so that add-ons now have fewer privileges.

Even so - it seems add-ons can still be installed via your own repo.
For example Wikipedia says 'In January 2016, uBlock Origin was added to the repositories for Debian 9 and Ubuntu 16.04.'
Does anyone know which other add-ons can be installed by your distros repo?

Incidentally, if you want to install Opera web-browser onto Debian - you need to add the Opera repo onto your Debian says you then have to trust the Opera repo.
So this is a clear example of Debian going outside of its ecosystem to offer users 'choice'.
This may become a worrying trend.

You demonstrate my point impeccably.

You need to ask yourself why you don't want the laws in your country to protect you.
You need to ask yourself why you don't trust your country.

And you've clearly missed mine...

I don't need to "ask myself" anything. I make sure I do everything I can to protect my system... MYSELF, without relying on anyone else, let alone the government. So I don't know what world you live in, but it clearly isn't this one...

The Ghostery add-on protects users. But it does not get paid for doing this.
Of its 19 million users, 8 million have chosen to have their data used by 'website operators' and 'ad companies'.

For 'website operators', Ghostery helps them find out which unknown companies are leeching info from their site.
For 'ad companies', Ghostery shows which is the most popular tracking code on the net.

This does NOT mean Ghostery is doing anything bad for the ordinary user.
It means Ghostery stops companies from tracking your browsing habits. It gives you this privacy for FREE.
But Ghostery also uses the add-on to provide useful info to companies. It does this for money.
And the user can even opt-out of any of his data being used.

Add-ons need to survive by earning money.
They're not like linux distros where they're supported by volunteers and donations.
As long as the profit-making add-on is trustworthy - then there is nothing to worry about.
Your link shows Ghostery add-on is speaking honestly, is involved in giving free privacy and is able to do that by having a workable business model.

Ghostery is no longer owned by Evidon as stated by your link dated 2013!
It's owned by the German privacy-minded web-browser Cliqz.


You have simply provided a link to a Wikipedia page.
What is your point?
You cannot simply expect members to interpret articles for you.

The Wikipedia page for uBlock Origin says:Both uBlock Origin and uMatrix are forks of Switchboard. So are they really so different?
Both add-ons have been written by the same guy.
uBlock Origin is an ad blocker. uMatrix is the same thing - but it makes you feel you're more clever.

At the end of the day, web-browsers and add-ons can be played with like apps on a smartphone.
But a trusted paid VPN is the most effective method of obtaining privacy.

Your situation would be improved substantially if you got yourself a paid VPN.
I think someone has even opened a thread on this forum about finding a good vpn.