Honestly the lack of ad blockers in Vanadium pushes me towards Firefox even though the devs say that Firefox is far less secure. So many web sites are just hard to use on mobile without an ad blocker so I’m curious what the rest of you are doing.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
much thanks to @gary_host_laptop for the logo design :)
I use Firefox for most trusted browsing, largely due to its bookmark sync and extension support. It has also been my desktop browser of choice for decades. I always browse in private mode on mobile, and with strict protection enabled (no 3PC), so essentially no cookie or data retention once the app is closed. FF sync for bookmarks only, no search suggestions, autocomplete, etc., except for search bookmarks. DDG as default engine.
Passwords are managed with KeePass autofill, and synced to many other devices via Syncthing.
I love that Vanadium is the default WebView browser though, due to its support for site isolation and other hardened features.
Fingerprinting is still virtually impossible to prevent until/unless the overall web browser model changes.
Fennec, basically Firefox forked. uBlock Origin + ClearURLs. In uBlock Origins I have every single filter enabled except the language ones. Also dark Reader is nice and synced with my system theme, something that doesn’t work in Mull because fingerprint resistance blocks that by design.
I can’t do Mull for day-to-day stuff, too many things break for me. Web apps like my work stuff, financial stuff, medical stuff, all those heavily use JavaScript and aren’t the best coded so they don’t like Mull very well. Fennec with uBlock Origin “just works” and very rarely do I ever have to turn off uBlock, usually disabling cosmetic filter on it fixes all my problems.
Also if you run a Firefox variant, you can enable NoScript and enable “Temporarily set top-level sites to trusted” and it will enable a lot of js websites to work without tweaks while still offering very powerful protection.
If I website doesn’t work, opening it I’m Vanadium is a nice way to check if the issue is Firefox or not.
Mostly Mull. A little Firefox and a little Vanadium
Hardened Firefox-based browser like Mull or Klar.
Mull with ubo
Fennec, Firefox from the f-droid-store
The most insecure Android stack
Edit: Because people will just blindly down vote this, here is some references to help you make more informed choices
https://privsec.dev/posts/android/f-droid-security-issues/
https://hacks.mozilla.org/2021/05/introducing-firefox-new-site-isolation-security-architecture/
https://bugzilla.mozilla.org/show_bug.cgi?id=1565196
I disagreed particularly with:
While yes, this may be a bad thing for some, certain apps, like termux (terminal emulator, even lets you make a linux chroot, some ppl play games using wine in it) only work properly on sdk’s older than a certain version, since newer versions can be somewhat locked down.
I don’t want to say that that article is “google good, f droid bad”, but that’s what a lot of what it’s points are. It completely neglects to mention the downsides of google’s various security models, especially for a foss community like this one. App bundles, for instance, are secure yes. But they are also an advanced form of drm (at least when made by google), must be compiled server side for each device, and other things that make them not work for the foss community.
And criticizing f Droid because it has multiple repos? That criticism is completely incompatible with the common FLOSS ideas that things should be less centralized.
Don’t get me wrong, some of the points it brings up are valid, but they are biased, only focusing on on one side.
And I also don’t feel the need to be alarmed by these points. What does it matter that google signs everything (in a supposedly better way) when “everything” includes malware?
As usual, no app or product can replace human discernment. Security is a process, not a product.
🤡
I’m happy for you to provide references what prove me wrong.
That sounds like a massive waste of time, you do you.
about what i expected
NextDNS with Vanadium.
To me, being able to use Vanadium in webview is a huge benefit.
Using DNS to block ads is relatively simple these days.
I use Vanadium and sometimes DDG or Tor. Mulls a good, hardcore browser as well.
And for vanadium, I use an ad blocking DNS, which is https://dns.adguard.com/dns-query
Isn’t perfect but it blocks some ads
Mull with ublock origin, always on VPN to my house with pihole for DNS.
I use Firefox for the “installed” web pages for quick access to internal things like Sonarr since Mull would log me out fairly often.
I use Vanadium with a custom DNS in system settings - NextDNS. It doesn’t get rid of every ad but it’s pretty good and blocks nearly all of them. You can choose adblock filter lists as well with NextDNS.
Use to use forefox, switched to just Vanadium as per Graphenes guidelines
Vanadium for when I need to log in and Cromite for daily browsing.
Mull with Adblock plus, Ghostery and Decentral eyes. Btw. I hope they soon update their icon to be Material theme compatible.
Honest question: is using those 3 addons better than sticking to just uBlock Origin?
I have read multiple times that the best is to just uBlock Origin and nothing else, since other addons are redundant and together will make your fingerprint easier to recognize.
Honest answer, I don’t know. I will for sure not install another extension. What I like from Ghostery is the “auto decline cookie banner” funktion.
uBlock Origin also has this functionality in its “annoyances” list category
I just tried it and it did not work for a website I often visit.
I like Mull the best. It’s pretty much just Firefox+arkenfox for mobile
Except for gecko mobile not having per-site process issolation (Fission) I get it though, its has good anti fingerprinting, isnt chromium, and has compatibility with Firefox addons (you can get around the mobile only requirement by importing a custom collection, which iirc requires Dev mode)
The amount of Firefox fanboys who will get mad at you for mentioning Android Firefox missing per-site process isolation. I’ve basically made the choice to not mention it anymore because I always get harassed whenever I do lol…
Firefox on desktop is awesome, Mobile should be avoided.
fission is functional with no noticeable issues on Firefox mobile as of like ~ff115/116. it just has to be manually enabled in
about:config
.Its considered a highly experimental feature, so enabling it could result in unknown issues or even security issues.
Also Firefox still lacks isolatedProcess https://bugzilla.mozilla.org/show_bug.cgi?id=1565196
I’d imagine Firefox would enable Fission by default if it was actually ready.
I’m willing to bet you get “harassed” for your smug attitude, not for mentioning that fact.
not sure how I’m being smug (please point to my excessive pride in my achievements) but okay, “harassed” is deffo a overstatement but I’m just sick of people like this https://lemmy.nz/comment/1506835 while I’m trying to help people.
But aside that, people shouldn’t be a asshole to someone just because they come off smug 🤷
This is a link to you trashing firefox mobile for not having site isolation by default and disregarding the person that corrected you
How did I disregard it? He literally provided a reference what countered his own point.
Like please, if you actually have a point to make. I’d love to know how he corrected me at all.
I think trashing is a overstatement, I’m providing references to my point (Also I LOVE firefox and use it on my desktop what i mentioned! It lacks basic security features on Android, that is not trashing on Firefox!) and I was deffo a bit hostile because he was obviously responding in bad faith.
With that link I just see your comment and no replies (maybe my instance doesn’t federate with theirs).
But look at just this thread: your other comment is you telling someone what they use is bad and providing no reasoning as to why.
Then when you get downvoted for contributing nothing of value, you whine about it and begrudgingly post the reasoning you should have shared from the beginning.
That’s a shitty attitude that’s going to net you downvotes and negative replies, and you shouldn’t be surprised by it.
yes you must not be federated.
My other comment what you must be referring to is “most insecure android stack”, doesn’t have references I agree & it probably should (thats why i edited it to include them) but its also on people to do their own research and if someone is commenting that their stack is insecure, maybe that person could ask me why or do a little research themselves (instead of just downvoting. Or they could just downvote & ask a question too!).
Also I’m not saying down votes is “harassment” thats insane, people can down votes as much as they want. I’m just over people unwilling to see insecurities after I provide references (like in the comment you can’t see responses to)
Shocker not every comment I make will be prefect & if people genuinely wanted to learn ask questions!
Also this whole idea that its a “negative attitude” is insane, I’m literally telling someone the software they use is insecure.
Vanadium and Adguard home