marcie (she/her)
  • 5 Posts
  • 48 Comments
Joined 1Y ago
cake
Cake day: Mar 22, 2024

help-circle
rss

I’ve actually tested doing addons to the browser and keeping permanence, and I found it good for my use cases and my specific add-ons (add-ons that do not access DOM). Most major sites don’t have the tech to actually fingerprint it that way. Yes, it does harm the potential fingerprinting, but if you are careful and make it so that private browsing mode basically resets it to default, you can turn it on when you need to. The biggest issue is turning cookies on imo.

Of course, only do this if you know what you’re doing, know your requirements, and know the ins and outs of how fingerprinting on particular sites work. Its perfectly reasonable to main mullvad browser with its baseline setup.


Yeah Mull is a different project. Mullvad browser is better than Mull (now Ironfox) tho lol.



Mullvad browser and Tor browser are the only serious options for privacy on the internet. Librewolf, cromite, Firefox, brave, etc will get you fingerprinted. If you care about security more than privacy, use a chromium based browser. Personally, I use Mullvad browser with Vpn (use only protonvpn, mullvad, or ivpn, they have had security and legal tests) it’s the best combo of fast and private.

For mobile, the options are more limited. Ironfox, Cromite, and Vanadium (GrapheneOs) are the best bets for daily use. Tor Browser is the only one that actually stops fingerprinting however, but it is difficult to recommend it as a daily driver.

Source: I actually help code security software and test it in real world scenarios regularly


I don’t really consider brave to be in the running due to the advertising they have built into the browser


Even if you do change its fingerprint, I’d argue its still better than most privacy configured versions of Firefox. What you should be careful to do is only change things that can be reverted by going into incognito mode if you seek to daily drive this browser.


Realistically you can only spoof specific things, spoofing hardware is actually a bad idea oftentimes because its possible to tell that you’re doing that. Spoofing certain things like audio readings do make sense tho.

Its based on Tor but its meant to be used with a VPN


Mullvad is much better privacy wise than Librewolf, its also snappier and has faster security and privacy updates. The only thing you really lose out on is Firefox sync (if you enabled it on Librewolf). The new identity button helps you reset to a stock state and allows you to circumvent fingerprinting (such as the fingerprinting used for enforcing bans) trivially. Mullvad takes Tor Browser’s approach to heart, while Librewolf takes Arkenfox’s changes to heart. Its factual that Tor Browser is the most private browser, so emulating aspects of it is certainly the way to go.

Some things you will probably find annoying:

  • Its so good at stock that you shouldn’t customize it much if you don’t know what you’re doing.

  • Letterboxing is hard to get used to

  • Without nonstock modifications, its not suitable as a daily driver in my opinion, its a privacy tool first and foremost with stock settings. When you make it nonstock, it becomes very good as a daily driver but you really must be as minimalist as possible in your alterations. Take only what you desperately need, and make sure your settings do not interfere with the normal function of incognito mode which will essentially set the browser back to stock for you fingerprint wise by disabling cookies, history, extra addons, etc.

Some things you will like:

  • Librewolf is sort of bloated feeling stock. It doesn’f feel as quick and snappy as Mullvad does.

They have big egos. You need to be sure they’re an avid poster and will respond to what you say. There’s also the public aspect, they don’t like having something awful they’ve done brought up in a community they like. You can set up a bot to post things like “Hey remember that time you sexually harassed a woman 20 years younger than you and a court ruled against you” as soon as they post an AMA so it’ll be the top comment. Reddit really hates when you use bots like this and will likely remove the comment after it gets a lot of attention which further inflames other people against the target.

A lot of this requires practice to get good at heckling. It’s all a case by case basis. You should always be aware of your audience and what the audience finds most unacceptable about someone’s behavior.


I’ve learned how to get under rich people’s skin and in my free time when I’m bored I harass them. It’s an unguilty pleasure of mine. It brings me great joy to see a multimillionaire or a transphobe so pissed about something I said that they complain to spez to get me banned.

I also just have a general interest in security and privacy, sometimes I just do things like spam an ad site to see how long it takes to react.


Yeah, I did that for a long time but I’m pretty done with it on most accounts. I only do it properly on the most important accounts.


My best solution to the login problem on stock Mullvad is to use KeepassXC with Autotype (if you’re on Linux with Wayland, use the experimental keepass snapshot). You can press the hotkey and autotype will pop up with a quick search for you to add the username and password. It can also save TOTP and passkeys. This of course doesn’t use any add-ons so its a decent solution to the problem.

Even with it streamlined like this, I still find it tedious lol. KeepassDX handles it so much better on android, wish linux could get functionality like that.


You can find a more in depth conversation on this (arkenfox additions and shortcomings vs what mullvad specifically does) here: https://github.com/mullvad/mullvad-browser/issues/1 and here https://mullvad.net/en/browser/hard-facts

I was mostly referring to some similarities between Mullvad and arkenfox’s base profile


Quite a lot of it is tor stuff with (edit:) some arkenfox slapped on. Most of the config are Tor base, Ublock added, and it has a New Identity feature that is similar to Tor. Biggest benefit is being able to use a comparatively much speedier VPN with it over Tor’s proxies. For the most private setup, you should run it stock with Mullvad’s VPN service, but I’ve found it works great with Proton VPN and IVPN as well. Personally, I have very sensitive eyes so I cannot run it with only stock, I need Dark Reader and uBlock at the minimum, and Sponsorblock and anything else is simply a nice thing to have.

I’ve been testing it on many sites and the amount of extra info from addons is very small and few sites keep track of it in my real world testing. It is readable though and a few can notice the difference, and its mostly financial sites that you need to use real ID for anyways.


You’re basically just running Firefox ESR with some config changes at that point and completely defeating the point of running Mulvad browser specifically by producing an absolutely unique fingerprint.

This is not really correct, most sites do not look for injections into the page by addons, only a few do. I’ve run tests where I speedrun site bans on Facebook, Reddit, Github, and YouTube just to see if the fingerprinting on those sites prevents signups with my config, and it did not. Firefox ESR also does not include arkenfox + tor browser tweaks + removals of firefox telemetries baseline which provide gigantic privacy benefits and cannot be understated.

Of course, this is more detectable in comparison to stock Mullvad Browser, but stock Mullvad Browser is a hard sell without more robust features for daily use. By pressing ctrl+shift+p you can go back to stock if the situation calls for it.

And the alternative of course is using a much less private and secure browser, basically no one wants to constantly resign into accounts, browse slower, and miss out on certain crucial ways to block ads. If you want to be a privacy maximalist, stock Tor Browser is over there. For people that want a lot more privacy, good speed, while still keeping a handful of crucial addons and accessibility tweaks, nonstock Mullvad is a great choice.


They do not unfortunately, I desperately wish they did. The best options on mobile right now for a Firefox based privacy browser are IronFox and Tor Browser for Android. Personally, I don’t think either of these are as polished and as snappy as Mullvad Browser on desktop. I think the chrome based browsers are more battery efficient as well, so its unfortunately best to go with them for now I think if you want privacy and efficiency at the same time. Of course, if you want to maximize anonymity you should always run base Tor Browser, but it is not fast and suitable for daily browsing imo, Tor Browser is for specific use cases where you need to maximize anonymity or to change IP from your vpn or local ip for some reason.

If I were to recommend an Android browser, it’d probably be GrapheneOS’s Vanadium (can only get it stock on Graphene) with RethinkDNS’s adblocking and tracking filters and Cromite barring that. Neither of these are as good as Mullvad Browser on Desktop in terms of its speed and privacy benefits, though. Mullvad Browser is truly the crème de la crème for everyday sensible privacy use cases.


I am in love with Mullvad Browser.
So, first off, to make it for daily browsing use I did some basic alterations to the browser by allowing it to keep history, caches, cookies, disabling always-on incognito, and so on. I also installed my favorite addons (Dark Reader, Sponsorblock, I try to be as minimalistic in my choices as possible). This of course harms the privacy, *but* you can just ctrl+shift+p to basically turn all of that shit off when you decide you need to get serious. I kept the letterboxing on, its hard to get used to initially but after about a month of using Mullvad as a daily driver I got used to it. It seems most sites aren't able to detect my alterations to the browser. I don't think any other privacy browser spin (Librewolf, Waterfox, Brave, Tor Browser etc) comes anywhere close to the snappiness and privacy intersection of Mullvad Browser. I'm able to skirt bans due to using anonymity services trivially and the captchas are short and quick and not a never-ending slug fest. Its good enough at faking a unique identity out of the box that most things cannot tell that its fake. I'm in such love that I'm going to swap away from my current vpn (IVPN, sub should end in November) to Mullvad due to how well polished this project is. I'm really interested if their multihop service can get around VPN IP bans better than Tor can. Kudos to the Mullvad team 🥂 I hope you make an android version soon!
fedilink

For the record you can exclude certain countries from your tor options. I am of the opinion that most people aren’t going to need to avoid government stuff, but if you do, exclude, say, 5 eyes countries if you live in one. It’ll make it quite hard for them to get the full picture


Mullvad and Tor and it isn’t close. I use it to circumvent bans on social media when I say something too communist. Don’t alter it with addons in any way its perfect as it is.

If google, reddit, facebook, etc. can’t figure out I’m circumventing them I consider that good enough.

I also like Mullvad for most cases it has adblock by default which lowers the annoyances.

Many websites will be pissy if you’re secure as possible. Tor and Mullvad browser make them very pissy often. Its best to have a backup browser for that and normal activities. Librewolf and Ungoogled Chromium are good choices there. More secure, but fingerprintable enough that sites don’t get pissy.


Invizible Pro is the best option here. Uses Tor not a VPN though. Does firewall, i2p, and DNS. Is on FDroid


While it seems chromium based browsers are able to download pages to view later, it doesnt seem it saves a whole website.


This will help but the wiki I’m thinking of using is for a video game and for a ttrpg 🤔


Looking for a way to save a whole site in its entirety and keeping its functions on android
I will be stuck in low or no internet areas and having a way to save a whole website (such as a small community wiki or something) to browse while bored would be very nice. It'd be nice if its features like search could be kept working. Any suggestions for a Foss app that can do this?
fedilink

There are android e ink tablets with good battery life. I haven’t had the chance to flash one though


Seconding simplex. Having a built in way to obfuscate IP is very nice. But its more for privacy extremism and small group chats for people in vulnerable situations, matrix is best for most situations e.g. community and interest groups. I also had some ease with setting up simplex with my grandma, funny enough. Not needing to make an account made it much easier for her.

Hope Lemmy gets a simplexchat field one day!


Signal for your family (mostly due to interface), Matrix for online communities, and SimplexChat if you’re trying to be a privacy extremist. I did have some success with setting simplexchat up for some old people over the phone because they didn’t need an account.


Truly unhinged that they decided to come out on this. Fellas, you are fucking Swiss why throw yourself under the bus for the US election


Redact, but open source?
So many people seem to recommend this app, but its obviously not open source and requires an email to signup, which seems unnecessary. Are there any good open source alternatives that are a one-stop-shop of sorts rather than a bunch of mottled scripts? https://redact.dev/
fedilink

yeah you could. though i dont see any evidence that the large open source llm programs like jan.ai or ollama are doing anything wrong with their program or files. chucking it in a sandbox would solve the problem for good though


you can check the process to see if its communicating at all. none of the big ones do. its possible someone could be fucking with the file though, before the safetensors format this was a big issue, and still sort of is afterwards. only DL from reputable sources


the other decent options are matrix and simplex chat, and mayyyybe session. matrix seems to have the most users and kick to it right now. out of those options. but yeah youre not gonna get the average tech illiterate person to get on a more complicated alternative to discord, essentially


Only reason I’d recommend signal to anyone is that its one of the few encrypted apps that doesnt have awful onboarding. A boomer can figure it out.


My notes said I tried nobara but they werent very detailed, I assume it wasnt great? Manjaro is one of the ones I didnt test, along with Garuda. I tried Fedora base and Arch base and they didnt work out of the box with most games.


GUI absolutely does matter for helping adoption of linux, I’m not interested in hearing arguments to the contrary either. Everything should be as GUI’d as possible if we want linux to grow



Yeah, thats useful for laymen / people that dont want to tinker a whole lot


Bleeding edge gaming distros with driver managers?
Lately I've been suggesting Mint or PopOS for laymans looking to swap to linux, but do any of you know of any good gaming distros with a driver manager GUI built in ala Mint? I've tested most gaming distros with latest (nvidia) hardware and they do not run most major titles out of the box due to driver issues. If there were a gui for driver rollbacks while having great general performance, I could see it beating out Mint/PopOS for my recommendation. Being able to install .deb files is quite nice for laymans too, though I don't know of any other deb based OSes that run well out of the box.
fedilink

Nah, I’m on latest hardware (4080) and did a bunch of tests recently. Mint was the best along with PopOS. A lot of distros like CachyOs or Bazzite have a lot of great enhancements but they break so often without easy rollbacks that a layman shouldnt use them. Mint has a driver manager and can install KDE if you want with no breakage. Bazzite and CachyOS couldnt even run many major titles due to driver breakage and not having an easy way for a layman to rollback. (I could do it, though a layman would hate it). Whereas PopOS and Mint both ran major titles without any configuration.

I don’t know of any ‘bleeding edge’ distros with driver managers, I might ask about that though.


I personally found it kinda jank. Mint feels best for a laymans gaming distro ime


with alerts to cart you away if they detect you have trans balls 😔



sure, simplex is very private, but its also a pain in the ass to use currently. i feel like matrix makes a decent tradeoff between easy use and privacy


they hated him because he spoke the truth smh

use matrix, briar, simplex in that order

also what email platforms + vpns do you recommend, out of curiosity?



Is there a rundown of privacy frontend instances? Which ones are the most private?
I'm looking for ones that ideally don't log IP. Is there a guide somewhere that looks into each of these instances and whether or not they fulfill the privacy promise? I'm most interested in Invidious.
fedilink