Home | News | Download | Packages | Forum | Wiki | Github

Recommendations: Webrowser other than Firefox


(edwin snelgrove) #21

I’ve had pretty good luck with Waterfox, but only used it for a couple months.


#22

about:config

#disable WebRTC
media.peerconnection.enabled set it to false

#disable WebGL
webgl.disabled set it to true


(Steve) #23

Yeah, I use those as well as several others in Firefox; however, the newer Quantum has removed several of the keys and allow the problems as default rather than give the user the option to enable or disable as they need. That’s the reason I’m looking for something that can be made secure but is not Quantum.


#24

The problem is, what security is for you.
Are you talking about vulnerabilities, privacy or something else?

From my point of view its less desirable to run other browsers than the two big ones.
Only the two big browsers have the required teams and resources to maintain and audit the enormous code base a modern browser is based on.

And in the privacy sense, you actually want to look like everyone else.
If you use some exotic browser or some strange settings you are going to be identified and fingerprinted with ease.
The tor project ships the tor browser as binaries and suggests to not rebuild it from source to make sure users are going to look all the same.
They even go steps further and suggest the window size and installed plugins.


#25

@Duncaen About Tor, I have a question:

When you are using Tor, your ISP can see that you are trying to hide, right?

So… aren’t you immediately flagged as a suspect?


#26

Yes they can detect that you are using for, but at least in e.g. Europe you shouldn’t be flagged for it.


#27

Why should it be different in Europe?
It’s a well known fact that in e.g. France the Internet is closely monitored.


(Steve) #28

You may be able to use a VPN and then tor, so all your ISP will see is that you’re connected to a VPN; I set one up in Linode, but there are other host services that will work just fine. My Linode node is strictly VPN, while I know the alphabet agencies may, can and possibly will, see where I go and what I do, my ISP only sees the VPN connection.

As for those who recommended Palemoon:

THANKYOUTHANKYOUTHANKYOU!


(Steve) #29

That’s why I use UA Control with the JS fix, I can mask myself as the most popular browser. With old Firefox, now Palemoon (THANKYOU again!), I can edit the hell out of its internals, through the about:config, the config files themselves and/or through addons.

I use the Panopticlick to test my fingerprint. As a side note, if javascript is completely disabled, then they cannot see a thing. Javascript is HORRIBLE, as far as security/privacy is concerned.


(Erin) #30

It is a shame the Web can become almost unusable without JS. Functionality versus form!


(Henry Wait) #31

What about Midori? I have used it on many low power netbooks and it works a treat, wish it had a few more developers behind it though and it could be a bit more polished.


#32

Midori is no longer maintained
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864951
See also


(Ioan) #33

did anyone said surf ? ( does ctrl+g work ?)


#34

cf.:


(Steve) #35

Pale Moon runs it. You have to go the Vimperator plugin site and then choose to view all versions of it. The last one to be installable in Pale Moon, though, is 3.9.1.


(Steve) #36

Can the surf browser be made secure? I’m not overly familiar with it. By secure, I mean address WebRTC, WebGL, etc.


#37

PaleMoon problems
My recommendation: Brave


#38

yes but only for 64 bits systems…


(Erin) #39

Not sure that discussion is overly healthy. PM is not a clone of FF, where patches would be useful, as PM’s code have diverged from FF38, not followed it. So some FF issues will not exist in PM, some may. However, all software is vulnerable, nature of the beast, so it should not be if but when a software platform is targeted. Is PM better or worse than others… ?


#40

Correct, nobody knows Palemoon’s vulns, only documented Moz CVEs, plus NPAPI plugins and unsigned extensions. What could go wrong.

I agree about forums. The USA gov pays trolls to mislead on security topics. So study and think for yourself. Web browsers are favored targets, being easy to own. The larger story is front companies (cf. Insurge findings) and prepurchased trapdoors like Apple’s goto-fail and blank root password “bugs.”

Brave forks Chromium with privacy/security mods; Tor Browser forks Firefox with privacy/security mods. These are the two main privacy/security contenders based on the two big browsers for Linux.

As Brave stabilizes, Palemoon destabilizes with architecture revision. A year ago it was the rendering engine. Now it’s Basilisk. Palemoon has code churn. Now isn’t a time to call it secure.

Palemoon and Tor Browser both forked Firefox. If you want a secure XUL browser right now, it’s the latter. Unlike Palemoon it gets active help from Mozilla and pentesting.