Page 1 of 11 123 ... LastLast
Results 1 to 10 of 102

Thread: Paranoid browser test - is there privacy in FOSS?

  1. #1

    Exclamation Paranoid browser test - is there privacy in FOSS?

    I have been looking at both Firefox and Chromium (supposedly respecting user privacy and freedom, not like Google Chrome).


    Firefox settings:







    Chromium settings:



    I am pasting the last screenshot as link because the forum doesn't allow more than 4 images:

    https://ultraimg.com/images/2017/12/12/nKxh.png

    Additionally in both browsers I have installed extensions uMatrix, uBlock Origin and HTTPS everywhere. I don't have any chat program installed (pidgin, kopete etc). I have NTP service enabled.

    My findings:


    - Firefox disrespects settings for "Data Collection and Use". I have provided more info in this bug report. In FF 57 things seem even worse: There are even more telemetry flags enabled and enforced by default and not accessible via Preferences, i.e. only through about:config.


    - watching uMatrix logger upon startup (without any other tabs open): both Firefox and Chromium communicate with hosts owned by Google and Mozilla. In other words - Google and Mozilla know the exact time when the user starts his browser (and perhaps other things too). Firefox communicates with google and other hosts too (even after disabling OCSP query and "Block dangerous and deceptive content")

    - after closing the browser (say Chromium) as well as all other desktop apps I wait about 5 minutes after the browser process has died and I look at tcpdump output:


    Code:
    14:32:29.015682 IP pc.47222 > router.domain: 7090+ A? lh3.googleusercontent.com. (43)
    14:32:29.018269 IP router.domain > pc.47222: 7090 2/0/0 CNAME googlehosted.l.googleusercontent.com., A 216.58.207.33 (88)
    14:32:29.018425 IP pc.43317 > router.domain: 38316+ A? accounts.google.com. (37)
    14:32:29.020262 IP router.domain > pc.43317: 38316 1/0/0 A 216.58.207.45 (53)
    14:32:29.020416 IP pc.38513 > router.domain: 51010+ A? clients2.googleusercontent.com. (48)
    14:32:29.021398 IP router.domain > pc.38513: 51010 2/0/0 CNAME googlehosted.l.googleusercontent.com., A 216.58.207.33 (93)
    If I read that correctly: somehow there is still communication between the local machine (pc) and the router on our network related to Google. Similar thing is observed with Firefox. There are also packets which contain 'amazon' substring.

    More testing:

    IceCat behaves similar to Firefox.

    Tor browser doesn't seem to do what Firefox and Chromium do.

    --------

    Questions:

    1. Considering a FOSS ethical perspective (everything you would hear from FSF) - Are these valid concerns?
    2. Is there something technically wrong or missing in this simple test?
    3. Is there anything to report (bugs)?
    4. Or should I visit the mental hospital?

  2. #2
    Join Date
    Sep 2013
    Location
    Norfolk, UK
    Posts
    1,075

    Default Re: Paranoid browser test - is there privacy in FOSS?

    For Firefox you could take a look at "ghacks-user.js":

    https://github.com/ghacksuserjs/ghacks-user.js

    Described as "An ongoing comprehensive user.js template for configuring and hardening Firefox privacy, security and anti-fingerprinting."

    A brief(er) overview of it:

    https://github.com/ghacksuserjs/ghac...i/1.1-Overview

    I've not really looked in much detail, in it's "standard" form I feel it would probably be far too restrictive.

    It's however a good source for the listing of pretty much all Firefox's privacy/security/etc settings that are available via user.js; and yes, the bulk of those are not accessible from the settings GUI, and some that were have indeed been removed over time.
    Regards, Paul

    Tumbleweed (Snapshot: 20190617) KDE Plasma 5
    Leap 15.0 KDE Plasma 5
    [Non-Tumbling Tumblweed (20150508) KDE 4 - Resurrected]

  3. #3
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    26,110
    Blog Entries
    15

    Default Re: Paranoid browser test - is there privacy in FOSS?

    Hi
    Don't forget webrtc and pocket....

    https://browserleaks.com/webrtc

    extensions.pocket.enabled;false [default is true]
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  4. #4

    Default Re: Paranoid browser test - is there privacy in FOSS?

    Quote Originally Posted by tannington View Post
    For Firefox you could take a look at "ghacks-user.js":

    https://github.com/ghacksuserjs/ghacks-user.js
    Thanks. Yes, I found that a few minutes after posting here. Looking into it.

    Quote Originally Posted by malcolmlewis View Post
    Hi
    Don't forget webrtc and pocket....

    https://browserleaks.com/webrtc

    extensions.pocket.enabled;false [default is true]
    Thanks. I believe uBO takes care of it too.

    I also found this:

    https://tornull.org/tbbnull.php

    But anyway the root question remains: why FOSS spies on us by default and why do we have to hack it in various ways to prevent that? Where is the freedom in the whole thing? Is Mozilla just another "I want to track you" organization?

  5. #5
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,650
    Blog Entries
    1

    Default Re: Paranoid browser test - is there privacy in FOSS?

    I've never really trusted any browser's privacy settings, nowadays HTML5 requires and does extensive probing of your system to display on a multitude of device screens and support functionality Users commonly expect nowadays.

    So,
    I currently install a multitude of different web browsers and use each for specific tasks so that any tracking is limited to within that common task.
    If I don't want to be tracked, that browser is not logged into any authenticator (like Facebook, Google, Twitter, etc.)
    If I want to further limit tracking, use a text-only web browser that doesn't support HTML5, but nowadays that won't work on a lot of websites.

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  6. #6

    Default Re: Paranoid browser test - is there privacy in FOSS?

    Or maybe we should all move to Qubes?

  7. #7

    Default Re: Paranoid browser test - is there privacy in FOSS?

    ...go to about:config in FF and enter search term "http". Delete as many of these as you like and then have a look again.

    I always though about doing the same experiment as you did, but expecte the outcome to be like that or even worse.

    Maybe have a look at Pale Moon.
    Kind regards

    raspu

  8. #8

    Default Re: Paranoid browser test - is there privacy in FOSS?

    How about Waterfox? Has anyone tried it? Their site says it is based on Firefox but with removed telemetry and data collection.

    https://www.waterfoxproject.org/

  9. #9
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,001

    Default Re: Paranoid browser test - is there privacy in FOSS?

    I'll put this in the nicest way I can;
    No one cares about you or your browsing history, habits or anything else for that matter.

    No, there are no monsters under the bed or the closet and no evil h4x0rz or big corporations don't care about you specifically because you have no interesting data to give out.

    People really need to stop being so paranoid or get medication for it.
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

  10. #10

    Default Re: Paranoid browser test - is there privacy in FOSS?

    Quote Originally Posted by Miuku View Post
    I'll put this in the nicest way I can;
    No one cares about you or your browsing history, habits or anything else for that matter.

    No, there are no monsters under the bed or the closet and no evil h4x0rz or big corporations don't care about you specifically because you have no interesting data to give out.

    People really need to stop being so paranoid or get medication for it.
    ...yeah, Google is a charity to safe the world and being naive about what's goinig on is the solution. Keep using whichever browser you like and keep posting ON TOPIC in surveillance threads... ;-)
    Kind regards

    raspu

Page 1 of 11 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •