Paranoid browser test - is there privacy in FOSS?

Hi heyjoe
There are many options in Firefox that need to be configured in order to limit tracking, I think. One should look into about:config.
I’ve found interesting string parameter in the config:

webex.com,*.webex.com,ciscospark.com,*.ciscospark.com,projectsquared.com,*.projectsquared.com,*.room.co,room.co,beta.talky.io,talky.io,*.clearslide.com,appear.in,*.appear.in,tokbox.com,*.tokbox.com,*.sso.francetelecom.fr,*.si.francetelecom.fr,*.sso.infra.ftgroup,*.multimedia-conference.orange-business.com,*.espacecollaboration.orange-business.com,free.gotomeeting.com,g2m.me,*.g2m.me,*.mypurecloud.com,*.mypurecloud.com.au,spreed.me,*.spreed.me,*.spreed.com,air.mozilla.org,

I don’t think you should trust some orange-business.com, doubting it’s up to any good. Why is this included by default. And this is not the entire list. Hovewer, this string can be erased - a well-deserved fate for this param!
There’s more as I’ve found out, .safebrowsing. need to be disabled for example in order to stop leaking info to goggles. Don’t know if that has changed in last year or so.

Has anyone had experience with uBlock Origin? While HTTPS-Everywhere comes from organization that may be trusted, (I hope so), uBlock Origin is of not so clear, mm origin.
However this may be a better choice than Adblockplus as users say. Eff won’t collect much, after all.
Thus, can a user utilize Privacy Badger instead? There’s a problem that Badger has his own list, but the best easylist(s) cannot be imported as they are in .txt format, and Badger accepts only json.

Try looking here and on github in general.

[QUOTE=rockin;2848385]Hi heyjoe
There are many options in Firefox that need to be configured in order to limit tracking, I think. One should look into about:config.
[/QUOTE]
I have already done that but it doesn’t seem enough. I also think that the very fact that all this configuration is necessary (and privacy is not a granted default) denies Freedom 0. Read my latest replies in the bug report to Mozilla:

https://bugzilla.mozilla.org/show_bug.cgi?id=1424781

They have not only made this extremely hidden for the general user but also practically impossible to disable completely the communication with Amazon etc. which goes on behind the scenes.

I have also reported directly to GNU and FSF that IceCat also does some communication behind the scenes (though it is less than with Firefox). They say they have asked the developer to check it. That’s all I know for the moment.

I also shared my findings with other serious developers who have deep respect for privacy and build their own fork of Firefox.

I don’t think you should trust some orange-business.com, doubting it’s up to any good.

There is no need to trust that the sun is in the sky when it is there. It is just there. As long as tcpdump shows more than 100 background network requests in less than 2 seconds coming from a starting browser with no open tabs and with privacy tuned to the possible maximum - anyone can repeat to infinity how much they respect user privacy but those are just words. In fact - Chromium sends far less requests than Firefox and as far as I can see they are only sent to translate.google.com and to no other hosts.

There’s more as I’ve found out, .safebrowsing. need to be disabled for example in order to stop leaking info to goggles. Don’t know if that has changed in last year or so.

I don’t think it’s changed. The blacklists are hosted on Google’s servers.

Has anyone had experience with uBlock Origin? While HTTPS-Everywhere comes from organization that may be trusted, (I hope so), uBlock Origin is of not so clear, mm origin.

I use both uBO and uMatrix. I think they are great extensions and so far I have not seen any hint of connections between their developer and any organization. In fact - thanks to uMatrix I noticed the weird behind-the-scenes stuff and started digging into all this.

Try looking here and on github in general.

Will do. Thanks.

Yes sorry I didn’t see that you wrote that already.

tcpdump shows so much info/connections indeed. I was able to find edgesuite.net and akamai.net there, but not Amazon (probably because of my config or just big amount of log - more likely).

I should take a closer look at uBlock data policy then, thanks.
If Mozilla goes such way, I’m afraid we will have to use some fork though plugins support is in question.

So far Chromium looks way better than Firefox (check its bug report, link in previous posts).

:silly::silly::silly:

… yeah, I have noticed such oxymorons, myself.

… of course, you also use Ghostery
https://www.ghostery.com/
or at ffx:
https://addons.mozilla.org/en-US/firefox/user/ghostery/?src=api

AND
Self-Destructing Cookies
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/?src=api

and Let’s Not Forget …
SettingSanityRe-adds the options to disable Images, JavaScript, and the Tab Bar in about<colon>references and the Options window.
SettingSanity is a solution to the inane removal of some of the most useful features in Firefox. It also adds the option of toolbar buttons for toggling Images and JavaScript without opening your preferences, as well as some helpful tab settings at the request of many users.

https://addons.mozilla.org/en-US/firefox/addon/settingsanity/
so you can do 98% of your Browsing with JavaScript turned off completely. I only turn JavaScript on temporarily for places where I absolutely need it and where I have chosen to take a chance and trust the place – such as here at openSUSE, or on my own Websites.

Sadly, note that SettingSanity (at least so far) is not compatible with Quantum.

Since I have stuck to the ESR versions for more than a decade, that does not yet affect me.

But, Privacy and Security?

In reality, since before some of you were even born, trying to do something about Privacy and Security now is a thousand times more futile than trying to put all the toothpaste back into a completely empty tube.:\

Here is a little bit more info to help get you excited:
https://www.ghostery.com/blog/ghostery-news/session-replay-scripts-video-record-your-activity-as-you-browse-a-website/

… do not think so. Although there are a couple “soapboxy” comments scattered in here, this thread is on topic for Network/Internet and is about technical information and help with/suggestions for dealing with Privacy and Security.

ROTFL. Makes me think you’ll agree to what I IMNSHO think was one of the best things I taught my children ( and some customers ): “Rule no 1: What you do no want me show on the windows, don’t post that, don’t search for it on the internet”.

Tip: check https://brave.com/ , it’s a Chromium based webbrowser with a strong emphasis on privacy. Must say, I don’t use it very often, but every time I do I quite like it for it’s speed and it’s defaults. It even stumbled on a spam link here in the forums.

[QUOTE=Fraser_Bell;2848438]… of course, you also use Ghostery
https://www.ghostery.com/
or at ffx:
https://addons.mozilla.org/en-US/firefox/user/ghostery/?src=api

AND
Self-Destructing Cookies
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/?src=api

and Let’s Not Forget …
SettingSanityRe-adds the options to disable Images, JavaScript, and the Tab Bar in about<colon>references and the Options window.
SettingSanity is a solution to the inane removal of some of the most useful features in Firefox. It also adds the option of toolbar buttons for toggling Images and JavaScript without opening your preferences, as well as some helpful tab settings at the request of many users.

https://addons.mozilla.org/en-US/firefox/addon/settingsanity/
so you can do 98% of your Browsing with JavaScript turned off completely. I only turn JavaScript on temporarily for places where I absolutely need it and where I have chosen to take a chance and trust the place – such as here at openSUSE, or on my own Websites.
[/QUOTE]
The very fact that all these extensions exist proves that browsers don’t respect privacy by default and the non-expert user may have to fight with quite unknown terms among lots of settings in order to ensure at least partial privacy (which is not privacy at all). IMO uMatrix and uBO make most other extensions unnecessary as they are able to block and filter all kinds of requests. So personally I use only them and HTTPS Everywhere. But no extension can control background browser communication fully, just like no user program can control the kernel.

Sadly, note that SettingSanity (at least so far) is not compatible with Quantum.

Since I have stuck to the ESR versions for more than a decade, that does not yet affect me.

Why would you use a browser made by organization which openly admits that Freedom 0 means nothing and their own “vision” is what matters?

But, Privacy and Security?

In reality, since before some of you were even born, trying to do something about Privacy and Security now is a thousand times more futile than trying to put all the toothpaste back into a completely empty tube.:\

The whole human approach to security through isolation is a form of insanity. It has always lead to nothing but destruction and wars. We, as living beings, are secure only when we are together. We need each other and nobody can survive without the other people. But spying on others is not togetherness, it is also a form of isolation - I isolate myself and I look at you in a hidden way from my isolated cell. So we should not tolerate this.

[QUOTE=Knurpht;2848441]ROTFL. Makes me think you’ll agree to what I IMNSHO think was one of the best things I taught my children ( and some customers ): “Rule no 1: What you do no want me show on the windows, don’t post that, don’t search for it on the internet”.
[/QUOTE]
You are basically endorsing the idea of Panopticon and the modification of behavior in order to ensure safety. But that is not freedom, it is conformity, suppression, restriction, limitation. Watch this video, it may give you some interesting thoughts.

Tip: check https://brave.com/ , it’s a Chromium based webbrowser with a strong emphasis on privacy. Must say, I don’t use it very often, but every time I do I quite like it for it’s speed and it’s defaults. It even stumbled on a spam link here in the forums.

It’s on my list but I may not have the time before 2018. Maybe you can test and share the results?

FWIW the reply which the report at chromium bugs received is much more sane and meaningful than the replies by Mozilla. They are actually acknowledging the request but with a very low priority (unfortunately).

1, From what you write I get you do understand the FOSS principles
2. The openSUSE choice to stick to those ( and not include proprietary software ) is both an ideological one and a legal one. We, as a community based project, simply cannot permit ourselves to get drawn into legal issues.
3. There’s a difference between ‘feeling free’ and ‘being free’. My ideal world would be one where one could expose their naked butt without anybody feeling the need to share that, but hey, let’s get real…
4. I know, from real data, that a lot of these privacy measures don’t actually bring what the user would expect,
5. Re. brave: the data/instructions are on their site.

I hope so.

2. The openSUSE choice to stick to those ( and not include proprietary software ) is both an ideological one and a legal one. We, as a community based project, simply cannot permit ourselves to get drawn into legal issues.

Unfortunately Mozilla Firefox’s approach (telemetry by default and terms shown in a hidden way) is quite close to what data gathering applications do, not to FOSS principles. It rather seems an example of OSS but not FOSS and the F makes a huge difference.

3. There’s a difference between ‘feeling free’ and ‘being free’. My ideal world would be one where one could expose their naked butt without anybody feeling the need to share that, but hey, let’s get real…

Yes. Ideally, there should be no ideals whatsoever - neither of naked butt, nor of dressed butt. It is the ideals that drive this world crazy (religious, political etc). My ideal vs your ideal - so let’s kill each other. But “we are civilized”…

4. I know, from real data, that a lot of these privacy measures don’t actually bring what the user would expect,

What do you mean?

5. Re. brave: the data/instructions are on their site.

Thanks for the info. As soon as I have time I will look at that. But don’t hold your breath as its the craziest period of the year.

“Mozilla is Not Trustworthy” (Bryan Lunduke):

https://www.youtube.com/watch?v=qMALm1VthGY

Hi
Perhaps you should raise a bug…

On SLE it’s all disabled…

 cat /usr/lib64/firefox/defaults/pref/all-SLE.js

// SLE overrides for default settings
pref("layout.word_select.stop_at_punctuation", true);
pref("intl.locale.matchOS", true);

// disable call home features
pref("datareporting.healthreport.service.enabled", false);
pref("datareporting.healthreport.uploadEnabled", false);
pref("datareporting.policy.dataSubmissionEnabled", false);
pref("toolkit.telemetry.enabled", false);

// turn on Tracking protection by default
pref("privacy.trackingprotection.enabled", true);

Then can also add a prefLock() configuration as well, so nothing can be changed for that item… so it’s not like things can be turned off configured to your use case…

I have already raised a bug: https://bugzilla.opensuse.org/show_bug.cgi?id=1073399

The settings which you explain (and which are available through about:config) don’t disable the chattering. And Mozilla will obviously not cooperate.

Hi
Don’t use it then… your not forced too, just like other users can disagree with your observations and carry on using it if they so feel and configuring to their requirements… just like I don’t use packman, should I push for that to be removed and everyone should purchase and use Fluendo codecs?

I’m not sure you bug will gain much traction, this is a do-ocrity, come up with some suggestions in your bug on what you would like to see being improved, or branch the openSUSE version and make changes, test those changes and submit for consideration.

… well, yes, absolutely. (giggling a bit, myself)

Tip: check https://brave.com/ , it’s a Chromium based webbrowser with a strong emphasis on privacy. Must say, I don’t use it very often, but every time I do I quite like it for it’s speed and it’s defaults. It even stumbled on a spam link here in the forums.

Thanks for that, will look into it.

You are making this personal. It is not my observation in the sense - someone horrified by the view of an orange logo. It is what tcpdump shows and the fact that telemetry is enabled by default in Firefox (and cannot be turned off completely). If we logically agree to a statement like “don’t use it, you are not forced to” - then any malware can be included in a distro and it would be up to the user whether to use it or not.

As for Packman - AFAIK it is not part of the official distribution, is it?

I’m not sure you bug will gain much traction, this is a do-ocrity, come up with some suggestions in your bug on what you would like to see being improved, or branch the openSUSE version and make changes, test those changes and submit for consideration.

The suggestion for software which abuses freedom (or implies partial non-freedom) and is distributed in a free distro can be only one. All tests have been made and submitted. Only developers can look further into this.

Question: are you using a mobile phone? Not even talking about a smartphone, that is.

Why is it that people who don’t want to face an actual issue always try to transfer the issue to someone else, personally?

No, I live in a cave far from any civilization and don’t get out because there are satellites tracking everything. If any communication is necessary it is done through special ants which digest the message in an encrypted way and transport it to the recipient by passing using random routes. Then the recipient analyzes the chemical substances of the ant and decrypts the message from that.

Is that the answer which would make the browser issues worth considering?

Hey, I was serious about this. I do share your concern about browsers, but too often I see people talking about FF, about Chrome whilst admitting using an iPhone, or a Samsung Android device. Be fair, that’s like trying to secure your front door to the ultimate level whilst leaving the key to the back door in the lock for anybody to use. A situation where one does not use FF for it’s telemetry feature, yet giving away more data through other ‘systems’.