Jump to content

Mozilla and Firefox has turned into evil and lie to their userbase. Leave it and go for alternatives

Mr.Scienceman2000

By Mr.Scienceman2000
in Web Browsers

 Share

Recommended Posts


Dixel

Dixel

Posted
Posted
On 11/25/2021 at 6:08 PM, Mr.Scienceman2000 said:

you also should block js with thing like noscriptand set useragent to something generally used. That wont fix fingerprinting fully but reduces it on basic methods

These days they fingerprint by the vendor tag and clienthints (this nasty thing still works, even if you disabled java) , so you will most likely just fool yourself . I mean, they will know you real vendor and they will get hints, but won't be able to show you the results of the test because you disabled the java script . I think I explained this to user arcticfroxie (or what his name currently is). I even took a screnshot . There was a debate where he insisted to disable javascript but still was detected by the HTML5 test website , while I wasn't. Later Tripredacus also wrote that he just couldn't see the results , while still being fingerprinted . This all could be foound on this website.

2
Link to comment
Share on other sites
Mr.Scienceman2000

Mr.Scienceman2000

Posted
  • Author
Posted
19 hours ago, Dixel said:

These days they fingerprint by the vendor tag and clienthints (this nasty thing still works, even if you disabled java) , so you will most likely just fool yourself . I mean, they will know you real vendor and they will get hints, but won't be able to show you the results of the test because you disabled the java script . I think I explained this to user arcticfroxie (or what his name currently is). I even took a screnshot . There was a debate where he insisted to disable javascript but still was detected by the HTML5 test website , while I wasn't. Later Tripredacus also wrote that he just couldn't see the results , while still being fingerprinted . This all could be foound on this website.

I meant it disables some more precise fingerprinting and prevents stealing clipboard and getting your mac address. And I know it is not only way. I have been able extract user window resolution from latest tor browser while js was off. And I wont mean fake reso it uses rather what is monitor actual resolution.

And bigger issue with javascript is that it is unauthorised code executed on cpu and it can be anything

1
Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted
40 minutes ago, msfntor said:

but all other extensions are only for added security.. 

Be sure to read their Privacy Policy.

Some extensions claim "security" but it comes at a gigantic invasion on "privacy".

So you have to balance "security breach 20% of the time" with "privacy breach 100% of the time".

3
Link to comment
Share on other sites
Mr.Scienceman2000

Mr.Scienceman2000

Posted
  • Author
Posted
4 hours ago, msfntor said:

hmm with blocking JS, I use too Ping Blocker and No More Referrer extensions... but all other extensions are only for added security.. 

I use EMatrix on UXP based browsers that works great and gives me per domain or subdomain control over cookies, css, images, script, xhr, frame.

3 hours ago, NotHereToPlayGames said:

Be sure to read their Privacy Policy.

Some extensions claim "security" but it comes at a gigantic invasion on "privacy".

So you have to balance "security breach 20% of the time" with "privacy breach 100% of the time".

I call it lack of privacy policy. They only exist to protect developer/company from being liable from stealing data. Best security is end user and that I why I prefer things like noscript, ematrix and others as they add actual security layer.

Link to comment
Share on other sites
Sampei.Nihira

Sampei.Nihira

Posted
Posted (edited)

Instead, I prefer, whenever possible, to get security directly in the browser.
Let's consider the usual javascripts as an attack vector.
Only with MS Edge 96 is it currently possible for renderer processes:

 

Quote

Renderer processes: These control how websites are rendered in a tab by executing code provided by the website. They handle HTML (Hypertext Markup Language), CSS (Cascading Style Sheets), JavaScript, images, and more.

https://blogs.windows.com/msedgedev/2020/09/30/microsoft-edge-multi-process-architecture/

to lower the default level which is "Untrusted" to IL AppContainer.
Currently with Process Explorer you will always see an IL "Untrusted" because the function is disabled and to enable it you have to insert a registry key.
If I remember correctly Firefox has a "Low" IL.*******:yes:

It is obvious that a sandbox-escape will have a probability of success that is much lower in Edge (hardened):

https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-policies#rendererappcontainerenabled

than in Firefox.

 

P.S.

*******

Quote

...untrusted content is run in a sandboxed low-rights process.....

https://wiki.mozilla.org/Security/Sandbox/Process_model

Edited by Sampei.Nihira
Link to comment
Share on other sites
msfntor

msfntor

Posted
Posted
2 hours ago, Mr.Scienceman2000 said:

I use EMatrix on UXP based browsers that works great and gives me per domain or subdomain control over cookies, css, images, script, xhr, frame.

Yes, good, I know it well since ages...but uMatrix was too much headache for me... so I don't use it anymore, uBlock is enough for me...

Link to comment
Share on other sites
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

I've used uMatrix and uBlock both over the years (not at the same time, though I've heard of a few that have ran both at the same time).

The GUI text for uBlock was always horrendous in my opinion, but I am using a frame of reference roughly 2 to 4 years ago, the GUI could be improved in recent builds for all I know.

uMatrix has always seemed like a more OCD Approach  --  I am OCD and it has served me well over the years, lol.

Link to comment
Share on other sites
  • 4 months later...
e-t-c

e-t-c

Posted
Posted (edited)

My ''new'' portable ''Firefox Security Browser Alternative'' on Win7 is LibreWolf (the best here) https://privacytests.org/ :cool:

Quote

https://librewolf.net/installation/windows/

Currently we also release a portable version of LibreWolf, useful in cases where installation at system level is not possible,

or for just testing some aspect of LibreWolf. It's also found on the releases page.

https://gitlab.com/librewolf-community/browser/windows/-/releases

Quote

If you don't have it already, you probably also need the Visual C++ Runtime.

https://docs.microsoft.com/en-US/cpp/windows/latest-supported-vc-redist?view=msvc-160#visual-studio-2015-2017-2019-and-2022

 

Edited by e-t-c
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...