Spying Browsers?

[KoO]

I so shocked to read about waterfox.

Is your post a riddle? A joke?

I haven't noticed any recent scuttlebut { buzz | rumor | dish | gossip | hearsay} regarding waterfoxproject.
smooth sailing, calm waters... https://old.reddit.com/r/waterfox/

No it is Qutebrowser

[skidoo]

h t t p s ://web.archive.org/web/20180607023304/ h t t p s ://digdeeper.neocities.org/browsers.html

Waterfox

Again, a browser pretending to care about your privacy - "We’re obsessed with protecting your privacy. That’s why we’ve made Waterfox Private Browsing more powerful than the others.", when in fact Waterfox does nothing whatsoever to protect it and actually spies on you almost as much as Firefox (it made 109 unsolicited requests upon my run of it). The "improved private browsing mode" is a sham as well - anyone caring about their privacy will not rely on this regardless, but install essential privacy addons, so his deceptive claims are designed to lure in newbies only. Therefore this slimy dev and his "creation" can be safely ignored.

C'mon, why call the dev "slimy"? He's been sharing his modified version of firefox for several years, VERY low-key (not self-aggrandizing hype, as exhibited by certain children of the moon) and not even really begging for monetary donations.

"phone home"/telemetry stuff as a matter of course, which is inherent in Waterfox as a consequence of being a Firefox variant.

Yes, waterfox handily (lazily) "switches stuff off" via default prefs but does not strip/omit the offending underlying code.

"it made 109 unsolicited requests upon my run of it"
Considering the date of that article, this criticism was likely true at the time of writing.
You can review the dated waterfox release notes and/or https://github.com/MrAlex94/Waterfox/issues the open /closed issue tickets
and note that suppression of "call the mothership" requests has received serious attention only recently, subsequent to folks calling it to Alex' attention via "feature request" and "bug report" tickets.

I wonder if there are significant differences in browser standard configuration and behaviour, dependent upon which country you are in?

Nothing significant. The packaging/installer may detect system locale and install extra locale-specific dictionary but the app that's about it.

waterfox code repository is here: https://github.com/MrAlex94/Waterfox
hawkeye116477 offers a packaged version for linux w/ KDE integration: https://github.com/hawkeye116477/waterfox-deb

We can see that the code which provides HealthReporting telemetry is still in place https://github.com/MrAlex94/Waterfox/se ... d_q=health
and
the code supporting ff "experiments" functionality is still intact
(ironic, considering that it has probably now been removed from current ff version codebase, upstream)
https://github.com/MrAlex94/Waterfox/bl ... /moz.build
https://github.com/MrAlex94/Waterfox/bl ... /moz.build
https://github.com/MrAlex94/Waterfox/bl ... .configure

here the default (in absence of user.js) preferences are specified:
https://github.com/MrAlex94/Waterfox/bl ... firefox.js
^---- note that nothing herein has been adjusted/revised during the past 7 months

I agree that too much of "what waterfox is doing" amounts to a feelgood effort ~~ putting lipstick on a pig.
Privacy-wise, if I were running waterfox, I would still block (via hosts file) the hostnames of mozilla-and-partner servers
to preclude possiblity of "call home" and/or "silent update" operations.

==============

mozillazine forum :: Third Party/Unofficial Builds
http://forums.mozillazine.org/viewforum ... 2&start=30
-- "pcxfirefox" by xunxun1982
-- "Light, a light firefox" by cstkingkey
IMO, these 2 are (or were) the only significantly improved (debloated, de-fanged) variants.
Understandably, their devs have gone incommunicado {{{ "Who ya gonna trust, mozilla or Some Chinese Guy?"

[skidoo]

I so shocked to read about waterfox.
. . .
No it is Qutebrowser

Oh, okay.
So, it's bigger than a breadbox, and...

[wulf]

[/quote]
C'mon, why call the dev "slimy"? He's been sharing his modified version of firefox for several years, VERY low-key (not self-aggrandizing hype, as exhibited by certain children of the moon) and not even really begging for monetary donations.

Exactly! I have a lot of respect for Alex and what he's achieved. I see no deliberate intent within Waterfox to capture data beyond what's required for proper functioning of the browser, but, as you rightly say regarding blocking mozzie links at host level, there is always scope for a user to improve and modify a browser to their personal privacy preferences..

[wulf]

wulf, stevo - not finding mitmproxy or iridium in any repos or in synaptic on this machine

Have you tried refreshing packages from MXPI or "reload " from within Synaptic? Both iridium and mitmproxy show in my packages, although iridium is in stable in my list.

[colin_b]

Would this be suitable for the repo?

https://spyware.neocities.org/articles/ ... omium.html

Ungoogled-Chromium

Ungoogled-chromium is a fork of Chrome that has all of Google's spyware removed. It was tested with MITMproxy and makes no unsolicited requests, and is therefore not spyware. Ungoogled-chromium is the highest-rated browser based on Google Chrome, and is probably one of the best choices if you can compile it.

From https://github.com/Eloston/ungoogled-chromium

Bringing back the "Don't" in "Don't be evil"

ungoogled-chromium is Google Chromium, sans integration with Google. It also features some tweaks to enhance privacy, control, and transparency (almost all of which require manual activation or enabling).

ungoogled-chromium retains the default Chromium experience as closely as possible. Unlike other Chromium forks that have their own visions of a web browser, ungoogled-chromium is essentially a drop-in replacement for Chromium.

Edit: brief video overview https://www.youtube.com/watch?v=7FTEn-ivwu4

[Captain Brillo]

Ok - this looks like a serious issue, and I've had a similar thingy already once in MX:

Why can't I find programs in the repositories?
Is there some setting I have wrong?
There are programs I like out there that I now wonder if I'll be able to use with this distro - how many more are hidden from me?

Excuse the whine - perhaps a new thread about this?

[Stevo]

Yes, start a new thread, but state exactly how you are searching for the packages, and what

Code: Select all

sudo apt update

reports.

[Eadwine Rose]

iridium-browser is in the repos as is mitmproxy.

I can find both without even activating the test repo, just checked.


Urgh never mind, I obviously hadn't read to the end of the thread when I replied.

[handy]

Note: If I should have posted this somewhere else, please tell me & I'll cut it & paste it into that section of the forum?
-----------------------------------------

I just installed iridium & when I try to run it, I get the following error:

Code: Select all

 [handy@madmx ~]$ iridium-browser
[3501:3501:0210/122505.670438:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
#0 0x55e80aaf319f <unknown>
#1 0x55e80aa6c23e <unknown>
#2 0x55e80bd774c9 <unknown>
#3 0x55e80a56c2c9 <unknown>
#4 0x55e80a573768 <unknown>
#5 0x55e80a56ace1 <unknown>
#6 0x55e8082c6e53 ChromeMain
#7 0x7f48485072e1 __libc_start_main
#8 0x55e8082c6cca _start

Received signal 6
#0 0x55e80aaf319f <unknown>
#1 0x55e80aaf2d01 <unknown>
#2 0x7f484ea520c0 <unknown>
#3 0x7f4848519fff gsignal
#4 0x7f484851b42a abort
#5 0x55e80aaf1a65 <unknown>
#6 0x55e80aa6c544 <unknown>
#7 0x55e80bd774c9 <unknown>
#8 0x55e80a56c2c9 <unknown>
#9 0x55e80a573768 <unknown>
#10 0x55e80a56ace1 <unknown>
#11 0x55e8082c6e53 ChromeMain
#12 0x7f48485072e1 __libc_start_main
#13 0x55e8082c6cca _start
  r8: 0000000000000000  r9: 00007ffc0dd86390 r10: 0000000000000008 r11: 0000000000000246
 r12: 00007ffc0dd86ff8 r13: 000000000000016b r14: 00007f4848e1d060 r15: 00007ffc0dd86ff0
  di: 0000000000000002  si: 00007ffc0dd86390  bp: 00007ffc0dd865d0  bx: 0000000000000006
  dx: 0000000000000000  ax: 0000000000000000  cx: 00007f4848519fff  sp: 00007ffc0dd86408
  ip: 00007f4848519fff efl: 0000000000000246 cgf: 002b000000000033 erf: 0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

I'm running kernel: 4.19.0-1-amd64