BROWSERS
Marcus Holtz on Web Browser Privacy
© 2024 Marcus Holtz
Last updated 2024-04-11
You are free to use this work, with certain restrictions.
For full licensing information, please see the last slide/page.
© 2024 Marcus Holtz
Last updated 2024-03-14
I have the slides exported �as a video and �hosted on Nextcloud, �if anyone wanted �the material for the talk:
SLIDES AVAILABLE
VISIT URL ABOVE
© 2024 Marcus Holtz
Last updated 2024-04-11
a. Betterfox / Floorp
b. Arkenfox / LibreWolf� c. Multi-Account Containers� d. Temporary Containers
8. TL;DR
Florp is to Firefox� what� Brave is to Chrome
TABLE OF CONTENTS
WHO?
I am just a guy. I do not develop a browser.
This is just me, giving my experiences to you.
WHY?
Are some browsers good? Are some browsers bad?
Nope.
Browsers are not a moral quandary.
This talk most specifically is about the omnipresent tracking that occurs on the world wide web, with the web being primarily contained to your web browser.
Please do keep in mind, this talk is specific to the web browser.
Tracking occurs in tandem, outside of the web browser.
Also, the goal here is not evasion of threat actors or extreme paranoia, but making the web a little more bearable to navigate and to take back control for the average user.
SO, HOW TO BEGIN THIS CONVERSATION?
Asking for a friend, why would any individual care about their online privacy?
Is this different than security?
Both keep me safe, right?
Privacy – What are you talking about?
Well, what is privacy?
PRIVACY AND SECURITY�SAME THING?
Avast* as a company is not focused on privacy, they care about security which a lot of the time is not the same.
Benjamin Franklin once said:
“Massachusetts must suffer all the hazards and mischiefs of war rather than admit the alteration of their charters and laws by Parliament…�…They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”
*multinational cybersecurity software company
PEOPLE TALK ABOUT PRIVACY A LOT WHEN DISCUSSING BROWSERS BUT WHY SHOULD YOU CARE ABOUT PRIVACY?
The Constitution states that it is the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated... whether those papers be physical documents, digital documents or private.
Visiting a website or conducting a Google search also generates metadata about the user, including information about the time and location of the activity, once again raising First Amendment concerns.
One objection to this line of reasoning is that metadata (cookies) should not be treated as a person’s “private papers,” but instead as “business records” belonging to a third party.
Source: https://www.law.nyu.edu/sites/default/files/upload_documents/Price%20Rethinking-Privacy-Fourth-Amendement-Papers_2.pdf
Privacy – Concerns outside of a web browser?
Can you hire a private security firm to �search a house without a warrant? No.��So, what is the difference here?��
Source: https://judiciary.house.gov/media/in-the-news/alarming-surveillance-feds-asked-banks-search-private-transactions-terms-maga
What about all the other software I use?
Sorry, you’re right. You’re just as buggered there too.
Here are a few resources for more information about telemetry in applications:�https://github.com/beatcracker/toptout
https://github.com/pluja/awesome-privacy
https://codeberg.org/teaserbot-labs/delightful-humane-design
The goal of this talk is to put you in control.� �Understand what data is collected by �the tools you use and decide if you want to share it. Then use methods provided here to opt-in or opt-out.
Let’s talk Browsers – HISTORY
Market share held by desktop internet browsers in the United States of America
Timeline of most web browsers and forks that occur
Browsers – History Timeline and Market Share
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Let’s start with…
Opening the application
What happens regarding our privacy if we simply …
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
The start page for Chrome is displayed and a batch of network connections are made, inspection of the content of these connections indicates a device id value is sent in a call to accounts.google.com
The URL is now pasted (not typed) into the browser top bar. This generates a request to www.google.com/complete/search with the URL details passed as a parameter.
Also two identifier-like quantities (psi and sugkey). The sugkey value is likely an identifier tied to Chrome itself rather than particular instances of it. The psi value behaves differently however and changes between fresh restarts, it therefore can act as an identifier of an instance of Chrome.
This behavior is reproducible across multiple fresh installs and indicates that user browsing history is by default communicated to Google.
The browser was then closed and reopened. Amongst the connections are some requests that contain data that appear to be persistent identifiers. �
One is a request to accounts.google.com/ListAccounts which transmits a cookie that was set during the call to accounts.google.com on initial startup, this cookie acts as a persistent identifier of the browser instance and since is set by the server changing values can potentially be linked together by the server.
Google Chrome
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
During startup Firefox three identifiers are transmitted to Mozilla: �impression id and client id values are sent to incoming.telemetry.mozilla.org, a uaid value sent to Firefox by push.services.mozilla.com via a web socket and echoed back in subsequent web socket messages sent to push.services.mozilla.com
These three values change between fresh installs of Firefox but persist across browser restarts.
Once startup was complete, the URL was pasted into the browser top bar.
This generates no extraneous connections.
The browser was then closed and reopened. Closure results in transmission of data to incoming.telemetry.mozilla.org by a helper ping sender process.
In summary, there appear to be a four identifiers used in the communication with push.services.mozilla.com and incoming.telemetry.mozilla.org, these values also persists across browser restarts.
Mozilla Firefox
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
During startup no persistent identifiers are transmitted by Brave.
Calls to go-updater.brave.com contain a sessionid value, similarly to calls to update.googleapis.com in Chrome, but with Brave this value changes between requests.
Coarse telemetry is transmitted by Brave, and is sent without any identifiers attached.
Once startup was complete, the URL was pasted into the browser top bar.
This generates no extraneous connections.
The browser was then closed and reopened. No data is transmitted on close.
On reopen a subset of the initial startup connections are made but once again no persistent identifiers are transmitted.
In summary, we do not find Brave making any use of identifiers allowing tracking by backend servers of IP address over time, and no sharing of the details of web pages visited with backend servers.
Brave
Browsers – What about _______ browser?
• Pale Moon – �uses Goanna instead of Mozilla's Quantum. �This makes it a single-process application.
• GNU IceCat – �includes additional security features and the GNU LibreJS plugin.
• SeaMonkey – �2006 fork of Firefox, maintaining the XUL plugin architecture.
• Librewolf – �modern Firefox fork with modified defaults.
• Brave – �Chromium based browser with ad blocking on default.
• Microsoft Edge – �Cross platform Chromium based browser.
• Opera – �Owned by the communist people’s republic of China.
• Vivaldi – �Poweruser and feature rich Chromium based web browser.
• ungoogled-chromium – �removing Google components, blobs, and dependency on Google web services.
Source: https://privacytests.org
What about mobile browsers?
Sorry, that’s a whole other bag.
Here’s a resource for more information:�https://madaidans-insecurities.github.io
https://www.theverge.com/2024/2/26/24083511/apple-eu-investigation-web-app-support
https://www.fastcompany.com/91024985/spyware-companies-helping-governments-hack-their-citizens
Browsers – Google Chrome Manifest V3
Why not discuss Chrome or Chromium as a privacy friendly browser?
Pre-stable Canary builds currently slated for June 2024, Manifest V3, Google Chrome’s API will no longer allow Manifest V2 extensions.
This means total changes to the world's most popular web browser.
�Your favorite extensions may stop working at any time.
Google has a stronghold on the web formats that everyone uses.
Let’s discuss Firefox, it’s derivatives, �and Brave as alternatives to Chrome.
Source: https://developer.chrome.com/docs/extensions/develop/migrate/mv2-deprecation-timeline
During this talk you will be given tools to mitigate the
omnipresent tracking that occurs on the world wide web.
Browsers – Alternative Browsers to Chromium
Web Browsing Guide for better Privacy,�Locking Down Desktop Browsers :
Firefox forks �Gecko based browsers
Brave �Chromium based browser
I heard this company or that company had this or that person do a certain thing that may or may not have made a change to the way I use the software currently or in the future.
Browsers – Critiques
Why should I use this browser or that?
Firefox - Gecko based browser
Brave – Chromium based browser
Firefox is run by the The Mozilla Foundation (stylized as moz://a), created in 1998 by the release of the Netscape browser suite source code. Initially released in 2002.
Brave is run by the University of Illinois graduate, Brendan Eich, that helped develop Netscape Navigator in 1995, and was CEO of Mozilla for a period.
FF is run by the Mozilla foundation, they get 80% of their profits from Google search referrals. �This means Google has control of their largest competitor.
What can I do to prevent my data from being leaked across the browsable internet?
Browsers – What privacy tricks can be used?
WHAT?
Browsers – Privacy Techniques
Privacy�through �obscurity
Anonymity �through �obfuscation
Privacy – Firefox: not great at obscurity
Privacy through obscurity
All of the different add-ons one can install and preference modifications �made to Firefox are inputs that can potentially be used to identify and track you.
Herein lies the catch-22: �
Considering the default settings of Firefox are �not the best choice for a privacy respecting browser. ��The more browser add-ons you install and settings you modify, �the more likely you will stand out from the crowd and be easier to track.
*RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED *RECOMMENDED
uBlock Origin ✔ � ⭐ Setup your blocking mode� ⭐ Enable AdGuard URL Tracking Protection
So what addons do I use with Brave?
Privacy – Brave … Privacy through obscurity
NONE
Use Brave as a vanilla browser...��Install and done.�Try to avoid adding more - it differentiates you. �Use the same install as thousands of other users.
“Brave includes two types of fingerprinting protections,
(i) blocking, removing or modifying APIs, to make
Brave instances look as similar as possible, and (ii)
randomizing values from APIs, to prevent cross
session and site linking (e.g. making Brave instances
look different to websites each time).”
“Most tools try to make as many browsers look identical
as possible … Brave’s system for protecting users
against fingerprinting works differently. Instead of
trying to make Brave users look identical …, Brave
tries to make you look as different as possible, for each
website, for each session. This prevents browsers from
identifying you when you visit other sites, or when you
return to the same site in the future.”
Source: https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
Privacy – Brave privacy through obscurity
Privacy – Ad profile obfuscation
Anonymity through obfuscation
Suppose you check-out (3) books from the library, two on gardening, one on woodworking. The librarian knows something about your interests. The Facebook 'like' button works the same way.
Suppose instead you took out every book in the library, and only read the ones you are interested in. The librarian (or anyone with access to the library's records) now cannot tell which books you read, or if you read any of them.
There's no opting out of the surveillance, but there is a way to resist it, to deny those doing the surveillance any meaningful, valuable, or direct data points.
Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf
Think of it like this - the tracking companies have some information about you – �maybe you have a Facebook account, a store card, public records, some unblocked ads on your mobile device, the few trackers that made it past your blockers, etc.
That information is valuable - companies collect it into data products which they sell on the basis of having some predictive power.
Not giving them more information is what you're trying to do now. You can't get them to forget what they already know about you from various data markets and aggregators. �These trade hugely diverse sources of information. Did you register to vote, do you live somewhere with high property values, did your smartphone pass a sensor on a trash can, when, etc.
Suppose you gave them a ton of useless information instead. Accurate data points about you are now drowned in noise. �They can filter the noise, but the confidence interval goes down. The value of the data product is diminished. Maybe they also filter out some accurate thing they had gleaned about you.
You go from clicking two ads a year to thousands a day. Completely useless new data points every day which they have to store, clean, process, exclude, etc.
It would be cheaper to just exclude you from the data product, you bring the average accuracy of their profiles down and cause them work.
Privacy – Firefox install AdNauseam
Anonymity through obfuscation with ….
Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf
AdNauseam not only blocks ads, it obfuscates browsing data to resist tracking by ads.
To throw ad networks off your trail AdNauseam “clicks” blocked and hidden ads, polluting your data profile and injecting noise into the economic system that drives online surveillance.
The interactive AdVault allows you to visualize and explore the ads that AdNauseam has captured.
On Firefox, you can install AdNauseam with the extensions store in browser.
Note: Firefox’s built in protections wont play well with AdNauseam: disable ‘privacy.trackingprotection.enabled’ in about:config
You need to 'Load unpacked' in Developer mode inside the extensions folder.
�THEN, and only then, can you use:
https://github.com/dhowe/AdNauseam/wiki/Install-AdNauseam-on-Chromium-based-browsers
Privacy – Brave install AdNauseam (not from Google Chrome web store)
Google has banned AdNauseam �from its web store. ��Follow these instructions to install it anyway.
Download the latest adnauseam.chromium.zip file �from releases in AdNauseam’s GitHub.� (https://github.com/dhowe/AdNauseam)�
Extract the zip file to a folder where it can remain after install.
Warning: Do not delete this folder after install or the extension will be disabled
Privacy – Brave browser install AdNauseam
2
1
CONGRATULATIONS!
Privacy – Using AdNauseam
You have successfully installed AdNauseam on both Firefox and Brave.
You can find the FAQ here.
(https://github.com/dhowe/AdNauseam/wiki/FAQ)
Quick guide on the interface and �the per site switches.
(https://github.com/gorhill/uBlock/wiki/Per-site-switches)
Browsers – Specialty privacy browsers
WHERE?
Where can you still use the internet like it was your own, with your productivity plugins, lack of malware, spam, generally more bearable,�and we can still enjoy all of the privacy comforts just discussed….
With a custom version of Firefox.
if you’d like a browser custom to your needs -- you may be building a custom browser.
Fix Firefox – Firefox obscurity flaws
The default settings of Firefox are not the best choice for a privacy respecting browser.
Many projects prefer to fork Firefox for their needs, for example…��Best in Class Obscurity: Tor Browser
And if we have to change it, we might as well make it custom to fit our needs.
Firefox is a customizable browser, & optionally �can be fingerprinted, but a custom browser can �provide an overall improved browsing experience.
Fix Firefox – Tor: gold standard for obscurity
Tor Browser uses the Tor network to protect your privacy and anonymity. �Using the Tor network has two main properties:
In addition, Tor Browser is designed to prevent websites from "fingerprinting" or identifying you based on your browser configuration.
Developed in 1996 to protect U.S. intelligence communication online, onion routing is a technique for anonymous communication over a computer network.
Fix Firefox – Tor: gold standard for obscurity
Tor has quick access to the ‘disable JavaScript’ feature. �The little shield Icon will let you select your Security level.� (https://tb-manual.torproject.org/security-settings)�
Standard (the default):
- All features are enabled (including JavaScript)
Safer:
- JavaScript is disabled on non-HTTPS websites
- Some fonts and symbols are disabled
- Any media playback is “click to play” (disabled by default)
Safest:
- Javascript is disabled everywhere
- Some fonts and symbols are disabled
- Any media playback is “click to play” (disabled by default)
Fix Firefox – Firefox flaws
Tor doesn’t leave much room for customization.��How can we customize Firefox to meet our privacy goals?
There are many choices, �the two we will be discussing today:
Leslie Bolling – famous American wood whittler at work
The default settings of Firefox are not the best choice to be a privacy respecting browser. We can manually modify them to meet our needs.
Fix Firefox – Firefox Hardening
Fix Firefox – Firefox Manual Hardening
Custom Browser – Firefox forks… is it that easy?
THERE HAS GOT TO BE
A BETTER WAY
Custom Browser – Introducing a few Firefox forks
Today we’re going to cover two different projects that both seek to enhance the privacy of Mozilla’s Firefox browser.
Customizations stem from the user.js file
Betterfox
Arkenfox
Browsers have been built around each of these projects
Offer different variants for different needs
As much privacy as possible
Privacy without the breakage
Custom Browser – Librewolf fork uses arkenfox user.js
Akenfox requires some customization to remove some of the stricter features you may not want.
These features will help you be more private, but you probably don't want them, as they can be breaking. �The Wiki page is required reading. Go to the overrides [common] to make fixes to breaking stuff.
�Arkenfox is basically what LibreWolf is built on. LibreWolf also includes some changes like default DuckDuckGo and uBlockOrigin.
LibreWolf also lets you add checkboxes to a lot of the deeper Arkenfox settings that break a lot of websites. ��It also includes the help to these settings, so you can understand what you're doing.
�Librewolf has an overrides file. If you have your own custom settings you dont have to worry about updates overwriting your config.
Lots of quality of life improvements overtime.��Do the benefits out weigh the pain? You decide.
Custom Browser – Firefox forks user.js
Betterfox – This is what you want to pick if you don't want to deal with anything being weird, or websites breaking. Arkenfox is the upstream project for Betterfox.
�Betterfox is included in Floorp, with several variations.
Floorp is based on the ESR release of Firefox, meaning Floorp is updated atleast every 4 weeks.
Any settings that are commented out in user.js come with examples. If you dig through the config you will find details to everything.
You may not be aware of all the settings out there, and a set like this will help you discover them.
Most of the preferences in this will reduce footprint, and disable some features that could be footguns, but at the same time disable some optimizations that aim to reduce cognitive load on users.
Floorp’s GitHub page has "common overwrites“ for more information.
Source: https://jm42.github.io/compare-user.js
Custom Browser – user.js … what’s the difference?
A total comparison between the different user.js files can be found here:
Looking at all the differences between these two projects can take some time. ��There are over 400 different changes made, each affecting the performance, security, workflow, privacy, and settings.
Custom Browser –
Japanese built, Floorp
Custom Browser –
Based on Mozilla Firefox. Made in Japan.
Uncertain future: �Floorp was built by a tiny team in Japan with one primary developer
Floorp key features:
Strong Tracking Protection: Floorp offers robust tracking protection, safeguarding users from malicious tracking and fingerprinting on the web.
Flexible Layout: Customize Floorp's layout to your heart's content, including moving the tab bar, hiding the title bar, and more for a personalized browsing experience.
Switchable Design: Choose from five distinct designs for the Floorp interface, and even switch between OS-specific designs for a unique look
Regular Updates: Based on Firefox ESR, Floorp receives updates every four weeks, ensuring up-to-date security even before Firefox's releases.
No User Tracking: Floorp prioritizes user privacy by abstaining from collecting personal information, tracking users, or selling user data, with no affiliations with advertising companies.
Dual Sidebar: Floorp features a versatile built-in sidebar for webpanels and browsing tools, making it perfect for multitasking and quick access to bookmarks, history, and websites.
Flexible Toolbar & Tab Bar: Customize your browser with Tree Style Tabs, vertical tabs, and bookmark bar modifications, catering to both beginners and experts in customization.
Custom Browser – - Homepage
Custom Browser – - user.js settings
Custom Browser – - user.js customizations
Custom Browser – - Betterfox explained
Floorp Defaults - By default, Floorp includes a robust tracking blocker, protecting users from a variety of malicious trackers lurking on the web. Additionally, it provides fingerprinting protection.
Securefox - Provide sensible security, privacy, and protect user data.
Default - All the essentials. None of the breakage.
Fastfox – Priority: speedy browsing. Increase Firefox's browsing speed.
Peskyfox - Remove annoyances & provide a clean, distraction-free browsing experience.
Smoothfox – Better scrolling with Microsoft Edge-like smooth scrolling.
Custom Browser – - Tab bar style
Custom Browser – - Tab bar style modified
Custom Browser – - Tab bar vertical
Yeah. Wow.
Custom Browser – - Vertical tabs in action
Addon Used: https://addons.mozilla.org/en-US/firefox/addon/sidebery
Custom Browser – Firefox - Firefox no vertical tabs
Addon Used: https://addons.mozilla.org/en-US/firefox/addon/sidebery
Custom Browser – - Browser sidebar
Custom Browser – - Quick Site Sidebar
Custom Browser – - Multiple Workspaces
Custom Browser – - Switching Workspaces
Custom Browser – - Finance Workspace
Custom Browser – - Progressive Web Apps
Custom Browser – - Installing PWAs
Custom Browser – - Using PWAs
Custom Browser – - Progressive Open App
Ta-da!�You can now:�close your browser and �minimize your �new�progressive web app
Custom Browser –
Firefox with those�design gains.
Source: https://github.com/black7375/Firefox-UI-Fix
(all the same project)
Firefox-UI-Fix�Proton Fix�Lepton
Accept no substitutes, except:
WaveFox for more Firefox theming. �(https://github.com/QNetITQ/WaveFox)
Custom Browser – Floorp using Lepton design
CSS
Firefox version 89 updated with Proton design refresh.
Photon (old FF design)
Custom Browser – - with uBlock Origin
Betterfox also has a list of recommended filters for uBlock Origin to help fill in the gaps of the overall browsing experience.
My personal lists are included below:
https://cdn.statically.io/gh/dhowe/AdNauseam/master/filters/adnauseam.txt
https://easylist.to/easylist/easyprivacy.txt
https://secure.fanboy.co.nz/fanboy-annoyance.txt
https://easylist.to/easylist/easylist.txt
https://secure.fanboy.co.nz/fanboy-cookiemonster.txt
https://easylist.to/easylist/fanboy-social.txt
https://filters.adtidy.org/extension/ublock/filters/3.txt
https://filters.adtidy.org/extension/ublock/filters/17.txt
https://malware-filter.gitlab.io/malware-filter/urlhaus-filter.txt
https://raw.githubusercontent.com/yourduskquibbles/webannoyances/master/ultralist.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://winhelp2002.mvps.org/hosts.txt
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/AnnoyancesList
Source: https://github.com/yokoffing/filterlists#guidelines
Custom Browser – Firefox forks, Floorp, in detail
: Recap
Just give it a try, most features are disabled by default so you need to turn them on, otherwise it's just Firefox + Sidebar.
List of Floorp features:
Vertical tab + Collapse ✔️
Sidebar ✔️
Change keyboard shortcuts ✔️
Workspace ✔️
Sleeping Tab ✔️
Profile Switcher ✔️
Tab Tiling ✔️
If you want to find out more about a setting, use:�
about:about
(this works in any Firefox browser)
- Floorp in relation to Firefox is the same as Vivaldi in relation to Chrome - �They are forks aimed at power users with a native support for vertical tabs.
Don’t take my word for it, here’s everyone else using Floorp!
The Gecko Version of Midori uses Floorp.
Source: https://news.itsfoss.com/midori-11
�And it looks like Midori includes Matomo tracking ☹
FireDragon is essentially a custom Floorp fork with the gradient KDE Sweet theme and Beautyline icons.�Source: https://forum.garudalinux.org/t/new-firedragon-major-version/34585
Other Projects Using Floorp:�Waterfox (Sep 2023)
Pulse (Dec 2021)
Ghostery Private Browser (Feb 2021)
Custom Browser – - Don’t take my word
Source: https://github.com/yokoffing/Betterfox?tab=readme-ov-file#browser-integration
Custom Browser – Firefox - Multi-Account-Containers
A Note on Qubes OS
If you want to surf privately on Qubes OS, the qubes are using Firefox ESR out-of-box. ��The Firefox they ship provides�no privacy benefit, other than �containerization.
So let’s containerize our Firefox!
Custom Browser – Firefox - Multi-Account-Containers
What are Containers and how can they help?
Containers are a tab/process isolation mechanism in order to separate each new tab/window from each other. This means each Tab gets it’s own resources.
Isolating cookies inside of containers prevents other sites from being able to access them, thus increase both privacy and security in theory.
�You can see each tab or group with a different color and icon.
The real power is when you use Multi-Account-Containers for websites you frequent and Temporary Containers for everything else.
The following example explains to you how to use Firefox containers alongside temporary containers to increase your privacy while you are browse browsing.
Source: https://addons.mozilla.org/en-GB/firefox/addon/multi-account-containers
Source: https://addons.mozilla.org/en-GB/firefox/addon/temporary-containers
Also, side note: Brave will never get Multi-Account-Containers
Custom Browser – Firefox - Unlimited Containers
Some settings for Temporary Containers
General:
Isolation > Per Domain:
Source: https://chefkochblog.wordpress.com/2018/04/03/firefox-container-guide/
Isolation > Global:
Custom Browser – Firefox - Container usage examples
Example: Multi-Account-Containers & Temporary Containers
Custom Browser – Firefox - Extensions Menu
Open Extensions, Click on Multi-Account Containers
Custom Browser – Firefox - Multi-Account Container
A new menu will open, click ‘Manager Containers’
Custom Browser – Firefox - Manage containers
Inside this second menu, click ‘New Container’
Custom Browser – Firefox - Create container name
Select a ‘color’, ‘icon’, and ‘name’ for this container
Custom Browser – Firefox - Manage new cont.
We can view our new container in ‘Manager Containers’
Custom Browser – Firefox - Always open this tab in
To open this URL in the created container, click the icon
Custom Browser – Firefox - Use this container
Select the container to use for this URL
Custom Browser – Firefox - Assign Container to Tab
Visit the URL again, and you will see a new screen
Select ‘Remember my decision for this site’ and ‘Open in new container’
Custom Browser – Firefox - Containers Completion
YAY!�In the URL bar you can now see �your tab is open in the new container.
Custom Browser – Firefox - Unlimited Containers
New Website, same concept. Open ‘Manage Containers’
Custom Browser – Firefox - Create New Container
Create a ‘New Container’ for Ecosia search
Custom Browser – Firefox - Name the new Container
Name our container something easy to use
Custom Browser – Firefox - Container Choices
Ahh! Both new containers are available.
Custom Browser – Firefox - Click on the icon in bar
In the URL bar, click the icon, ‘Always Open This Site In…’
Custom Browser – Firefox - Set Container to New Tab
This is the same, every time
Visit the URL again, and you will see a new screen
Select ‘Remember my decision for this site’ and ‘Open in new container’
Custom Browser – Firefox - Unlimited Containers
�Works Great! Now do I have to �do this with EVERY website?�
�No. �We can use:�Temporary Tabs
Custom Browser – Firefox - Unlimited Tmp Tabs
Visit: CNN.com
It will open in a�new ‘tmp1’ container
This is a new containerized website.
Custom Browser – Firefox - Temporary tab stays open
Browse: CNN.com
New tab will remain open �in same ‘tmp1’ container
This site stays in the same container until:�‘After the last tab in it closes’
Custom Browser – Firefox - New container, tmp2
�This will continue, unless you set a �Multi-Account Container to store it in.�
Browse: MSNBC.com
New tab will create a�new ‘tmp2’ container
Custom Browser – Firefox - Unlimited Containers
�Multi-Account Containers is for sites �you actually want to keep cookies/data on. ��Sites you want to stay logged in to.��Unless you like reaching for 2FA every time you login, then security it up, bud.�
I know someone who wrote a really good blog article on using Sidebery with any Firefox browser to tab-sync and maintain their active tabs and tab history across multiple devices.
Source: https://blog.holtzweb.com/posts/browsers-firefox-floorp-sidebery-setup
blog.holtzweb.com
Sync your tabs using bookmarks, json, or md.
Custom Browser – Firefox - Tab Sync
Custom Browser – - 99.99% is never 100%
You will still have to deal with the occasional error.�Floorp may be the easiest set and forget setup, with �little to no intervention needed, but even then�99% perfect still leaves room for 1% of problems.��Knowing your tooling, setup, and configuration can help.
Ok, you’re right. Firefox ride or die.
Custom Browsers? – Floorp That. Firefox Ride or Die.
So, just for you –�I made a script that �sets up a new Firefox profile,�just like Floorp.
#!/bin/sh
echo -n "Please describe this Firefox Profile with a name: " && read ffProfileName
addonlist="adnauseam,
bitwarden-password-manager,
switchyomega,
darkreader,
sidebery,
floccus,
nighttab,
multi-account-containers,
temporary-containers,
facebook-container,
containers-helper,
fastforwardteam,
redirector,
clearurls,
istilldontcareaboutcookies,
onetab,
downthemall,
external-application,
canvasblocker,
checkmarks-web-ext,
audioctx-fingerprint-defender,
webext-private-bookmarks,
refined-h264ify,
requestcontrol,
ttsfox,
ecosia-the-green-search,
ddg-lite-search-provider"
echo "Creating Profile"
firefox -CreateProfile $ffProfileName
# sed will search for `Path=` it will then try and find the line with the name of the firefox profile specified above. Then remove all text to the left of the `=` sign.
folder=$(sed -n "/Path=.*.$ffProfileName$/ s/.*=//p" ~/.mozilla/firefox/profiles.ini)
# sed -n 's/Path=//p' ~/.mozilla/firefox/profiles.ini | grep $ffProfileName
path="/home/$(whoami)/.mozilla/firefox/$folder"
cd $path
echo "Profile Creation Finished"
mkdir chrome sidebery 2> /dev/null
bash -c "$(curl -fsSL https://raw.githubusercontent.com/black7375/Firefox-UI-Fix/master/install.sh)"
cd $path
curl -sS https://raw.githubusercontent.com/christorange/VerticalFox/main/windows/userChrome.css >> ./chrome/userChrome.css
curl -sS https://raw.githubusercontent.com/christorange/VerticalFox/main/sidebery/dark_sidebery_styles.css > ./sidebery/dark_sidebery_styles.css
echo -e "\nYou will need to paste in the styling for Sidebery.\nThe styles are located at $path/sidebery\n" && sleep 2
echo -e "\nA reminder will be displayed again at the end of the script." && sleep 5;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/user.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Securefox.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Fastfox.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Peskyfox.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Smoothfox.js >> user.js && clear;
echo "Downloading Addons"
addontmp="$(mktemp -d)"
# trap will run when there is an exit command, or this script is terminated
trap "rm -fr $addontmp" HUP INT QUIT TERM PWR EXIT
mozillaurl="https://addons.mozilla.org"
IFS=$'\n,'
mkdir -p "$path/extensions/"
for addon in $addonlist; do
echo "Installing $addon"
# grep will match anything that is not a double quote ("). When encountering a double quote, it will act as a terminating character for the grep operation.
addonurl="$(curl --silent "$mozillaurl/en-US/firefox/addon/${addon}/" | grep -o "$mozillaurl/firefox/downloads/file/[^\"]*")"
# You can directly manipulate a string without assigning it to a variable, you can use command substitution:
# echo "Filename: $(basename 'https://example.com/downloads/file.zip')"
# Or this script uses parameter expansion:
file="${addonurl##*/}"
curl -LOs "$addonurl" >"$addontmp/$file"
# You can use command substitution instead of parameter expansion and use the following command:
# unzip -p sidebery-5.2.0.xpi manifest.json | grep "\"id\"" | sed 's/"//' | awk -F '"' '{print $3}'
id="$(unzip -p "$file" manifest.json | grep "\"id\"")"
id="${id%\"*}"
id="${id##*\"}"
mv "$file" "$path/extensions/$id.xpi"
done
echo "Addons Installed"
if [ -f $path/sidebery/dark_sidebery_styles.css ]; then
echo -e "\n==========================================================\n== You will need to paste in the styling for Sidebery. ==\n== Open Sidebery settings, Styles editor. And paste in ==\n== any of the new styles. You may find them in: ==\n$path/sidebery/dark_sidebery_styles.css\n==========================================================" && sleep 2
fi
You can find it here:
https://github.com/MarcusHoltz/Firefox
That was a lot of information.
Browsers – Brave …?
Isnt there an easier way, something I can just
Install
and forget
no extra steps
So what addons do I use?
None. I use Brave as my vanilla browser...
…but I do make some changes.
Browsers – Brave … we can’t customize it … so now what?
These settings are mostly preference.�Some changes will make you appear unique to trackers.
Again, please choose what works best for your needs.
The appearance of ads on Brave to promote content creators:�
Browsers – Brave Tweaks
Starting with…
Brave Rewards
Advertisers pay Brave to buy BAT to run ad campaigns on the Browser.
Users can earn BAT by viewing these ads, and Brave keeps a cut (30%) to run their operations.
Screen Captures were taken�on Brave version 1.45.116
Ubuntu 21.10 �KDE Plasma 5.22.5 – Arc Dark Theme
1. Open Settings
2. Click Section
Personal Choice
The appearance section of Brave settings contains:�
Browsers – Brave Tweaks
Next up…
Appearance
*most notably, Firefox does not include comparable functionality as Brave Speedreader
Open Settings
Privacy Suggestion
Personal Choice
“…unlike most ‘reader-mode’ features, Brave Speedreader modifies the page content before the page is loaded, rather than after, which saves you data and provides faster load times. “
Personal Choice
Under Appearance
2024 Update!
Yeah. Wow.�Built in Vertical Tabs
This is a normal webpage.
Speed Reader EXAMPLE
Turn Speedreader on
Speedreader OFF
Browsers – Brave based AI
Artificial Intelligence hosted by Brave…
Brave Leo
Why don’t I let Leo introduce itself....
Hi, I'm Leo. �I'm a fully hosted AI assistant by Brave. �I'm powered by Mixtral 8x7B, a model created by Mistral AI to handle advanced tasks.
…let’s see what kind of speed reading it can do….
2024 Update!
Browsers – Brave Tweaks
Looking closer at…
Brave Shields
Shields is the core part of that protection.
Brave Shields – Protection is on by default, on every web page you visit.��But, let’s see if we can’t up that protection a bit….
Browsers – Using Brave Shields
A long list of what Shields can do
By default, Brave has the strongest privacy protections of any popular browser. And Shields are a core part of that protection. Here’s a long list of what they can do:
Block third-party ads & trackers
Cookie partitioning
Fingerprint randomization
Phishing protections
Source: https://brave.com/shields/
Browsers – Locating Brave Shields
To locate site-specific Shields settings, �Visit any website in Brave. Click the Lion icon on the right side of the address bar to reveal the Shields drop-down panel.
Privacy Choice
Privacy Choice
Strict,�no longer supported
Source: https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
Open to add additional lists
Add your favorite PiHole lists
Browsers – Brave Shields vs Ublock Origin
Brave Shields will block annoying consent banners.
TheSouthern.com had some differences between plugins. �
We can see some discrepancy between �Brave Shields and Ublock Origin:�� Brave - 11�Ublock Origin - 9��both on together:�
Brave - 8�Ublock Origin - 1�
�It seems there’s quite a difference between the two.
BuzzFeed had some differences between plugins. �
We can see some discrepancy between �Brave Shields and Ublock Origin:��Brave - 10�Ublock Origin - 31��both on together:�
Brave - 9�Ublock Origin - 8�
�It seems combining the two blockers only made them fight each other.
Privacy and Security
section of Brave is where you can make many of the tweaks
that allow you to have control over:
Browsers – Brave Tweaks
The…
Privacy Suggestion
(Off by Default)
keep it that way
Open to change DNS/HTTPS
Privacy Suggestion
Privacy Choice
Open for Specific Permissions
Going back to… to Privacy and security
Privacy Choices
SCROLL DOWN
for more options
Privacy Choice
Privacy Choice
Browsers – How can I keep track of what opens in what?
Open specific links with respective profiles.
Per Client/URL basis
This solution offers a program to replace the default browser.
Decide which app/profile to open based on the domain or a keyword in the URL.
staging.client-a.com 🡪 chrome 1
test.client-b.com 🡪 firefox 3
…too many Browsers…��How do I manage workflow?
Browsers – What now?
You've been playing Angry Birds on your cell phone this whole time? �
Source: https://libertytools.io/privacy
lt;dr
Florp is to Firefox�what�Brave is to Chrome
Privacy respecting web browsers that improve the �over all experience of the browsable internet.
Browsers – Search Engines
Your search engine does tracking as well…. And watch out for manufactured results.
Let’s discuss some alternate options available.
Google searches with tracking removed:
�Caveats: �Startpage is now owned by System1, an ad company, and �is closed source. �
Here are two replacements for your favorite search engines. You’re still using your favorite search engine, but with more privacy in mind.
Source: https://restoreprivacy.com/startpage-system1-privacy-one-group
into
Browsers – Search Engines
Let’s discuss more alternate options available.
By ranking my favorite alternative search engines.
Swisscows is a swiss based “family-friendly” search engine.
Searx is fantastic. �Hosted in multiple locations around the world. Self-hostable, open source metasearch engine with good results.
Brave Search “will not use secret methods or algorithms to bias results.”�Brave acquired Tailcat, the open search engine developed by the team formerly responsible for the privacy search and browser products at Cliqz. Brave Search has a unique web indexing, that does not rely on third-parties.
DuckDuckGo great at simplifying privacy, but takes money from daddy.
For a time, they were not allowed to block Microsoft trackers because they have a contract with them for Bing.
They still block other trackers, which is something.
Presearch search engine powered by blockchain technology�Ignoring the crypto, it’s search results are pretty good and it protects your privacy.
Source: https://libertytools.io/privacy
Browsers – Search Engines
Let’s discuss how few options are available.
Source: https://www.searchenginemap.com
May I pour you some example searches?
fixing a 1974 ford carburetor
where to buy a 20 sided die
Browsers – Anything else? What? Why do I need a VPN?
Riseup offers Personal VPN service for censorship circumvention, location anonymization and traffic encryption.
VPN
This is a FREE VPN service with comparable speeds to most paid VPN services.�The cost for RiseupVPN to provide this service is approximately $60 USD per person per year.
Like Tor, a VPN can help with privacy.
Use the same IP address as many other users, hoping to gain a layer of obscurity.
If you're not careful, you can inadvertently reveal way too much information about yourself to websites, companies, and even the web browser makers themselves.
DEMONSTRATION
Let’s do that now.
RUN THEM YOURSELF: � github.com/arthuredelstein/privacytests.org/tree/master/scripts
OR
Surveillance Capitalism
Privacy – Concerns outside of a browser and search?
Source: https://www.webfx.com/blog/internet/what-are-data-brokers-and-what-is-your-data-worth-infographic/
OK…. Data brokers sell. �So … who are the buyers?
Surveillance capitalism raises significant concerns about privacy, transparency, fairness, security, and market competition.
Your information is conglomerated by �data brokers from a variety of sources, including social media, telecommunications companies, public records, commercial sources, or simply USB mouse drivers. ��These firms then sell that as raw data or an enriched analysis with inferences based on different pseudonymous identifiers.
Privacy – Concerns with who now?
Government is big data, big data is government.
A Fourth Amendment loophole: ��Government agencies are buying your data.�The government can’t seize your digital data. �Except by buying it.�
Sources: �https://www.washingtonpost.com/outlook/2021/04/26/constitution-digital-privacy-loopholes-purchases/�https://www.wired.com/story/pentagon-data-purchases-wyden-letter/�https://www.nytimes.com/2024/01/25/us/politics/nsa-internet-privacy-warrant.html
Source: https://judiciary.house.gov/sites/evo-subsites/republicans-judiciary.house.gov/files/evo-media-document/NSF-Staff-Report_Appendix.pdf
https://redirect.invidious.io/watch?v=taeRFj6cDxI
The Committee and the Select Subcommittee are responsible for investigating:�“violation[s] of the civil liberties of citizens of the United States.”
The government is a concern?�I thought they were the good guys….
Really?�Because here is an image from�Select Subcommittee on the Weaponization of the Federal Government
Government is big data, big data is government
Scenario:�You clicked on a link from a co-worker. *beep*�That link is now deemed to “harm information or society,” �even though the factually correct memes there are solid gold hilarity…
Privacy – Concerns with Big Brother, never!
�MEMES NOT SANCTIONED, �ADDED TO PERMINANT RECORD. �DEDUCTED 3 SOCIAL POINTS.�
Sick of Main Stream Social Media?
Join the Fediverse to get your fix!
Mastodon allows users to post, follow people and organizations, and like and repost others' posts.
Mastodon supports audio, video and picture posts, accessibility descriptions, polls, content warnings, animated avatars, custom emojis, and thumbnail crop control.
Mastodon is free and open-source software for
running self-hosted social networking services.
It has microblogging features similar to the Twitter service.
Mastodon – What is Mastodon? …I thought this was a browser talk
Should I use Mastodon?
YES!
Don’t get left out and become an old bag of bones.
Data correlation can come from any source.
Privacy – Concerns outside of a web browser?
Assigning a number to a name.
Source: https://judiciary.house.gov/sites/evo-subsites/republicans-judiciary.house.gov/files/evo-media-document/NSF-Staff-Report_Appendix.pdf
It's no longer �customer A and customer B. ��It becomes citizen A and citizen B.
Source: https://letmegooglethat.com/?q=american+ISPs+collect+data
https://familyguy.fandom.com/wiki/Wonders
Don’t believe me about the pervasive nature of government involvement?
Privacy – Does this problem really exist?
If this is from 2013, �what is modern day?
* Google lawsuit �activity tracked even when Chrome set to ‘incognito’ �Source: https://www.theguardian.com/technology/2023/dec/29/google-lawsuit-settlement-incognito-mode
Which is often the case…
We’re here to talk about Browsers. �But watch out for any proprietary software, �you can’t really know everything it is doing.
It could, literally, be spying on you in real time.
No matter what setting you have chosen.
* Apple lawsuit�iPhone ignores privacy toggle, defaulted on�Source: https://www.bloomberglaw.com/public/desktop/document/LibmanvAppleIncDocketNo522cv07069NDCalNov102022CourtDocket?1668197884
Source: https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558
Privacy – Privacy concerns with proprietary software
…just a sample….
That was a good example of the data that is able to be scraped, analyzed, and sold.
The New York Times
Source: https://www.nytimes.com/interactive/2019/08/23/opinion/data-internet-privacy-tracking.html
reconstructed daily web sessions to present this gloriously invasive picture of the author’s digital life you see here.
...here is more…
Browsers – Privacy Techniques
WHEN?
�When should anyone even care about privacy?�Do we even gain anything meaningful or tangible for all of this effort?
Isnt this, like, the same amount of effort and change �that reposting some political meme on social media does?
QUESTION
Source: https://en.wikipedia.org/wiki/Enshittification
Maintaining your privacy helps prevent the misuse or �abuse of this data by companies or third parties. � > Lock your car, don’t temp the thieves. <
Saying "I have nothing to hide - so don't need privacy," is like saying � "I have nothing to say - so don't need free speech".
160
Marcus Holtz�marcusaholtz@gmail.com
https://www.holtzweb.com
(720)445-5887
Contact me
Thanks again, we’re �always looking for people �to give creative �and inspired talks �about free software!
THANKS FOR JOINING ME
No Attribution Needed - ShareAlike
NO CC BY-SA NEEDED