How paranoid are you?

lemmywinksthegerbilking , 4 days ago

LibreWolf as daily driver and whenever I need a little extra privacy I use Tor or even tails

cygnus , 1 month ago

I don’t know what Floorp makes me…

RmDebArc_5 , 1 month ago

Picture one but in a Japanese/anime style. Wait a second

sparkle , 1 month ago

Based and customizationpilled

Cosmonaut_Collin , 26 days ago

Floorp is the best option simply by name alone. I love floorping for information.

VantaBrandon , 1 month ago

I exclusively browse with cURL and manually parse HTML myself the old fashioned way

hakunawazo , 1 month ago

https://lemmy.world/pictrs/image/7995ffee-1ee5-444e-877a-07004dd5fc82.jpeg

AeonFelis , 1 month ago

Why parse the HTML manually when sed is a standard utility and you can use it to parse it with regex?

univers3man , 1 month ago

Ooh, it’s my turn to link this beauty.

stackoverflow.com/…/regex-match-open-tags-except-…

Buddahriffic , 1 month ago

Insert copypasta of angry nerd ranting about using regex to parse html.

VantaBrandon , 28 days ago

Its a valid rant, ditto to email

boredsquirrel , 1 month ago

Librewolf is just a usable Firefox

TrickDacy , 1 month ago

Firefox is a completely usable Firefox.

boredsquirrel , 1 month ago

If you dont care about Ad search engines, Studies, Pocket, Google Safebrowsing, search suggestions, a start page with ads, weak privacy settings, all cookies saved forever, no adblocking, a unique canvas fingerprint, a user agent containing your Linux Distro,…

I went through the arkenfox user.js and literally all of it minus 20 or so settings just make sense. The rest are kinda overkill, but really, Firefox is horrible out of the box.

It is really modular luckily

jbk , 1 month ago

“horrible” being mostly sensible for the average user, as well as basic telemetry for making development much easier. but muhhh nooo with that information they can know who exactly I am!!! preach!!!

boredsquirrel , 1 month ago

A lot of these are privacy invasive. Senseful telemitry is fine, but I dont see how they do that.

boredsquirrel , 1 month ago

Could you list what exactly is necessary to have a good user experience?

TrickDacy , 1 month ago

Most of these aren’t issues or are “solved” in a couple of seconds.

I am curious, exactly how would it be remotely possible for me to care that my UA string mentions Ubuntu when that’s not even technically my distro? I cannot summon an ounce of concern there. Seriously, how the hell would that matter in the least to anyone?

boredsquirrel , 1 month ago

It adds one factor for Fingerprinting that is simply not needed

TrickDacy , 1 month ago

I knew you would say that. I imagine that user agent strings as a concept are bad, in your opinion?

boredsquirrel , 1 month ago

They are useful to differentiate mobile from PC devices. That is not needed as many Websites are dynamic, but useful for some.

As all browsers also support the common web standards, it is also not necessary for determining supported features or something.

The only other use I find is having download links targeting the platform, but especially on Linux that is not really useful

TrickDacy , 1 month ago

“useful” is relative. I prefer a world where websites can know which platforms users are coming from, as it helps them know where to focus their support efforts.

There are billions of users but probably only a few OSes mentioned in UA strings so it seems like a decent trade off to me. My exact UA string is likely shared by millions of users even though my OS is somewhat rare on the world stage. Until the day comes that web browsers work exactly the same way on every platform, at which case I’d agree with you, no longer useful. Unfortunately for decades we’ve been quite a bit short of that end.

Just checked because I couldn’t remember exactly what OS info mine included last I looked. It’s quite generic: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0

boredsquirrel , 1 month ago

There is a big variety of browsers there, and as I said, the UA is simply one of the many tracking points.

Websites often dont support users, they live off ads because we didnt find any internet model that can live without ads, which are a horrible concept.

I was in a supermarket today where card payment was broken. There was a huge sign in the middle of the entrance about that, but a lot of people still didnt read it and had to bring back their groceries.

I think this is in part due to ads. Ads train us to not concentrate, zoom out and be passive. Otherwise, looking at all that manipulative garbage would make us insane.

So I am curious to why Websites would need to support users. Normal web standards work the same. There is a trend towards not supporting Firefox or maybe platforms with worse DRM, like Linux (where you can screencast any DRM browser anyways). So I think Netflix uses the Linux user agent to limit you to 1080p (as a laptop user and pirate I have no idea how this is an issue though)

You are lucky here with your generic UA. maybe this is also outdated, but I read this was a thing at least on some distro packaged Firefoxes.

Also that the search engines preconfigured would always get the info about what OS you are using.

Yes these things may not be critical, and Firefox does a ton of awesome things like cookie isolation and containers, to limit the creepy stuff.

But

• having HTTPS off by default
• being on “default” privacy level
• keeping all cookies

Is simply not okay. HTTP is still possible, I only know a single popup-ads-riddled site that doesnt work with Firefoxes most private setting. And deleting all cookies and making exceptions work kinda fine.

There was a button to save cookies for a site, but it is gone? No idea why.

Improving good private UX helps. Being too shy to implement it harms its reputation I think.

I also like Brave with their model for monetization via crypto. I would be happy to tip a few cents for every website click, but micro transactions just dont really work.

But as a sensitive person, I will absolutely always block every ad possible, as ads are horrible.

TrickDacy , 1 month ago

I agree with you about ads for sure. But I’m not really sure what you mean about https being off by default. What I’ve noticed is that if I type an IP address into the address bar, FF first tries https and if that fails falls back to http.

Regarding UA string: As a web developer I have worked on many projects, one currently, where browsers misbehave in unpredictable ways. Most notable these days is Safari. Without a user agent string I really don’t have a way to workaround that browser’s shortcomings. Yes, for this purpose, the UA string should be a last resort because feature detection is best, but trust me feature detection isn’t always possible. It would not work for the current slew of issues I’m working through in Safari.

Also, I would encourage you to read up on Brave and funder/fundamentalist Peter Thiel. Brave is not only a Google supporting browser by virtue of using chromium, it’s also wrapped up in some shady shit, including being funded by a conservative psychopath.

boredsquirrel , 1 month ago

I mean the HTTPS-only toggle. It still allows HTTP but after a warning. HTTP sites still work, so this should be opt-out.

Safari only works on 2/3 Platforms, so I dont think a UA containing the OS, let alone a detailed “Lubuntu” etc. detail

I heard about Peter Thiel I think in very different contexts? I wouldnt support Brave at all, I use a mix or hardened Firefox, Mull and Vanadium.

TrickDacy , 1 month ago

I really don’t understand. So the fact that FF warms you against a (btw rare) thing is somehow not enough? …

And I’m telling you as a web developer who has to support multiple versions of Safari, it’s not something I can just dismiss as irrelevant as you’re apparently intent on doing.

And about brave, you brought it up not me. Still don’t understand why it even came up, especially if you’re actively against it…

boredsquirrel , 1 month ago

I am not sure how embedded media inside HTTPS websites use HTTP. But using HTTPS exclusively is very possible today, nearly no websites not supporting it. So I see no reason here.

But this is just an example and that is also GUI configurable.

I see that Safari and different Browsers are an issue, but do you need OS info for that? Especially fine grained info?

I mentioned Brave because they integrated something that is not ads, but I think it is ads anyways? So not using the browser, but pro anything with direct payment

TrickDacy , 1 month ago

Still unsure what you’re saying about https. Firefox treats insecure sites as dangerous and tries to tell the user to beware, for that one time a year you might run into that situation. And by default, insecure content in a secure page is blocked in FF and I think that was true even in IE 11. That’s been pretty standard for a long time.

Regarding OS in the UA, no, rarely would you need it. I think browsers can send whatever they want there though. Are you saying that LibreWolf sends one without OS? Again to me it’s a little paranoid to nitpick this but what I thought you were saying before is that UAs should not exist period, which I was disputing because I literally have been spending the last month working through safari specific bugs that would be nearly impossible to handle without a UA string to know the user is running safari. Sometimes I do need to know iPad vs iPhone, but that’s not only rare but probably even more offensive to you than the UA mentioning the OS/OS family.

boredsquirrel , 1 month ago

Firefox treats insecure sites as dangerous and tries to tell the user to beware

I only get that behavior when setting HTTPS-only. If I dont, I think it may display a warning but thats it.

Are you saying that LibreWolf sends one without OS?

No they often take Windows 10 on FF ESR

Sometimes I do need to know iPad vs iPhone

I think that is a problem of the browser isnt it? And how does a “desktop site” button work? Does it change the UA or is there a different way to switch between the site views?

I dont know why this couldnt be done with a “safari on iPadOS” vs “Safafi on iOS” or a separate value for “phone”, “tablet”, “desktop”.

The OS is way less important than the browser and the form factor here.

TrickDacy , 1 month ago

I think it may display a warning but thats it.

Yeah that’s what I said. It is your opinion that a warning is not enough but I very much don’t feel that way. Users should be treated like adults by default.

No they often take Windows 10 on FF ESR

I don’t know what this means unless you’re saying it just always reports win 10

As far as the rest of your comment… I have been building websites for 20 years now and I’m not content to do things the wrong way, so I’ve researched and considered the available options.

It doesn’t matter if it’s a “browser problem” since I don’t get to tell users that iOS sucks ass, which it does.

Kind of feels dismissive the way you’re hand waving away all the problems I deal with all the time. Like I said, until browsers behave consistently or at least predictably if they don’t support something, UA will be needed sometimes. I haven’t needed it for anything but safari in a long time but again I don’t get to tell those users to get a decent browser. On iOS they don’t even have that option if they were to want another browser.

boredsquirrel , 1 month ago

Users should be treated like adults by default

Thats why there is an “accept the risk and proceed” button ;)

By default, Firefox loads Javascript from any site. The Pegasus Trojan was transmitted by hijacking 2G and 3G network connections, and using malicious HTTP redirects that wouldnt work with HTTPS.

They are zero-click, meaning just opening that site would run the code.

i think security should be normalized.

it just always reports win 10

It reports to be Firefox ESR on Windows 10. Maybe Windows 11 now.

you’re hand waving away all the problems I deal with all the time.

I didnt. I just find it odd that you need to know the OS to display a site for 3 different form factors. But if that is true, then a UA might be a solution.

TrickDacy , 1 month ago

I just find it odd that you need to know the OS to display a site for 3 different form factors

Yeah, a lot of things seem odd until you take 20 years to understand them.

TrickDacy , 1 month ago (edited 1 month ago)

really, Firefox is horrible out of the box.

It is really modular luckily

Talking shit, but even you still have to recognize excellent software design.

boredsquirrel , 1 month ago

Stop harrassing me please. Just because you are fine with something, you cant say anyone else is talking shit.

Firefox is really modular, and that makes it different from the other browers.

TrickDacy , 1 month ago

I don’t see how a couple of replies could be considered harassment just because I used the phrase “talking shit”. The fact is that you’re fear mongering, and you apparently don’t like it being questioned.

KillingTimeItself , 1 month ago

does using chrome make you naked or something?

unless it’s just equivalent to firefox, which i doubt.

Seasm0ke , 1 month ago

Internet explorer makes you naked for sure.

Chrome maybe in swim trunks at a shopping mall. Everyone (advertisers etc) can see you and you’re weirdly exposed.

A_Random_Idiot , 1 month ago

I’d trust IE a lot more than I’d trust chrome.

Seasm0ke , 1 month ago

Y’know it is discontinued and has a lot of dangerous settings but I just pulled a cve count and you may be on to something.

IE - 44 cvedetails.com/…/Microsoft-Internet-Explorer.html

Chrome - 3448 www.cvedetails.com/…/Google-Chrome.html?page=1&or…

KillingTimeItself , 1 month ago

this one makes sense, i like this one.

And dont forget the the sunglasses either. Every chrome users wears a pair of sunglasses inside for sure.

Kerred , 1 month ago

I use Microsoft Edge (parental controls and uBlock). That that made me whatever is beyond naked? Like one of those clear dummies in a health class that shows organs?

KillingTimeItself , 1 month ago

nah, i think probably just, transparent, like visually see-through.

axum , 1 month ago

It certainly will after it kills Manifest v2 entirely soon. goodbye good version of ublock

KillingTimeItself , 1 month ago

TRUE

GustavoM , 1 month ago

I’m forced to use Brave or else my potato has a heart attack – what am I?

Dultas , 1 month ago

Lynx

TimeSquirrel , 1 month ago

Telnet directly to web server and manually type all the GET/POST requests yourself. Then read raw HTML.

RustyNova , 1 month ago

Librewolf, but I’d argue it’s more of a Firefox/web debloater reason. No pocket, no VPN ads. I would have said that the only issue is that it is a pain to update, but they added a windows updater and software repos, so I would almost recommend it over stock firefox for normies.

And I use tor to search stuff that contains sensitive data like my location… Or when a website is blocked

30p87 , 1 month ago

And as a more advanced user, I need nightly (for custom compiled addons), and just configured everything relevant to be as close to LibreWolf as possible/good for privacy.

RustyNova , 1 month ago

Fair enough. But can’t be assed to switch every little thing, and keep track of the new ones (like the ad tracker in 128)

eya , 1 month ago

it is a pain to update, but they added a windows updater

the linux package manager in question

Jumuta , 1 month ago

it’s not in the arch repos 💀

swab148 , 1 month ago

It’s in the AUR

Jumuta , 1 month ago (edited 1 month ago)

everything is in the aur

edit: i use the aur package already, but you have to acknowledge aur packages just aren’t the same

thearch , 1 month ago

but it’s available as flatpak

Jumuta , 1 month ago

slow

thearch , 1 month ago

flatpak has the same or negligibly worse performance than a regular package.

RustyNova , 1 month ago

I mean an updater on the windows (the os). Sadly forced to use windows at work, but at least I got my Librewolf.

Blaster_M , 1 month ago

UniGet GUI

Cethin , 1 month ago

This is the argument I keep using for why people should use Linux more. The fact you have to run updater software for each piece of software is so stupid. It’s a horrible solution to a poorly designed problem. On Linux I just tell my package manager to update everything and it takes care of it all. There’s no need for the user to be handling all of that, and it also shouldn’t have to update in starting the application because that’s when the user wants to use it, not wait for an update.

(For reference: it’s the same thing as on your phone where it tells you the number of things that need updated and you just tell it to update whenever you feel like it.)

RustyNova , 1 month ago

That’s a great point, but Linux Mint hasn’t a repo for Librewolf in a long time, meaning it was only available through Flatpak. It’s not a big issue, but it does break keepassxc, and is a pain considering the drama Debian got over it

prunerye , 1 month ago

Last time I distrohopped, this was actually one of my main benchmarks. If I couldn’t install Librewolf in under a minute, I picked a different distro.

RustyNova , 1 month ago

I hope your benchmark was on something else than a live usb /j

But now most distros only need to install through the package manager, or at worse add the repo

LucidNightmare , 1 month ago

Windows has had winget for a while now. While not as good as Linux version, I think it’s fine enough for those who must still use Windows for their gaming. 🤔

Cethin , 1 month ago

Just FYI, gaming isn’t a reason to stay anymore really. I’ve only had minor issues since switching.

ayyy , 1 month ago

Multiplayer doesn’t typically work in Proton :(

Cethin , 1 month ago (edited 1 month ago)

Yes it does. I’ve been playing Squad, Hunt, and The Finals recently. I’ve also played CS, Overwatch, Tribes 3, and some other multiplayer games too. It almost always works, unless they want you to install a rootkit to play, like Valorant.

LucidNightmare , 1 month ago

For general gaming for sure! Retro gaming is even better on Linux! I am one of those that loves modding their games though, and the tools aren’t there just yet. With Nexus beginning beta for Linux support, I am hopeful that I will be able to switch over soon enough. :)

Cethin , 1 month ago

Yeah, that’s true. Modding does suck. KSP has good Linux support for modding, but I think that’s the only one that I haven’t had to do manually. Manual modding is not hard though, but it does take more time.

histic , 1 month ago

I haven’t had any issues running modded games but if I do normally only mod unity games

JackbyDev , 1 month ago

There’s like three package managers for Windows and none of them have gained enough traction to really be considered the de facto.

Also, Microsoft stole AppGet from its developer and didn’t pay them anything.

wreckedcarzz , 1 month ago

Chocolatey ftw. I was already eyeing it when I jumped to LW so I did the setup for choc and now I have most of my software being managed through it. It’s not perfect but on a schedule, it’s as set-and-forget as it can be for Windows.

I guess with the exception of using the MS Store, but ew.

RustyNova , 1 month ago

Was using scoop as I prefer it’s contained aspect. However, now I 'm on Linux, and my work blocked the repo’s so…

wreckedcarzz , 1 month ago

Ooh, I’ll take a look at that =)

TrickDacy , 1 month ago

VPN ads? Not sure I’ve ever gotten such a thing. Been using Firefox daily for several years

ccdfa , 1 month ago

You know that tab that opens sometimes when you update Firefox? The welcome to Firefox or what’s new, whatever it is? If I remember correctly, there are sometimes ads for mozilla vpn on that tab. But you, like me, might just close that tab without ever looking at its contents

TrickDacy , 1 month ago

Haha yeah… I actually like that there is a confirmation that an update was installed and there’s a list of changes if I want to view them. If that “ad” indeed is there, it’s inoffensive enough I never once noticed it. I loathe ads. Not one of those people who tolerates them

sparkle , 1 month ago

You can get the same effect with Floorp. I mean it technically still has Pocket built in but it’s 1 click to completely disable rather than all the hoops you have to go through in normal Firefox.

RizzRustbolt , 1 month ago

Vacuum-gapped video relay in the wilderness.

sntx , 1 month ago

I recommend the arkenfox/user.js repo and wiki .

shalva97 , 1 month ago

I am using Edge on both Android and Desktop

shy_mia , 1 month ago

Then you’re practically naked

original2 , 1 month ago

And bald

shalva97 , 1 month ago

well, at least not yet

ILikeBoobies , 1 month ago

at least they are using a chromium derivative over chrome

shy_mia , 1 month ago

I’m not sure Microsoft flavored Chromium > Chrome

ILikeBoobies , 1 month ago

Well now you know at least

It runs with less overhead/it’s faster

shy_mia , 1 month ago

No I knew already
I was talking in terms of privacy

ILikeBoobies , 1 month ago

I can’t say if telemetry is different between packages but at least on Windows there’s no reason to collect as much as Google because they collect it at the OS level

That gives potential for them collecting less on other platforms

shy_mia , 1 month ago

It’s the exact opposite imo. I’d imagine that doesn’t really make a difference considering Edge is cross platform, and their goal is to collect as much data as possible.
Plus, they just collect different kinds of info through Windows. So Windows + Edge is even worse, especially since it integrates just as deeply into Windows as IE did years back.

ILikeBoobies , 1 month ago

Plus, they just collect different kinds of info through Windows

It’s a waste of resources

All network requests already go through so many layers in Windows

Tlaloc_Temporal , 1 month ago

It’s a waste of resources

That’s basically the whole OS at this point, no?

shy_mia , 1 month ago

Bold of you to assume that Microsoft cares about resources. Have you seen how much RAM Windows 11 uses at idle? (not including cached data)

The whole OS is a waste of resources.

ILikeBoobies , 1 month ago

Their resources not yours

shy_mia , 1 month ago

Our resources
queue USSR anthem

shalva97 , 1 month ago

btw, it is included in windows so I don’t have to spend time to download other browsers

possiblylinux127 , 1 month ago

“They’re the same picture”

Bytemeister , 1 month ago

Worse, they’re scoped down both ends while inside a live streaming MRI machine.

rob_t_firefly , 1 month ago

Yes, we know. 👀

ikidd , 1 month ago

We see you touching yourself like an animal.

wreckedcarzz , 1 month ago

Clearly 🐺. Been on it like, 3y+? Maybe longer, it’s been my primary for a long time. 🦊 as a backup, and for DRM stuff. Chrome/Chromium for shit that just doesn’t play well with 🦎. Edge (for windows) is my ‘I need to test this with a vanilla browser’ and cba to disable ublock etc from chrome incognito.

Iceraven, with backup Vanadium, on mobile.

yetAnotherUser , 1 month ago

For mobile, I’d recommend Mull instead of Iceraven

Pros:

• Just like Iceraven, a fork of Fenix
• incorporates the arkenfox user.js
• Doesn’t have “No warranties or guarantees of security or updates or even stability!” in its project description

Cons:

• APKs are only on FDroid
• awful name, no animal reference
• awful logo color scheme imo - magenta on turquoise is… an interesting choice

Here’s a probably somewhat biased but from quickly skimming over it not inaccurate browser comparison by the developer(s) of Mull:

divestos.org/pages/browsers

Also based GrapheneOS user

wreckedcarzz , 1 month ago

I’ve tried Mull and went back, but I can’t remember why. Iceraven is ‘fine’ but seems a touch buggy for some builds. I used to use Fennec for a long time, but I think IR allows installing ‘unofficial’ add-ons that haven’t been vetted or whatever by Mozilla for mobile. But I’ll have a look see, maybe my issue with Mull has been resolved.

yetAnotherUser , 1 month ago

At least the addons part has been mostly resolved - although not all addons are supported, Firefox mobile now has significantly more official addons than before:

blog.mozilla.org/…/1000-firefox-for-android-exten…

possiblylinux127 , 1 month ago

DRM isn’t for people who care about privacy, freedom or security

wreckedcarzz , 1 month ago

Yeah yeah but I want to play games newer than the turn of the century, watch Netflix and prime videos now and then, and I can’t be asked to amass thousands of songs, so here we are.

dan , 1 month ago

Raw HTTP using openssl s_client -connect hostname:443

communism , 1 month ago

Tor Browser serves a different purpose/use-case to the first two. The first two are intended for everyday browsing while I’ve never heard of anyone using Tor Browser as their daily browser—and if you log into websites then using Tor Browser as your daily driver would defeat the anonymity purposes if you’re logging in anyway.

I use librewolf for everyday browsing and Tor Browser for things requiring a higher threat model.

JackbyDev , 1 month ago

It actually feels selfish to use Tor as a daily driver.

uint , 1 month ago

I assume that by “selfish” you mean taking up bandwidth from the Tor network, which is a valid concern. But using it as a daily driver for low-bandwidth tasks like reading text (and maybe a few compressed pictures here and there) is actually be beneficial to the Tor network, as it increases the size of the crowd, thereby making everyone more anonymous.

JackbyDev , 1 month ago

Eh, that’s fair. As long as it is low bandwidth like you said. Maybe I’ll do it some.

rambling_lunatic , 1 month ago

Librewolf for normal stuff, Tor for stuff I don’t even want linked to my IP.

A_Random_Idiot , 1 month ago

Jokes on you, cause a lot of alphabet organizations set up entry and exit nodes on Tor so you’re being tracked regardless.

rambling_lunatic , 1 month ago

Most of my Tor activity is on onionsites, so that’s okay.

Also, even given spooky nodes, the chances of getting a spooky entry and exit node are slim. Still, given the possibility, it is advisable to do spicy clearnet activities away from home with a MAC randomizer as insurance in case you win the world’s worst roulette game.

linearchaos , 1 month ago

I think the big problem I have with tor is that there’s no way to know how compromised the network is. From a three letter agency budget, setting up 30,000 nodes wouldn’t be a big deal, you just have them doing other things.

Of course, I’m not really doing anything that would draw the ire of a three-letter agency, so even tor is overkill.

I was also never really big on people running bad s*** through my node. I’ve always felt better using a paid proxy then at least claims not to log, Even if there’s a half decent chance that people are watching their ingress and egress at the ISP level.