interesting #surveillance tracking project by @mozilla, and a page with a bit of that late-90's cursor flair: neworgans.net

Aral Balkan
Follow

@privacylab @mozilla Hey Mozilla, here's my entry:

I had a recent invasive experience with a browser called Firefox. The default search engine was Google, a surveillance capitalist. So I was being tracked every time I wrote into the address bar. (Apparently, the browser maker receives billions from Google.) Then I saw that third-party cookies were on by default and tracking protection was off. Finally, I realised I'd been sharing data and was enrolled in "studies" with the browser maker.

@aral @privacylab @mozilla Hmmm, I just played with it and I'm not too pleased with the AwesomeBar's approach to privacy.

All you have to do is be a little bit concerned about what information is being sent by your apps, which led me to only do the online auto completion after you typed your space into your search. That why it doesn't act as a keylogger.

@robert @aral @privacylab I find that using Firefox Sync means new installs don't need me to manually change search engines and browser settings to fix those problems.

I am kind of annoyed by the opt-out marketing add-ons though. That's made me very tempted to switch to Brave.

@robert @privacylab On Linux (as of last week, my primary dev machine), I use (and love) Gnome Web. On macOS/iOS, I use Safari.

@aral @privacylab @mozilla yep I think caving in to "just works" in expense of privacy was bad. Mozilla had the chance (and obligation) to explain why different search and url bar and educate people that their keystrokes are being tracked, instead of just aping chrome.

Most people don't know it. I've repeatedly seen people pasting passwords there to see whether they are correct.

@aral @privacylab @mozilla Shouldn't we report this to Vestager? It so hard to avoid Google. Analytics and ReCaptcha everywhere. Same with Fakebook: even the Guardian uses Facebook Pixel and I don't want that. Which browser is Google-free?

@aral @privacylab @mozilla Pur.ism will have Firefox on the Librem 5, so Google will have its tentacles in this too? I hope not.

@KeaW @aral @mozilla Purism has taken browser privacy very seriously, both forking Firefox into a more privacy-respecting version and having Tor Browser Bundle available by default. But we're not sure what's default on the Librem line, or the new PureOS.

We'll ask around; one of our people has a conversation with Purism on Friday.

@privacylab @KeaW @mozilla Purism are solid; they're doing things for the right reasons. So I'm not surprised they aren't taking stock surveillance-ridden Firefox by surveillance capitalist Mozilla but customising it to make it private by default. CC @todd

@aral @KeaW @mozilla @todd quick update on this - PureOS 8 Beta live image is easy to download and try (use "pureos" as user w/ no password if prompted): pureos.net

PureBrowser in 8 beta doesn't have all private defaults for Abrowser/Firefox yet. Details on the mods: tracker.pureos.net/T147

Status of Tor Browser is unclear, though Tor was once a choice in PureBrowser private tabs:

tracker.pureos.net/T347
tracker.pureos.net/T348
tracker.pureos.net/T343

puri.sm/posts/purism-installs-

@aral @KeaW @mozilla @todd
Mozilla's location service is easy to turn on/off during install.

Purism's partnership with Nextcloud is very exciting, and an optional part of initial setup in PureOS.

puri.sm/posts/purism-partners-

@privacylab @aral @KeaW @mozilla @todd it sounds like the Librem 5 will use Epiphany (GNOME Web) as the browser, as they're shipping GNOME apps and have done work to make it more responsive to smaller display sizes. And the latest development QEMU image I've tried also had it as one of the few apps preinstalled.

@cassidyjames @privacylab @aral @KeaW @mozilla @todd That's a very good move :) Now we should get the Better block list integrated by default. Will check of the status of that issue :)

@privacylab @aral @KeaW @mozilla @todd it sounds like the Librem 5 will use Epiphany (GNOME Web) as the browser, as they're shipping GNOME apps and have done work to make it more responsive to smaller display sizes. And the latest development QEMU image I've tried also had it as one of the few apps preinstalled.

@cassidyjames @privacylab @aral @KeaW @mozilla @todd hrm... I dunno. I think it's unlikely they move away from a Firefox base because:

a) Ffx has many good privacy addons and it's easy to ship a distro with them pre-installed

b) privacy tweaks for TBB are making their way upstream to Ffx (e.g. canvas fingerprinting blocker)

c) PureBrowser once had Tor in private tabs... borrowing TBB code (or mirroring their implementation choices) might avoid current issues with packaging TBB separately.

@diggity @privacylab @aral @KeaW @mozilla @todd maybe not on the desktop. But Firefox for Linux on a phone sounds terrible, and Purism is actively investing time and resources into Epiphany on a phone. 🤷‍♂️

@KeaW @diggity @cassidyjames @privacylab @aral
Correct, we have a long(er) term plan of combining the FSF approved benefits of PureBrowser with some upstream changes and add-on to increase privacy to Epiphany (Web), the Librem 5 will be the first step toward that browser consolidation and (longer term) PureBrowser deprecation.

@todd @diggity @cassidyjames @privacylab @aral
Thank you. The latest update (19 June) however is all abacadabra to me. I hope the Librem 5 can also be used by non-tech people!

@privacylab @aral @KeaW @mozilla @todd Both of those screenshots are pretty much stock #GNOME though, not something exclusive to PureOS

I get the same thing on Fedora.

@aral @privacylab

It's worse than that. A while ago I was considering doing some hacking on Firefox and was reading the source code. Modern Firefox is really a telemetry machine with some web browsing features. It's surveillance capitalism again, but just implemented in a different way. By default there's data being sent back to the mothership and who knows what happens to it after that, but I think the basic idea is that Google then pays to be able to run queries on the telemetry data.

@bob
Could you have accomplished the goal you were aiming for using the Firefox-based Tor Browser instead?

@privacylab @aral

@h @aral @privacylab

I don't think I had much of a goal. There was a lot of talk about browsers being too bloated, so I was investigating whether I could just remove anything I didn't really need, including things like anything related to DRM.

I actually use a Tor browser most of the time, but it doesn't support WebRTC which is needed for PeerTube.

@bob
It's probably not impossible to find (or self-build) Tor Browser builds that have most security and privacy-sensitive settings as usual, with WebRTC built-in. Most likely a subject that has been explored in the Tor Project mail list. Just an idea.

@privacylab @aral

@bob @h @aral @privacylab WebRTC doesn't seem to be strictly needed for PeerTube.

Because I can still use PeerTube, but WebKit's GTK port doesn't support it yet.

@alcinnz @bob @h @aral @privacylab This is good. WebRTC leaks real IP addresses which is no good for VPN users.

@mkb
We are aware. That's not what we're talking about. Please read the thread.

@privacylab @aral @bob @alcinnz

@bob @h @aral @privacylab Also I think that if we want to make browsers less bloated, it may get us some of the way to just drop support for various standards like EME and WebAudio that low cohesian with the rest of the browser.

But really to get anywhere with this I think we need to fork a browser engine and play with replacing JavaScript. Servo looks easiest for this.

@alcinnz That would be great. Or better, a system that replaces all bloat functionality with empty stubs and only loads the code when and if it's effectively needed, controlled by a separate application that manages the browser's settings. Having a GUI settings panel/manager included in the browser application is part of the problem too.

@privacylab @aral @bob

@bob @aral @privacylab @alcinnz

At least for now, as a temporary hack meanwhile we keep working on the problem to replace the web as we know it with something better.

@alcinnz @privacylab @aral @bob

ICYMI, closest thing I found after a cursory review. You may have already read it but here it goes in case you haven't.

tor.stackexchange.com/question

@h @bob @aral @privacylab @alcinnz I guess I shouldn't be surprised that this basically became a thread for development suggestions :P

An admin control panel outside of Web browsers that controls whether or not WebRTC etc. is downloaded/installed/turned on is a good idea, but I would worry that it would lead to unnecessary layers of complexity. I could see this turning into yet-another bloated package manager UI quickly.

@diggity
Imagine nobody ever thought any solutions for the actually existing problems because people always complained that non-bloated solutions that some other people actually know how to design, and it's actually their trade, and what they dedicate their lives to could potentially become a problem.

I think I agree that this sort of discussion always devolve into something else entirely.

@alcinnz @privacylab @aral @bob

@diggity @h @bob @aral @privacylab Hey it's my instinct! I don't like to just complain about things, I want to help make them better!

@diggity @h @bob @aral @privacylab @alcinnz

I am the less qualiifed person to comment on browser developement

yet I want to chime in

If separation of javascript and of the options panel are things to consider, then I can't avoid thinking of GuixSD

You could have some system services runing webtorrent, DAT, synchthing, GNUnet or whatever that keep a local data storage in synch

and then you could have a options panel app and a browsing app and maybe more apps

all properly packaged

@bob @h @aral @privacylab Peertube needs WbRTC?

Well, that’s good to know. I won’t be doing Peertube, then...

@Shufei
This page shows the information that the WebRTC implementation of your browser makes accessible to potential middlemen.
browserleaks.com/webrtc

Other than the IP address (which you conceivably need for any p2p system to work) there doesn't seem to be much of serious interest there.
The audio and video device IDs can potentially be problematic in combination of other data and used to track you by unethical websites, but it's otherwise random data to your peers.

@privacylab @aral @bob

@bob @aral @privacylab @Shufei

The problem with Device IDs is explained at the bottom of that page under
"How persistent and trackable are these Device ID's?"

Device ID data could be randomised to make WebRTC more secure without needing to sacrifice its use. In combination with a VPN, that could make WebRTC a little less ill-conceived.

@bob @aral @privacylab As for me I've read more than enough browser code between Servo and WebKit.

I don't know much about Gecko.

Sign in to participate in the conversation
Aral’s Mastodon

This is my personal Mastodon.