The question of browsers
-
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
-
System shared this topic on
-
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
Tor browser. Obviously you can't bank with it, but, it's really fine for general browsing. You get some blocking but it's often just a matter of switching exit nodes a few times.
-
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
your setup looks good to me
-
Tor browser. Obviously you can't bank with it, but, it's really fine for general browsing. You get some blocking but it's often just a matter of switching exit nodes a few times.
Thanks. Is Tor browser as effective if not used over tor? My tracking blocking is via a VPN that I trust and want to continue using so I wasn't thinking of using tor. I think I read somewhere that using VPN over tor or tor over VPN somehow became less private (I'm not technical so this might not be right - maybe someone could explain it). I was going to use Mullvad as I believe it has many of the same qualities as Tor browser but is more focused on use with a VPN rather than Tor.
-
Thanks. Is Tor browser as effective if not used over tor? My tracking blocking is via a VPN that I trust and want to continue using so I wasn't thinking of using tor. I think I read somewhere that using VPN over tor or tor over VPN somehow became less private (I'm not technical so this might not be right - maybe someone could explain it). I was going to use Mullvad as I believe it has many of the same qualities as Tor browser but is more focused on use with a VPN rather than Tor.
Mullvad is the TOR browser without the TOR network
-
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
It seems like an interesting setup. I don't really have too much to say other than nitpicks.
Why not use Mullvad browser for both scenarios. Mullvad with security level safest should block all JS. You could create a 2nd profile for safest only mode.
Using Linux .desktop launcher scripts, you could:
- Create a .desktop launcher (in ~/.local/share/applications/) for each profile
- Edit default desktop launcher to always prompt to choice profile on start (using the launch option
-P) - Edit the default launcher to offer a menu option for each profile.
Related to your choice of host OS, I personally avoid Debian for desktop because it is slow to adapt (cus its Debian). I know it isnt directly applicable to situation since your main concern seems to be anti-fingerprinting, but a secure base is important. I'd like to know your reason for picking it. I don't dislike Debian and I still use it for different things (mostly VMs and some dev work).
-
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
with javascript and cookies turned off
My threat model isn’t the tightest
If that's not tight, I hardly know what is. The modern web is all but unusable without JS.
-
Thanks. Is Tor browser as effective if not used over tor? My tracking blocking is via a VPN that I trust and want to continue using so I wasn't thinking of using tor. I think I read somewhere that using VPN over tor or tor over VPN somehow became less private (I'm not technical so this might not be right - maybe someone could explain it). I was going to use Mullvad as I believe it has many of the same qualities as Tor browser but is more focused on use with a VPN rather than Tor.
Tor inside a VPN is fine.
Some argue it will make you stand out in comparison with other users of your VPN but that's only a problem if they retain data, and if they do you really wish you'd have used tor... -
Thanks. Is Tor browser as effective if not used over tor? My tracking blocking is via a VPN that I trust and want to continue using so I wasn't thinking of using tor. I think I read somewhere that using VPN over tor or tor over VPN somehow became less private (I'm not technical so this might not be right - maybe someone could explain it). I was going to use Mullvad as I believe it has many of the same qualities as Tor browser but is more focused on use with a VPN rather than Tor.
Tor browser inherently uses tor, as the other comment says, Mulvad offers tor browser sans tor as Mulvad browser. As per the "do you tor over VPN" issue I think we need to first cover some networking concepts...
So your internet works via protocols, UDP provides a basic connection where you can send unordered messages, TCP works on top of UDP to provide linear order. Things like old video chat and bittorrent work over UDP because you don't care about order, you just want the data as you get it, so the video freezes or glitches, but you get the most recent frame of the video. Things like programs and webpages aren't YOLO about data integrity, so they use TCP which enforces order, so you don't get frames from 1 minute later in your Netflix video out of sync. VPNs provide UDP, which is lower level than TCP, which tor provides, so you can tor over VPN but you cannot VPN over tor.
If you use Mulvad browser from your VPN, you will look like everyone using Mulvad browser from your VPN exit point, which may well just be you, it's fairly esoteric. If you use tor browser, you will appear to be exiting from a tor exit node along with hundreds if not thousands of other tor browser users.
-
with javascript and cookies turned off
My threat model isn’t the tightest
If that's not tight, I hardly know what is. The modern web is all but unusable without JS.
He may as well go without images, too, and use Lynx Browser, haha. I can't even figure out how to install that one!
-
It seems like an interesting setup. I don't really have too much to say other than nitpicks.
Why not use Mullvad browser for both scenarios. Mullvad with security level safest should block all JS. You could create a 2nd profile for safest only mode.
Using Linux .desktop launcher scripts, you could:
- Create a .desktop launcher (in ~/.local/share/applications/) for each profile
- Edit default desktop launcher to always prompt to choice profile on start (using the launch option
-P) - Edit the default launcher to offer a menu option for each profile.
Related to your choice of host OS, I personally avoid Debian for desktop because it is slow to adapt (cus its Debian). I know it isnt directly applicable to situation since your main concern seems to be anti-fingerprinting, but a secure base is important. I'd like to know your reason for picking it. I don't dislike Debian and I still use it for different things (mostly VMs and some dev work).
What host os do you use?
-
What host os do you use?
I recommend Fedora or openSUSE Tumbleweed.
-
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I’m on debian-based linux.
My worries sound similar to yours but my approach is a bit different.
- I switched from Mac to Linux (Arch, then Debian and for the last 4 years, Mint).
- I use EU services as much as I can instead of the US ones.
- I do block as much tracking and ad crap as I can. Still use javascript on a few sites.
- I use different browsers for different activities.
But I also consider this a lost cause. Sadly.
- I consider anything I do online (read, write, watch, listen to,...) is at risk of being tracked, and exploited, mined or whatever and somehow linked to the real me (not to one of my pseudonyms).
- With an increasing speed and willingness to destroy any remaining rights to privacy we may still have, I'm also expecting my country (France) to sooner than later make it illegal to use real encryption, to use a VPN, or even to use a pseudonym instead of my real name—all of that for my own good and for the protection of little kids which is obviously something that I as a law abiding citizen would not ever dare question.
So, instead, I do as much things as I can offline. Reading, writing, watching stuff, listening to stuff, communicating with people.
-
Tor browser inherently uses tor, as the other comment says, Mulvad offers tor browser sans tor as Mulvad browser. As per the "do you tor over VPN" issue I think we need to first cover some networking concepts...
So your internet works via protocols, UDP provides a basic connection where you can send unordered messages, TCP works on top of UDP to provide linear order. Things like old video chat and bittorrent work over UDP because you don't care about order, you just want the data as you get it, so the video freezes or glitches, but you get the most recent frame of the video. Things like programs and webpages aren't YOLO about data integrity, so they use TCP which enforces order, so you don't get frames from 1 minute later in your Netflix video out of sync. VPNs provide UDP, which is lower level than TCP, which tor provides, so you can tor over VPN but you cannot VPN over tor.
If you use Mulvad browser from your VPN, you will look like everyone using Mulvad browser from your VPN exit point, which may well just be you, it's fairly esoteric. If you use tor browser, you will appear to be exiting from a tor exit node along with hundreds if not thousands of other tor browser users.
You got most things right about UDP and TCP. They both work in the transport layer of the OSI model. They are also completely different protocols, related yes but independent.
UDP is "simpler" as it basically throws data packages in to the network and hope they reach their destination. TCP on the other hand has checks in place that verifies that a data package has actually reached its destination.
-
Tor inside a VPN is fine.
Some argue it will make you stand out in comparison with other users of your VPN but that's only a problem if they retain data, and if they do you really wish you'd have used tor...It depends on your threat model. Using tor via a know vpn endpoint does make you stand out and can be used to profile your traffic. One of the main points of tor is that all users look exactly the same.
If you have e.g. one user out of a 100 using a vpn endpoint instead of some residential ip address that user immediately becomes a much more interesting target. There is information floating around in the web that state actors control both entry and exit nodes.
-
So, I have always just used one browser, Firefox, with javascript and cookies turned off and whitelisted sites that I needed to use that required javascript or cookies or both to actually work.
My threat model isn't the tightest and could best be described as "I don't see why they should have my data if I am blocking the ads they use it to try to deliver to me". This browser setup coupled with tracking blocking at the DNS level has made me feel comfortable that while some of my data is being collected I am stopping most of the collection.
With the advance of fingerprinting and the recent change of a certain browser's terms of use it is probably time to review this setup.
I believe that it is usually advisable to use two different browsers. One where you are identifying yourself by logging in and one where you are just browsing. As logging into sites usually involves javascript and cookies I was going to use Librewolf with javascript and cookies turned off for general browsing and Mullvad browser as it comes for sites that require javascript and cookies.
I feel as though I have read a thousand discussions on this subject over the years so I apologise. Does anyone have any suggestions for a more private setup browser-wise? Tracking blocking at DNS level will continue and I'm on debian-based linux.
Thanks for any help in advance.
Have you tried LibreWolf ?
-
He may as well go without images, too, and use Lynx Browser, haha. I can't even figure out how to install that one!
# Debian sudo apt install lynx # Fedora sudo dnf install lynx # arch, BTW sudo pacman -Sy lynx -
with javascript and cookies turned off
My threat model isn’t the tightest
If that's not tight, I hardly know what is. The modern web is all but unusable without JS.
What I meant by my threat model not being the tightest was that if I want to read something on a site that requires javascript and cookies then I will just turn them back on temporarily rather than not read what I want just because of possible tracking.
I agree with your point about the web being almost unusable in parts without JavaScript. However, I find that a lot of sites have a lot of javascript-heavy pages at the front but simpler pages behind where you get to things you actually want to look at. Usually a site's RSS feeds let you get directly to the simpler pages without using JavaScript.
-
# Debian sudo apt install lynx # Fedora sudo dnf install lynx # arch, BTW sudo pacman -Sy lynxI am, unfortunately, on Windows, mostly because of my inability to find adequate Linux replacements for key features in AutoHotkey and IrfanView. Believe me, I've been looking and trying to learn...
-
I am, unfortunately, on Windows, mostly because of my inability to find adequate Linux replacements for key features in AutoHotkey and IrfanView. Believe me, I've been looking and trying to learn...
I've found XnView to be a good IrfanView replacement. (Granted it's not QUITE as good; same as how there isn't anything quite as good as Notepad++)
As for Lynx on Windows, looks like it's available through Scoop! https://bjansen.github.io/scoop-apps/main/lynx/
