This is a companion discussion topic for the original entry at https://techlore.tv/w/vox1GLPERGeTLNHVU4YN62
This is in regards to Techloresâ New Video about Firefox hardening.
For a regular user, what would you recommend. Brave or Mullvad Browser? Itâs going to be for watching YouTube, Reddit, Browsing & Surfing the web and little bit of here and there.
If youâre going to be browsing Youtube and Reddit while logged-in then Brave should suffice, Mullvad for everything else. Thereâs no use in anti-fingerprinting that Mullvad Browser provides when youâre logged in, the sites already know who you are. And in Mullvad youâll have to log in every time you restart the browser, which is a bit of a hassle. And it breaks more things than Brave.
If you want to commit to only one of these two options (and for a regular user) then itâs perhaps also Brave.
But if youâre not going to be logging in all the time and you donât mind more frequent site breakage then Mullvad is fine too.
Most sites require us to be logged in while using, so whatâs the use case for Mullvad? Or should I be doing compartmentalization, if so please let me know what goes to brave and what stays in mullvad.
Well, search engines, news sites, different wikis, forums (in read-only mode) donât require users to be logged in to browse them, and Youtube and Reddit can be browsed just like that, you can search and watch videos and browse (public) subreddits without logging in. You just canât engage in discussions and vote.
Sites that do are usually social media and messengers that are meant for communication, so an account is a must, duh. Or banking services for obvious reasons. Or any paid service for that matter. They do, yeah.
I wouldnât say they are the most sites, though. They may be popular, you may spend majority of your time online there, sure, but they are a minority.
Mullvad browser is good for general browsing like looking something up. It can be done in any other browser, but itâs more safe and private than most of the popular browsers with a cost of a bit of convenience because it doesnât save browsing history, cookies and all that.
This you should decide for yourself based on your threat model, your values and your desired convenience <â> privacy/security balance. I donât know, maybe youâd want to save your browsing history for later use or to synchronize it with other devices or whatnot, Brave is cross-platform, mind you.
does that mean Brave has access to my data? Cuz data will have to go on their servers first from my laptop and then come to my mobile?
Not worth for me then, itâs just easier I think for me to carry on the searches on the same browser as most of the other work I do, such as YouTube and Reddit Iâd like to have personalization and see my subscribers etc if you get what I mean.
Can you list some settings I need to turn on before I use Brave. Like maybe harden it?
Brave save all your data for synchronization on their servers, but they claim to encrypt in locally on the client side with native Chromium tools (see):
Look at this for recommendations.
Thank you so much for this.
I like inverting the question around sites requiring login vs. general browsing: rather than asking how to compartmentalize browsing, consider all browsing general, ephemeral and stateless by default, and make exceptions only where necessary. I have a keyboard shortcut that opens a new Mullvad Browser instance with a âfreshâ, temporary copy of a base profile. That profile gets deleted when the browser exits. I use that for the majority of my browsing, even for sites I log into (including these forums).
A new, temporary profile for each browser is similar to using Firefox containers, but better in 2 ways:
- New âcontainersâ are added on-demand, dynamically. No need for a static set of predefined containers. Iâve tried a few Firefox container plugins, but havenât found one that makes adding new containers really easy.
- Separation on a lower level: itâs an entirely separate OS process.
For sites that I stay logged into, I create separate, dedicated browser profiles. I also have separate profiles for specific use cases that require a specific set of browser add-ons and/or config.
I would definitely create separate profiles for Facebook, Twitter, Google, YouTube et al, if I used any of those services.
And yes, I donât open links from social media (even this forum) in the same profile that they were found in.
So are you saying separate profiles for Google, Facebook etc EACH or one common one for them? Tell me if Iâm wrong but by the looks of it, that should be followed in brave (logged in accounts) and for EVERYTHING else, I use Mullvad? And lmk which search engines to go with them as well.
Given how invasive each of those services are, they definitely warrant a separate profile each. I only use Brave for one thing: being logged into work related sites. That runs in as separate OS user account.
Wdym by a separate OS account? And for all my logged in sites, can I use Google Search Engine vs DDG with Mullvad Browser
A separate Windows/Linux/Mac user.
Depends on what you want to protect against, but doing so would go against the design goal: to separate general browsing (including search) from other, specific activities.
That goes double for using Google while logged into any Google service.
Why would you need to search for anything outside of YouTube in a browser profile dedicated to YouTube?
Sorry yes I got a little confused there. Iâm fine with Mullvad for General Searches but Iâm still unsure about the Brave situation. Creating a separate profile for YouTube, Techlore Forums, Telegram web, WhatsApp, and I might be planning to join Discord soon. Iâm not sure how I feel about it. Plus Iâll have to use Brave also in situations where itâs for other Websites such as maybe Amazon Shopping or Banking services.
Rather should I create profiles based on how invasive these websites could be? So maybe Amazon, YouTube, WhatsApp in one profile, banking in another, Discord and Telegram Web in 3rd etc.
Or should I do it where all accounts that know my real identity (such as yt, amazon, whatsapp and everything else in one), all financial ones in another, and all accounts that have an anonymous name such as techlore forums, reddit, discord on 3rd?
Only you can decide all of those things. Iâm just describing what I do, and you can use or ignore it as you wish.
That said, I donât think your proposed grouping makes much sense on privacy grounds.
The reason why I recommend separate profiles for each of the more invasive services, is to avoid cross-account tracking and profiling. For example, I would not be logged into YouTube and browse these forums in the same profile, because just opening a forum post with a YouTube link will get recorded by YouTube, and become part of your profile. Whatâs more, embedded video posts on this forum will disclose to YouTube that you, the logged in YouTube user, visits this forum, what you read, and when. Personally Iâm not OK with that kind of profiling. This also makes putting all the most invasive services in a single profile one of the worst options, even though it does separate your activities a tiny bit.
Personally I donât think people should log into YouTube at all (unless youâre a creator), and no-one should use Discord, but thatâs a different conversation.
How often do you use each of those services? Iâm willing to bet itâs not âall of them, all the timeâ. In that case you can simply log into each when you want to use them, and close that session when youâre done.
Youâll find it repeated often here that digital privacy is not as simple as âinstall X, Y and Z, and youâre doneâ, but rather a sliding scale of trade-offs between privacy and convenience. You need to decide whatâs more important to you, and how much effort youâre willing to put up with.
Now that I think about it, it is yes better to have one profile each for those privacy invasive services thank you. Logging-in and logging-out is not something I can really do as I prefer to not carry my phone everywhere and thatâs where all my 2FAs are. But once again thank you for your time and efforts. I appreciate this.
What are the chances of Firefox development coming to a standstill in the future? Iâm pretty sure that browser share hasnât changed as much, with Chrome, Edge and Safari still dominating the market.
As far as I know, given that Ungoogled Chromium isnât ideal in most cases, the only true option we will have is Brave if Firefox just shuts down, and that is not a very good scenario.
How would you guys promote Firefox to others and whatâs the best way we can keep itâs market share alive? I have continuously shared posts etc. with my friends on privacy concerns and the dangers of a market monopoly, but so far only 2 or 3 have actually switched to Firefox (these are NOT exaggerated termsâŚliterally only 2 or 3 changed from everyone I have ever shared things with).
This video made me consider LibreWolf and Mullvad Browser, but I think in the end Iâll stick to Firefox. Essentially Firefox is my main browser and I harden it as far as I need while still keeping some âcreature comfortsâ like keeping cookies enabled between sessions and things like that.
When I checked out LibreWolf I saw that itâs set up like Mullvad Browser in that itâs set up for disposable browser sessions.
I guess if I mained Brave then I would have the same set up as Henry, but in this case I replace Brave with hardened Firefox and leave LibreWolf as the one I use for disposable sessions.
FYI, if youâre using an atomic Linux distro like Silverblue or Kinoite where youâre depending on flatpaks, keep in mind that LibreWolf is verified on Flathub while Mullvad Browser is not. This is important if you value having packages that are maintained by the developers themselves. Itâs why Iâm choosing LibreWolf right now instead of Mullvad Browser (though I also use the unverified Brave package so donât listen to me. lol
Great video, Iâm no expert but I do think the idea of us all using a pre-hardened fork where we configure very few settings (like LibreWolf or Mullvad) does make a lot of sense from an anonymity perspective as opposed to us all using a version of Firefox weâve hardened in a very specific way. If myself and 3 other people are using LibreWolf on a VPN, it may be hard to differentiate whoâs who which is excellent IMO.
Librewolf is my favourite browser and also my daily driver, it has my favourite blend of convenience vs privacy. I really want to use Mullvad all the time but no saving cookies and NoScript makes it a tough sell for all but the most specific use cases.
Absolutely Brave browser, Brave is still the one I recommend to basically everybody. I have my own issues with it, I wish it werenât quite so bloated and its crypto stuff was opt-in as opposed to opt-out, but itâs still the most familiar experience for people getting off Chrome/Edge.
The only situation I could see myself recommending Mullvad is for people who donât watch any videos or login to any accounts, like maybe they purely search for stuff or whatever. If the NoScript and no cookies is an inconvenience for me, Iâm sure it would drive some other people mad lmao.
