Why I Stopped Hardening Firefox

This is in regards to Techlores’ New Video about Firefox hardening.
For a regular user, what would you recommend. Brave or Mullvad Browser? It’s going to be for watching YouTube, Reddit, Browsing & Surfing the web and little bit of here and there.

If you’re going to be browsing Youtube and Reddit while logged-in then Brave should suffice, Mullvad for everything else. There’s no use in anti-fingerprinting that Mullvad Browser provides when you’re logged in, the sites already know who you are. And in Mullvad you’ll have to log in every time you restart the browser, which is a bit of a hassle. And it breaks more things than Brave.

If you want to commit to only one of these two options (and for a regular user) then it’s perhaps also Brave.

But if you’re not going to be logging in all the time and you don’t mind more frequent site breakage then Mullvad is fine too.

Most sites require us to be logged in while using, so what’s the use case for Mullvad? Or should I be doing compartmentalization, if so please let me know what goes to brave and what stays in mullvad.

Well, search engines, news sites, different wikis, forums (in read-only mode) don’t require users to be logged in to browse them, and Youtube and Reddit can be browsed just like that, you can search and watch videos and browse (public) subreddits without logging in. You just can’t engage in discussions and vote.

Sites that do are usually social media and messengers that are meant for communication, so an account is a must, duh. Or banking services for obvious reasons. Or any paid service for that matter. They do, yeah.
I wouldn’t say they are the most sites, though. They may be popular, you may spend majority of your time online there, sure, but they are a minority.

Mullvad browser is good for general browsing like looking something up. It can be done in any other browser, but it’s more safe and private than most of the popular browsers with a cost of a bit of convenience because it doesn’t save browsing history, cookies and all that.

This you should decide for yourself based on your threat model, your values and your desired convenience <—> privacy/security balance. I don’t know, maybe you’d want to save your browsing history for later use or to synchronize it with other devices or whatnot, Brave is cross-platform, mind you.

does that mean Brave has access to my data? Cuz data will have to go on their servers first from my laptop and then come to my mobile?

Not worth for me then, it’s just easier I think for me to carry on the searches on the same browser as most of the other work I do, such as YouTube and Reddit I’d like to have personalization and see my subscribers etc if you get what I mean.

Can you list some settings I need to turn on before I use Brave. Like maybe harden it?

Brave save all your data for synchronization on their servers, but they claim to encrypt in locally on the client side with native Chromium tools (see):

image838×278 23.4 KB

Look at this for recommendations.

Thank you so much for this.

I like inverting the question around sites requiring login vs. general browsing: rather than asking how to compartmentalize browsing, consider all browsing general, ephemeral and stateless by default, and make exceptions only where necessary. I have a keyboard shortcut that opens a new Mullvad Browser instance with a “fresh”, temporary copy of a base profile. That profile gets deleted when the browser exits. I use that for the majority of my browsing, even for sites I log into (including these forums).

A new, temporary profile for each browser is similar to using Firefox containers, but better in 2 ways:

• New “containers” are added on-demand, dynamically. No need for a static set of predefined containers. I’ve tried a few Firefox container plugins, but haven’t found one that makes adding new containers really easy.
• Separation on a lower level: it’s an entirely separate OS process.

For sites that I stay logged into, I create separate, dedicated browser profiles. I also have separate profiles for specific use cases that require a specific set of browser add-ons and/or config.

I would definitely create separate profiles for Facebook, Twitter, Google, YouTube et al, if I used any of those services.

And yes, I don’t open links from social media (even this forum) in the same profile that they were found in.

So are you saying separate profiles for Google, Facebook etc EACH or one common one for them? Tell me if I’m wrong but by the looks of it, that should be followed in brave (logged in accounts) and for EVERYTHING else, I use Mullvad? And lmk which search engines to go with them as well.

Given how invasive each of those services are, they definitely warrant a separate profile each. I only use Brave for one thing: being logged into work related sites. That runs in as separate OS user account.

Wdym by a separate OS account? And for all my logged in sites, can I use Google Search Engine vs DDG with Mullvad Browser

A separate Windows/Linux/Mac user.

Depends on what you want to protect against, but doing so would go against the design goal: to separate general browsing (including search) from other, specific activities.

That goes double for using Google while logged into any Google service.

Why would you need to search for anything outside of YouTube in a browser profile dedicated to YouTube?

Sorry yes I got a little confused there. I’m fine with Mullvad for General Searches but I’m still unsure about the Brave situation. Creating a separate profile for YouTube, Techlore Forums, Telegram web, WhatsApp, and I might be planning to join Discord soon. I’m not sure how I feel about it. Plus I’ll have to use Brave also in situations where it’s for other Websites such as maybe Amazon Shopping or Banking services.

Rather should I create profiles based on how invasive these websites could be? So maybe Amazon, YouTube, WhatsApp in one profile, banking in another, Discord and Telegram Web in 3rd etc.
Or should I do it where all accounts that know my real identity (such as yt, amazon, whatsapp and everything else in one), all financial ones in another, and all accounts that have an anonymous name such as techlore forums, reddit, discord on 3rd?

Only you can decide all of those things. I’m just describing what I do, and you can use or ignore it as you wish. That said, I don’t think your proposed grouping makes much sense on privacy grounds.

The reason why I recommend separate profiles for each of the more invasive services, is to avoid cross-account tracking and profiling. For example, I would not be logged into YouTube and browse these forums in the same profile, because just opening a forum post with a YouTube link will get recorded by YouTube, and become part of your profile. What’s more, embedded video posts on this forum will disclose to YouTube that you, the logged in YouTube user, visits this forum, what you read, and when. Personally I’m not OK with that kind of profiling. This also makes putting all the most invasive services in a single profile one of the worst options, even though it does separate your activities a tiny bit.

Personally I don’t think people should log into YouTube at all (unless you’re a creator), and no-one should use Discord, but that’s a different conversation.

How often do you use each of those services? I’m willing to bet it’s not “all of them, all the time”. In that case you can simply log into each when you want to use them, and close that session when you’re done.

You’ll find it repeated often here that digital privacy is not as simple as “install X, Y and Z, and you’re done”, but rather a sliding scale of trade-offs between privacy and convenience. You need to decide what’s more important to you, and how much effort you’re willing to put up with.

Now that I think about it, it is yes better to have one profile each for those privacy invasive services thank you. Logging-in and logging-out is not something I can really do as I prefer to not carry my phone everywhere and that’s where all my 2FAs are. But once again thank you for your time and efforts. I appreciate this.

What are the chances of Firefox development coming to a standstill in the future? I’m pretty sure that browser share hasn’t changed as much, with Chrome, Edge and Safari still dominating the market.

As far as I know, given that Ungoogled Chromium isn’t ideal in most cases, the only true option we will have is Brave if Firefox just shuts down, and that is not a very good scenario.

How would you guys promote Firefox to others and what’s the best way we can keep it’s market share alive? I have continuously shared posts etc. with my friends on privacy concerns and the dangers of a market monopoly, but so far only 2 or 3 have actually switched to Firefox (these are NOT exaggerated terms…literally only 2 or 3 changed from everyone I have ever shared things with).

This video made me consider LibreWolf and Mullvad Browser, but I think in the end I’ll stick to Firefox. Essentially Firefox is my main browser and I harden it as far as I need while still keeping some ‘creature comforts’ like keeping cookies enabled between sessions and things like that.

When I checked out LibreWolf I saw that it’s set up like Mullvad Browser in that it’s set up for disposable browser sessions.

I guess if I mained Brave then I would have the same set up as Henry, but in this case I replace Brave with hardened Firefox and leave LibreWolf as the one I use for disposable sessions.

FYI, if you’re using an atomic Linux distro like Silverblue or Kinoite where you’re depending on flatpaks, keep in mind that LibreWolf is verified on Flathub while Mullvad Browser is not. This is important if you value having packages that are maintained by the developers themselves. It’s why I’m choosing LibreWolf right now instead of Mullvad Browser (though I also use the unverified Brave package so don’t listen to me. lol

Great video, I’m no expert but I do think the idea of us all using a pre-hardened fork where we configure very few settings (like LibreWolf or Mullvad) does make a lot of sense from an anonymity perspective as opposed to us all using a version of Firefox we’ve hardened in a very specific way. If myself and 3 other people are using LibreWolf on a VPN, it may be hard to differentiate who’s who which is excellent IMO.

Librewolf is my favourite browser and also my daily driver, it has my favourite blend of convenience vs privacy. I really want to use Mullvad all the time but no saving cookies and NoScript makes it a tough sell for all but the most specific use cases.

Absolutely Brave browser, Brave is still the one I recommend to basically everybody. I have my own issues with it, I wish it weren’t quite so bloated and its crypto stuff was opt-in as opposed to opt-out, but it’s still the most familiar experience for people getting off Chrome/Edge.

The only situation I could see myself recommending Mullvad is for people who don’t watch any videos or login to any accounts, like maybe they purely search for stuff or whatever. If the NoScript and no cookies is an inconvenience for me, I’m sure it would drive some other people mad lmao.