qutebrowser and IceCat are real top of the game when it comes to privacy. But then, they break some of the sites functionality, especially IceCat who seems to be going under the “if your site doesn’t work, it’s your site’s problem” motto.
Which is honestly fair? Like, i would enjoy a “unsafe site, access anyways?” button, but if privacy settings break a page that literally is the pages fault for not respecting privacy.
Kinda, but I would like to tailor my experience a bit more than “all or nothing”.
IceCat is directly a GNU project, so it’s highly ideological - which is important and respectable in a way, but then it gets adoption to near-zero because most sites just don’t work out of the box, and to make it work properly means completely removing all safeguards that make IceCat make sense. There’s little in between.
I’d rather have something like LibreWolf, but without phone-home functionality, or at least a switch to turn it off. Out of all Firefox forks I know, only IceCat respects user privacy in this way - 0 connections on startup, and then only connection to actual site and whatever it requires.
Opt-in telemetry (ideally - leveled) and manual bug information sending are totally fine, though.
I don’t disagree with that. It’s just that most browsers are built that way, unfortunately. Nothing is free, not even Firefox. If you want to sell it, it’s hard to maintain reasonable expectations that people won’t just build it from source instead of buying it. Something 100% free can’t maintain itself over long time.
Firefox is open source, and while it takes some shady practices to fund it (it sure isn’t cheap to run your own damn engine alongside everything on top), I take it as a more tenable compromise. It’s not about free as in beer freedom, it’s about basic security.
You can also have degoogled Chromium which is open-source if you’re into it.
Even EDGE is a ungoogled Chromium (but containing M$ tracking APIs instead).
Vivaldi IS a degoogled Chromium, a small part of the UI (by far the most advanced one of any other browser) is proprietary, but not really obfuscated, they show even in the support forum how the user can modding it, if for him isn’t enough what he can do in the most complete setting page ever, the only thing is, you can’t use it for other browser projects. It’s certainly not a privacy or security issue.
Chromium as is, is 100% FLOSS but because of this isn’t more private or secure as a proprietary soft, FLOSS isn’t automaticly synonym of privacy and security, a lot of people confuse it, it’s not the propósit of OpenSource, privacy and security of an soft depends only of the intentions of the developer or company, not if their soft is OSS or not. The user can audit the soft, which in any case is needed if he don’t want or be able to check millons of lines in the code which a complex soft like a browser engine has.
Of course I mean pure ungoogled Chromium, without bloat on top.
Not only browser code consists of millions of lines, it is also audited by thousands of people, and, importantly, changes can be highlighted, which doesn’t allow for them to go unnoticed.
Successful mass attacks with OSS typically require much more skill and resources as you need for you malicious code to be written in a way that stays unnoticed (and eventually, rather soon, it will be discovered, with all consequences).
With closed source programs, integrating malicious code is easy, and this code can stay there unnoticed for ages, so they are 100% “trust me bro, I don’t do anything bad”.
Brave? Hard no. Vivaldi? Also no.
Also, where are qutebrowser and Zen?
qutebrowser and IceCat are real top of the game when it comes to privacy. But then, they break some of the sites functionality, especially IceCat who seems to be going under the “if your site doesn’t work, it’s your site’s problem” motto.
Which is honestly fair? Like, i would enjoy a “unsafe site, access anyways?” button, but if privacy settings break a page that literally is the pages fault for not respecting privacy.
Edit: typo
Kinda, but I would like to tailor my experience a bit more than “all or nothing”.
IceCat is directly a GNU project, so it’s highly ideological - which is important and respectable in a way, but then it gets adoption to near-zero because most sites just don’t work out of the box, and to make it work properly means completely removing all safeguards that make IceCat make sense. There’s little in between.
I’d rather have something like LibreWolf, but without phone-home functionality, or at least a switch to turn it off. Out of all Firefox forks I know, only IceCat respects user privacy in this way - 0 connections on startup, and then only connection to actual site and whatever it requires.
Opt-in telemetry (ideally - leveled) and manual bug information sending are totally fine, though.
What’s bad about Vivaldi?
It’s proprietary
The UI is as far as I know proprietary
Nothing in the browser should be proprietary. Any proprietary part is a possibility of malice, and browsers are mission critical.
I don’t disagree with that. It’s just that most browsers are built that way, unfortunately. Nothing is free, not even Firefox. If you want to sell it, it’s hard to maintain reasonable expectations that people won’t just build it from source instead of buying it. Something 100% free can’t maintain itself over long time.
Firefox is open source, and while it takes some shady practices to fund it (it sure isn’t cheap to run your own damn engine alongside everything on top), I take it as a more tenable compromise. It’s not about free as in beer freedom, it’s about basic security.
You can also have degoogled Chromium which is open-source if you’re into it.
Even EDGE is a ungoogled Chromium (but containing M$ tracking APIs instead). Vivaldi IS a degoogled Chromium, a small part of the UI (by far the most advanced one of any other browser) is proprietary, but not really obfuscated, they show even in the support forum how the user can modding it, if for him isn’t enough what he can do in the most complete setting page ever, the only thing is, you can’t use it for other browser projects. It’s certainly not a privacy or security issue.
Chromium as is, is 100% FLOSS but because of this isn’t more private or secure as a proprietary soft, FLOSS isn’t automaticly synonym of privacy and security, a lot of people confuse it, it’s not the propósit of OpenSource, privacy and security of an soft depends only of the intentions of the developer or company, not if their soft is OSS or not. The user can audit the soft, which in any case is needed if he don’t want or be able to check millons of lines in the code which a complex soft like a browser engine has.
Of course I mean pure ungoogled Chromium, without bloat on top.
Not only browser code consists of millions of lines, it is also audited by thousands of people, and, importantly, changes can be highlighted, which doesn’t allow for them to go unnoticed.
Successful mass attacks with OSS typically require much more skill and resources as you need for you malicious code to be written in a way that stays unnoticed (and eventually, rather soon, it will be discovered, with all consequences).
With closed source programs, integrating malicious code is easy, and this code can stay there unnoticed for ages, so they are 100% “trust me bro, I don’t do anything bad”.
So, yes, OSS is more secure.