Mull / Hardened firefox security?
Most of it was 10 years ago.
The tools for detecting bad relays are getting better and better. Tor Project and relay operators have been working on a kind of 'web of trust' among relay operators for about 2 years.
We'll talk about 'new policies for relay operators' 2024-01-27 @ 19:00 UTC
But it's not easy. Some relay operators don't even want to provide an anonymous email address, others know and meet in real live and hacker conferences.
[deleted] on this forum a person who claims to have the biggest exit knot
If you mean me, I wrote "one of the bigger ones." And because it's not illegal and it's not a secret either on OrNetStats are statistics and network health data about the Tor network and it’s relay groups.
[deleted]
- Edited
It's a dangerous misconception that adblock does not increase security and "privacy" however privacy depends on your definition. The problem with adblock is that it relies on badness enumeration which is not a reliable way to defend against threats, and it makes the fingerprint more unique depending on how its implemented. By that being said: by limiting the established connections it still reduces attack surface significantly.
- Edited
GrapheneOS do you know if Firefox for android even supports using hardened_malloc instead or jemalloc?
There is a compile argument that allows LD_PRELOAD replacement, and maybe Mull could set that to at least use that security feature. For sure, without sandboxing it will still be less secure.
[deleted] I recently read this years old blog post about security BS and it was very interesting.
Now I understand the concept of badness enumeration, which really is bad, but often helps.
Best example for the opposite is NoScript on... Firefox (or Chromium Desktop, but it is MV2). I block all javascript by default and only allow Domains that need it. It is manual work, but really useful for privacy and security
Lixiris I'm a new GOS user and have been looking at privacy for both my PC and my phone. I went to Cover your tracks to test different browsers that I use (Firefox, Mull, Mullvad, Vanadium, Bromite, Librewolf, Brave). Of those browsers listed, only Brave and Mullvad were browsers that had the best results regarding being tracked. The link follows in case you want to try this yourself? https://coveryourtracks.eff.org/. Anyone else know anything more about this and can share?
Jobloggs The link follows in case you want to try this yourself? https://coveryourtracks.eff.org/. Anyone else know anything more about this and can share?
Pls don't make conclusions based on the results of this website. Basically all statistical values there are meaningless, because their dataset is extremely skewed, way too small and the used methods are not even close to what modern browser fingerprinting can do.
I dont think they referred to Vanadium but normal Chromium. I have verified, that without changing the code, Linux Chromium contacts Google all the time, with all possible settings (including flags) and policies applied.
No, the topic is Vanadium.
They have no namespace sandboxing using zygote, as they dont have a fork server at all. This is an issue.
This is not how things work.
But Firefox uses seccomp-bpf for isolating processes, so "no sandboxing" is not true.
It has no sandboxing on mobile. You're completely wrong and your claims are baseless.
There should be no reason why FF mobile shouldnt be able to use seccomp-bpf on Android.
It's not used as a sandbox by Firefox but rather only basic kernel attack surface reduction. It is possible to use seccomp-bpf for sandboxing which they've never done and certainly don't do on Android.
GrapheneOS It is possible to use seccomp-bpf for sandboxing which they've never done
Also on their desktop Linux version?
Afaik they combine secomp-bpf filters, namespaces and chroots for site isolation and sandboxing on desktop. They even seem to think that secomp-bpf is enough, since they sacrificed namespaces and chroots in their official Flatpak release. I would be very interested in your opinion to this.
- Edited
Vanadium is more security focused. I doubt it sends anything to Google. Maybe you can try the bromite browser? It's more focused on privacy, however, I am not sure the project is actively being updated.
It's more focused on privacy
Adding a bunch of low quality changes trying to improve privacy does not mean it's more privacy focused.
TheGodfather That's wrong. Firefox lacks a strong sandbox and completed site isolation on desktop. Their seccomp-bpf filter is not a complete sandbox and you are claiming to know their perspective when you do not. Flatpak packages for browsers have weaker internal sandboxing than traditional ones but you're wrong about what the differences are.
- Edited
locked Vanadium is more security focused
Vanadium is security and privacy focused, not only security focused. The entire project uses security for privacy-protecting features. GOS aims to offer a highly secure, private and usable mobile OS.
As written by the official project account, Bromite is dead and replacing Vanadium with Cromite is worse than better.
GrapheneOS but you're wrong about what the differences are.
What are the differences?
GrapheneOS and adds a bunch of questionable changes.
GrapheneOS Adding a bunch of low quality changes trying to improve privacy does not mean it's more privacy focused.
Can you please go more in details and explain what?
I'm very interested in it.
Thanks a lot
GrapheneOS also not a trustworthy project. It may be marked with a warning in the future.
Why is this? Can you supply more info? I always thought Cromite had a good rep with the privacy community.