- Edited
I think they're best to be ignored. Nothing this person says will be substantiated with evidence, they're all about being bombastic. It's people like this that give privacy a bad name.
Firefox done?
- Edited
From the official GOS account on Mastodon:
The only other browser [besides Vanadium] we can currently recommend is Brave. It preserves most of the security of mobile Chromium while adding more state partitioning, anti-fingerprinting and the most advanced content filtering engine. Vanadium is more secure but needs to catch up in those areas.
https://grapheneos.social/@GrapheneOS/111966180001152300
There are lots of reasons that some folks might dislike Brave.
Private company, runs an ad network, crypto, AI.
But there's no perfect browser out there. Brave is one of the least bad choices, per the GOS account:
If you rule out Brave then there's no mobile browser alternative to Chrome or Edge we can recommend due to lack of basic security.
https://grapheneos.social/@GrapheneOS/113948398641752397
Also, about Firefox and variants:
Firefox doesn't have a basic content sandbox on Android, let alone site isolation, and it has a lot of other security deficiencies.
The browsers referring to themselves as hardened Firefox variants only harden privacy, not security, and in fact most bring more security issues.
This applies to the Tor Browser too.
I tend to do a lot of browsing on vanadium, for security and privacy reasons. I don't think firefox is a secure browser. I stopped using it many years ago. When I do browse on my laptop, I use Brave. I hope to get the p10 fold, and that will decrease my laptop use even further.
Mozilla may also receive location-related keywords from your search (such as when you search for "Boston") and share this with our partners to provide recommended and sponsored content. Where this occurs, Mozilla cannot associate the keyword search with an individual user once the search suggestion has been served and partners are never able to associate search suggestions with an individual user. You can remove this functionality at any time by turning off Sponsored Suggestions—more information on how to do this is available in the relevant Firefox Support page.
lol
96397605 maybe because of this ?
Sweden want to impose encryption backdoor. If passed, the legislation could also be a problem for Sweden based VPNs such as Mullvad.
In the worst case, they could force mullvad to log user activity. However, they will probably move to a new country like Swiss rather than shutdown or stay in Sweden (speculation)
argante Still nothing there about 22-23% of Tor nodes being set up by government agencies. You're again providing links to old content that doesn't prove your claim. If you're unable to provide a relevant source and then quote the specific relevant parts from that source to support your claims, then my kindest interpretation of the way you're arguing in this thread is that you simply have no idea what you're talking about.
argante What's more, about 22-23% of Tor nodes are set up by government agencies to de-anomize users.
- Edited
It's not in any way about supporting the claim made here by argante "about 22-23% of Tor nodes being set up by government agencies", (and i don't want to deep-dive as i find the Tor node-discussion is slightly off topic to the OPs question) but the article I stumbled across is more recent than the ones cited here in the discussion and may still be of interest to some:
Citing the article with one addition in brackets by me:
Research by Panorama and STRG_F has now revealed that they (LEO) have apparently recently expanded their strategy to overcome Tor. This requires surveilling individual Tor nodes, sometimes for years.
argante KYC. It will be the same if you use a VPN with a service that can be linked to you (gmail).
Mullvad does not have a KYC requirement and offers plenty of pay options to avoid tying one's identity to an account.
I can understand if VPNs in general may not satisfy a particular threat model given these legitimate concerns, or that they may not offer a good enough value proposition for some. However, none of this suggests that Mullvad is somehow fraudulent. They have an outstanding reputation among VPN providers for good reason.
- Edited
Mullvad does not have a KYC requirement and offers plenty of pay options to avoid tying one's identity to an account.
That's true. You'll even pay less if you use Monero. By KYC I mean that if you use a bank account to make a payment, it's hard to talk about anonymity. The same goes for if you log in through a VPN to your gmail.
Mullvad (...) have an outstanding reputation among VPN providers for good reason.
This is also true. I have pointed out something that is rarely mentioned, that data centers, fingerprints, CDNs and Cloudflare completely undermine what VPN providers claim. Mullvad can therefore assure that it does not save any logs, but Cloudflare in M247 or DataPacket, where Mullvad has its servers, can already save and analyze such logs. Why does Mullvad not admit to this risk and only say that they provide wonderful privacy and anonymity?
argante U make a good point, i had this question spooking in my head recently. I do trust Mullvad as an entity, but for their vpn servers in other countries, like in europe, i assume they rent servers from M247. Can Mullvad guarantee for example that a server in France rented from M247 doesn't 'monitor' in any way? (For lack of a better term). If not, how would that work exactly?
Can Mullvad guarantee for example that a server in France rented from M247 doesn't 'monitor' in any way?
They can’t guarantee that, and they have full knowledge that the network is being monitored because that’s the data center policy they have to agree to. The problem is that VPN providers are a valuable target for such monitoring.
If not, how would that work exactly?
Watch this and pay attention to 6:05 where he says the VPN does not keep logs:
- Edited
argante Why does Mullvad not admit to this risk and only say that they provide wonderful privacy and anonymity?
If these risks are not addressed in any of their blog posts, then it wouldn't hurt to bring it up with them and perhaps they will elaborate to everyone's benefit. Multihop, DAITA, Mullvad browser, RAM only servers, etc.. ought to address some of these concerns... or perhaps they consider the risks beyond the scope of a VPN company to address? None of this strikes me as deserving of being labeled a scam.
Relating back to the OP concern, does the Mullvad fork of the Firefox browser address Mozilla's pivot to Surveillance Capitalism? That's definitely a question I'd like both Mullvad and the Tor Project to address.
- Edited
r134a Can Mullvad guarantee for example that a server in France rented from M247 doesn't 'monitor' in any way? (For lack of a better term). If not, how would that work exactly?
I've always assumed the answer to the first question is a flat no, but I'd rather shift my risk to M247 after exiting a VPN tunnel than to allow my ISP to do even worse, with full KYC. So it's not a question of are VPNs private and anonymous, it's a question of which VPN provides the best privacy and anonymity among all VPN providers.
argante I don't blame Mullvad or IVPN for bad faith. They try, but they don't live in a vacuum. Not to mention all the risks they mislead users. If they are aware of it, it is a scam
You're pulling a straw man here.. First you claim Mullvad is a scam, go on a crusade against TOR not being able to prove any of your points with any evidence beyond some people on YT or medium saying it is like that. just because something is on the internet does not mean it's true.
Then you go and try to prove VPN is bad because of KYC, cloudflare, using specific providers and shit, only to agree Mullvad does not have KYC for example.. Then when someone provided you good arguments against your claims you go "oh I know they try, yada yada" because you don't have anything meaningful to say to this..
What you blatantly skip is that you can pick multihop in Mullvad (not yet on mobile), you can use Mullvad owned servers, you can do a lot to achieve good enough every day privacy plenty enough for normies. But nah, everything is a scam because some dude on your fav yt channel with content quality like network chuck said it's a scam
Also if you care for privacy so much, you'd not use services like discord..
elih it's a question of which VPN provides the best privacy and anonymity among all VPN providers.
GOS+Vanadium+Orbot as Full VPN. Disable JIT and javascript globally. You will still be able to enable javascript for a specific web page directly from Vanadium. Vanadium supports .onion links directly, so there is no reason to install Tor Browser. There is a small issue in Vanadium that .onion addresses are marked as insecure. I plan to report this to the Vanadium developers as a bug.
Network & Internet -> VPN -> Always-on VPN + Block connections without VPN. This will prevent leaks such as DNS.
This is the best setup you can easily do. A more advanced approach is to hide Tor behind a socks5 proxy, which will avoid Tor being blocked by endpoint servers, but I was surprised that my banking app works even when I connect directly through Tor.
Separate profile: Wireguard/WG Tunnel or e.g. Mullvad/IVPN/Proton. This solution is good when you are more concerned about bypassing geoblocking. VPN will also work well in hotels, cafes, etc., when you want to hide your outgoing traffic.