the-best-privacy-browser.md (3684B)
1 # The Best Privacy Browser 2 3 The best privacy browser is Tor, but that doesn't help anyone. The question then becomes this: "What is the most privacy respecting browser that is usable?" 4 5 Usable is doing a lot of heavy lifting. In general, there are two levels of usability requirements. My requirement is most websites work. For me, this means Lynx isn't usable for day to day use, but a browser like librewolf is. This divide is two fold: 6 7 1. It must support JS 8 2. It mustn't route traffic through a network that is frequently blocked by sites 9 - this excludes tor for general use 10 11 --- 12 13 The three browsers worth using, ordered by privacy descending: 14 15 1. Tor Browser 16 2. Mullvad Browser 17 3. Brave Browser 18 19 I no longer recommend firefox or any of the normal derivatives (like librewolf / arkenfox). 20 21 22 --- 23 24 No longer librewolf. 25 26 Start WireShark. Open LibreWolf. That is unacceptable. This is arguably worse than Brave. Brave contacts their updating servers for extensions, variations server, and seemingly their standard updating server. I dislike this, but it's not as bad as the default librewolf. 27 28 Brave doesn't allow users to disable this. 29 30 --- 31 32 Maybe librewolf? 33 34 default startup dns resolutions: 35 36 > 5 2.306344381 192.168.1.9 192.168.1.1 DNS 95 Standard query 0x38d6 A content-signature-2.cdn.mozilla.net 37 > 6 2.306350938 192.168.1.9 192.168.1.1 DNS 95 Standard query 0xc9d0 AAAA content-signature-2.cdn.mozilla.net 38 > 7 2.307211964 192.168.1.1 192.168.1.9 DNS 111 Standard query response 0x38d6 A content-signature-2.cdn.mozilla.net A 34.160.144.191 39 > 8 2.307699875 192.168.1.1 192.168.1.9 DNS 123 Standard query response 0xc9d0 AAAA content-signature-2.cdn.mozilla.net AAAA 2600:1901:0:92a9:: 40 > 38 2.394069350 192.168.1.9 192.168.1.1 DNS 97 Standard query 0xc18c A firefox.settings.services.mozilla.com 41 > 39 2.394075315 192.168.1.9 192.168.1.1 DNS 97 Standard query 0x978f AAAA firefox.settings.services.mozilla.com 42 > 40 2.398144317 192.168.1.1 192.168.1.9 DNS 149 Standard query response 0xc18c A firefox.settings.services.mozilla.com CNAME mozilla.map.fastly.net A 146.75.81.91 43 > 41 2.398665207 192.168.1.1 192.168.1.9 DNS 161 Standard query response 0x978f AAAA firefox.settings.services.mozilla.com CNAME mozilla.map.fastly.net AAAA 2a04:4e42:84::347 44 > 103 3.020292741 192.168.1.9 192.168.1.1 DNS 85 Standard query 0x45e4 PTR 91.81.75.146.in-addr.arpa 45 > 104 3.020358823 192.168.1.9 192.168.1.1 DNS 87 Standard query 0x2e19 PTR 191.144.160.34.in-addr.arpa 46 > 105 3.021571021 192.168.1.1 192.168.1.9 DNS 85 Standard query response 0x45e4 No such name PTR 91.81.75.146.in-addr.arpa 47 > 106 3.022490501 192.168.1.1 192.168.1.9 DNS 140 Standard query response 0x2e19 PTR 191.144.160.34.in-addr.arpa PTR 191.144.160.34.bc.googleusercontent.com 48 49 That's not acceptable.. 50 51 52 Moreover opening a new session creates this connection: 53 54 > 191.144.160.34.bc.googleusercontent.com.:443 55 56 This is known to be associated with ... 57 58 This is not fine. This can be disabled with disabling push notifications, but that sucks. 59 60 https://www.reddit.com/r/LibreWolf/comments/15hs76o/outgoing_connection_bc_googleusercontent_com/ 61 62 This can be disabled with ublock / your dns server, but the best way is probably to set the following to fals: 63 64 dom.webnotifications.enabled 65 66 dom.webnotifications.serviceworker.enabled 67 68 dom.push.connection.enabled 69 70 dom.push.enabled 71 72 --- 73 74 mullvad: 75 76 - no dns resolutions on startup 77 - no connections started prior to searching anything 78 - no connections when typing into search bar 79 - link for why this is good 80 - usable 81 - in general, I haven't found sites to becoming broken 82 83 --- 84 85 - fingerprinting? 86 - does it warrant not blocking outbound connections? 87 88 --- 89 90 Mullvad win: