Yet another reason to switch to Firefox, or even better, a hardened fork like LibreWolf [email protected]
What functionality would I lose/gain if I switch from Firefox to Librewolf? I’m admittedly an amateur in the privacy space, and I’ve been pretty content with Firefox + Ublock and container tabs for different profiles, but I consistently get the issue that my browser fingerprint is pretty unique, and I have no idea how to or even if I can anonymize that anymore.
Librewolf is not associated with Mozilla and does not receive their primary source of funding from Google like Mozilla does. I really like having the same browser and browser synchronization between my phone and desktop/laptop, so librewolf is out for me. They have no interest or resources to build an Android version. Waterfox does at least have desktop / android option and takes things at least one small step further away from Google.
U can sync regular mobile ff and librewolf. Thats what i currently have.
It is the same browser. LibreWolf doesn’t change much of the Firefox code, mostly just the configuration. They enable various privacy/security settings by default and remove Mozilla telemetry. You can go to the LibreWolf settings and enable Firefox Sync, and it will work just fine with your Mozilla account and other Firefox browsers.
For Android, I like to use Mull, it’s a hardened build of Firefox, similar to LibreWolf.
Thanks for the answer! I run Windows, iOS and Linux across multiple devices, and sync is definitely needed for me as well. I’ll look into Waterfox!
The previous answer is misleading and partially just wrong. Firefox Sync works just fine in LibreWolf, you just need to enable it in the settings. I currently sync my LibreWolf browser on my Linux desktop to Firefox on iOS and Mull on Android, no issues whatsoever. The only Mozilla services that LibreWolf intentionally removes are their telemetry and Pocket.
Tangent note: I think browser fingerprinting is only a source of concern if you use VPN. Otherwise, your IP is already a good enough identifier, and quite likely doesn’t rotate often enough. Please someone correct me if I’m wrong.
Yes, why to do this?
Would everyone who is surprised by this please raise your hand? . . . That’s what I thought.
I am
License and registration, sir
Really? That’s not what the data from your api says /s
You don’t need to actually write it, just raise your hand and we have registered your vote, either via your computer’s camera, Google Nest, Google Assistant or inferred it by analysing the WiFi data returned by your Google Mesh network.
Keep your hand raised because I’m coming in for a perfectly-landed high-five!
perfectly-landed never happened before, and never will
Not surprised, but still disappointed.
It baffles me that they sell Chrome as private and/or secure, and baffles me even more that people believe them.
It baffles me people use chrome.
#UninstallChrome
#SwitchToFirefox
Here, you forgot this:
\
Google does a lot of standards breaking things.
Like allowing a link on Google Apps Marketplace to open a new window (like popup) with POST instead of GET. (This pretty much ensures that buying an app will fail for browsers that follow the spec)
This garbage behavior is in Chromium as well?
Remember when Google pushed for use of open standard in the browser to force Microsoft IE out of the market? Oh yeah I ‘member
Ianal, but this sounds like something worthy of suing their ass over. There’s not much Google would respond to and good luck beating their lawyers, but the only language they speak is $, so please try to take as much as possible away from them for this garbage.
Hmmm, no way this could ever turn into a security hole, I’m sure of it.
There’s a bunch of stuff in Chrome that’s special-cased to only allow Google to access it.
Not sure if it’s still there, but many years ago I was trying to figure out how to do something that some Google webapp was doing (can’t remember which one). I think it was something to do with popping up a chromeless window - that is, a new window with no address bar or browser chrome, just some HTML content.
Turns out the Chromium codebase had a hard-coded allowlist that only allowed
*.google.com
to use the API!Edit: my memory was a bit wrong. It was this: https://stackoverflow.com/a/11614605. The Hangouts extension was allowlisted to use the functionality, but if any other extension wanted to use it, the user had to enable an experimental setting.
Are you talking about the “apps” that Chrome used to support? They removed the feature years ago to reduce bloat and RAM usage or something like that.
Before they removed the feature, I had actually figured out how to create my own “apps” that’d simply load webpages I visited often at the time, like Twitch.
I found what I was talking about: https://stackoverflow.com/a/11614605. It was a feature that the Hangouts extension could use, but the user had to manually enable it in the browser settings for any other extensions to use it.
The apps feature is still there just with a different name. It’s labeled as “create shortcut”, and you have to check the box to open a new window. I use it just because Firefox doesn’t have a similar feature.
Uhh do we know if this extends to sites.google.com?
You can check this yourself. Just paste this into the developer console:
chrome.runtime.sendMessage( "nkeimhogjdpnpccoofpliimaahmaaome", { method: "cpu.getInfo" }, (response) => { console.log(JSON.stringify(response, null, 2)); }, );
If you get a return like this, it means that the site has special access to these private, undocumented APIs
{ "value": { "archName": "arm64", "features": [], "modelName": "Apple M2 Max", "numOfProcessors": 12, "processors": [ { "usage": { "idle": 26890137, "kernel": 5271531, "total": 42525857, "user": 10364189 } }, ...
Not an area I’m familiar with, but this user says no:
https://news.ycombinator.com/item?id=40918052
lashkari 5 hours ago | prev | next [–]
If it’s really accessible from *.google.com, wouldn’t this be simple to verify/exploit by using Google Sites (they publish your site to sites.google.com/view/<sitename>)?
DownrightNifty 5 hours ago | parent | next [–]
JS on Google Sites, Apps Script, etc. runs on *.googleusercontent.com, otherwise cookie-stealing XSS >happens.
Not a legal mastermind by a long shot but it seems like a DMA violation. Someone needs to get the EU on their ass.
EU: [RELEASES THE HOUNDS]
Why do people still use Chrome?
Please uninstall it from everyone’s home pc and phone that you come into contact with
Because it’s fast and works well enough to keep the fame acquired over the last 10 years.
At the cost of zero privacy, data being stolen and other fundamental issues and morals that Google lacks.
Slower than Firefox
I use both for my job and my subjective feeling is that chrome is faster. Js benchmarks seems to confirm it. Privately I use Firefox 95% of the time but I understand people who stay on chrome just out of inertia.
this just in: google is still spying on you in every way possible
Is this for malicious harvesting or is this part of their chrome device trust product for enterprises?
WINK
No, as far as I know this has nothing to do with attestation/verification for enterprise users.
Can someone explain this to me like I’m 5. I understand it’s not good but I don’t know why and I would like to understand it.
Effectively Google has a browser extension (just like the ones you’d install from the Chrome Web Store like uBlock Origin) that comes with the browser that’s hidden.
This extension allows Google to see additional information about your computer that extensions and websites don’t normally have access to, such as checking how much load your PC has or directly handing over hardware information like the make and model of your professor.
The big concern in the comments is that this could be used for fingerprinting your browser, even in Incognito mode.
What this essentially means is that even though the browser may not have any cookies saved or any other usual tracking methods, your browser can still be recognised by how it behaves on your machine in particular, and this hidden extension allows Google to retrieve additional information to further narrow down your browser and therefore who you are (as they can link this behaviour and data to when you’ve used Google with that browser signed in), even in Incognito mode.
information like the make and model of your professor
Oh no, not my professor :( (/s)
Thank you for this info. If this is just an extension, can we just uninstall it or turn it off?
This is not a typical extension and it cannot be removed. It doesn’t even show up in the list of installed extensions.
Maybe recompiling? But I suspect that Chrome as it is, is closed source?
even in Incognito mode.
I thought extensions don’t run in incognito mode?
I know Firefox doesn’t run them by default - you can specify which extensions you’d like to run in incognito mode.
I thought extensions don’t run in incognito mode?
They don’t. Unless you check the box that allows them to. And I’m sure Google has already checked that box by default.