this post was submitted on 28 Aug 2023
178 points (95.4% liked)

Privacy

31876 readers
567 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

The Mullvad Browser is a privacy-focused web browser developed in collaboration with Mullvad VPN and the Tor Project. It aims to eliminate data collection and provide user-centric browsing services, ensuring online activity remains private and secure. The browser has the same fingerprinting protection as the Tor Browser, but connects to the internet without Tor Network or VPN instead. The Mullvad Browser provides anti-fingerprinting protections.

The idea is to provide one more alternative – beside the Tor Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance.

Here: >> mullvad browser official <<

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 45 points 1 year ago

It's also worth to mention that you don't need a Mullvad account in order to use their Browser.

[–] [email protected] 21 points 1 year ago (3 children)

is this meant to dailydrive and be as anonymous as tor or better than firefox, but for real sensitive stuff you should still use tor?

[–] [email protected] 10 points 1 year ago

I use it as a daily driver. For anything that I'm not logged into. I try to keep most of my normal browsing logged out anyway. So it's perfect

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago)

Yes, dailydrive. More anonymous than firefox with addons.

[–] [email protected] 18 points 1 year ago (4 children)

Should I be interested in this if I already use hardened Firefox?

[–] [email protected] 7 points 1 year ago

Probably. Just keep in mind that letterboxing (grey margina to normalize screen size and avoid fingerprinting) is enabled by default and changing that would also change your fingerprint. I use librewolf atm, but i am considering switching if it wasn't for letterboxing.

[–] [email protected] 4 points 1 year ago

Yes. Compare your Firefox and mullvad browser on fingerprint.com

[–] [email protected] 4 points 1 year ago (1 children)

Yes, it's more anonymous than firefox with mods/addons. You can do "fingerprint" tests online to compare how unique your browser is. Just use the Mullvad Browser daily - and if you need something special - than you can still use a other solution for the special case.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

Addons yes. But hardened means changing the user.js with arkenfox as base or simply use that premade hardening. Mullvad Browser is nothing but Firefox+arkenfox+fancy UI and no Flatpak available.

Other vectors are fonts, which only work in the Tor browser bundle I think, to really fake being on Windows.

NoJSFingerprint using CSS is also still possible, a way to detect your OS. this is the same on all Browsers.

[–] [email protected] 2 points 1 year ago

Just do a Fingerprint Test:

coveryourtracks.eff.org

Is the other Browser better? No, you will have less privacy protection.

[–] [email protected] 3 points 1 year ago

If you use Arkenfox without any big changes that are fingerprintable, no.

[–] [email protected] 16 points 1 year ago (1 children)

This browser is a collaboration with the Tor project, I think they white labeled tor browser by making it so you don't need tor to use it

[–] [email protected] 5 points 1 year ago

I use it on Fedora, zero issues

[–] [email protected] 10 points 1 year ago (2 children)

What core is it based on/forked from? Is it Firefox like TorBrowser?

And what does Mullvad get out of it? Just name recognition?

[–] [email protected] 13 points 1 year ago

github.com/mullvad/mullvad-browser Firefox ESR - it's basically Tor Browser without Tor. Mullvad gets name recognition 100%

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

There is a FAQ about the Mullvad browser on the Tor Project's website, which gives a few more details.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (3 children)

If you think this is a good Browser, keep in mind:

  • this is a fork of Firefox with slower updates
  • its simply hardened Firefox desktop. Mobile needs a seperate app, but for Desktop all you need is a user.js
  • ~~its not isolated from the system~~ it has a Flatpak, which is good. But check its default permissions
  • I think it doesnt use a fake Download, Desktop etc. path

Tor Browser Launcher Flatpak is the most secure Browser afaik.

For Firefox hardening, I made "Arkenfox softening"

Its an approach to download Arkenfox, change it to be usable as a normal browser without leaking more data in any way and automating that process.

Its best to use upstream Firefox, best as Flatpak (prove me wrong) and harden it using this well tested preset.

Its just a little crazy, thats why I read all of it and just change some settings, not reinvent the wheel

[–] [email protected] 8 points 1 year ago

Mullvad Browser is Tor Browser without Tor. TorBrowser evolved over many years, with a very long track record and is recommended uncountable times all over the world. So, if you want the TorBrowser without all the Tor stuff: here is it.

[–] [email protected] 7 points 1 year ago (1 children)

FlatPak is not the as secure as everyone think it is.

[–] [email protected] 1 points 1 year ago (1 children)

I would be happy to find some sources comparing bubblewrap with native Firefox or Chromium sandbox. Because the Torbrowser flatpak is nearly completely isolated

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago

Okay nothing new, nothing about the actual bubblewrap sandbox afais.

Yes they often have bad permissions, but thats because otherwise they would break.

The process is converting standard apps to Flatpaks, by actually implementing PORTALS. Portals are a special file manager that can open files outside the sandbox and symlink it to the flatpaks internal storage. So you can grant access only to needed files.

[–] [email protected] 4 points 1 year ago (1 children)

The benefit of using a seperate app instead of custom configured hardening is that (1) your hardening auto updates and (2) you're less prone to fingerprinting. Also it's easier.

[–] [email protected] 2 points 1 year ago

True. Thats why I currently use Librewolf. Not sure if my arkenfox script still works.

But Librewolf has some weird breakages, like Videocalls simply not working lol. Until I need that, I stick with it.

[–] [email protected] 7 points 1 year ago

I missed something like this since a similar project (Secbrowser by Kicksecure) got abandoned. All the security and privacy enhancements of Tor Browser, but without the Onion network. It also helps legitimize the Tor Browser/Mullvad Browser's fingerprint.

[–] [email protected] 5 points 1 year ago (1 children)

I hope someone forks this and creates an i2p browser, similar to the Tor browser.

[–] [email protected] 3 points 1 year ago

100% same here

[–] [email protected] 5 points 1 year ago

Have been a user of Mullvad. This looks really interesting!!

[–] [email protected] 2 points 1 year ago (1 children)

Do you need the Mullvad Extension for the sake of privacy?

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

It's all included. It's made for using it how it is - without installing AddOns. If you would need other addons you will just use another browser that offers that special usecase, but than with less privacy.

[–] [email protected] 1 points 1 year ago (1 children)

Follow-up question: Is installing the duckduckgo extension then still recommended?

[–] [email protected] 3 points 1 year ago

No. No other extension in Mullvad Browser. For other usecases besides of good privacy you should use a other browser.

[–] [email protected] 1 points 1 year ago (1 children)

How does it compare with LibreWolf ?

[–] [email protected] 4 points 1 year ago

Just do a Fingerprint Test:

coveryourtracks.eff.org

Is the other Browser better?

You will have less privacy due to fingerprinting and Mullvad-Browser has the advanced configurations that are in use for many years by TorProject. I never used LibreWolf but they described it as 'custom version of Firefox'. They integrated uBlockOrigin extension and if you add further extensions it will make you stand out.

[–] [email protected] 1 points 1 year ago (1 children)

I dont like that they also use private browsing. It sucks, is unnecessary, restricts extensions, containers and disabling it is fingerprintable

[–] [email protected] 2 points 1 year ago (1 children)

You can still use a other web browser for other special usecases. Mullvad Browser has focus on privacy.

[–] [email protected] 1 points 1 year ago (1 children)

Yes. And private Browsing is useless.

Okay, it seems its not clear what I mean.

The purpose of private browsing:

  • one switch, different UI for the "amnesia mode", LOCALLY
  • use any persons Computer (probably) or leave no data on a computer others can access
  • maybe leave no trace on your own computer
  • easily cleanup lots of things combined

But the thing is:

  • its useful, but only for this threat model
  • you can delete Cookies, Cache, DOM data, Session, Downloads using seperate switches, most of them GUI
  • private browsing is fingerprintable. If you want to only delete cookies, but with exceptions for sites you trust...
  • if you want to save the session, which is local, does not cache sites and is not fingerprintable...
  • you have to disable private browsing (which is fingerprintable! On a browser that has to ne exactly the same to fulfill its purpose!) And set the settings yourself, possible without GUI as this was deactivated.

I asked the Mullvad devs about this, but they dont care. Private browsing also restricts the browser, for example containers dont work, temporary containers for instant cookie cleaning for example. And it has no purpose! These can be individual settings, and simply enabling Session or reven downloads saving will NOT leak data to the web.

This "leave no trace locally" simply does not work for most people. Its your PC, you are the one accessing it. This keeps people away from the browser, even though Firefox with Arkenfox or Librewolf or Mull are perfectly usable, I use them daily.

[–] [email protected] 1 points 1 year ago (1 children)

And that's all totally fine. Mullvad is definitely going for the leave no trace local browsing people.

If you need to browser with persistence, you have the options that you outlined.

For people who want a daily driver with no persistence it's perfect

[–] [email protected] 1 points 1 year ago (1 children)

No it makes no sense... they could simply preset the settings:

  • delete cache
  • delete cookies
  • delelte downloads
  • delete session

And have the same thing, without the private browsing annoyance

[–] [email protected] 1 points 1 year ago (3 children)

But then the data would be written to disk, and then it would be deleted from disk, which would leave a trace.

I get this isn't your threat model. But for the people whose threat model it is then that's unacceptable.

Deleting data on disk does not actually remove the data. It's still persists especially on SSDs.

load more comments (3 replies)
load more comments
view more: next ›