Video on media.ccc.de

If Firefox is now considered a bad choice based on what the new CEO said, what do you think of Ladybird’s leader?

https://drewdevault.com/2025/09/24/2025-09-24-Cloudflare-and-fascists.html (relevant section about halfway through)

Off the top of my head, no. What I do remember is that I couldn’t use Librewolf as my daily browser because I had trouble using every other website. Might be an exaggeration, and it could have been due to other factors, not just resisting fingerprinting.

I’ve just come across this article: https://kevinboone.me/fingerprinting.html

The author describes the situation pretty well:

you enable fingerprinting resistance in Firefox, or use Librewolf, you’ll immediately encounter oddities. Most obviously, every time you open a new browser window, it will be the same size. Resizing the window may have odd results, as the browser will try to constrain certain screen elements to common size multiples. In addition, you won’t be able to change the theme.

You’ll probably find yourself facing more ‘CAPTCHA’ and similar identity challenges, because your browser will be unknown to the server. Websites don’t do this out of spite: hacking and fraud are rife on the Internet, and the operators of web-based services are rightly paranoid about client behaviour.

You’ll likely find that some websites just don’t work properly, in many small ways: wrong colours, misplaced text, that kind of thing. I’ve found these issues to be irritations rather than show-stoppers, but you might discover otherwise.

It could be done on the browser level (maybe it’s something browsers like LibreWolf do), however, it would break sites that require the fingerprints to be the same for “security reasons” which may or may not be a legitimate claim.

You could say “well, I’m not going to use that particular website then”, but the problem is that there are less and less websites that don’t require these technologies to function properly.

In case you are willing to use the beta version of the app: if I remember correctly it’s available in beta.

I’m no expert either, but I think the section mentioned above allows Nebula and the advertising companies to do a lot more than just collecting info about whether you visited the sign-up page or not.

To me it looks like they do just that:

Interest-Based Advertising. We may work with third-party advertising companies and social media companies to help us advertise our business and to display ads for our products and services. These companies may use cookies and similar technologies to collect information about you (including the online activity information and device information described above in the section called “Personal Information Automatically Collected”) over time across our Services and other websites and services or your interaction with our emails, and use that information to serve ads that they think will interest you. In addition, some of these companies may use hashed customer lists that we share with them to deliver ads to you and to similar users on their platforms.

One can only undefined

I completely agree, I guess what they call “privacy win” is that this feature can now work without storing data on Google (highlighted by me):

Based on Google’s email, it seems the company will allow Gemini to access messages, WhatsApp, and control device system settings without requiring that you enable the Gemini Apps Activity setting for your account. This setting saves your Gemini history to your Google account, potentially allowing for better personalization.

Previously, if you had this setting disabled for your Google account, you weren’t able to use the Messages, Phone, Utilities, or WhatsApp extensions in Gemini (via 9to5Google). Once this change rolls out to your account, you will be able to access these features without having to save your Gemini history on Google’s servers.

When they say

potentially allowing for better personalization

they sound like the companies trying to sell you these features without mentioning the privacy implications of said features. :/

I blocked Microsoft in WhatsApp and they reverted back to sending SMS messages. However, this won’t help if you (like me) I refuse to install Microsoft apps on your phone.

Children with stupid names should be allowed to change their parents’ names!

👍

I think it depends on which community (instance) you’re trying to post. Some instances are blocking VPNs, e.g. lemmy.world. I assume you’ve already tried but try switching to a different VPN server.

Lemmy. world blocks VPNs - https://lemmy.world/post/12979118

It’s not a backdoor, it just enabled Firefox’s remote debugging tool by default

Just? I’m sorry but that’s just a terrible mistake to make, especially for a browser that people use to surf the world wild web. I don’t know if you’ve ever used a remote debugger (I do), but depending on the debugger, it can be a very powerful tool, you can do a lot of things with it. I don’t think calling it a backdoor is a massive exaggeration. I don’t doubt the developer’s good intention, but this issue shouldn’t be dismissed as an insignificant issue.

To add insult to the injury, it didn’t even prompt the user for it.

Zen is as secure as firefox is.

Unless you tweak the default Firefox settings in the code base, e.g. https://github.com/zen-browser/desktop/blob/dev/src/browser/app/profile/zen-browser.js#L258 (allow unsigned extensions by default).

I agree, it also has some serious security issues: https://github.com/zen-browser/desktop/pull/927

The developer’s comment reveals that it has been there since the inception of the project. And there are even more privacy / security issues mentioned in the comments.

Unfortunately Zen browser gets a big fat no from me. 🫤

Exactly. Also, there was a post a few days ago about google secretly installing an app on Android phones, something to do with automatically blurring nsfw images in messages. Who knows what else it is capable of, or if there’s software on our phones that won’t show up anywhere (list of apps, running processes, etc.).

Interesting times…

I agree with using open source software, but the source code of said chat apps is just one part of the equation.

AFAIK cryptography implementation relies on the operating system / firmware the app is running on (they tend to be closed source). Most implementations rely on random generators provided be the operating system. Doesn’t really matter how good the encryption implementation is in the chat app if the software it relies on is compromised - see book I recommended above (The hacker and the state).

I suspect it’s the latter one. The book titled “The Hacker and the State” goes into detail about how it can be done (or may have been done in the past). A fascinating read for anyone interested in the subject.

Obsidian asks for the permission upon first launch, but if you don’t give it access it won’t work at all (it’s a required permission for the app).

you can use an android firewall to block Internet access from the app

True, however, AFAIK if your phone is not rooted, you can’t have a firewall and VPN running at the same time (the firewalls I’ve seen must be configured as VPN).

not the privileges that obsidian has

Also true, although Obsidian has access to that shared storage, and therefore, Obsidian being closed source, you have no way of knowing what they do with the files other apps create in that storage directory. I’m not saying they are acting maliciously, but I don’t like this approach (software vulnerabilities, supply chain attacks, etc.). The devs recognized the issue in another thread, but there’s no solution to the problem as of yet.