Librefox, mainstream Firefox with a better privacy and security

Thomas Richardson
Thomas Richardson

This project aims at enforcing privacy and security of Firefox without forking the project.
Librefox uses more than 500 privacy/security/performance settings (gHacks and additional options), patches, Librefox-Addons (optional) and a cleaned bundle of Firefox (updater, crashreporter and Firefox's integrated addons that don't respect privacy are removed).

Updated Browser : because this project is not a fork, it is kept updated with the latest Firefox version.
Extensions Firewall : limit internet access for extensions (firewall-test-feature)
IJWY (I Just Want You To Shut Up) : embedded server links and other calling home functions are removed (zero unauthorized connection by default).
User Settings Update : gHacks/pyllyukko base is kept up to date.
Settings Protection : important settings are enforced/locked within mozilla.cfg and policies.json, those settings cannot be changed by addons/updates/Firefox or unwanted/accidental manipulation; To change those settings you can easily do it by editing mozilla.cfg and policies.json.
Librefox Addons : set of optional Librefox extensions
Statistics Disabled : telemetry and similar functions are disabled
Tested Settings : settings are performance aware
ESR and Tor version (Librefox TBB Beta)
Tor Librefox Addons : adapted Librefox extensions for TBB
Multi-platform (Windows/Linux/Mac/and soon Android)
Dark theme (classic and advanced)
Recommended and code reviewed addons list
Community-Driven
And much more...
github.com/intika/Librefox/

Thoughts?

Attached: ClipboardImage.png (41.11 KB, 964x512)
Attached: ClipboardImage.png (36.39 KB, 935x567)

Other urls found in this thread:

archive.fo/Djwrr
archive.fo/4TE4u
addons.mozilla.org/en-US/firefox/addon/browser-plugs-privacy-firewall/
web.archive.org/web/20181225151747/https://www.intika.be/
archive.fo/5bfR4
archive.fo/kPa2t
archive.fo/TSd1a
archive.fo/mXLFF
ffprofile.com/
github.com/jasperla/openbsd-wip/issues/86
satania.moe/
spyware.neocities.org/articles/brave.html
digdeeper.neocities.org/ghost/news.html
gitgud.io/odilitime/netrunner/
digdeeper.neocities.org/ghost/mozilla.html
github.com/tats/w3m/
youtube.com/watch?v=eQ2OZKitRwc
oxwugzccvk3dk6tj.onion
torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
w3.org/Submission/1996/1/WD-jsss-960822
developer.mozilla.org/en-US/docs/Web/API/Battery_Status_API
fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
bugzilla.mozilla.org/show_bug.cgi?id=1313580
groups.google.com/d/topic/mozilla.dev.platform/5U8NHoUY-1k/discussion

Dominic Clark
Dominic Clark

could be great base for TorBrowser

are there people stupid enough to browse web in clearnet?

Brody Davis
Brody Davis

STOP
ENOUGH
NO MORE BROWSER THREADS

Lucas Wilson
Lucas Wilson

How is this different from GNU icecat

Ethan Allen
Ethan Allen

Isn't this just icecat?

Benjamin Sullivan
Benjamin Sullivan

Yeah, normal people.

Ryder Bailey
Ryder Bailey

without forking the project.
Learn to read you bumb faggots

Kevin Cruz
Kevin Cruz

without forking
wew

Attached: gno.jpg (29.43 KB, 683x448)

Colton Sanchez
Colton Sanchez

another fucking firefox fork
Icecat and tor are the only forks that we need.

Jacob Wood
Jacob Wood

‍>90% of our computer use is spent in a browser. It's an important subject.

Brayden Cruz
Brayden Cruz

If you say so, FBI

Nolan King
Nolan King

This project aims at enforcing privacy and security of Firefox without forking the project.
Literally fucking botnet, they didn't disable CSS2 or the countless backdoors in the source.

Samuel White
Samuel White

countless backdoors
Give some examples, asshole.

Luke Torres
Luke Torres

I still want XUL, so I won't be switching. I would hope that projects like this would give mozilla a kick in the pants, to realize that people still care about privacy, but if they haven't noticed yet, I don't think anything will.
ESR and Tor version (Librefox TBB Beta)
This is more interesting. I saw anons on nanochan complain about tbbs defaults (eg noscript instead of umatrix). I wonder if it will be a good idea to use this instead or if you will be fingerprinted.

Carter Foster
Carter Foster

Mozilla doesn't give a fuck about users
Mozilla management is being bribed by (((them))) in order to sabotage browser and make all people migrate to (((Google Chrome))).

Logan Young
Logan Young

I did you giant retard I justed typoed it too. CSS3 is the backdoor you faggot. You can disable javascript, enable adblocks, enable all the about:config privacy settings, and block images. But unless you edit it directly out of the source code CSS3 has known vulnerabilities like this archive.fo/Djwrr , and this archive.fo/4TE4u making it fucking botnet. So don't use a browser like firefox 52+, chrome, or oprea's recent versions or their forks like librebrowser that include said exploits. Try palemoon 27 which doesn't have any of that botnet.

Alexander Price
Alexander Price

Using a pile of shit as a foundation is still using a pile of shit as a foundation.

Evan Long
Evan Long

Why didn't they just do this with fagmoon?

Matthew Morris
Matthew Morris

How are the performances?

Jason Wilson
Jason Wilson

Dark theme
BOTNET CONFIRMEDD

Nathan Bennett
Nathan Bennett

You were quicker than me OP.
Anyway, Mozilla has been ruining Firefox for far too long ... I'll support it however I can

Robert Clark
Robert Clark

Discard this comment.
Good links, thanks. I'll try to compile it out of Tor Browser...

Michael Baker
Michael Baker

They really should have... Mozilla has ruined the browser beyond repair.

Easton Gutierrez
Easton Gutierrez

no appimage
nah pass, i'll just use ungoogled chromium appimage inside firejail.

Luis Myers
Luis Myers

Iridium but with Firefucks instead of Chromium
Meh.

Attached: this-image-is-not-relevant.png (332.6 KB, 680x383)

Hudson Lopez
Hudson Lopez

the browser situation is important, everything is bad.

Anthony Evans
Anthony Evans

Microsoft github
SHA1
no pgp signature
CookieMaster
addons.mozilla.org/en-US/firefox/addon/browser-plugs-privacy-firewall/
µmatrix or µblock origin, when used correctly, does a better work.
license All Rights Reserved
Proprietary, botnet.
µmatrix or µblock origin, when used correctly, does a better work.
User Agent Platform Spoofer
Dead project and useless.
µmatrix when configured correctly does a better work.
First Party Isolation
Dangerous, better to use the "-ProfileManager" option.
This "librefox" is just bullshit.

Blake Taylor
Blake Taylor

Thanks, also:
This project aims at enforcing privacy and security of Firefox without forking the project.
And no uBlock Origin or uMatrix installed by default with sane defaults.

Evan Anderson
Evan Anderson

CookieMaster
µmatrix or µblock origin, when used correctly, does a better work.

Chase Barnes
Chase Barnes

ungoogled chromium
graphical firewalls and netstat shows a californian google IP
you had one job
/gas/

Jeremiah King
Jeremiah King

This.

Caleb Long
Caleb Long

Doesn't ungoogled chromium has issues like not updating extensions and not properly deleting local storage?

Dominic Bell
Dominic Bell

will it support windows 7?

David Parker
David Parker

Gecko engine is irredeemable, stop using it.

Alexander Foster
Alexander Foster

THE DEV OF THIS PROJECT IS A SHITSKIN
He began as an Android modder
web.archive.org/web/20181225151747/https://www.intika.be/

His kikehub account
archive.fo/5bfR4

He's also a contributor to ungoogled-chromium, then made his own custom build (only for x64 Linux)
archive.fo/kPa2t

He registered a domain last week for this project, his latest (he used it first for his newest email account which can be found at the second link)
archive.fo/TSd1a

THAT SHITSKIN STARTED SHILLING THIS ON LEDDIT A FEW DAYS AGO, WHICH LED TO OP CREATING THIS VERY THREAD AND GHACKS PUBLISHING AN ARTICLE ON THIS PROJECT THE NEXT DAY

Attached: intika.logo.png (45.15 KB, 320x272)

Aaron Torres
Aaron Torres

THAT SHITSKIN STARTED SHILLING THIS ON LEDDIT A FEW DAYS AGO, WHICH LED TO OP CREATING THIS VERY THREAD
I got from HN actually

David Reed
David Reed

Nice try, NSA.

Connor Phillips
Connor Phillips

Post an alternative if you're any better.

Jaxon Taylor
Jaxon Taylor

Ad hominem on Zig Forums

Jayden Smith
Jayden Smith

dillo

Hunter Sullivan
Hunter Sullivan

Does a good browser exist?

Isaac Clark
Isaac Clark

ungoogled-chromium

though it's still based on chromium - the real problem is the duopoly of google and mozilla

Asher Collins
Asher Collins

everything that isn't what I shill is FBI

Kayden Carter
Kayden Carter

Does it fix all the broken XUL add-ons? Or am I still stuck using Pale Moon?

Julian Murphy
Julian Murphy

Here's that Hacker Jews thread:
archive.fo/mXLFF
Shitskin has not only made more than one account there but also French is his first language.

No XUL support sorry so continue to enjoy furrybrowser

Why you didn't call out all the recent larping shit on this entire board?

William Cook
William Cook

Whats the point of this when GNU Icecat exists?

Grayson Nguyen
Grayson Nguyen

pyllyukko userscript
pylly = butt
ukko = old geezer

Caleb Walker
Caleb Walker

What about editing the omni.ja archives?

Jayden Morgan
Jayden Morgan

IJWY (I Just Want You To Shut Up) : embedded server links and other calling home functions are removed (zero unauthorized connection by default).
I just discovered that reading feature lists can induce erections.

Austin Gray
Austin Gray

it is kept updated with the latest Firefox version.
ESR

fuck off

Hunter Lopez
Hunter Lopez

If you insist on Firefox, just use ffprofile.
ffprofile.com/

But I do recommend other original browsers like netsurf and dillo.
They may not be suitable for all sites, but they work quite well for a lot.

Then you can have firefox as a fallback.

Ethan Foster
Ethan Foster

I hear nothing but buzzwords and placebo except for "telemetry and similar functions are disabled", which you can just do yourself.

Nicholas Jones
Nicholas Jones

Nice to see work being done.

James Bailey
James Bailey

Try palemoon 27
Fuck off you despicable furry faggot.
That project is pure cancer and everybody knows it.

Jordan Wright
Jordan Wright

I don't seen a problem here.
If anything, his contributions to ungoogled-chrome show that he is serious about his commitment.
What is your point, exactly?

Lucas Roberts
Lucas Roberts

Not the user you are responding, but... Then what better option that let you have good addons is then? I use Palemoon because is good enough, while letting me use Ublock (Not origins, too bad) and Noscript; And by being a browser that isnt too autisic, or restrictive. Any better alternative would be apreciated, but until then, I cant see why bother to go back to Firefox vanilla.

Joshua Brown
Joshua Brown

I can't supply any alternatives, just dislike the palemoon project immensely because of the personality cult and inflated ego these folks carry around:
github.com/jasperla/openbsd-wip/issues/86

David Gomez
David Gomez

See

Noah Long
Noah Long

Both of you can go straight to hell. The end product matters. The project does not, not unless you intend on contributing to it.

Firefox sucks because they turned their back on their core principles and turned into an also-ran Chrome clone. Palemoon, furfaggotry aside, is keeping the idea of a customizable browser for power users alive.

Jordan White
Jordan White

It really isn't hard to improve your situation, regardless of what browser you prefer. Read the guides on mitigating the issues on Pale Moon or Firefox (both can be immensely improved), otherwise look into Ungoogled-Chromium or Icecat. There are also a number of addons that people still don't know about - secret agent which spoofs just about anything that can be, decentraleyes, umatrix, to name a few. spyware.neocities.org is the place to go to learn a bit more about each browser, and digdeeper.neocities.org for other information.

Secondly, if you are using a single browser for all your needs, you don't really deserve any kind of privacy. Split up your habits, however unevenly, between different browsers and force yourself to stick to a regime. Only pure laziness defeats this system.

Hunter Lopez
Hunter Lopez

Waterfox is OK, better than palememe or firefox.

Josiah Mitchell
Josiah Mitchell

Waterfox is OK, better than palememe or firefox.
How is Waterfox better than Palemoon?

Ethan Garcia
Ethan Garcia

You do realize that Firefox is as customizable as always. The source code is open and ready for everybody to study how it works.

Logan Rogers
Logan Rogers

The source code is open and ready for everybody to study how it works

Attached: its-open-source-bro-just-check-the-source.png (13.98 KB, 334x414)

Leo Taylor
Leo Taylor

Learn the difference between the web rendering engine and the UI. The UI is still written in XUL. The UI code is a tiny fraction of the codebase when compared to the rendering engine.

Jordan Perez
Jordan Perez

CSS3
The main problem is with value selection of text boxes by CSS. Why is CSS alowed to do that?
It could be easily fixed or one could just load all images on load instead of making a request when it's changing.

William King
William King

Attribute selectors are cancer anyways and only used for styled checkboxes etc.
We can live without them.

Grayson James
Grayson James

fug I replied to myself

Zachary Russell
Zachary Russell

babys first attempt at defending open source

Mason Ramirez
Mason Ramirez

But unless you edit it directly out of the source code CSS3 has known vulnerabilities like this archive.fo/Djwrr
Is anyone surprised that this is caused by yet another C/C++ integer overflow bug, only a month after that systemd bug?

The flawed code was located in Mozilla's CSS parser and had a trivial bug: When allocating memory to store the font-face references, a 16-bit integer was used for the index. However, when the actual values were filled in, a 32-bit integer was used instead. This inconsistency led to an integer overflow when a stylesheet supplied an exessive number of external font references. Consequently, an attacker could write to unexpected memory locations and turn the index overflow into an arbitrary code execution exploit.
Errors like integer overflow and divide by zero used to be trapped by hardware, so there is only a slowdown when it actually happens, which is rare. Instead, C makes you manually slow down all your code just in case, and it can't even do it by checking the CPU's overflow flag because C's "portable" to shitty hardware like RISCs that have no overflow flag because they're designed for C and UNIX and C has no way to check an overflow flag ("at least the weenix unies know how to USE recursion!").

Since most of the Mozilla core is written in C++, there is no built-in overflow protection and developers are in charge of dealing securely with the memory. A browser written in Python would likely face very different types of vulnerabilities (and also be painfully slow).
Ada, PL/I, Burroughs Algol, BASIC, Lisp, and many other languages have integer overflow checking, array bounds checking, and the ability to handle and recover from the errors at run-time. In Ada, this bug would be caught at compile time because 16-bit and 32-bit integers are different types and they would probably use a user-defined type anyway.

and this archive.fo/4TE4u
Can't the browser download all these "images" when the page loads like said? The only downside is that sites that use this "technique" would be slower, but they're either using this hack or really shitty web design, so they deserve to be slow.

Why am I retraining myself in Ada? Because since 1979 I
have been trying to write reliable code in C. (Definition:
reliable code never gives wrong answers without an explicit
apology.) Trying and failing. I have been frustrated to
the screaming point by trying to write code that could
survive (some) run-time errors in other people's code linked
with it. I'd look wistfully at BSD's three-argument signal
handlers, which at least offered the possibility of provide
hardware specific recovery code in #ifdefs, but grit my
teeth and struggle on having to write code that would work
in System V as well.

There are times when I feel that clocks are running faster
but the calendar is running backwards. My first serious
programming was done in Burroughs B6700 Extended Algol. I
got used to the idea that if the hardware can't give you the
right answer, it complains, and your ON OVERFLOW statement
has a chance to do something else. That saved my bacon more
than once.

When I met C, it was obviously pathetic compared with the
_real_ languages I'd used, but heck, it ran on a 16-bit
machine, and it was better than 'as'. When the VAX came
out, I was very pleased: "the interrupt on integer overflow
bit is _just_ what I want". Then I was very disappointed:
"the wretched C system _has_ a signal for integer overflow
but makes sure it never happens even when it ought to".

The latest idea is to build machines (RISC machines with
register windows) which are designed specifically for C
programs and unix (just check out the original Berkeley RISC
papers if you don't believe me: it was a specific design
goal). Now, people tell me that the advantage of a Sun over
a Lisp machine is that it's a general-purpose machine ("Of
course it's general purpose." they say. "Why it even runs
unix.").

Hmm, well this example shows that at least the weenix unies
know how to USE recursion!

Isaiah Bailey
Isaiah Bailey

based

Adrian Morgan
Adrian Morgan

That's not how you spell "waterfox" user.

Austin Richardson
Austin Richardson

This isn't a fork. It's just a script to patch the original Firefox.

use (((palemoon)))
default homepage is literal datamining spyware
Kys

It's not as outdated and doesn't default to botnet webpages. But it's still placebo shit.

Andrew Kelly
Andrew Kelly

The only thing to defend is the accusation that Firefox doesn't cater to power users. This is false because the source code is available to all. All power users have complete control over what their version of Firefox will do.

Andrew Rogers
Andrew Rogers

I don't know how people can get riled up so much over what browser to use. One thing that is good with librefox is that you can randomize canvas fingerprints, blocks getbbox and textlength and provides font and glyph fingerprinting. Browser fingerprinting is the biggest privacy issue imho

Attached: 80074-1452456394.png (362.43 KB, 700x700)

Jacob Phillips
Jacob Phillips

i wan 2 fug sakurako

Anthony Jackson
Anthony Jackson

blaming the palememe devs for being rude
not blaming the openBSD devs for not reading the license, doing incredibly stupid shit regardless, and then acting defensive when called out on it
Seriously, using any library version but the ones specified is insanity, doing it silently to someone else's program borders on sabotage.
Completely unsurprising, given the kind of pettiness that is common in Linux land.

Cameron Cooper
Cameron Cooper

This comment has been minimized. Sign in to view
This comment has been minimized. Sign in to view
This comment has been minimized. Sign in to view
This comment has been minimized. Sign in to view
Fuck that whole site tbh.

Xavier Gonzalez
Xavier Gonzalez

I don't see that, both with JS on and off.

Lincoln King
Lincoln King

IRC*

Xavier Nguyen
Xavier Nguyen

tfw Cyberfox is dead

Attached: 5d17c241e1527df8e613eab4b93873b13bd9ae320bbcd301213a6ba1a167b865.jpg (2.06 MB, 1924x2092)

Sebastian Harris
Sebastian Harris

oh, you crashed your car, we dont sell our cars with brakes, you should attach them yourself, lol, you should be a mechanic, its available so its ok

The out-of-the-box users should get the best configuration for their privacy right away.

Brayden Price
Brayden Price

this tbh
SECURE BY DEFAULT

Jordan Rodriguez
Jordan Rodriguez

<WAAH WHY DID MY CAR BREAK WHEN I HIT IT WITH A HAMMER?
That isn't supposed to-
<WAAAH MUH SAFE BY DEFAULT, MUH RELIABLE BY DEFAULT, IT SHOULD HAVE MAGNETIC FIELDS THAT REPEL THE HAMMER

Michael Price
Michael Price

No need to create a new fork. There is Icecat allready.
I guess it's a new fake-privacy browser like Waterfox.

<WAAH WHY DID MY CAR BREAK WHEN I HIT IT WITH A HAMMER?

So firefox being spyware by default is the same for you as an user making an attempt to break the program? Nice.
Better install Windows and tinker a bit, so it'll be as safe and private as OpenBSD.

Web browsers and web (((standards))) are to bloated these days and it's too hard to maintain them easily. Imagine what would happen, if every program was insecure, spyware and bloated by default, but the source code would be available. Where is your hammer now?
Free software is a software that gives it's user control over it. If a software is too big for a human to understand and modify it easily, it can be thought as nonfree. Presence of the source code is not an excuse for program being spyware.

Elijah Rivera
Elijah Rivera

The issue is not even the privacy config per se, the unconfigurable stuff is much more annoying and so is the crippling of extensions.
openbsd flair
is retarded
Like pottery

Nolan Rogers
Nolan Rogers

^ user is buttmad he can't even into OpenBSD

Jason Rodriguez
Jason Rodriguez

It is not common for general software to be perfect to an individual's requirements at the first version. Software has to be custom designed to the user's requirements from the beginning of development. Otherwise, a new project can be made to modify the existing general software to become perfect to the user requirements. The source code means the user should change it whenever they choose. If a software is considered spyware, then it is the user's responsibility to change it so that the spyware functions are removed.

Nathan Sullivan
Nathan Sullivan

And change it I have. It would be nice if all that work helped more than one user. What the world needs is a good config tool that makes source patching modular and easy. Like greasemonkey with repos, anyone can submit their small patches and power users can choose to change a line or two if they like the code. Then all the autistic source hacking and firefox configs can add up to something.

Gabriel Hill
Gabriel Hill

Try palemoon 27
Enjoy no canvas fingerprint protection, unique window sizes and unique user agent

Andrew Wood
Andrew Wood

If a software is considered spyware, then it is the user's responsibility to change it so that the spyware functions are removed.
That does not excuse inserting spyware into your program.

Xavier Gray
Xavier Gray

It still exist? Firefox defaults to 64bits for a long time now

Ryder Ward
Ryder Ward

CSS3
You'd have to go back before Firefox 3.5 to not have css3 support

Canvas spoofing is built in and can be enabled by an about config setting disabled by default because constant calls to canvas will slow your browser and user agents are trivial to spoof, I'm spoofing mine now. Window sizes are potentially a problem but as far as I know they're only able to be grabbed through js so you're already fucked anyway. Hell, canvas is js anyway.

Adrian Walker
Adrian Walker

That does not excuse inserting spyware into your program.
This
Librefox has proprietary software inside it, it's per default settings aren't secure see post

Sebastian Price
Sebastian Price

are there people stupid enough to browse web in clearnet?
Yeah, they're called people who aren't larpers.

Ryder Foster
Ryder Foster

Of course not. However, if developers are not working directly for you, then you get whatever they choose to give to you - they have no legal obligation to do what you ask if you're not hiring them to work for you. As a power user, you can use that flawed version as a base for your ideal version of the program.

Nolan Hughes
Nolan Hughes

a fucking safety pin
official browser of le resistance?

Attached: 1538857877950.jpg (31.6 KB, 794x960)

Brandon Peterson
Brandon Peterson

they have no legal obligation
Depending on the case, they might very well have a legal obligation not to collect user data, see GDPR.
In any case, autistically discussing legality when the main concern is on the trustworthyness of the developers is a waste of time.

Juan Brown
Juan Brown

My case is about how today's Firefox doesn't cater to power users. I say this is false because the source code to Firefox is available. This is important because the source code is the ultimate way to change the behavior of what the software (Firefox) will do. Power users who do not like the limitations of the webextension system can choose to modify their version of Firefox to supersede webextension. Power users who believe that Firefox is spyware can choose to modify their version of Firefox to have no spyware. I repeat it once more, the source code is the ultimate way to control what the software is doing and it's all yours to control. You just have to choose to make that investment.

Nicholas Bennett
Nicholas Bennett

why should the user be expected to fix it for free?

Hunter Cox
Hunter Cox

My case is about how today's Firefox doesn't cater to power users. I say this is false because the source code to Firefox is available.
So, you're an idiot.
Power users being allowed to make do is not the same thing as power users being catered to, so your argument is nonsensical without even getting in the merit of it.

Josiah Harris
Josiah Harris

And then it's not firefox anymore. We're talking about the firefox released by mozilla, and that is evidently SPYWARE and ANTI-CONTROl.

Justin Rivera
Justin Rivera

I repeat it once more, the source code is the ultimate way to control what the software is doing and it's all yours to control.
Except that you also need millions of dollars and thousands of developers that Mozilla has to maintain the 2.5GB spaghetti code.

Kevin Taylor
Kevin Taylor

fixing bloatware when I can do better

does anyone still have the old opera sourcecode leak from before opera got pozzed?

Attached: 48ba5fdb1f75bee2fc541c231ea6e3ac5a2e76271fb41e724eda55d4b009a374.jpeg (41.92 KB, 700x635)

Christian Wood
Christian Wood

Everything you said is right, but reverse engineers are gods compared to a guy that just wants privacy out of the box, they have to be to survive in this world.

You don't seem to get it. Privacy is dead for 99.99% of the population, and the 0.01% left over can get pwned by Auto CTF AI systems soon. It's a numbers game now.

Justin Ward
Justin Ward

It's not GNU Icecat (but it could be modified and applied to GNU Icecat).

It's not a fork. It is an after-market modification of the user.js and other config files to make Firefucks Better.

upstream are ghacks-user.js and Pyllyukko's user.js

Although sceners like C*-K* say these mods are useless, I - as an active member of Librefox - think that making FF:

- NOT CALLNG HOME AT STARTUP
- NOT CALLING JEWGLE FOR UNNEDED SERVICES
- REDUCING NETWORK NOISE

Is a good think.

Joseph Young
Joseph Young

lol

all of three issues are covered, nice try BTW FIRECOCK

Carter Butler
Carter Butler

Firefox is going to be like windows 10

a barely hackable tool that goes worst everytime a new (((IMPROVED))) version gets released.

EXAMPLE: FIREFOX 65 WILL HAVE a connection service that:

- DNS queries mozilla.org
- HTTP queries a mozilla site that retrieves a fucking text file that reads: SUCCESS

This service is the same type of Windows NCSI or Network Connectivity Status Indicator. An uneeded bloat that opens your system to DNS Hijacking.

Ryan Perez
Ryan Perez

OOGA BOOGA THE SANDMAN SCARE

Julian Young
Julian Young

(((appimage))) Well Cum Nu Fag

Jack Moore
Jack Moore

security and privacy when applied to anything webshit related are just buzzwords...
if their slogan was "better UI" then I would have checked them out. you have to be completly oblivious with your dick shoved through your mouth out of your ear and into your ass to think firecuck has any concept of acceptable GUI design. remove that shit from and start from scratch if you're serious about making a browser

Carter Ward
Carter Ward

The fuck is wrong with you? Firefox is completely open source, unlike windows. Anything you dislike can be completely removed, and is probably removed by IceCat.

Angel Sanders
Angel Sanders

Apply this meme
no restore tabs option
bookmarks broken
To waterfox I return

Logan Anderson
Logan Anderson

how are bookmarks broken? They work fine for me

Easton Robinson
Easton Robinson

I don't know man once I applied the patch as they write in (there) github page
Bookmarks were broken and that option to restore tabs disappeared

Christopher Phillips
Christopher Phillips

Cut the bloat out. Also, a small to medium amount of people in (((mozilla))) are (((diversity officers))), and so completely useless. Thus, removable.
You can still have privacy.

Zachary Scott
Zachary Scott

IceCat doesn't run on Windows 10 Enterprise.

Lucas Powell
Lucas Powell

restore tabs is gone intentionally because of privacy reasons. It's the same reason why some people set their browser to never remember history.

Don't know why your bookmarks failed though

Carter Roberts
Carter Roberts

Why isn't Brave getting mentioned?

Since I started something, might as well tell me your version of why it's bad...

Attached: 320px-Brave-logo.svg.png (11.14 KB, 320x101)

Jose Powell
Jose Powell

It was made by the kike who invented Javascript which is the source of NEARLY ALL BROWSER SECURITY ISSUES IN EXISTENCE.
Why would I use his copy paste Chrome?

Cooper Kelly
Cooper Kelly

How 'bout this?

Attached: bravedonations.png (95.85 KB, 625x579)

Ryan Evans
Ryan Evans

can pocket and other bloat be disabled at compile time?

Attached: 1492506416566.jpg (312.74 KB, 612x716)

Aiden King
Aiden King

Satania is justice because she is cute! Satania is the best waifu ever!

satania.moe/

John Bennett
John Bennett

How 'bout this?

Attached: 2019-02-17-11-44-22-Tweets-with-replies-by-Tom-Scott-(@tomscott)---Twitter.png (41.6 KB, 582x441)

Hunter Sanchez
Hunter Sanchez

pwned by

There is nothing wrong with Brave. OpenNMS hasn't shown a single weird connection coming from it. Not even degoogled chromium can brag about that.

Attached: DrCSaWnWoAI4rrl.jpg (107.94 KB, 960x960)

Luis Thompson
Luis Thompson

No pwning has been done. It doesn't matter if they fixed the issue - it shouldn't have been there in the first place. Also, try this: spyware.neocities.org/articles/brave.html and especially this: digdeeper.neocities.org/ghost/news.html (scroll down to "Facebook and Twitter trackers whitelisted by Brave Browser")

Sebastian Bennett
Sebastian Bennett

stop shilling your crappy neocities blogs

Luke Gray
Luke Gray

stop shilling for malicious browser brave

Lincoln Jackson
Lincoln Jackson

So... are there any good browsers out there? Like netsurf but more compatible?

Eli Flores
Eli Flores

otter browser maybe

Adrian Gray
Adrian Gray

So... are there any good browsers out there?
No.
lynx, links, w3m (I think w3m is unmaintained?), eww, suckless surf, netsurf, qutebrowser and uzbl (yeah, no) are the only browsers in existence that aren't full of pozz but they aren't usable if you require compatibility. You are pretty much forced to either use Firefox or Chromium. btw, is moonrunner (or whatever it was) still around? (I am talking about that browser that some anons started to make)

Attached: 1543949082.png (339.34 KB, 656x435)

Jaxson Wright
Jaxson Wright

you mean netrunner? it appears to be dead gitgud.io/odilitime/netrunner/

Easton Russell
Easton Russell

this entire thread has been complaining about how shit firefox has become and how retarded mozilla is.
I understand they've made some dumb decisions like cliqz, mr. robot shit, pocket, etc. but if you compile the browser yourself these decisions don't matter.
Has mozilla fucked up the browser in any ways at all? I can definitely agree on pocket being a major fuckup, but apart from that can't really think of many issues.

Lucas Jackson
Lucas Jackson

For examples on how fucked the mozzila firefox codebase is look at palemoon 28+'s git changelog, which is a hardfork of firefox 52 ESR. Theres hundreds of commits just removing telemetry of which they still haven't finished. Not to mention the bug fixes and other shit related to preferences and design.

If you want a compatible with the modern web and mostly unpozzed browser use palemoon 27's codebase which is just a fork of firefox 27 with huge amounts of bugfixes and other nice stuff for javascript compatibility with the newer javascript bullshit, which you can turn off.

If you want a browser that's not shit there is not one, as by definition a browser is shit due to supporting javascript. Best way to browse the web is with a html parser and program to display it along with custom plugins for javascript heavy websites to take the website and convert it to static html for viewing.

Brayden Wilson
Brayden Wilson

odilidud
kek!

Brandon Harris
Brandon Harris

you have to fix the web first. then you can fix the browsers.

Thomas Torres
Thomas Torres

unless you can remove all of this: digdeeper.neocities.org/ghost/mozilla.html (and that's impossible) then compiling does nothing

Brandon Smith
Brandon Smith

So can u faggots actually link something that's good? Palemoon is meme tier

Attached: .jpg (875.13 KB, 1395x2160)

Jason Evans
Jason Evans

icecat and ungoogled-chromium

Gavin Bennett
Gavin Bennett

Does it bring back XUL extensions support or is this just another piece of shit?

Dominic Johnson
Dominic Johnson

seriously wanting the unmaintainable and undocumented mess that is XUL and XBL

Matthew Johnson
Matthew Johnson

You sound like you'd unironically enjoy a browser called Google Chrome.

Jason Nguyen
Jason Nguyen

Some of this information is great, but the rest is just flat out autistic paranoia.

Cooper Powell
Cooper Powell

stop shilling your nigger tier blog
haha if you want actual answers your a normie lol
There's no point to saying everything sucks

Robert Garcia
Robert Garcia

[code]nigger test

Lucas Perez
Lucas Perez

nigger test

Asher Hughes
Asher Hughes

nigger test

Nolan Hill
Nolan Hill

Not even with Windows Services for Linux or whatever it's called?

Ryder Jackson
Ryder Jackson

I Just Want You To Shut Up

wow that implies domestic violence against WOMYN we better CoC this project up

Benjamin Price
Benjamin Price

Plot fallacy to make you use white screens and have your eyes damaged so you can't see (((them))) when they are glowing.

Attached: (1).jpg (51.23 KB, 640x512)

Jonathan Taylor
Jonathan Taylor

<All these anons shilling for cromium
Wasn't it still connected to google even with the modifications?

Yeah palemoon 27 is an acceptable choice for now it is as customizable as firefox was when it was still useful

Samuel Miller
Samuel Miller

(we) can track you by the way your writing style.

By the way you post.

By what websites you visit.

Sentence and paragraph structure, Spacing,vocabulary,puncuation, political bent,sense of humor or lack of it, use of pictures and memes for propaganda, your typos, etc.

An internet users' "style" can be analysed and traced across the internet.

If you have ever posted even once anywhere and left a trace of Where your IP address can be found,you've been uncovered and the kept on file.

Tracking you by Canvas (Browser) fingerprinting is another tool we use.

It's an incredibly accurate method of identifying unique browsers and tracking online activity.

Combinations of the following hardware/software are often unique:

Browser

Active plugins

Timezone

Language

Screen resolution

Operating system

Graphics card

Graphics card driver

Installed client fonts…..etc

Only 1 in 486,777 other browsers will share the same fingerprint as another user.

Using an incognito mode on your browser won’t stop this tracking technique either, as the canvas script and system/browser information is still shared.

Techniques such as Deactivation of your JavaScript, or using addons such as Canvas blocker or Adbock hav been circumvented by us.

All this intel is stored in the IABIS.

The Integrated Automated Browser Identification System (IABIS) is a massive database that stores Browser signatures(finger prints) of Billions of internet users.

These browser 'fingerprints' are collected for 'analysis' purposes.

The system is modeled on the Integrated Automated Fingerprint Identification System (IAFIS), since this model is so efficent at identifying.

Tor is compromised but is still the safest, but we are still actively created new Tor exit nodes that we control for MitM attacks

But even Tor can't hide Your "internet style".

We have a profile of you and you can be IDed.

The vast majority of you are just not worth tracking 24/7…yet.

Camden Peterson
Camden Peterson

nice LARP faggot

Austin Butler
Austin Butler

(I think w3m is unmaintained?)
It was already a complete project by then but the author dropped it and debian took over with a fork. Everyone uses the debian fork at github.com/tats/w3m/ , I don't know about other distros, but in gentoo for instance it's the version in their repos.

The fork happened 6 years ago and looking at the last 2 years of commits they're all documentation updates and bugfixes, so I don't think the dykes at Debian will nigger up the project.

I use w3m on a regular basis and recommend it.

Nathan Ross
Nathan Ross

bypassing canvas element blocker when you can compile out canvas
not taking the individual imperfections of the soundcard's crystal timer via the fingerprintable soundcard driver to get a 1:1 match of a computer's hardware component for tracking
not doing the above with other hardware
Look at this larper. He's a faggot.

Parker Diaz
Parker Diaz

modeling a system on IAFIS when fingerprinting is pseudoscience
modeling a system on the basis of imperfections which can be easily faked/incorrectly transmitted due to hardware lacking thorough enough measures or software fucking up by generalizing the measures to get a bullshit reading in the end that matches over 9,000 other fingerprints.

Oliver Garcia
Oliver Garcia

everything that you listed can be changed easily.

Cameron Hall
Cameron Hall

Disabling JavaScript eliminates 90% of this.

Canvas
Timezone
Language
Screen resolution
Active plugins
Operating system
Graphics card
Graphics card driver
Installed client fonts
All hidden by default on TorB and can be hidden in Firefox without any addons.
Browser
Can be masked by Firefox to send the ESR version number. Masked by default on TorB.

Techniques such as Deactivation of your JavaScript, or using addons such as Canvas blocker or Adbock hav been circumvented by us.
False. CSS can be used for tracking but it's not as good as js. Any non-interactive website can't get any information.

the way you post.
websites you visit.
The only legit threats here. First one can be faked, there's software for it. 2nd can be circumvented by using multiple tor identities.

Hudson Ortiz
Hudson Ortiz

I'm using librefox patches but it seems that it I can't even change the default settings after.
Wtf. I'm going to run a connection log next time to see if this is really doing it's job otherwise I'll remove it ASAP

Elijah James
Elijah James

youtube.com/watch?v=eQ2OZKitRwc

Kayden Baker
Kayden Baker

This is actually true. LEA can't actually arrest you or follow your IP without an order, I mean they will but they can't use it in court so they actually have to gather your internet vocabulary.
Never post in the darkweb.

Nathaniel Sullivan
Nathaniel Sullivan

Can someone just rip Gecko out of Firefox? You know, how we can use Webkit/Blink without Chrome?

Attached: 1309973852002.png (32.43 KB, 344x326)

Joseph Miller
Joseph Miller

It is completely reverse. I always post dark web or .onion address websites. And I almost never post on surface web.

I also post on Zig Forums only on oxwugzccvk3dk6tj.onion

Camden Bennett
Camden Bennett

If you want to help the .onion cause, go over to /sudo/ and tell codemonkey to fix the images being hosted on the clearnet. Images actually were hosted on a .onion but then for some reason I forgot they all go to media.8ch.net now. THE MAIN BENEFIT OF A .ONION IS NOT USING EXITS (and 6 hops) THE MAIN BENEFIT OF AN IMAGEBOARD IS IMAGES REEEEEE

Jonathan Clark
Jonathan Clark

You do know you can manually adjust how many hops tor makes in the source code for tor right? Just change it to 6 or over 9000, compile and install, and it just werkz tm but with more latency because more hops.

Cooper Morales
Cooper Morales

I wonder whether if doing that creates yet another fingerprint. You know, while every other request on Tor network gets delivered without much latency, this particular client right here sure takes its time to send data back and forth.

Jaxon Evans
Jaxon Evans

There's an easy solution to that, pad your data. So that it always looks like an arbitrary number of packets are going across the line even if those packets are filled with 0's or randombullshit. Like always transfer whatever the max number of packet size is you are going to transfer. If you are downloading html files at 100MB a second for the max packet size then pad for that size. If you are downloading javascript at 200kb a second for the max packet size then pad for that size.

That way you always look like you are transfering at the same latency. Even if your real latency is like over 9000ms or some shit like that. Only the sender and the reciever should get to know that anyways, not some rouge node.

Oliver Jackson
Oliver Jackson

Librefox
Nice meme.

WebKit and Blink suck.

Ethan Mitchell
Ethan Mitchell

Turning off JavaScript can be detected, that's why Tor Browser keeps it enabled.

Ayden Bennett
Ayden Bennett

There's no point in detecting that. It gives you no information.

It's hard to take the guy seriously when he has no idea what he's talking about.

Logan Watson
Logan Watson

Not really. They leave it on so normies won't get scared off when they can't browse their favorite websites that refuse to work without JavaScript.

Robert Wood
Robert Wood

Yes it can taken out of older firefox versions. But with newer versions it is very integrated. I'm sure there's a project out there ripping it out in some form from an older version.

Tyler Stewart
Tyler Stewart

torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
There's a tradeoff here. On the one hand, we should leave JavaScript enabled by default so websites work the way users expect. On the other hand, we should disable JavaScript by default to better protect against browser vulnerabilities ( not just a theoretical concern!). But there's a third issue: websites can easily determine whether you have allowed JavaScript for them, and if you disable JavaScript by default but then allow a few websites to run scripts (the way most people use NoScript), then your choice of whitelisted websites acts as a sort of cookie that makes you recognizable (and distinguishable), thus harming your anonymity.

Parker Hall
Parker Hall

It doesn't harm anonymity and whoever thinks it does is retarded. Removing js literally stops sites from finding out your hardware and software info as well as your mouse and keyboard interactions, plus it prevents malicious js from loading and stops 3rd party scripts and secondary scripts from executing. There is 0 benefit from enabling js. Stop spreading misinformation.

Kayden Fisher
Kayden Fisher

the guy only states historical facts
he's sincere that he doesn't know much on opsec but he's learning
faggot on Zig Forums says that he doesn't know what he's talking about without pointing out the problem
Next time you post fallacies like that please to a minute per minute resume of what he said and argument it.

It doesn't harm anonymity and whoever thinks it does is retarded
Learn Boolean algebra before stating that again.

Ryan Rodriguez
Ryan Rodriguez

Learn Boolean algebra before stating that again.
Are you fucking dumb?
what information do you learn when a user has js disabled
that he has js disabled
literally nothing else
the rest of the browser fingerprint is non-unique
you're literally just another unknown person with js disabled

what do you learn with js enabled
anything you want
you can ACTUALLY fingerprint the person
plus, you can exploit most 0-days easily

Dylan Russell
Dylan Russell

accusing the Tor developers of misinformation

Colton Parker
Colton Parker

there should be a way to enable limited javascript support that would just make the styling of webpages work but not support anything else. normal webpages will never use 99% of the things that is currently supported but glowniggers can use them for bad things because most people have full js enabled even tho they dont ever need most of it.

Asher Torres
Asher Torres

It's puzzling why has no one created an extension to block SPECIFIC JAVASCRIPT INSTRUCTIONS - the ones that spy on you.

Mason Wilson
Mason Wilson

implying the line is that clear
You can spy on people with styling, for example by figuring out window size.

Matthew Baker
Matthew Baker

styling
JSSS is fortunately not a thing, Anons.

w3.org/Submission/1996/1/WD-jsss-960822

Never forget that Internet Explorer's victory over Netscape was good in hindsight.

Nolan Butler
Nolan Butler

only absolute trash sites require js, especially if it's for fucking styling which is THE WHOLE POINT OF CSS. Why would you use js for something when CSS can do it?

uMatrix is the next best thing.

The fact that they still didn't add uBlockOrigin and replace noscript with uMatrix tells me that they literally don't give a shit about users.

Robert Rogers
Robert Rogers

only absolute trash sites require js
Invisible ReCAPTCHA

Carson Jones
Carson Jones

can you make those menus with css tho? many sites use them for things and they wont work without js. even this site does many small but useful things with js(like the post popup when you put the cursor on a quoted id and quick reply) but it does "work" without it too if you can live without some features

Brayden Lee
Brayden Lee

Tell me why do we need sites to know our battery level?

Attached: js-battery.png (12.35 KB, 344x174)

Jonathan King
Jonathan King

using Chrome

Gabriel Hernandez
Gabriel Hernandez

firefox has it too

Attached: b.png (5.43 KB, 815x80)

Henry Scott
Henry Scott

Yes, but Firefox doesn't expose it to the WWW.

developer.mozilla.org/en-US/docs/Web/API/Battery_Status_API

Levi Lewis
Levi Lewis

ADDITIONAL LINKS

fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/

bugzilla.mozilla.org/show_bug.cgi?id=1313580

groups.google.com/d/topic/mozilla.dev.platform/5U8NHoUY-1k/discussion

Brandon Garcia
Brandon Garcia

Are you going to shill for FF now? It's pointless.

Attached: js-decibels.png (2 KB, 261x52)

Joshua Lopez
Joshua Lopez

shill
Nice meme.

Zachary Walker
Zachary Walker

No, he's absolutely shilling. "Look, the bad guy Chrome has these spying APIs but the privacy-respecting Firefox doesn't!". Even though they are both as bad as each other.

Luke Hill
Luke Hill

That's not what was stated.

Jonathan Turner
Jonathan Turner

So why did he link to the FF links? Regardless, we're switching the topic - which was that specific javascript instructions spy on you - and we should be able to disable them.

Christian Bennett
Christian Bennett

I posted the links to substantiate my claim. You then went on to post something unrelated to the Battery Status API.

Ian Cox
Ian Cox

wew. i hope that no one listens to these people. something like wifi signal strength would be even better for fingerprinting than battery levels

Attached: asd.png (65.81 KB, 1039x359)

Sebastian Ramirez
Sebastian Ramirez

Tell me, why do you reply without reading?
"The line is not clear" does not mean there are no obviously bad APIs.

Joshua Long
Joshua Long

Why do YOU reply without reading (even your own stuff) ? If there are "obviously bad APIs" then disabling them is the right privacy choice. And the fact that you can still spy on someone through window size or whatever is irrelevant.

Gavin Thomas
Gavin Thomas

If there are "obviously bad APIs" then disabling them is the right privacy choice.
And firefox already did that, in that case.
And the fact that you can still spy on someone through window size or whatever is irrelevant.
No it's not, because it means your project is doomed from the start.

Hudson Clark
Hudson Clark

No it's not, because it means your project is doomed from the start.
Do you even know how fingerprinting works? One issue is not enough to fingerprint someone uniquely.

Holy shit, Zig Forums is really tech illiterate...

Evan Reed
Evan Reed

One issue is not enough to fingerprint someone uniquely.
You forgot that the disabled APIs would be a fingerprint on their own, and you seriously underestimate how much shit adds to fingerprinting while being necessary for non-malicious pages.
Talk about ignorance, huh?

Elijah Young
Elijah Young

Okay then, let's not block trackers at all because blocking them is a fingerprint on its own...

As this guy mentioned, they get much more data from the actual javascript functions than any hypothetical fingerprint.

Elijah Adams
Elijah Adams

quotes a random user as authority on the topic
said user's opinion goes against that of the biggest anonymity focused project on earth
not a single source to back up such a bold position, of course
Lol

Jack Mitchell
Jack Mitchell

Are you really dumb enough to believe that ENABLING JAVASCRIPT makes you MORE RESISTANT TO FINGERPRINTING? How fucking stupid can you be?

Bentley Morgan
Bentley Morgan

And dillo?

Nathaniel Roberts
Nathaniel Roberts

Don't mind this guy.
He's a fucking winfag and too dumb to know. Maybe he's just butthurt as a node.js developer or a VS pro
not a single source
ipleak.net
site hasn't even been updated for a long time.
You probably loved the movie 'The Social Network'. You wouldn't ever want to know what facebook.net or google syndication does **not to mention both companies hire hackers and continue to datamine and collect data and interconnect metadata as much as possible.
Want source? Look it up yourself and if you can't then fuck off into nothingness you useless critical theorist. Data scientists exist for a reason.

Cameron Scott
Cameron Scott

You're either a baiter or redditor and a larper but YOU are correct at what you said.
Algorithms can be run through walls of texts to find similarities with round-robin methods, lots of algorithms are applied to these and most of these mathematical algos haven't been linked to any datamining if you look up wikipedia but that is because companies like to monopolize their methods.
Now I won't be naming those algorithms and laws for the sake of not letting the average glower have a headstart.
Back then, we super users used to do leet speak which is 1337 with 7 being the L not 1.
Leet speak bypassed indexer/spiders and bot/tracking but it isn't widely used today.
The only way to bypass the language tracking is to use milspeak like Q or be able to write several languages.
IABIS
Sounds like larp but you're probably right or they will use your cool acronym though spy agencies tend to use cool sounding terms like TWILIGHTVEGETABLE.
Well that's quite easy. I don't even bet the internet users are around a billion considering the old aged, children population, poor and tech literacy. There may be redundancies but people can't opsec and will use one browser or 1-3 unopsecd Operating Systems in their lifetime.
mentioning tor
Not a chance. Tor is rigged but the internet style is true and I'll probably work on it.
GPU card/driver
Yeah that shit is rigged too so it's either use open source drivers expecting it's not rigged or use no GPU at all.
Timezone
Always use China or India.
*note to mod: if the image attached is not applicable for this board, just delete the file

Attached: 55b301cf1bc821629c101f97a2451c396bb38f69b3b9a58cadc4125939b4ef19.png (321.82 KB, 800x1184)

Camden Perry
Camden Perry

Nice samefag

Blake James
Blake James

Alright so you already made 2 statements without backing them up. Show us the proof that we're samefags and make or send us a site which will show my """unique""" identity while I'm using tor.

Luis Lee
Luis Lee

what's the best vimperator alternative for the webextensions firefox?

Attached: Confused-snek.png (463.89 KB, 948x720)

Carson Collins
Carson Collins

lewding gabriel
how could you do this?

Kevin Thompson
Kevin Thompson

how can you lewd anything
Rule 34 of the internet
if it exists, there is porn of it no exceptions
There's porn of commas and what they suppose God looks like for fucks sake. I have images turned off but whatever it is, why are you suprised there is porn of it. granted the porn of God is wholly inaccurate and never could be accurate for various reasons.

Wyatt Bennett
Wyatt Bennett

We're male, so we want to rape this little girl!