BROWSERS

Marcus Holtz on Web Browser Privacy

Last updated 2024-04-27

You are free to use this work, with certain restrictions.

For full licensing information, please see the last slide/page.

Last updated 2024-04-23

I have the slides exported as a video and hosted on Nextcloud, if anyone wanted the material for the talk with an added soundtrack:

VIDEO AVAILABLE

Visit Url above

https://is.gd/browserprivacyvideo

Last updated 2024-04-27

Slides are available.

(Video recommended)

Visit Url above

https://is.gd/browserprivacyslides

SLIDES AVAILABLE

1. Privacy

a. Privacy?

b. Is there a problem?

2. Browsers

a. What does a browser do when opened?

b. Other browsers available

3. Privacy tricks

a. Privacy through obscurity

b. Anonymity through obfuscation

4. Firefox modifications

a. Absolute obscurity with Tor

b. Manual hardening Firefox

5. Custom Firefox

a. Betterfox / Floorp

b. Arkenfox / LibreWolf c. Multi-Account Containers d. Temporary Containers

6. Brave

a. Brave excels in obscurity

b. Optional Brave settings

7. Search Engines

a. Ecosia is fantastic

b. Example searches incl.

8. TL;DR

Florp is to Firefox what Brave is to Chrome

Table of Contents

Who?

I am just a guy. I do not develop a browser.

This is just me, giving my experiences to you.

Why?

Are some browsers good? Are some browsers bad?

Nope.

Browsers are not a moral quandary.

This talk most specifically is about the omnipresent tracking that occurs on the world wide web, with the web being primarily contained to your web browser.

Please do keep in mind, this talk is specific to the web browser.

Tracking occurs in tandem, outside of the web browser.

So, how to begin this conversation?

Asking for a friend, why would any individual care about their online privacy?

Is this different than security?

Both keep me safe, right?

Privacy – What are you talking about?

Well, what is privacy?

Privacy and securitysame thing?

Avast* as a company is not focused on privacy, they care about security which a lot of the time is not the same.

*multinational cybersecurity software company

What about all the other software I use?

Sorry, you’re right. You’re just as buggered there too.

Here are a few resources for more information about telemetry in applications:

https://github.com/beatcracker/toptout

https://github.com/pluja/awesome-privacy

https://codeberg.org/teaserbot-labs/delightful-humane-design

The goal of this talk is to put you in control. Understand what data is collected by the tools you use and decide if you want to share it. Then use methods provided here to opt-in or opt-out.

Browsers – What Do Browsers Say When They Are Opened?

Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

Let’s start with…

Opening the application

What happens regarding our privacy if we simply …

Open the application.

Visit our favorite website.

Browsers – What Do Browsers Say When They Are Opened?

Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

The start page for Chrome is displayed and a batch of network connections are made, inspection of the content of these connections indicates a device id value is sent in a call to accounts.google.com

The URL is now pasted (not typed) into the browser top bar. This generates a request to www.google.com/complete/search with the URL details passed as a parameter.

Also two identifier-like quantities (psi and sugkey). The sugkey value is likely an identifier tied to Chrome itself rather than particular instances of it. The psi value behaves differently however and changes between fresh restarts, it therefore can act as an identifier of an instance of Chrome.

This behavior is reproducible across multiple fresh installs and indicates that user browsing history is by default communicated to Google.

The browser was then closed and reopened. Amongst the connections are some requests that contain data that appear to be persistent identifiers.

One is a request to accounts.google.com/ListAccounts which transmits a cookie that was set during the call to accounts.google.com on initial startup, this cookie acts as a persistent identifier of the browser instance and since is set by the server changing values can potentially be linked together by the server.

Google Chrome

Browsers – What Do Browsers Say When They Are Opened?

Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

During startup Firefox three identifiers are transmitted to Mozilla: impression id and client id values are sent to incoming.telemetry.mozilla.org, a uaid value sent to Firefox by push.services.mozilla.com via a web socket and echoed back in subsequent web socket messages sent to push.services.mozilla.com

These three values change between fresh installs of Firefox but persist across browser restarts.

Once startup was complete, the URL was pasted into the browser top bar.

This generates no extraneous connections.

The browser was then closed and reopened. Closure results in transmission of data to incoming.telemetry.mozilla.org by a helper ping sender process.

In summary, there appear to be a four identifiers used in the communication with push.services.mozilla.com and incoming.telemetry.mozilla.org, these values also persists across browser restarts.

Mozilla Firefox

Browsers – What Do Browsers Say When They Are Opened?

Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

During startup no persistent identifiers are transmitted by Brave.

Calls to go-updater.brave.com contain a sessionid value, similarly to calls to update.googleapis.com in Chrome, but with Brave this value changes between requests.

Coarse telemetry is transmitted by Brave, and is sent without any identifiers attached.

Once startup was complete, the URL was pasted into the browser top bar.

This generates no extraneous connections.

The browser was then closed and reopened. No data is transmitted on close.

On reopen a subset of the initial startup connections are made but once again no persistent identifiers are transmitted.

In summary, we do not find Brave making any use of identifiers allowing tracking by backend servers of IP address over time, and no sharing of the details of web pages visited with backend servers.

Brave

Browsers – What about _______ browser?

• Pale Moon – uses Goanna instead of Mozilla's Quantum. This makes it a single-process application.

• GNU IceCat – includes additional security features and the GNU LibreJS plugin.

• SeaMonkey – 2006 fork of Firefox, maintaining the XUL plugin architecture.

• Librewolf – modern Firefox fork with modified defaults.

• Brave – Chromium based browser with ad blocking on default.

• Microsoft Edge – Cross platform Chromium based browser.

• Opera – Owned by the communist people’s republic of China.

• Vivaldi – Poweruser and feature rich Chromium based web browser.

• ungoogled-chromium – removing Google components, blobs, and dependency on Google web services.

Source: https://privacytests.org

What about mobile browsers?

Sorry, that’s a whole other bag.

Here’s a resource for more information: https://madaidans-insecurities.github.io

https://www.theverge.com/2024/2/26/24083511/apple-eu-investigation-web-app-support

https://www.fastcompany.com/91024985/spyware-companies-helping-governments-hack-their-citizens

Browsers – Google Chrome Manifest V3

Why not discuss Chrome or Chromium as a privacy friendly browser?

Pre-stable Canary builds currently slated for June 2024, Manifest V3, Google Chrome’s API will no longer allow Manifest V2 extensions.

This means total changes to the world's most popular web browser.

Your favorite extensions may stop working at any time.

Google has a stronghold on the web formats that everyone uses.

Let’s discuss Firefox, it’s derivatives, and Brave as alternatives to Chrome.

Source: https://developer.chrome.com/docs/extensions/develop/migrate/mv2-deprecation-timeline

During this talk you will be given tools to mitigate the

omnipresent tracking that occurs on the world wide web.

Browsers – Alternative Browsers to Chromium

Web Browsing Guide for better Privacy,Locking Down Desktop Browsers :

Firefox forks Gecko based browsers

Brave Chromium based browser

•Many derivatives available

•Different threat models

•Out-of-box or fully custom

•

•Easiest to setup and go

•Mostly Chrome compatible

•Comes with QoL improvements

•

I heard this company or that company had this or that person do a certain thing that may or may not have made a change to the way I use the software currently or in the future.

Browsers – Critiques

Why should I use this browser or that?

Firefox - Gecko based browser

Brave – Chromium based browser

Firefox is run by the The Mozilla Foundation (stylized as moz://a), created in 1998 by the release of the Netscape browser suite source code. Initially released in 2002.

Brave is run by the University of Illinois graduate, Brendan Eich, that helped develop Netscape Navigator in 1995, and was CEO of Mozilla for a period.

Brave browser is decreasing revenue from website owners and then asking for them to claim it back in the form of a cryptocurrency token.

Brave has redirected website addresses so that they can insert their own affiliate code.

Brave homepage ads are not opt in.

Currently, Brave has new VC funding, so no idea the direction they’ll take it.

FF is run by the Mozilla foundation, they get 80% of their profits from Google search referrals. This means Google has control of their largest competitor.

Mozilla has become too politically motivated.

Firefox lacks the speed, performance, and compatibility of a chromium based browser.

Mozilla spends too much on their CEO’s salary.

What can I do to prevent my data from being leaked across the browsable internet?

Browsers – What privacy tricks can be used?

What?

Browsers – Privacy Techniques

Privacy through obscurity

Anonymity through

obfuscation

•Change as little as possible, only add what is needed.

•Blend in as much as you can.

•Avoid fingerprinting.

•Overwhelm the signal with noise.

•Blends anonymity with intervention.

•Confuses trackers as to one's real interests.

Privacy – Firefox: not great at obscurity

Privacy through obscurity

All of the different add-ons one can install and preference modifications made to Firefox are inputs that can potentially be used to identify and track you.

Herein lies the catch-22:

Considering the default settings of Firefox are not the best choice for a privacy respecting browser. The more browser add-ons you install and settings you modify, the more likely you will stand out from the crowd and be easier to track.

*RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED * RECOMMENDED *RECOMMENDED

uBlock Origin ✔ ⭐ Setup your blocking mode ⭐ Enable AdGuard URL Tracking Protection

⭐ Import Actually Legitimate URL Shortener Tool

Smart Referer ✔

Skip Redirect ✔

CanvasBlocker ✔

So what addons do I use with Brave?

Privacy – Brave … Privacy through obscurity

NONE

Use Brave as a vanilla browser...Install and done.Try to avoid adding more - it differentiates you. Use the same install as thousands of other users.

“Brave includes two types of fingerprinting protections,

(i) blocking, removing or modifying APIs, to make

Brave instances look as similar as possible, and (ii)

randomizing values from APIs, to prevent cross

session and site linking (e.g. making Brave instances

look different to websites each time).”

“Most tools try to make as many browsers look identical

as possible … Brave’s system for protecting users

against fingerprinting works differently. Instead of

trying to make Brave users look identical …, Brave

tries to make you look as different as possible, for each

website, for each session. This prevents browsers from

identifying you when you visit other sites, or when you

return to the same site in the future.”

Source: https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections

Privacy – Brave privacy through obscurity

Privacy – Ad profile obfuscation

Anonymity through obfuscation

Suppose you check-out (3) books from the library, two on gardening, one on woodworking. The librarian knows something about your interests. The Facebook 'like' button works the same way.

Suppose instead you took out every book in the library, and only read the ones you are interested in. The librarian (or anyone with access to the library's records) now cannot tell which books you read, or if you read any of them.

There's no opting out of the surveillance, but there is a way to resist it, to deny those doing the surveillance any meaningful, valuable, or direct data points.

Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf

Privacy – Ad profile obfuscation

Explaining anonymity through obfuscation

Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf

Think of it like this - the tracking companies have some information about you – maybe you have a Facebook account, a store card, public records, some unblocked ads on your mobile device, the few trackers that made it past your blockers, etc.

That information is valuable - companies collect it into data products which they sell on the basis of having some predictive power.

Not giving them more information is what you're trying to do now. You can't get them to forget what they already know about you from various data markets and aggregators. These trade hugely diverse sources of information. Did you register to vote, do you live somewhere with high property values, did your smartphone pass a sensor on a trash can, when, etc.

Suppose you gave them a ton of useless information instead. Accurate data points about you are now drowned in noise. They can filter the noise, but the confidence interval goes down. The value of the data product is diminished. Maybe they also filter out some accurate thing they had gleaned about you.

You go from clicking two ads a year to thousands a day. Completely useless new data points every day which they have to store, clean, process, exclude, etc.

It would be cheaper to just exclude you from the data product, you bring the average accuracy of their profiles down and cause them work.

Privacy – Firefox install AdNauseam

Anonymity through obfuscation with ….

Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf

AdNauseam 👀

(https://addons.mozilla.org/en-US/firefox/addon/adnauseam)

AdNauseam not only blocks ads, it obfuscates browsing data to resist tracking by ads.

To throw ad networks off your trail AdNauseam “clicks” blocked and hidden ads, polluting your data profile and injecting noise into the economic system that drives online surveillance.

The interactive AdVault allows you to visualize and explore the ads that AdNauseam has captured.

On Firefox, you can install AdNauseam with the extensions store in browser.

Note: Firefox’s built in protections wont play well with AdNauseam: disable ‘privacy.trackingprotection.enabled’ in about:config

You need to 'Load unpacked' in Developer mode inside the extensions folder.

THEN, and only then, can you use:

https://github.com/dhowe/AdNauseam/wiki/Install-AdNauseam-on-Chromium-based-browsers

Privacy – Brave install AdNauseam (not from Google Chrome web store)

Google has banned AdNauseam from its web store. Follow these instructions to install it anyway.

Download the latest adnauseam.chromium.zip file from releases in AdNauseam’s GitHub. (https://github.com/dhowe/AdNauseam)

Extract the zip file to a folder where it can remain after install.

Warning: Do not delete this folder after install or the extension will be disabled

Privacy – Brave browser install AdNauseam

•In the Chrome menu, click Windows > Extensions -- or type chrome://extensions/ in the address bar.

•Make sure the 'Developer Mode' checkbox is ticked

•Click 'Load unpacked extension' and go to the folder from step 2. Make sure you select the folder with the name 'adnauseam.chromium' (without a version number)

Privacy – Using AdNauseam

CONGRATULATIONS!

You have successfully installed AdNauseam on both Firefox and Brave.

You can find the FAQ here.

(https://github.com/dhowe/AdNauseam/wiki/FAQ)

Quick guide on the interface and the per site switches.

(https://github.com/gorhill/uBlock/wiki/Per-site-switches)

Browsers – Specialty privacy browsers

WHERE?

Where can you still use the internet like it was your own, with your productivity plugins, lack of malware, spam, generally more bearable,and we can still enjoy all of the privacy comforts just discussed….

With a custom version of Firefox.

If you’d like a browser custom to your needs -- you may be building a custom browser.

Fix Firefox – Firefox obscurity flaws

The default settings of Firefox are not the best choice for a privacy respecting browser.

Many projects prefer to fork Firefox for their needs, for example…Best in Class Obscurity: Tor Browser

And if we have to change it, we might as well make it custom to fit our needs.

Firefox is a customizable browser, & optionally can be fingerprinted, but a custom browser can provide an overall improved browsing experience.