BROWSERS
Marcus Holtz on Web Browser Privacy
© 2024 Marcus Holtz
Last updated 2024-04-27
You are free to use this work, with certain restrictions.
For full licensing information, please see the last slide/page.
© 2024 Marcus Holtz
Last updated 2024-04-23
I have the slides exported as a video and hosted on Nextcloud, if anyone wanted the material for the talk with an added soundtrack:
  VIDEO AVAILABLE
Visit Url above
 
https://is.gd/browserprivacyvideo
© 2024 Marcus Holtz
Last updated 2024-04-27
Slides are available.
 (Video recommended)
Visit Url above
 
https://is.gd/browserprivacyslides
  SLIDES AVAILABLE
1. Privacy
  a. Privacy?
  b. Is there a problem?
2. Browsers
  a. What does a browser do   when opened?
  b. Other browsers available
3. Privacy tricks
  a. Privacy through   obscurity
  b. Anonymity through   obfuscation
4. Firefox modifications
  a. Absolute obscurity with Tor
  b. Manual hardening Firefox
5. Custom Firefox
  a. Betterfox / Floorp
  b. Arkenfox / LibreWolf  c. Multi-Account Containers  d. Temporary Containers
6. Brave
  a. Brave excels in obscurity
  b. Optional Brave settings
7. Search Engines
  a. Ecosia is fantastic
  b. Example searches incl.
8. TL;DR
 Florp is to Firefox  what  Brave is to Chrome
Table of Contents
Who?
I am just a guy. I do not develop a browser.
This is just me, giving my experiences to you.
Why?
Are some browsers good? Are some browsers bad?
Nope.
Browsers are not a moral quandary.
This talk most specifically is about the omnipresent tracking that occurs on the world wide web, with the web being primarily contained to your web browser.
Please do keep in mind, this talk is specific to the web browser.
Tracking occurs in tandem, outside of the web browser.
 
So, how to begin this conversation?
Asking for a friend, why would any individual care about their online privacy?
Is this different than security?
Both keep me safe, right?
 
Privacy – What are you talking about?
Well, what is privacy?
Privacy and securitysame thing?
Avast* as a company is not focused on privacy, they care about security which a lot of the time is not the same.
*multinational cybersecurity software company
What about all the other software I use?
Sorry, you’re right. You’re just as buggered there too.
Here are a few resources for more information about telemetry in applications:
https://github.com/beatcracker/toptout
https://github.com/pluja/awesome-privacy
https://codeberg.org/teaserbot-labs/delightful-humane-design
 
The goal of this talk is to put you in control. Understand what data is collected by the tools you use and decide if you want to share it. Then use methods provided here to opt-in or opt-out.
 
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Let’s start with…
Opening the application
What happens regarding our privacy if we simply …
 
Open the application.
 
Visit our favorite website.
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
The start page for Chrome is displayed and a batch of network connections are made, inspection of the content of these connections indicates a device id value is sent in a call to accounts.google.com
 
The URL is now pasted (not typed) into the browser top bar. This generates a request to www.google.com/complete/search with the URL details passed as a parameter.
Also two identifier-like quantities (psi and sugkey). The sugkey value is likely an identifier tied to Chrome itself rather than particular instances of it. The psi value behaves differently however and changes between fresh restarts, it therefore can act as an identifier of an instance of Chrome.
 
This behavior is reproducible across multiple fresh installs and indicates that user browsing history is by default communicated to Google.
 
The browser was then closed and reopened. Amongst the connections are some requests that contain data that appear to be persistent identifiers.
One is a request to accounts.google.com/ListAccounts which transmits a cookie that was set during the call to accounts.google.com on initial startup, this cookie acts as a persistent identifier of the browser instance and since is set by the server changing values can potentially be linked together by the server.
 
Google Chrome
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
During startup Firefox three identifiers are transmitted to Mozilla: impression id and client id values are sent to incoming.telemetry.mozilla.org, a uaid value sent to Firefox by push.services.mozilla.com via a web socket and echoed back in subsequent web socket messages sent to push.services.mozilla.com
These three values change between fresh installs of Firefox but persist across browser restarts.
 
Once startup was complete, the URL was pasted into the browser top bar.
This generates no extraneous connections.
 
 
The browser was then closed and reopened. Closure results in transmission of data to incoming.telemetry.mozilla.org by a helper ping sender process.
 
 
In summary, there appear to be a four identifiers used in the communication with push.services.mozilla.com and incoming.telemetry.mozilla.org, these values also persists across browser restarts.
Mozilla Firefox
Browsers – What Do Browsers Say When They Are Opened?
Source: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
During startup no persistent identifiers are transmitted by Brave.
Calls to go-updater.brave.com contain a sessionid value, similarly to calls to update.googleapis.com in Chrome, but with Brave this value changes between requests
Coarse telemetry is transmitted by Brave, and is sent without any identifiers attached.
 
Once startup was complete, the URL was pasted into the browser top bar.
This generates no extraneous connections.
 
The browser was then closed and reopened. No data is transmitted on close.
On reopen a subset of the initial startup connections are made but once again no persistent identifiers are transmitted.
 
In summary, we do not find Brave making any use of identifiers allowing tracking by backend servers of IP address over time, and no sharing of the details of web pages visited with backend servers.
Brave
Browsers – What about _______ browser?
• Pale Moon – uses Goanna instead of Mozilla's Quantum. This makes it a single-process application.
• GNU IceCat – includes additional security features and the GNU LibreJS plugin.
• SeaMonkey – 2006 fork of Firefox, maintaining the XUL plugin architecture.
• Librewolf – modern Firefox fork with modified defaults.
• Brave – Chromium based browser with ad blocking on default.
• Microsoft Edge – Cross platform Chromium based browser.
• Opera – Owned by the communist people’s republic of China.
• Vivaldi – Poweruser and feature rich Chromium based web browser.
• ungoogled-chromium – removing Google components, blobs, and dependency on Google web services.
Source: https://privacytests.org
What about mobile browsers?
Sorry, that’s a whole other bag.
Here’s a resource for more information: https://madaidans-insecurities.github.io
https://www.theverge.com/2024/2/26/24083511/apple-eu-investigation-web-app-support
https://www.fastcompany.com/91024985/spyware-companies-helping-governments-hack-their-citizens
Browsers – Google Chrome Manifest V3
Why not discuss Chrome or Chromium as a privacy friendly browser?
Pre-stable Canary builds currently slated for June 2024, Manifest V3, Google Chrome’s API will no longer allow Manifest V2 extensions.
This means total changes to the world's most popular web browser.
Your favorite extensions may stop working at any time.
Google has a stronghold on the web formats that everyone uses.
Let’s discuss Firefox, it’s derivatives, and Brave as alternatives to Chrome.
Source: https://developer.chrome.com/docs/extensions/develop/migrate/mv2-deprecation-timeline
During this talk you will be given tools to mitigate the
omnipresent tracking that occurs on the world wide web.
Browsers – Alternative Browsers to Chromium
Web Browsing Guide for better Privacy,Locking Down Desktop Browsers :
Firefox forks Gecko based browsers
Brave Chromium based browser
Many derivatives available
Different threat models
Out-of-box or fully custom
 
Easiest to setup and go
Mostly Chrome compatible
Comes with QoL improvements
 
 
I heard this company or that company had this or that person do a certain thing that may or may not have made a change to the way I use the software currently or in the future.
Browsers – Critiques
Why should I use this browser or that?
Firefox - Gecko based browser
Brave – Chromium based browser
Firefox is run by the The Mozilla Foundation (stylized as moz://a), created in 1998 by the release of the Netscape browser suite source code. Initially released in 2002.
Brave is run by the University of Illinois graduate, Brendan Eich, that helped develop Netscape Navigator in 1995, and was CEO of Mozilla for a period.
Brave browser is decreasing revenue from website owners and then asking for them to claim it back in the form of a cryptocurrency token.
Brave has redirected website addresses so that they can insert their own affiliate code.
Brave homepage ads are not opt in.
Currently, Brave has new VC funding, so no idea the direction they’ll take it.
FF is run by the Mozilla foundation, they get 80% of their profits from Google search referrals. This means Google has control of their largest competitor.
Mozilla has become too politically motivated.
Firefox lacks the speed, performance, and compatibility of a chromium based browser.
Mozilla spends too much on their CEO’s salary.
What can I do to prevent my data from being leaked across the browsable internet?
Browsers – What privacy tricks can be used?
What?
Browsers – Privacy Techniques
Privacy through  obscurity
Anonymity through
 obfuscation
Change as little as possible, only add what is needed.
Blend in as much as you can.
Avoid fingerprinting.
Overwhelm the signal with noise.
Blends anonymity with intervention.
Confuses trackers as to one's real interests.
Privacy – Firefox: not great at obscurity
Privacy through obscurity
All of the different add-ons one can install and preference modifications made to Firefox are inputs that can potentially be used to identify and track you.
 
Herein lies the catch-22
Considering the default settings of Firefox are not the best choice for a privacy respecting browser. The more browser add-ons you install and settings you modify, the more likely you will stand out from the crowd and be easier to track.
 *RECOMMENDED   * RECOMMENDED  * RECOMMENDED   * RECOMMENDED  RECOMMENDED  * RECOMMENDED   * RECOMMENDED  *RECOMMENDED
uBlock Origin ✔    ⭐ Setup your blocking mode  ⭐ Enable AdGuard URL Tracking Protection
  ⭐ Import Actually Legitimate URL Shortener Tool
Smart Referer 
Skip Redirect 
CanvasBlocker 
  So what addons do I use with Brave?
Privacy – Brave … Privacy through obscurity
 
NONE
 
Use Brave as a vanilla browser...Install and done.Try to avoid adding more - it differentiates you. Use the same install as thousands of other users.
“Brave includes two types of fingerprinting protections,
(i) blocking, removing or modifying APIs, to make
Brave instances look as similar as possible, and (ii)
randomizing values from APIs, to prevent cross
session and site linking (e.g. making Brave instances
look different to websites each time).”
“Most tools try to make as many browsers look identical
as possible … Brave’s system for protecting users
against fingerprinting works differently. Instead of
trying to make Brave users look identical …, Brave
tries to make you look as different as possible, for each
website, for each session. This prevents browsers from
identifying you when you visit other sites, or when you
return to the same site in the future.”
Source: https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
Privacy – Brave privacy through obscurity
Privacy – Ad profile obfuscation
Anonymity through obfuscation
Suppose you check-out (3) books from the library, two on gardening, one on woodworking. The librarian knows something about your interests. The Facebook 'like' button works the same way.
 
Suppose instead you took out every book in the library, and only read the ones you are interested in. The librarian (or anyone with access to the library's records) now cannot tell which books you read, or if you read any of them.
 
There's no opting out of the surveillance, but there is a way to resist it, to deny those doing the surveillance any meaningful, valuable, or direct data points.
Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf
Privacy – Ad profile obfuscation
Explaining anonymity through obfuscation
Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf
Think of it like this - the tracking companies have some information about you – maybe you have a Facebook account, a store card, public records, some unblocked ads on your mobile device, the few trackers that made it past your blockers, etc.
That information is valuable - companies collect it into data products which they sell on the basis of having some predictive power.
 
Not giving them more information is what you're trying to do now. You can't get them to forget what they already know about you from various data markets and aggregators. These trade hugely diverse sources of information. Did you register to vote, do you live somewhere with high property values, did your smartphone pass a sensor on a trash can, when, etc.
 
Suppose you gave them a ton of useless information instead. Accurate data points about you are now drowned in noise. They can filter the noise, but the confidence interval goes down. The value of the data product is diminished. Maybe they also filter out some accurate thing they had gleaned about you.
 
You go from clicking two ads a year to thousands a day. Completely useless new data points every day which they have to store, clean, process, exclude, etc.
It would be cheaper to just exclude you from the data product, you bring the average accuracy of their profiles down and cause them work.
Privacy – Firefox install AdNauseam
Anonymity through obfuscation with ….
Source: http://ceur-ws.org/Vol-1873/IWPE17_paper_23.pdf
AdNauseam 👀
(https://addons.mozilla.org/en-US/firefox/addon/adnauseam
AdNauseam not only blocks ads, it obfuscates browsing data to resist tracking by ads.
To throw ad networks off your trail AdNauseam “clicks” blocked and hidden ads, polluting your data profile and injecting noise into the economic system that drives online surveillance.
 
The interactive AdVault allows you to visualize and explore the ads that AdNauseam has captured.
On Firefox, you can install AdNauseam with the extensions store in browser.
Note: Firefox’s built in protections wont play well with AdNauseam:  disable ‘privacy.trackingprotection.enabled’ in about:config
You need to 'Load unpacked' in Developer mode inside the extensions folder.
THEN, and only then, can you use:
 
https://github.com/dhowe/AdNauseam/wiki/Install-AdNauseam-on-Chromium-based-browsers
 
Privacy – Brave install AdNauseam (not from Google Chrome web store)
Google has banned AdNauseam from its web store. Follow these instructions to install it anyway.
Download the latest adnauseam.chromium.zip file from releases in AdNauseam’s GitHub. (https://github.com/dhowe/AdNauseam)
 
Extract the zip file to a folder where it can remain after install.
 Warning: Do not delete this folder after install or the extension will be disabled
 
 
Privacy – Brave browser install AdNauseam
2
1
In the Chrome menu, click Windows > Extensions -- or type chrome://extensions/ in the address bar.
Make sure the 'Developer Mode' checkbox is ticked
Click 'Load unpacked extension' and go to the folder from step 2.  Make sure you select the folder with the name 'adnauseam.chromium' (without a version number)
Privacy – Using AdNauseam
CONGRATULATIONS!
You have successfully installed AdNauseam on both Firefox and Brave.
 
You can find the FAQ here
(https://github.com/dhowe/AdNauseam/wiki/FAQ)
 
Quick guide on the interface and the per site switches
(https://github.com/gorhill/uBlock/wiki/Per-site-switches)
 
 
Browsers – Specialty privacy browsers
WHERE?
Where can you still use the internet like it was your own, with your productivity plugins, lack of malware, spam, generally more bearable,and we can still enjoy all of the privacy comforts just discussed….
With a custom version of Firefox.
If you’d like a browser custom to your needs -- you may be building a custom browser.
Fix Firefox – Firefox obscurity flaws
The default settings of Firefox are not the best choice for a privacy respecting browser.
Many projects prefer to fork Firefox for their needs, for example…Best in Class Obscurity: Tor Browser
And if we have to change it, we might as well make it custom to fit our needs.
Firefox is a customizable browser, & optionally can be fingerprinted, but a custom browser can provide an overall improved browsing experience.
Fix Firefox – Tor: gold standard for obscurity
Tor Browser uses the Tor network to protect your privacy and anonymity. Using the Tor network has two main properties:
 
Your internet service provider, and anyone watching your connection locally, will not be able to track your internet activity, including the names and addresses of the websites you visit.
 
The operators of the websites and services that you use, and anyone watching them, will see a connection coming from the Tor network instead of your real Internet (IP) address, and will not know who you are unless you explicitly identify yourself.
 
In addition, Tor Browser is designed to prevent websites from "fingerprinting" or identifying you based on your browser configuration.
Developed in 1996 to protect U.S. intelligence communication online, onion routing is a technique for anonymous communication over a computer network.
Fix Firefox – Tor: gold standard for obscurity
Tor Browser provides access to The Onion Router network.
Tor Browser tries to give the same fingerprint to everyone. 
Especially at higher security levels where JavaScript is partially or completely disabled.
Tor has quick access to the ‘disable JavaScript’ feature. The little shield Icon will let you select your Security level. (https://tb-manual.torproject.org/security-settings)
  Standard (the default):
  - All features are enabled (including JavaScript)
 
  Safer:
  - JavaScript is disabled on non-HTTPS websites
  - Some fonts and symbols are disabled
  - Any media playback is “click to play” (disabled by default)
 
  Safest:
  - Javascript is disabled everywhere
  - Some fonts and symbols are disabled
  - Any media playback is “click to play” (disabled by default)
 
 
Fix Firefox – Firefox flaws
Tor doesn’t leave much room for customization.How can we customize Firefox to meet our privacy goals?
 
There are many choices, the two we will be discussing today:
 
Manual, by hand
Use someone else’s work
Leslie Bolling – famous American wood whittler at work
The default settings of Firefox are not the best choice to be a privacy respecting browser. We can manually modify them to meet our needs.
Use Firefox Profilemaker to adjust the settings. (https://ffprofile.com)
 
An alternative is to download the hardened Arkenfox's user.js – Place this in your Firefox's user.js directory and it’ll fix your browser so everything wont load correctly anymore and settings aren’t the defaults you’re used to. (https://github.com/arkenfox/user.js)
 
Or try the different settings on the fly with the Privacy Settings plugin in the toolbar. (https://addons.mozilla.org/en-US/firefox/addon/privacy-settings)
 
You can also do it manually (but even that author archived his tutorial in favor of arkenfox)(https://chrisx.xyz/blog/yet-another-firefox-hardening-guide)
 
Fix Firefox – Firefox Hardening
Fix Firefox – Firefox Manual Hardening
Custom Browser – Firefox forks… is it that easy?
A BETTER WAY
Custom Browser – Introducing a few Firefox forks
Today we’re going to cover two different projects that both seek to enhance the privacy of Mozilla’s Firefox browser.
Customizations stem from the user.js file
Betterfox
Arkenfox
Browsers have been built around each of these projects
Offer different variants for different needs
As much privacy as possible
Privacy without the breakage
(https://github.com/yokoffing/Betterfox)
(https://github.com/arkenfox/user.js)
Custom Browser – Librewolf fork uses arkenfox user.js
Akenfox requires some customization to remove some of the stricter features you may not want.
These features will help you be more private, but you probably don't want them, as they can be breaking. The Wiki page is required reading. Go to the overrides [common] to make fixes to breaking stuff.
Arkenfox is basically what LibreWolf is built on. LibreWolf also includes some changes like default DuckDuckGo and uBlockOrigin.
LibreWolf also lets you add checkboxes to a lot of the deeper Arkenfox settings that break a lot of websites. It also includes the help to these settings, so you can understand what you're doing.
Librewolf has an overrides file. If you have your own custom settings you dont have to worry about updates overwriting your config.
Lots of quality of life improvements overtime.Do the benefits out weigh the pain? You decide.
 
Custom Browser – Firefox forks user.js
Betterfox – This is what you want to pick if you don't want to deal with anything being weird, or websites breaking. Arkenfox is the upstream project for Betterfox.
Betterfox is included in Floorp, with several variations.
 
Floorp is based on the ESR release of Firefox, meaning Floorp is updated atleast every 4 weeks.
 
Any settings that are commented out in user.js come with examples. If you dig through the config you will find details to everything.
 
You may not be aware of all the settings out there, and a set like this will help you discover them.
 
Most of the preferences in this will reduce footprint, and disable some features that could be footguns, but at the same time disable some optimizations that aim to reduce cognitive load on users.
 
Floorp’s GitHub page has "common overwrites“ for more information.
Source: https://jm42.github.io/compare-user.js
Custom Browser – user.js … what’s the difference?
A total comparison between the different user.js files can be found here:
Looking at all the differences between these two projects can take some time. There are over 400 different changes made, each affecting the performance, security, workflow, privacy, and settings.
Custom Browser –
Japanese built, Floorp
Custom Browser –
Based on Mozilla Firefox. Made in Japan.
Uncertain future: Floorp was built by a tiny team in Japan with one primary developer
Floorp key features:
 
Strong Tracking Protection: Floorp offers robust tracking protection, safeguarding users from malicious tracking and fingerprinting on the web.
 
Flexible Layout: Customize Floorp's layout to your heart's content, including moving the tab bar, hiding the title bar, and more for a personalized browsing experience.
 
Switchable Design: Choose from five distinct designs for the Floorp interface, and even switch between OS-specific designs for a unique look
 
Regular Updates: Based on Firefox ESR, Floorp receives updates every four weeks, ensuring up-to-date security even before Firefox's releases.
 
No User Tracking: Floorp prioritizes user privacy by abstaining from collecting personal information, tracking users, or selling user data, with no affiliations with advertising companies.
 
Dual Sidebar: Floorp features a versatile built-in sidebar for webpanels and browsing tools, making it perfect for multitasking and quick access to bookmarks, history, and websites.
 
Flexible Toolbar & Tab Bar: Customize your browser with Tree Style Tabs, vertical tabs, and bookmark bar modifications, catering to both beginners and experts in customization.
Custom Browser – Floorp - Homepage
 
Custom Browser – Floorp - user.js settings
Custom Browser – Floorp - user.js customizations
Floorp Defaults - By default, Floorp includes a robust tracking blocker, protecting users from a variety of malicious trackers lurking on the web. Additionally, it provides fingerprinting protection.
Securefox - Provide sensible security, privacy, and protect user data.
Default - All the essentials. None of the breakage.
Fastfox – Priority: speedy browsing. Increase Firefox's browsing speed.
Peskyfox - Remove annoyances & provide a clean, distraction-free browsing experience.
Smoothfox – Better scrolling with Microsoft Edge-like smooth scrolling.
Custom Browser – Floorp - Betterfox explained
 
Custom Browser – Floorp - Tab bar style
 
Custom Browser – Floorp - Tab bar modified
Addon Used: https://addons.mozilla.org/en-US/firefox/addon/sidebery
Custom Browser – Floorp - Vertical tabs in action
Custom Browser – Firefox - Firefox no vertical tabs
Addon Used: https://addons.mozilla.org/en-US/firefox/addon/sidebery
 
 
Custom Browser – Floorp - Browser sidebar
Custom Browser – Floorp - Quick Site Sidebar
 
Custom Browser – Floorp - Multiple Workspaces
 
Custom Browser – Floorp - Switching Workspaces
 
Custom Browser – Floorp - Finance Workspace
 
Custom Browser – Floorp - Progressive Web Apps
 
Custom Browser – Floorp - Installing PWAs
 
 
Custom Browser – Floorp - Using PWAs
 
Ta-da!You can now:close your browser and minimize your newprogressive web app
Custom Browser – Floorp - PWA Open
Custom Browser –
Firefox with
thosedesign 
gains.
Source: https://github.com/black7375/Firefox-UI-Fix
(all the same project)
Firefox-UI-FixProton FixLepton
Accept no substitutes, except:
WaveFox for more Firefox theming. (https://github.com/QNetITQ/WaveFox)
Custom Browser – Floorp using Lepton design
CSS
Firefox version 89 updated with Proton design refresh.
Photon (old FF design)
Betterfox also has a list of recommended filters for uBlock Origin to help fill in the gaps of the overall browsing experience.
My personal lists are included below:
https://cdn.statically.io/gh/dhowe/AdNauseam/master/filters/adnauseam.txt
https://easylist.to/easylist/easyprivacy.txt
https://secure.fanboy.co.nz/fanboy-annoyance.txt
https://easylist.to/easylist/easylist.txt
https://secure.fanboy.co.nz/fanboy-cookiemonster.txt
https://easylist.to/easylist/fanboy-social.txt
https://filters.adtidy.org/extension/ublock/filters/3.txt
https://filters.adtidy.org/extension/ublock/filters/17.txt
https://malware-filter.gitlab.io/malware-filter/urlhaus-filter.txt
https://raw.githubusercontent.com/yourduskquibbles/webannoyances/master/ultralist.txt
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://big.oisd.nl/
https://winhelp2002.mvps.org/hosts.txt
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext
https://adaway.org/hosts.txt
https://raw.githubusercontent.com/DandelionSprout/adfilt/master/AnnoyancesList
Source: https://github.com/yokoffing/filterlists#guidelines
Custom Browser – Floorp - with uBlock Origin
➗ Actually Legitimate URL Shortener Tool
 
🔍 Block third party fonts
 
🚪 Browse websites without logging in
 
⚙️ Dandelion Sprout's Annoyances List
 
💊 Dandelion Sprout's Anti-Malware List
 
🔒 Privacy Essentials
 
🛠️ yokoffing's Annoyance List
 
⛔ yokoffing's click2load filters
 
📺 YouTube Clear View
 
Anti-paywall filters
 
Bypass Paywalls Clean filter
 
ClearURLs for uBo (unofficial)
 
EasyList
 
Easylist Cookie List
 
EasyPrivacy
 
Fanboy's Annoyance List
 
Fanboy's Social Blocking List
 
HaGeZi's Light DNS Blocklist
 
HaGeZi's Pro++ mini DNS/Browser Blocklist
 
HaGeZi's The World's Most Abused TLDs
 
iam-py-test's Combo List
 
Malicious URL Blocklist
 
oisd big
 
StevenBlack/hosts
 
The malicious website blocklist
 
Web Annoyances Ultralist
Custom Browser – Firefox forks, Floorp, in detail
 : Recap
Just give it a try, most features are disabled by default so you need to turn them on, otherwise it's just Firefox + Sidebar.
 
List of Floorp features:
 
  Vertical tab + Collapse ✔️
  Sidebar ✔️
  Change keyboard shortcuts ✔️
  Workspace ✔️
  Sleeping Tab ✔️
  Profile Switcher ✔️
  Tab Tiling ✔️
If you want to find out more about a setting, use:
about:about
 
(this works in any Firefox browser)
 
- Floorp in relation to Firefox is the same as Vivaldi in relation to Chrome - They are forks aimed at power users with a native support for vertical tabs.
Don’t take my word for it, here’s everyone else using Floorp!
The Gecko Version of Midori uses Floorp.
Source: https://news.itsfoss.com/midori-11
And it looks like Midori includes Matomo tracking
Source: https://gitlab.com/midori-web/midori-desktop/-/compare/ff3ece596e7eb12e32cf63f86e691b5bc752596e...ESR115?from_project_id=50536060&page=3&straight=true#5866a2fbb0b03ca995b95ce59d7920c520db30cd
 
 
FireDragon is essentially a custom Floorp fork with the gradient KDE Sweet theme and Beautyline icons.Source: https://forum.garudalinux.org/t/new-firedragon-major-version/34585
Other Projects Using Floorp:Waterfox (Sep 2023)
Pulse (Dec 2021)
Ghostery Private Browser (Feb 2021)
Source: https://github.com/yokoffing/Betterfox?tab=readme-ov-file#browser-integration
(https://github.com/dr460nf1r3/firedragon-browser)
(https://github.com/EliverLara/Sweet)
(https://github.com/likeofollow/BeautyLine)
Custom Browser – Floorp - Don’t take my word
Custom Browser – Firefox ----- - Multi-Account-Containers
A Note on Qubes OS
If you want to surf privately on Qubes OS, the qubes are using Firefox ESR out-of-box. The Firefox they ship providesno privacy benefit, other than containerization. 
So let’s containerize our Firefox!
Using:
Multi-Account-Containers
  by Mozilla
Temporary Containers
  by stoically
Custom Browser – Firefox ----- - Multi-Account-Containers
What are Containers and how can they help?
Containers are a tab/process isolation mechanism in order to separate each new tab/window from each other. This means each Tab gets it’s own resources.
Isolating cookies inside of containers prevents other sites from being able to access them, thus increase both privacy and security in theory.
You can see each tab or group with a different color and icon.
The real power is when you use Multi-Account-Containers for websites you frequent and Temporary Containers for everything else.
 
The following example explains to you how to use Firefox containers alongside temporary containers to increase your privacy while you are browse browsing.
Source: https://addons.mozilla.org/en-GB/firefox/addon/multi-account-containers
Source: https://addons.mozilla.org/en-GB/firefox/addon/temporary-containers
Also, side note: Brave will never get Multi-Account-Containers
Source: https://community.brave.com/t/equivalent-of-multi-account-containers-or-temporary-containers-extension-ff/135573/41?page=3
Custom Browser – Firefox ----- - Unlimited Containers
Some settings for Temporary Containers
General:
Automatic Mode: On
Notifications when Temporary Containers are deleted: Off
Container Number: Reuse available numbers
Delete no longer needed Temporary Containers: After the last tab in it closes
Isolation > Per Domain:
Always open in new Temporary Container: Disabled
All other settings on this page should be set to “Use Global”.
Source: https://chefkochblog.wordpress.com/2018/04/03/firefox-container-guide/
Isolation > Global:
All settings on this page should be set to:“Different from Tab Domain & Subdomains”.
Custom Browser – Firefox ----- - Container usage examples
Example: Multi-Account-Containers & Temporary Containers
Custom Browser – Firefox -------- Extensions Menu
Open Extensions, Click on Multi-Account Containers
 
Custom Browser – Firefox ----- Multi-Account Container
A new menu will open, click ‘Manager Containers’
 
Custom Browser – Firefox ----- Manage containers
Inside this second menu, click ‘New Container’
 
Custom Browser – Firefox ----- - Create container name
Select a ‘color’, ‘icon’, and ‘name’ for this container
 
 
 
Custom Browser – Firefox ----- - Manage new cont.
We can view our new container in ‘Manager Containers’
 
Custom Browser – Firefox ----- - Always open this tab in
To open this URL in the created container, click the icon
 
Custom Browser – Firefox ----- - Use this container
Select the container to use for this URL
 
Custom Browser – Firefox ----- - Assign Container to Tab
Visit the URL again, and you will see a new screen
 
 
Select ‘Remember my decision for this site’ and ‘Open in new container’
Custom Browser – Firefox ----- - Containers Completion
YAY!In the URL bar you can now see your tab is open in the new container.
 
Custom Browser – Firefox ----- - Unlimited Containers
 
 
New Website, same concept. Open ‘Manage Containers’
Custom Browser – Firefox ----- - Create  New Container
Create a ‘New Container’ for Ecosia search
 
Custom Browser – Firefox ----- - Name the new Container
Name our container something easy to use
 
 
 
Custom Browser – Firefox ----- - Container Choices
Ahh! Both new containers are available.
 
Custom Browser – Firefox ----- - Click on the icon in bar
In the URL bar, click the icon, ‘Always Open This Site In…’
 
Custom Browser – Firefox ----- - Set Container to New Tab
This is the same, every time
Visit the URL again, and you will see a new screen
 
 
Select ‘Remember my decision for this site’ and ‘Open in new container’
Custom Browser – Firefox ----- - Unlimited Containers
 
Works Great! Now do I have to do this with EVERY website?
 
 
Custom Browser – Firefox ----- - Unlimited Containers
 
Works Great! Now do I have to do this with EVERY website?
 
No. We can use:Temporary Tabs
 
 
 
 
 
Custom Browser – Firefox ------ - Unlimited Tmp Tabs
Visit: CNN.com
It will open in anew ‘tmp1’ container
This is a new containerized website.
 
Custom Browser – Firefox ----- - Temporary tab stays open
Browse: CNN.com
New tab will remain open in same ‘tmp1’ container
 
 
This site stays in the same container until:After the last tab in it closes’
 
 
 
Custom Browser – Firefox ----- - New container, tmp2
This will continue, unless you set a Multi-Account Container to store it in.
Browse: MSNBC.com
New tab will create anew ‘tmp2’ container
 
Custom Browser – Firefox ----- - Unlimited Containers
Multi-Account Containers is for sites you actually want to keep cookies/data on. Sites you want to stay logged in to.Unless you like reaching for 2FA every time you login, then security it up, bud.
I know someone who wrote a really good blog article on using Sidebery with any Firefox browser to tab-sync and maintain their active tabs and tab history across multiple devices.
Source: https://blog.holtzweb.com/posts/browsers-firefox-floorp-sidebery-setup
blog.holtzweb.com
Sync your tabs using bookmarks, json, or md.
Custom Browser – Firefox ------- Tab Sync
You will still have to deal with the occasional error.Floorp may be the easiest set and forget setup, with little to no intervention needed, but even then99% perfect still leaves room for 1% of problems.Knowing your tooling, setup, and configuration can help.
Why is ESR bad?
https://www.mozilla.org/en-US/security/advisories/mfsa2023-40
https://www.pcworld.com/article/2089208/firefox-118-0-1-chrome-0-day-vulnerability-also-affects-firefox.html
Custom Browser – - 99.99% is never 100%
Ok, you’re right. Firefox ride or die.
Custom Browsers? – Floorp That. Firefox Ride or Die.
So, just for you –I made a script that sets up a new Firefox profile,just like Floorp.
 
 
 
 
 
 
#!/bin/sh
 
echo -n "Please describe this Firefox Profile with a name: " && read ffProfileName
addonlist="adnauseam,
bitwarden-password-manager,
switchyomega,
darkreader,
sidebery,
floccus,
nighttab,
multi-account-containers,
temporary-containers,
facebook-container,
containers-helper,
fastforwardteam,
redirector,
clearurls,
istilldontcareaboutcookies,
onetab,
downthemall,
external-application,
canvasblocker,
checkmarks-web-ext,
audioctx-fingerprint-defender,
webext-private-bookmarks,
refined-h264ify,
requestcontrol,
ttsfox,
ecosia-the-green-search,
ddg-lite-search-provider"
 
echo "Creating Profile"
firefox -CreateProfile $ffProfileName
# sed will search for `Path=` it will then try and find the line with the name of the firefox profile specified above. Then remove all text to the left of the `=` sign.
folder=$(sed -n "/Path=.*.$ffProfileName$/ s/.*=//p" ~/.mozilla/firefox/profiles.ini)
# sed -n 's/Path=//p' ~/.mozilla/firefox/profiles.ini | grep $ffProfileName
path="/home/$(whoami)/.mozilla/firefox/$folder"
cd $path
echo "Profile Creation Finished"
 
mkdir chrome sidebery 2> /dev/null
 
bash -c "$(curl -fsSL https://raw.githubusercontent.com/black7375/Firefox-UI-Fix/master/install.sh)"
 
cd $path
 
curl -sS https://raw.githubusercontent.com/christorange/VerticalFox/main/windows/userChrome.css >> ./chrome/userChrome.css
curl -sS https://raw.githubusercontent.com/christorange/VerticalFox/main/sidebery/dark_sidebery_styles.css > ./sidebery/dark_sidebery_styles.css
echo -e "\nYou will need to paste in the styling for Sidebery.\nThe styles are located at $path/sidebery\n" && sleep 2
echo -e "\nA reminder will be displayed again at the end of the script." && sleep 5;
 
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/user.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Securefox.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Fastfox.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Peskyfox.js >> user.js && clear;
curl -sS https://raw.githubusercontent.com/yokoffing/Betterfox/main/Smoothfox.js >> user.js && clear;
 
echo "Downloading Addons"
addontmp="$(mktemp -d)"
# trap will run when there is an exit command, or this script is terminated
trap "rm -fr $addontmp" HUP INT QUIT TERM PWR EXIT
mozillaurl="https://addons.mozilla.org"
IFS=$'\n,'
mkdir -p "$path/extensions/"
for addon in $addonlist; do
 echo "Installing $addon"
 # grep will match anything that is not a double quote ("). When encountering a double quote, it will act as a terminating character for the grep operation.
 addonurl="$(curl --silent "$mozillaurl/en-US/firefox/addon/${addon}/" | grep -o "$mozillaurl/firefox/downloads/file/[^\"]*")"
 # You can directly manipulate a string without assigning it to a variable, you can use command substitution:
 # echo "Filename: $(basename 'https://example.com/downloads/file.zip')"
 # Or this script uses parameter expansion:
 file="${addonurl##*/}"
 curl -LOs "$addonurl" >"$addontmp/$file"
 # You can use command substitution instead of parameter expansion and use the following command:
 # unzip -p sidebery-5.2.0.xpi manifest.json | grep "\"id\"" | sed 's/"//' | awk -F '"' '{print $3}'
 id="$(unzip -p "$file" manifest.json | grep "\"id\"")"
 id="${id%\"*}"
 id="${id##*\"}"
 mv "$file" "$path/extensions/$id.xpi"
done
 
echo "Addons Installed"
if [ -f $path/sidebery/dark_sidebery_styles.css ]; then
  echo -e "\n==========================================================\n== You will need to paste in the styling for Sidebery. ==\n== Open Sidebery settings, Styles editor. And paste in ==\n== any of the new styles. You may find them in: ==\n$path/sidebery/dark_sidebery_styles.css\n==========================================================" && sleep 2
fi
 
 
You can find it here:
 https://github.com/MarcusHoltz/Firefox
 
 
That was a lot of information.
Browsers – Brave …
Isnt there an easier way, something I can just
Install
and forget
 no extra steps
 So what addons do I use?
 
None. I use Brave as my vanilla browser...
…but I do make some changes.
Browsers – Brave … we can’t customize it … so now what?
These settings are mostly preference.Some changes will make you appear unique to trackers.
Again, please choose what works best for your needs.
 
The appearance of ads on Brave to promote content creators:
Brave Browser's BAT Rewards(https://en.bitcoinwiki.org/wiki/Basic_Attention_Token
 
Browsers – Brave Tweaks
Starting with…
Brave Rewards
Advertisers pay Brave to buy BAT to run ad campaigns on the Browser.
Users can earn BAT by viewing these ads, and Brave keeps a cut (30%) to run their operations.
Screen Captures were takenon Brave version 1.45.116
Ubuntu 21.10 KDE Plasma 5.22.5 – Arc Dark Theme
1.  Open Settings
 
2.  Click Section
 
Personal Choice
The appearance section of Brave settings contains:
Brave Speedreader
Address bar customization
Vertical Tabs
 
Browsers – Brave Tweaks
Next up…
Appearance
*most notably, Firefox does not include comparable functionality as Brave Speedreader
Open Settings
Privacy Suggestion
Personal Choice
“…unlike most ‘reader-mode’ features, Brave Speedreader modifies the page content before the page is loaded, rather than after, which saves you data and provides faster load times. “
Personal Choice
Under Appearance
 
 
Yeah. Wow.Built in Vertical Tabs
 
 
 
This is a normal webpage.
 
 
 
Speed Reader EXAMPLE
 
Turn Speedreader on
 
Speedreader OFF
 
Browsers – Brave based AI
Artificial Intelligence hosted by Brave…
Brave Leo
Why don’t I let Leo introduce itself....
Hi, I'm Leo. I'm a fully hosted AI assistant by Brave. I'm powered by Mixtral 8x7B, a model created by Mistral AI to handle advanced tasks.
Block third-party ads & trackers
 
Cookie partitioning
 
Fingerprint randomization
 
Filter lists phishing protections
 
Browsers – Brave Tweaks
Looking closer at…
Brave Shields
Shields is the core part of that protection.
Brave Shields – Protection is on by default, on every web page you visit.But, let’s see if we can’t up that protection a bit….
Browsers – Using Brave Shields
A long list of what Shields can do
By default, Brave has the strongest privacy protections of any popular browser. And Shields are a core part of that protection. Here’s a long list of what they can do:
 
Block third-party ads & trackers
 Third-party ad & tracker blocking, on every page you visit. Available in Standard and Aggressive mode.
 Resource replacement: Brave will block-and-replace problematic resource scripts with a stripped-down, more private version that still allows the page to function.
 CNAME uncloaking: Some third-party trackers use cloaking tactics to hide where code really comes from, and circumvent ad blockers. Brave can see through this evasion, and stop it from happening.
 
Cookie partitioning
 Block cross-site cookies, and thus prevent site-to-site tracking.
 Ephemeral storage: Block third-party application storage (e.g. what’s used with cookies), but replace with a temporary, auto-deleted storage that still allows sites to function.
 
Fingerprint randomization
 Randomizing browser APIs: Brave prevents sites from tracking you based on your browser fingerprint by slightly randomizing (or occasionally removing) the browser features trackers use to follow you. For example, Brave randomizes APIs that are vulnerable to fingerprinting to ensure both privacy and site functionality. It also blocks highly identifying APIs.
 Block browser-language and font fingerprinting: Brave further strengthens its fingerprinting protections by preventing users from being identified based on preferred browser language.
 
Phishing protections
 Brave can alert you if the site you’re trying to visit shows evidence of phishing, malware, or other bad intent.
Source: https://brave.com/shields/
 
Browsers – Locating Brave Shields
To locate site-specific Shields settings, Visit any website in Brave. Click the Lion icon on the right side of the address bar to reveal the Shields drop-down panel.
 
Privacy Choice
Privacy Choice
Strict,no longer supported
Source: https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
Open to add additional lists
Add your favorite PiHole lists
Browsers – Brave Shields vs Ublock Origin
Brave Shields will block annoying consent banners.
TheSouthern.com had some differences between plugins.
We can see some discrepancy between Brave Shields and Ublock Origin: 
 
 
 
 
 
 
 
Brave  - 11
Ublock Origin - 9
Brave  - 8
Ublock Origin - 1
 
It seems there’s quite a difference between the two.
Privacy and Security
 
section of Brave is where you can make many of the tweaks
that allow you to have control over:
 
Disable auto-complete in the search bar
Cookies
DNS
HTTPS required
Individual device permissions
and javascript
Browsers – Brave Tweaks
The…
Privacy Suggestion
(Off by Default)
keep it that way
Open to change DNS/HTTPS
Privacy Suggestion
Privacy Choice
Open for Specific Permissions
Going back to… to Privacy and security
Privacy Choices
SCROLL DOWN
for more options
Privacy Choice
Privacy Choice
Browsers – How can I keep track of what opens in what?
Per Client/URL basis
 
 
…too many Browsers…How do I manage workflow?
 
 
Browsers – How can I keep track of what opens in what?
Open specific links with respective profiles.
Per Client/URL basis
This solution offers a program to replace the default browser. 
 
  Decide which app/profile to open based on the domain or a keyword in the URL.
https://github.com/amirkarimi/browser-hub
staging.client-a.com -- > chrome 1
test.client-b.com  -- >  firefox 3
Browsers – How can I keep track of what opens in what?
Per Client/URL basis
Browsers – What now?
You've been playing Angry Birds on your cell phone this whole time?
Source: https://libertytools.io/privacy
lt;dr
Florp is to FirefoxwhatBrave is to Chrome
Privacy respecting web browsers that improve the over all experience of the browsable internet.
Browsers – Search Engines
Your search engine does tracking as well…. And watch out for manufactured results
 
Let’s discuss some alternate options available.
Google searches with tracking removed:
https://www.startpage.com/
CaveatsStartpage is now owned by System1, an ad company, and is closed source.
Bing searches with tracking removed:
https://www.ecosia.org
 
Here are two replacements for your favorite search engines. You’re still using your favorite search engine, but with more privacy in mind.
 
Source: https://restoreprivacy.com/startpage-system1-privacy-one-group
into
Browsers – Search Engines
Let’s discuss more alternate options available.
By ranking my favorite alternative search engines.
Swisscows is a swiss based “family-friendly” search engine.
 
Searx is fantastic. Hosted in multiple locations around the world. Self-hostable, open source metasearch engine with good results.
 
Brave Search “will not use secret methods or algorithms to bias results.”Brave acquired Tailcat, the open search engine developed by the team formerly responsible for the privacy search and browser products at Cliqz. Brave Search has a unique web indexing, that does not rely on third-parties.
 
DuckDuckGo great at simplifying privacy, but takes money from daddy.
For a time, they were not allowed to block Microsoft trackers because they have a contract with them for Bing.
They still block other trackers, which is something.
Presearch search engine powered by blockchain technologyIgnoring the crypto, it’s search results are pretty good and it protects your privacy.
 
Source: https://libertytools.io/privacy
Browsers – Search Engines
Let’s discuss how few options are available.
Source: https://www.searchenginemap.com
Browsers – Anything else? What? Why do I need a VPN?
Riseup offers Personal VPN service for censorship circumvention, location anonymization and traffic encryption.
VPN
This is a FREE VPN service with comparable speeds to most paid VPN services.The cost for RiseupVPN to provide this service is approximately $60 USD per person per year.
https://riseup.net/en/vpn
Like Tor, a VPN can help with privacy.
Use the same IP address as many other users, hoping to gain a layer of obscurity.
If you're not careful, you can inadvertently reveal way too much information about yourself to websites, companies, and even the web browser makers themselves.
DEMONSTRATION
coveryourtracks.eff.org
Let’s do that now.
Additional Websites that Provide Privacy Tests
www.first-party.site
browserleaks.com
pbtest.org
amiunique.org
arkenfox.github.io/TZP/tzp.html
 
Google lawsuit activity tracked even when Chrome set to ‘incognito’ Source: https://www.theguardian.com/technology/2023/dec/29/google-lawsuit-settlement-incognito-mode
 
 
 
Which is often the case…
 We’re here to talk about Browsers. But watch out for any proprietary software, you can’t really know everything it is doing.
 
 
It could, literally, be spying on you in real time.
No matter what setting you have chosen.
Source: https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558
Privacy – Privacy concerns with proprietary software
Apple lawsuitiPhone ignores privacy toggle, defaulted onSource: https://www.bloomberglaw.com/public/desktop/document/LibmanvAppleIncDocketNo522cv07069NDCalNov102022CourtDocket?1668197884
 
 
 
Browsers – Privacy Techniques
WHEN?
When should anyone even care about privacy?Do we even gain anything meaningful or tangible for all of this effort?
 
Isnt this, like, the same amount of effort and change that reposting some political meme on social media does?
 
QUESTION
Source: https://en.wikipedia.org/wiki/Enshittification
Maintaining your privacy helps prevent the misuse or abuse of this data by companies or third parties.
 > Lock your car, don’t temp the thieves. <
Saying "I have nothing to hide - so don't need privacy," is like saying   "I have nothing to say - so don't need free speech".
146
Marcus Holtz
 
https://www.holtzweb.com
(720) 445-5887
 
Contact me
Thanks again, we’re always looking for people to give creative and inspired talks about free software!
THANKS FOR JOINING ME
No Attribution Needed - ShareAlike
NO CC BY-SA NEEDED
marcusaholtz@gmail.com