[HN Gopher] Open-source tests of web browser privacy
___________________________________________________________________
Open-source tests of web browser privacy
Author : resoluti0n
Score : 79 points
Date : 2022-01-08 11:49 UTC (11 hours ago)
(HTM) web link (privacytests.org)
(TXT) w3m dump (privacytests.org)
| gunapologist99 wrote:
| Wow. Glad that I switched to Brave. I've also looked at
| ungoogled-chromium and other similar forks, but also concerned
| about tracking the upstream for fixes fast enough; some of the
| smaller forks take too long. Brave works really well and is a
| great experience overall (once crypto ads are disabled).
| acqbu wrote:
| brave iz zhe beztezt!
| codeptualize wrote:
| Very interesting! I'm positively surprised by the iOS situation,
| also good to see Tor perform well. Never tried librewolf but I
| might give it a go.
|
| I'm curious what it would look like with some extensions
| installed.
| mbbaig wrote:
| Surprising that Tor differentiates itself a little on iOS. I
| figured with all of them using the same engine the results would
| all be the same.
| jtbayly wrote:
| I don't see tor on iOS. What am I missing?
| NmAmDa wrote:
| This is under the assumption that each browser is being used with
| the default settings, firefox can do much better with
| customizable settings.
| dmitriid wrote:
| > This is under the assumption that each browser is being used
| with the default settings
|
| That is the only valid assumption. The absolute vast majority
| of users will use any and all software under default settings.
| dopa42365 wrote:
| More useful would be showing what can be enabled (if it's not on
| by default), how useful it actually is (not every checkmark is
| created equally heh), and what can be added (especially on the
| tracking side) by simply installing mblock origin (which everyone
| would/should do in every browser anyway).
| arthuredelstein wrote:
| Agreed -- in the future I'm hoping to have a page showing
| results with browsers with various privacy-helpful extensions
| installed.
| wintermutestwin wrote:
| >simply installing mblock origin (which everyone would/should
| do in every browser anyway).
|
| If only I could install it in Safari I might be able to browse
| and watch videos on ios...
| mid-kid wrote:
| The entire last two sections are completely arbitrary and cherry-
| picked, and simply amount to "does the browser ship uBlock and
| ClearURLs by default with these specific filters", which isn't
| very informative nor useful a privacy feature, as easy as it is
| to circumvent by simply using different URL tokens or telemetry
| providers.
| chrischapman wrote:
| This reminds me so much of the ACID tests[1] from the late 90's,
| early 2000s. I wonder if it will have a similar effect, i.e. to
| drive people away from Chrome in the same way it eventually drove
| people away from IE.
|
| [1] https://en.wikipedia.org/wiki/Acid1
| oblak wrote:
| I don't think the Acid tests had anything to do with Chrome's
| rise. That thing was pushed and promoted in ways that reminded
| everyone with half a brain (and knowledge) of malware. As
| difficult to remove, too.
| kdtop wrote:
| To me, it seemed that if a browser had passed every test, the
| user might not be able to use many web sites. Perhaps the current
| status is a conscious decision by developers to keep users from
| hating their browser. Security vs usability.
| capnhawkbill wrote:
| If enough users used a privacy friendly browser web devs would
| be forced to make their sites compatible or they would lose
| traffic.
| ssss11 wrote:
| Catering to how companies want to run their sites is not the
| answer. The problem about privacy is that, left in the hands of
| those providing websites (and advertising networks via data
| brokers and surveillance), nothing would improve. They have to
| be forced to improve the state of end user privacy.
| sebow wrote:
| xolve wrote:
| Firefox with these settings from Librewolf looks very much
| equivalent: https://gitlab.com/librewolf-
| community/settings/-/blob/maste...
| mattowen_uk wrote:
| Where would I put this file on my Firefox install ?
| mcc1ane wrote:
| The file's first line points to a README with details.
|
| (On my machine it's under "C:\Program Files\Mozilla
| Firefox\distribution".)
| circularfoyers wrote:
| I would disagree. Most of the fingerprinting protection is
| enabled by the user.js, of which LibreWolf inherits the efforts
| made by arkenfox[1][2]. Many of the most significant
| preferences themselves made it into Firefox by the Tor uplift
| project[3].
|
| [1] https://github.com/arkenfox/user.js
|
| [2] https://librewolf.net/license-disclaimers
|
| [3] https://wiki.mozilla.org/Security/Tor_Uplift
| acqbu wrote:
| Brave rulez
| tonetheman wrote:
| These really need context or better explanations.
|
| For instance I clicked on the Blob line and the code looks to
| fetch and URL with a Blob encoded and fetches it again? There is
| so little context to say what is really wrong... or if there is
| anything really wrong.
|
| I looked up Blobs myself and read through the specs on MDN and I
| just dont see a problem.
| arthuredelstein wrote:
| Thank you for the feedback -- I agree more context and
| explanation is needed for each of these tests.
|
| In the Blob case: the test code is storing a unique string in a
| Blob URL under one website (first party), and then attempting
| to read back that string under a second, different website.
| (See "result, different first party".) If the string is
| accessible under a different first party, then it is possible
| to use a Blob URL to track a user between two different
| websites.
| tonetheman wrote:
| Oh ok. That does make sense. Hopefully you read my comment as
| feedback and not super negative.
|
| Just some verbiage on each test would be wonderful.
|
| You have clearly worked on it. It is a really good resource.
___________________________________________________________________
(page generated 2022-01-08 23:02 UTC)