The officially official Devuan Forum!

You are not logged in.

#26 2018-09-02 00:24:45

astheroth
Member
From: Puerto Montt, Chile
Registered: 2018-07-29
Posts: 4  
Website

Re: In search of a privacy oriented browser

Otter browser would be a good option. It's floss and  on qt5, but it's required to compile it and install from source, since there is no .deb package.
https://otter-browser.org/


<<Lupus est homo homini, non homo, quom qualis sit non novit>>

Offline

#27 2018-09-02 19:30:22

chris2be8
Member
Registered: 2018-08-11
Posts: 23  

Re: In search of a privacy oriented browser

I've tried the version of chromium in Synaptic, it looks to be googled in that it keeps suggesting I sign on to google services.

But I'm not intending to use it. It's obviously designed to be mouse driven and lacks keyboard shortcuts. Which makes it very annoying when used with a full size keyboard in front of me and the mouse off to one side. At least in Konqueror I can press alt-B for bookmarks etc without needing to take my hands off the keyboard. All it needs is a cache to make it do all I want from a browser.

Chris

PS. iceweasel was a fork of firefox, it's been folded back now, the version in Synaptic would be firefox in all but name.

Offline

#28 2018-09-13 17:42:02

siva
Member
Registered: 2018-01-25
Posts: 162  
Website

Re: In search of a privacy oriented browser

ungoogled chrome: iridium (preferred); chromium (backup)

firefox: waterfox (preferred); esr (backup); quantum (work pc)

minimal: surf2 (preferred webkit); w3m (preferred if I'm working in a GUI-less environment)

I prefer firefox/waterfox with the following: ublock origin, umatrix, canvasblocker, shape-shifter, privacy settings, decentraleyes, WebRTC Blocker, and smartreferer (although I think uBo and umatrix have similar settings).  You can also install these on Android Firefox/Fennec F-Droid.

Edit: true privacy online is really a deep conundrum.  You'll probably want to study some networking concepts and methods outside of the scope of your browser alone.

Last edited by siva (2018-09-13 17:43:08)

Offline

#29 2018-09-14 20:59:57

UnclePa
Member
Registered: 2018-07-06
Posts: 22  

Re: In search of a privacy oriented browser

Thanks everyone!  While it worked fairly well, brave was a huge memory hog and it had some shortcomings.  I've been running ungoogled chrome for a couple of days now and think it may be just what I was looking for.  I have more tabs open than I did with brave and using 5GB less memory but that's not quite a fair comparison until I've used it a few more days.

Offline

#30 2018-09-14 22:23:38

dxrobertson
Member
Registered: 2017-05-04
Posts: 74  

Re: In search of a privacy oriented browser

Not for everyday use, but when I need to, for example; blow through a news site limited access, links2 works wonders.  I suspect its ability to access around their front-wall limits are its "not fully functional" style sheeting and javascript.  This lack of full functionality also should aid in security and anonymity.

This doesnt exactly address your original post, but when you need to access a certain site you want to exercise extra caution, links2 may be best.

wget is another option, but requires a little more work to view the content.

Offline

#31 2018-09-15 01:11:54

siva
Member
Registered: 2018-01-25
Posts: 162  
Website

Re: In search of a privacy oriented browser

Yeah I'm not sure if Ungoogled Chrome is the gold-tier for privacy, but if that's what works for you...

@dx: you're absolutely right.  It's a shame that javascript is becoming a new "norm."

Offline

#32 2018-09-15 22:12:00

ChuangTzu
Member
Registered: 2018-06-13
Posts: 39  

Re: In search of a privacy oriented browser

regarding Iridium browser, FYI
https://news.ycombinator.com/item?id=9482689

Offline

#33 2018-09-18 11:31:55

miroR
Member
From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 213  
Website

Re: In search of a privacy oriented browser

astheroth wrote:

Otter browser would be a good option. It's floss and  on qt5, but it's required to compile it and install from source, since there is no .deb package.
https://otter-browser.org/

I'm currently using Pale Moon, and it works fine. My own build, from Steve Pusser's repo. There are topics on Pale Moon forums, if anybody is interested.

But Otter browser would supply one of the requirements for me: sans-dbus, for which see:
Refracta no-dbus experiment
https://dev1galaxy.org/viewtopic.php?id=2158#p11846

Another one would be: I want SSL-logging, as I always want to check what happened online.

Anybody knows that would be workable with Otter?

And then (currently on
https://github.com/OtterBrowser/otter-browser ):

Linux users can use the official AppImage version available on SourceForge. It is a single executable file that doesn’t need any dependencies to be installed. The AppImage version should run under any system installed after 2012 provided it has OpenSSL 1.0.x (not 1.1.x) and GStreamer 1.x (with codecs). The browser is also available in the repositories of a wide range of Linux distributions and *BSD systems. Read more on the dedicated wiki page.

(but I haven't reproduced all the links of the text)

And, I have:

# apt-cache policy openssl
openssl:
  Installed: 1.1.0h-4
  Candidate: 1.1.0h-4
  Version table:
 *** 1.1.0h-4 500
        500 tor+http://devuanfwojg73k6r.onion/merged testing/main amd64 Packages
        100 /var/lib/dpkg/status

UPDATE: I actually downloaded:
1d7058c1972442c72f0904c6b7f3ad9f25dbb11c257d918c857eb74ccb8031fe  otter-browser-0.9.99.3-rc12-x86_64.AppImage
(the SHA256 is in view of verification; how do AppImage's verify?)
and only then took notice my openssl is too new. A no go for me, not messing with such important packages as openssl.


Also why have some distros stopped packaging it? E.g. the last PPA on Launchpad is 3 months ago...
UPDATE: no that's not an issue; that's just packagers working ona  rare schedule, the thing is: some pages there ( https://launchpad.net/~otter-browser/+a … untu/daily ) are called daily. No worry...
But why are there no Debian packages?

Regards!

Last edited by miroR (2018-09-18 11:48:44)


Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html

Offline

#34 2018-09-18 12:22:31

miroR
Member
From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 213  
Website

Re: In search of a privacy oriented browser

ChuangTzu wrote:

regarding Iridium browser, FYI
https://news.ycombinator.com/item?id=9482689

An interested read.

But it's old. And it's unsolved. It's not clear how bad those "Replace URLs to Google services by URLs to our own server" was... Maybe truly for the sake of fixing things...
Anybody knows of a follow-up where that issue was better explained, cleared up?
Anybody can show us what really happened by posting what s/he sniffed on the network while Iridium was contacting those servers? Did those really come up with 404 Not Found ?

Are packages from:
https://iridiumbrowser.de/downloads/debian
D-Bus free?
UPDATE/CORRECTION: I really meant: are they available for installing in a dbus-free system? Sorry.

UPDATE:
Ah, I see another thing is missing for me with the iridiumbrowser.de repo (*) linked above: can the repo be reached with tor? Anybody? I just can't tell how enjoyable the privacy of Tor is, for installing you packages. Wouldn't want to relinquish that...

(*)  BTW the .de is just fine with me, a few important FOSS people have indicated Germany as a possibly leader in privacy

Last edited by miroR (2018-09-18 12:34:13)


Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html

Offline

#35 2018-09-18 16:31:00

siva
Member
Registered: 2018-01-25
Posts: 162  
Website

Re: In search of a privacy oriented browser

miroR wrote:

It's not clear how bad those "Replace URLs to Google services by URLs to our own server" was...

Not what I expected to read from someone so committed to projects like grsec.  Am I in a coma...? wink
Anyways,

...it's old.  And it's unsolved...Anybody knows of a follow-up where that issue was better explained, cleared up?

I wouldn't necessarily say unsolved so much as "probably unexplored."  The troublesome code, according to the user "skymt", is located in chrome/browser/history/web_history_service.cc.  I don't see that file in the source code anymore.  I skimmed through similarly-named files and didn't see any explicit URLs.
https://github.com/iridium-browser/irid … er/history
That's not to say that a similar function isn't embedded elsewhere in the source, though.

One thing I have not yet tried (which I assume someone has, by now) is opening up a tcpdump session with iridium.  I do have all telemetry disabled, to the best of my knowledge, so I'll be interested to see what can be found, and what happens when I use a blank config folder.

Offline

#36 2018-09-18 22:11:58

miroR
Member
From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 213  
Website

Re: In search of a privacy oriented browser

siva wrote:
miroR wrote:

It's not clear how bad those "Replace URLs to Google services by URLs to our own server" was...

Not what I expected to read from someone so committed to projects like grsec.  Am I in a coma...? wink

You're fine.
Ah, grsec... I'm not an expert. And grsec really may be dying, the FOSS grsec, and Google taking over GNU/Linux security, which is a disaster. But the link in my signature is dead, because my participation in the thread is, for untold reasons, deleted... Where I was telling about it...
No geniuses to take up the FOSS grsec, or no way to get spender and pipacs to give us a boost... The meltdown and spectre are deadly flaws, and the FOSS grsec, the dappersec can't protect you from them...

Anyways,

...it's old.  And it's unsolved...Anybody knows of a follow-up where that issue was better explained, cleared up?

I wouldn't necessarily say unsolved so much as "probably unexplored."  The troublesome code, according to the user "skymt", is located in chrome/browser/history/web_history_service.cc.  I don't see that file in the source code anymore.  I skimmed through similarly-named files and didn't see any explicit URLs.
https://github.com/iridium-browser/irid … er/history
That's not to say that a similar function isn't embedded elsewhere in the source, though.

One thing I have not yet tried (which I assume someone has, by now) is opening up a tcpdump session with iridium.  I do have all telemetry disabled, to the best of my knowledge, so I'll be interested to see what can be found, and what happens when I use a blank config folder.

That was really what was missing in the analysis. I regularly examine tcpdump (actually I run my https://github.com/miroR/uncenz program whenever I'm online) sessions, and for what I understand (I can't tell for all events, such as where Javascript goes really complex), Pale Moon behaves well, of course, thanks to addons NoScript, UBlockO and Decentraleyes at work, as well.

[ I leave the below even though I'm sure you know it, for other readers ]
But to do any proper dumpcap or tcpdump sessions analysis, you have to have the SSL-key logging on. Else it's all encrypted, and you see nothing really -- unless you browse in HTTP... But I guess you know it, and you do have it on.
Pity I'm out of time, but I think I wish to look much deeper into Iridium, and possibly try to install it and use it.

Also I noticed at https://iridiumbrowser.de/downloads/debian:
Currently, this is how they recommend doing it:

wget -qO - https://downloads.iridiumbrowser.de/ubuntu/iridium-release-sign-01.pub|sudo apt-key add -
cat <<EOF | sudo tee /etc/apt/sources.list.d/iridium-browser.list
deb [arch=amd64] https://downloads.iridiumbrowser.de/deb/ stable main
#deb-src https://downloads.iridiumbrowser.de/deb/ stable main
EOF
sudo apt-get update
sudo apt-get install iridium-browser

But that's wrong way to do it... The first line, the  "wget -qO ...". It's worth filing an issue on their Github or wherever they have it (writing in a rush, busy)...
The right way is...
It is how I explained in:
A repo serving Pale Moon
https://dev1galaxy.org/viewtopic.php?id=1972
(just: that Pale Moon is now too old, and not to be used that might be gotten from the links to my location there)
But I have not time to go and search... I't in the Debian Wiki how it needs to be done, with unofficial repos.

I suppose Iridium can be installed w/o D-Bus, can it?

Pity I'm very short on time for probably a few days...

Regards!


Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html

Offline

#37 2018-09-19 16:23:31

msi
Member
Registered: 2017-02-04
Posts: 115  

Re: In search of a privacy oriented browser

miroR wrote:

Another one would be: I want SSL-logging, as I always want to check what happened online.

Anybody knows that would be workable with Otter?

You should ask Emdek about that on Otter's IRC channel.

miroR wrote:

Linux users can use the official AppImage version available on SourceForge. It is a single executable file that doesn’t need any dependencies to be installed. The AppImage version should run under any system installed after 2012 provided it has OpenSSL 1.0.x (not 1.1.x) and GStreamer 1.x (with codecs). The browser is also available in the repositories of a wide range of Linux distributions and *BSD systems. Read more on the dedicated wiki page.

(but I haven't reproduced all the links of the text)

And, I have:

# apt-cache policy openssl
openssl:
  Installed: 1.1.0h-4
  Candidate: 1.1.0h-4
  Version table:
 *** 1.1.0h-4 500
        500 tor+http://devuanfwojg73k6r.onion/merged testing/main amd64 Packages
        100 /var/lib/dpkg/status

UPDATE: I actually downloaded:
1d7058c1972442c72f0904c6b7f3ad9f25dbb11c257d918c857eb74ccb8031fe  otter-browser-0.9.99.3-rc12-x86_64.AppImage
(the SHA256 is in view of verification; how do AppImage's verify?)
and only then took notice my openssl is too new. A no go for me, not messing with such important packages as openssl.

The bigger problem is that Otter Browser requires at least Qt 5.10, which is not in ASCII. But if you had that, it would be possible to built it against openssl 1.1 as well, says the main developer. (I haven't tried that, though.)

miroR wrote:

But why are there no Debian packages?

One reason is probably that, up to now, the project has only published release candidates.

On a non-privacy-related side note: Otter also doesn't depend on Pulseaudio.

Last edited by msi (2018-09-19 16:29:30)

Offline

#38 2018-09-19 16:58:02

chris2be8
Member
Registered: 2018-08-11
Posts: 23  

Re: In search of a privacy oriented browser

See https://www.schneier.com/blog/archives/ … o_tra.html for details of a big hole in most browsers cookei handling.

Chris

Offline

#39 2018-09-20 16:00:07

miroR
Member
From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 213  
Website

Re: In search of a privacy oriented browser

msi wrote:
miroR wrote:

Another one would be: I want SSL-logging, as I always want to check what happened online.

Anybody knows that would be workable with Otter?

You should ask Emdek about that on Otter's IRC channel.

I'll remember your advice... If I go that route. (I'm also considering Iridium. Ah, on a longer run. I work pretty slow...)

miroR wrote:

[...]
UPDATE: I actually downloaded:
1d7058c1972442c72f0904c6b7f3ad9f25dbb11c257d918c857eb74ccb8031fe  otter-browser-0.9.99.3-rc12-x86_64.AppImage
(the SHA256 is in view of verification; how do AppImage's verify?)
and only then took notice my openssl is too new. A no go for me, not messing with such important packages as openssl.

The bigger problem is that Otter Browser requires at least Qt 5.10, which is not in ASCII. But if you had that, it would be possible to built it against openssl 1.1 as well, says the main developer. (I haven't tried that, though.)

Not a problem in testing (beowulf] that I run:

# apt-cache policy libqt5core5a
libqt5core5a:
  Installed: 5.11.1+dfsg-8
  Candidate: 5.11.1+dfsg-8
  Version table:
 *** 5.11.1+dfsg-8 500
        500 tor+http://devuanfwojg73k6r.onion/merged testing/main amd64 Packages
        100 /var/lib/dpkg/status
miroR wrote:

But why are there no Debian packages?

One reason is probably that, up to now, the project has only published release candidates.

On a non-privacy-related side note: Otter also doesn't depend on Pulseaudio.

Great to know smile ! Thanks!

Last edited by miroR (2018-09-20 16:00:49)


Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html

Offline

#40 2018-09-20 16:08:53

miroR
Member
From: Zagreb, Croatia
Registered: 2016-11-30
Posts: 213  
Website

Re: In search of a privacy oriented browser

chris2be8 wrote:

See https://www.schneier.com/blog/archives/ … o_tra.html for details of a big hole in most browsers cookei handling.

Chris

I opened it up. Will read it offline. But, speaking of Bruce Schneier, there was an opportunity to buy non-DRM e-books of his
Three of My Books Are Available in DRM-Free E-Book Format
https://www.schneier.com/blog/archives/ … y_boo.html :

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month, the bundles are all Wiley titles, including three of my books: Applied Cryptography, Secrets and Lies, and Cryptography Engineering. $15 gets you everything, and they're all DRM-free.

I would have been willing to pay, but it vanished within not much longer than a week... Anybody got those?

NOTE: that's a digression, and while I thought hard if it is appropriate to ask about it here, and believe it is within the permissible, I accept whatever the admins/moderators decide, if they decide to the contrary.. Even delete this digression... Or if the option is offered, move it in Off-topic...

Last edited by miroR (2018-09-20 16:55:54)


Devs/testers/users of FOSS, what might be ahead for GNU/Linux after we lost PaX Team and spender? spender wrote:
https://forums.grsecurity.net/viewtopic … 699#p17127
Google made the choice to engage in underhanded competition against us with our own code...
grsecurity ripoff by Google, w/ Linus approval https://lists.dyne.org/lurker/message/2 … 4b.en.html

Offline

Board footer