Which option can be the best to browse in Android (between these options)

  • Bromite ; Firefox
  • Stix
  • Iceraven
  • Icecast
  • @Lunacy@lemmy.ml
    93 years ago

    Bromite it’s more privacy friendly. Doesn’t have any telemetry or trackers, is shipped with real mitigations against fingerprint, an adblocker, and others features, including:

    • remove click-tracking and AMP from search results

    • always-incognito mode

    • make all favicon requests on-demand (supercookie mitigation)

    • reduced referer granularity

    • enable all network isolation features

    You can see the full list of features here

    These features are enabled by deafult so, you’re going to blend in crowd with others bromite users which is really good because it’ll way harder uniquely identify a single user.

    Security wise, bromite is better. Chomium based browser come with useful security features, like site isolation, CFI and JIT hardening. Instead, Firefox lacks several security mitigations, especially on android. You can see more here. Moreover, bromite uses security enhancement patches from GrapheneOS project.

    Keep in mind that security is also important as privacy. Actually, security is the first line of defense to protect your privacy.

    • Firefox

    Firefox comes with telemetry and trackers enabled by default. However, you can disable the telemetry , in the stable version of Firefox android about:config page is blocked so, you can’t disable all the telemetry. About the trackers I’m not really sure, I think that you can’t disable them using the browser’s settings. Firefox Is shipped with enchanted privacy protection, a tool which protect the users against cross site tracking, social media tracking, cryptominers, fingerprint and more. Ideally, you’d use the standard protection, because is the one enabled by default thus used by majority of users. In Firefox you can use add ons, but keep in mind that every add on installed make you more fingerprintable. I linked some articles regarding these problems here.

    • Iceraven

    Irevanven it’s a fork or Firefox with some modifications and not up to date, which is really bad, every software should be always up to date, it’s most important form of protection you have. You can see the full list of features here

    Fork of Firefox are almost always not up to date, they doesn’t add useful privacy and security enchantments. Instead, they just remove telemetry and other closed source components like pocket. On Firefox , beside the stable version on android, you can disable pocket, telemetry, google safe browsing and basically everything.

    I didn’t find information about stix and icecast.

    • Adda
      53 years ago

      Great explanation. Thank you. Btw., you forgot to link the Iceraven feature list. It would be great if you could update it. I have looked around and actually could not find any reasonable full feature list so far.

        • Adda
          23 years ago

          Ah, you meant GH repo, right. I was curious what you would link as a feature list. I will have to dig a bit to get to know Iceraven better than. Might be interesting to know about this browser, at least a few things, I suppose. Thanks anyway.

          • @Lunacy@lemmy.ml
            63 years ago

            I understand your pain haha. Lack of documentation drive me crazy. I personality think that the only features are the ones in the github page. I hope I’m wrong.

            • Adda
              13 years ago

              Exactly, I was hoping for something, but surprisingly (or maybe actually not surprisingly at all), I have found nothing except those initial paragraphs in the GH repo README.md. I would really appreciate there was more information somewhere, but it is at least something.

    • @TheAnonymouseJoker@lemmy.mlM
      33 years ago

      If I were you, I would not be citing madaidan as a good source of information. He has always engaged in spreading FUD and promotes Windows over Linux, as example. And his Chrome shilling is highly related to his hatred for Firefox’s anti racism political stance, and how deep rooted he is into the toxic filthy GrapheneOS community. Have had a lot of one to one experience with him, his sockpuppets and his friends.

      • @Lunacy@lemmy.ml
        33 years ago

        in spreading FUD and promotes Windows over Linux.

        Madaidan doesn’t spread any FUD and doesn’t promote windows over linux. He wrote a purely objective technical analysis about Linux security; many security experts share this view, such as:

        He also wrote:

        Note that these analyses are purely objective and do not account for threat models or other user-dependent factors.

        Users should choose a software according to their own user case and threat model. I personally use Fedora 34 with KDE plasma as desktop environment, I prefer Linux over Windows because of the foss ideology. However, the problems pointed out by madaidan and other security researchers still remain. You said that madaidan spread fud, but you didn’t show any evidence. Madaidan himself uses Linux (I think qubesOS + Whonix because he use Tor for everything)

        And his Chrome shilling is highly related to his hatred for Firefox’s anti racism political stance

        First of all, madaidan uses Firefox, he said that many times on Spite. Second of all, this is a very serious accusation, you should show proofs.

        Have had a lot of one to one experience with him, his sockpuppets and his friends.

        That doesn’t mean they spread FUD about software. Drama it’s really a waste of time.

        Edit: typo and things that are not revelant to the discussion.

        • @TheAnonymouseJoker@lemmy.mlM
          13 years ago

          I strongly disagree. Madaidan regularly engages in spreading FUD, most popularly by conflating security with privacy and vice-versa, and I have been a participant in their NoGoolag and SpiteChat groups, both of which he banned me from because he, anuprita (clannad) and a bunch of other fellows are FUD spreaders, opportunists and vile racists.

          Let me share with you one of the instances, among hundreds of others where he insults me, and would go on to ban people if they reply (of course which I never did, I always stayed humble).

          picture, August 8, 2020

          By your logic, if I share same views as Snowden, does that make me a Snowden rivaling security and OPSEC expert? Because you did the sane with lumping Daniel Micay, various grsecurity entities and madaidan together, making it seem like some kind of little coalition or a conflation of expertise levels.

          Madaidan was shat on very hard over his Linux hardening guide, because he shows zero consideration of threat modelling, or has knowledge on the same when addressing other users or arguments on various communication platforms on most topics in the privacy and security domains.

          It is common knowledge that key GrapheneOS community users engage in using sockpuppets via their strength of virtual compartmentalisation (Qubes, VMs, Tor and so on).

          I do not think you have engaged with him or his friends for more than a year, like I have. You can look around the history of his engagement on reddit, unless he sanitised his comments prior to 3-4 months old. There is u/rediii123, u/cn3m and u/Additional-Ad-6738 as well.

          A load of more FUD disguised as “criticism”, they directed at me when I released my smartphone 3.0 guide on r/degoogle:

          picture 1

          picture 2 replies

            • @TheAnonymouseJoker@lemmy.mlM
              23 years ago

              Security and privacy are not mutually the same thing, and privacy is not necessarily a derivative of security. This is proven by the security of Windows and iOS, which is obscure, and they are antithetical to privacy.

              I teach privacy and security definitions to people in this way.

              Privacy means that your content has controlled access (to you, your recipient or a small group). Security means the storage of the content is protected from automated or manual intruder/stealer attacks.

              So, both are different properties and one is not a pure, or even partial derivative of the other function.

              Again, you didn’t show any proof whatsoever about the “FUD” spreading by madaidan and others.

              If you have knowledge in the OPSEC and privacy domains, and use some critical thinking, it is too easy to figure out. I can share one instance, since he banned me off his Telegram groups and Matrix rooms, what strcat and his shills are most famous for.

              I can share a few instances with you, as I never bothered keeping a year long list of his FUD spreading incidents. I fetched these randomly from my 2 year spanning old Firefox profile.

              NOTE: USE REMOVEDDIT/REVEDDIT FOR ALL THESE THREADS.

              Probably it should be enough to make you reconsider them as the arbiter of truths in the community.

              madaidan doesn’t spread FUD. You didn’t counter the source with actual information.

              Picture 1) cn3m(?) Make a valid point.

              Picture 2) you didn’t counter his statements, instead, you accusing him to being a troll and a shill.

              You sound very biased towards supporting them currently. cn3m and all these people are fine examples of edgy teenagers who gathered their information via making some up, learning some on shitty 4chan threads and a likely result of having nothing better to do in life than engaging in creating their niche in privacy community and trying to milk that for self pleasure on the internet. Delusional personality type of syndrome, perhaps.

              Actually, you are too inexperienced and have not had enough confrontation with them, so you should probably not defend random anons on internet without knowing their history well. A lot of people sadly fall for it these days.

              I even remember Daniel Micay once trying to victimise himself by framing me as messiah of privacy community and the arbiter of truths. Maybe it was in this thread. https://removeddit.com/r/privacytoolsIO/comments/gs4uv7/i_dont_fully_trust_grapheneos/fs82fdv/

              You said that Pixel phones cannot be trusted but you didn’t show any proof whatsoever. Closed source software and hardware can be verified, it’s called reverse engineering. Google offers reward extremely high (up to 1,000,000 dollars) for anyone who can catch exploits in the titan M and pixels phones. It’s obvious that can be verified. It’s no sense put some backdoor in the hardware, google already collect every piece of data collectable by users. You’re putting your ideology ahead verified documentation and facts.

              WHAT. A. LOAD. OF. BULLSHIT.

              All of commercially commonly available USA hardware has some kind of security chip in them, that has been hacked and/or found to have networking, telemetry and backdoor capabilities. Be it the Intel ME or AMD PSP backdoors with SIGINT funding evidence, be it the Snapdragon’s Hexagon DSP hack or the hacking of Apple’s T2 chip.

              Having faith in Google’s promise of their proprietary closed source chip being clean is like having faith in cyanide not killing a person. Moreover, they are known as:

              • NSA partner and collecting data and spy on users in googolplex capacity

              • AI used by US military for drone bombing in foreign countries based on metadata Google collects on smartphones

              • use dark patterns in their software to make users accept their TOS to spy

              • repeated lies about how their data collection works claiming anonymity

              • forcing users to use their Play Services which is spyware and scareware

              • monopolising the web and internet via AMP

              • use of non standard web browser libraries and known attempts to cripple lone standing ethical competitors like Firefox and Gecko web engine (now with Microsoft making their default Edge Chromium-based too)

              Google’s track record of being trusted seems not too impressive, so risking it combined with the flaws and intentional backdoors on USA hardware security chips seems like a very bad move. It seems to be well grounded speculation, considering I have cited examples of Google’s neighbourhood companies, Apple, Qualcomm, Intel and AMD, and their own as well.

              I never thought I would have to revisit debunking madaidan, cn3m, Micay and their whole cult ever in my life, yet here I am. Sigh.

                • @TheAnonymouseJoker@lemmy.mlM
                  -23 years ago

                  GrapheneOS is not all that, and I simply do not trust Pixels. What you are telling me is to trust Google hardware here. If this were a Xiaomi phone with, let us say, HanfuOS, open source and security focused, would you use that? If no, why are you using Google Pixel with closed source hardware and its maker that has deep ties with US intelligence and military?

                  I never accused you of being a paid shill, so try not to do that with me.

                  GrapheneOS may itself be a good ROM, but the exclusivity of it being used with Google Pixels is extremely suspicious to me. And I have well grounded conjecture to present for it, not just with Google’s history, but with all of other major USA companies that use such security chips and all of them either are backdoored or got hacked.

                  Madaidan is a security research, he wrote technical analysis about software like Firefox or Linux.

                  He is about as much of a security researcher as I am, and that is not much really. I never call myself an expert or anything, but he does in third person more often than not.

                  actually really hoped for something more useful than deleted reddit comments, like some articles or some research which can counter the ones I just linked to you

                  I doubt you will ever find extensive research papers and journal books and Buzzfeed articles on anonymous personalities involved in the privacy community.

                  This is why you’re accusing him to be a white suprematist? (Serious question)

                  No. You have to figure this out via talking to him and his groups. A lot easier way would be to find the CCP Pooh bear credit score, tr*nny demon hacker and such disgusting stickers in their Telegram groups. There is a lot to it, and none of it is drama.

                  of course is not a load of bullshit. Closed source can be verified, audited and exploited. That’s what security researchers and bad actors do. In fact, windows -for example- has viruses also because people can find exploit in the source code.

                  I will cite the famous Underhanded C Contest here: https://en.wikipedia.org/wiki/Underhanded_C_Contest . This proves it false that closed source code can be audited properly.

                  You says that google pixels cannot be trusted, but you didn’t showing any documentation about it. You says that it cannot be verified, but you didn’t show any documentation about it. You just assume that because “of course, It’s Google, you can have faith in google, it has an abysmal past regarding privacy”. It’s not an actual proof. Now, let’s say that google pixels have 100% a backdoor in their phones. how about the others vendors? You have verified the phones?

                  I showed you Google’s track record entirely ridden with malicious intent, questionable past, NSA and DARPA involvement. You want to trust Google hardware after theIR AI was utilised to bomb Yemeni kids via US drones? Good luck, whatever your threat model is, relying on closed source Google security.

                  You can say that huawei -example- is a safe phone to use, that has no backdoors? That is not affiliate with NSA or other companies? Or you just assume it? The answer is simple, you just assume it.

                  Huawei is a Chinese company owned by its employees, and has no links to NSA or 14 Eyes countries due to stark political and ideological differences. I will use a historical reference as example. You are trying to tell me that 8 Nation Alliance collaborated with Qing Dynasty to sell the Chinese citizens opium to grow British trade?

                  why I recommend pixels for people who wants/needs to use google services or install custom OS and get rid of Google services? Because Pixels, unlike 99% of android phones, support custom custom signing keys so, you’re free to install any other OS without destroy the android security model thus Preserving your privacy. Having a phones without the verified boot enabled is security and privacy disaster, because if you get tampered, you wouldn’t now and malware would get persistent.

                  Verified secure boot is such a meme. You think Evil maid attacks need an unlocked bootloader? One needs to be able to use privileged escalation, which is easier to achieve via social engineering instead. Many methods of attacking users exist. Just go and check how Cellebrite and all these kits work in real world.

                  One can also setup LockUp app on F-Droid to protect oneself against such tampering, which erases phone upon detection of usage of such kits.

                  Although, I already suggest users to not root phone, which is the simplest way of making users do nothing and increase their security on a general level. And that is how my smartphone guide works.

                  Along with Titan M, pixels provide many improvements,

                  CLOSED SOURCE SECURITY BY OBSCURITY IS NOT REAL SECURITY. IT IS AN ILLUSION. IT IS AN ILLUSION. ILLUSION!!!

                  Pixels have also become the most vulnerable and worst phones to buy now (always were, now botnet loaded), considering Anøm phones are going onto markets as second hand.

                  And whichever GrapheneOS fanboy is silently downvoting me, try and debate with me, you worthless despicable rat.

      • xenith
        13 years ago

        I use GrapheneOS as my daily driver and love it. I’ve also been active in the GrapheneOS Matrix community and have never seen anything that I would consider questionable. I’ve never received money, but I guess my payment for this comment is a FOSS, deGoogled, hardened OS.

        • @Lunacy@lemmy.ml
          33 years ago

          GrapheneOS it’s fine. The community it’s also fine. Please don’t believe stranger’s words, don’t believe my word either, do your own research. you too are in the grapheneOS community and you can see it’s not toxic at all.

            • @TheAnonymouseJoker@lemmy.mlM
              13 years ago

              Google Pixel is not the best device, even if GrapheneOS may be a good security ROM.

              And for all I care, Techlore presented facts which I can verify from my personal experience. I have a lot more evidence in this thread below, a lot different than what Techlore showed. So yeah.

              As for community, all communities are usually tightknit to an extent, even if they are not literal IRL families. Micay straight up bans people that question too much. It is known.

          • xenith
            13 years ago

            That’s weird - it showed that I commented the same thing twice, so I deleted the one you didn’t reply to, and now it shows just the one and it’s deleted.

    • Adda
      53 years ago

      I second this. From all of these, I would use Mull. If that is not an option, probably Bromite then, even though I actually really dislike Bromite workflow from the little time I have played with it (and therefore all the Chromium based browsers on Android, I guess – I have not used any in a long time on Android). It just somehow does not suit me. But its privacy features should be great.

    • @je_vv@lemmy.ml
      53 years ago

      cool that mull is found now on official f-droid repos, I had it installed from the divestos f-droid custom repo:

      https://divestos.org/fdroid/official

      Perhaps it’s better to use the the official f-drod one, I hope the official f-droid one doesn’t get updates too delayed compared to the divestos ones, :)

  • @yxzi@lemmy.ml
    33 years ago

    you specifically asked to choose between the given options, but I’ll throw in Fennec into the mix, since it’s based on Firefox. pro: proprietary bits and telemetry have been removed con: still connects to various Mozilla and Google services that can track users

  • @TheAnonymouseJoker@lemmy.mlM
    33 years ago

    Kiwi Browser is also great, if you want a Chrome based option. Allows desktop extensions.

    Fennec/Mull/Firefox modified are most excellent for primary usage, though.

    • @dragonhunter056@lemmy.ml
      23 years ago

      Kiwi is super outdated isn’t it? I think I remember hearing somewhere that it doesn’t get updated often/at all nowadays.

          • @TheAnonymouseJoker@lemmy.mlM
            13 years ago

            A couple days of researching on r/kiwibrowser threads, and mini wars on browser threads on r/privacytoolsio should get you in the loop on arguments used against Kiwi and/or for Bromite.

            Not everyone criticising Kiwi is one of the people from the group I mentioned, but a significant portion exists, and they are indeed a significant portion of what makes up arguments overall against Kiwi, even though security patch backporting happens with Kiwi.

            There is a bit more to it, in that Kiwi Browser earlier was not open source, and some of the garbage arguments against it carry over from that time, and even conflated at times. It also does not help that these people take advantage of less thorough discussion and solid threads around Kiwi Browser, as not too many people use it yet. Less usage is most likely because of inertia of Chrome/Brave/Samsung Internet mobile users, and Kiwi only offers desktop extension support feature over other Blink mobile browsers.

            I was never a Kiwi user until it became open source, and I only use it as secondary browser because I oppose Chromium/Blink monopoly via using Firefox, and also prefer uBlock Origin in all its glory without Manifest V3 crippling.

  • xenith
    13 years ago

    I use Vanadium on GrapheneOS and have no complaints.

  • Helix
    -43 years ago

    Your title is shit and you didn’t give any criteria on which to compare the browsers, you didn’t even specify why you limited the options to the five browsers mentioned. Please fix.