this post was submitted on 19 Feb 2022
0 points (NaN% liked)

Security

5142 readers
7 users here now

Confidentiality Integrity Availability

founded 5 years ago
MODERATORS
[email protected]
0
Choose your browser carefully (www.unixsheikh.com)
submitted 2 years ago by [email protected] to c/[email protected]
7 comments fedilink hide all child comments
 

Privacy on the Internet is important because privacy risks range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Many companies, such as Google, track which websites people visit and then use the information, for instance by sending advertising based on one's web browsing history. Sometimes prices on products are changed on the same website, depending on tracking information, and two people may view the exact same product on the exact same website yet be presented with very different prices.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 2 years ago (1 children)

Librewolf should not be bouncing around on the Internet without the user explicitly asking it to do so.

I find this argument to be too extreme. Librewolf already acknowledges that it still needs to connect to some essential services but tries to minimizes which. content-signature-2.cdn.mozilla.net for example is necessary for OCSP (and HTTPS) to work, I've seen some blocklists block it in the name of "blocking telemetry" but it causes massive breakage. Just listing domain names isn't a very useful argument.

[–] [email protected] 0 points 2 years ago (2 children)

For HTTPS you can rely on local CA-Certificates perfectly which are upgraded by the OS.

[–] [email protected] 2 points 2 years ago

The problem is that your offline CA stores won't use OCSP revocation logs or certificate transparency. You need live updates for those. The latter is especially important, as without it you're completely dependent on one group of CAs.

[–] [email protected] 0 points 2 years ago (1 children)

Usually not so fast, download a list is still needed (e.g. if there are security problems with some CA). IMHO, a completely "mute" browser isn't necessarily good, but of course every connection should be explained

[–] [email protected] 1 points 2 years ago

If you're concerned about your browser "phoning home", you can find out exactly what it's chattering about using key logs and a packet sniffer (I recommend Wireshark or derivatives). Key logs are required for decrypting TLS traffic, and Firefox + Chromium support them.