Mozilla Firefox Contact me for feedback or questions! I reply to everyone.
Let's start with the basics. What is the point of a web browser? Originally, it was to be able to read HTML documents, but since then, the Web has changed massively, and modern browsers need to satisfy more demands. The basic terminal browser - links, w3m, Lynx, elinks - can still be used today to display websites only in text. Actually, elinks supports features that are somehow missing in "modern" web browsers (such as editing cookies, custom stylesheets or keybinding), but in the end, they can all be got back through addons. Maximum of 256 colors, no images, little or no Javascript support, limited CSS support, no loading of non-HTML content such as videos (but can load externally), and no addons make these unsuitable for modern day browsing.
I could mention many other browsers here. Surf is a graphical web browser that has image and Javascript support, but no tabs or an actual user interface. Midori has everything you'd expect from a modern web browser and even includes in-built functionality to replace some of the common addons, but it's not enough. Otter Browser is a promising project with a very nice UI, but has no addon support (so far, though it's planned). Qutebrowser is a keyboard controlled browser that recently added per-domain settings, but they are inferior to uMatrix. Many of its features can be replaced by, again, addons.
One advantage of these niche browsers is that they don't spy on you, but what I've learned from trying probably all of them is that, in the end, addons are essential - especially uMatrix is irreplaceable. So, for a day-to-day browser, you have only two options: Firefox based and Chrome based. Since they all support the same addons (with slight exception in Pale Moon), we will have to use some other criteria to judge these browsers. These consist of usability, privacy, customizability, philosophy, respect for the user, looks, and speed. Let's analyze them one by one:
Mozilla Firefox There is a long history of anti-user decisions with this one - it's so big I've written a massive article about it and other Mozilla's sins. Briefly, they
include removing configuration options, having anti-privacy default search engines, lying about being privacy-based, removing
addon compatibility, disrespecting contributors, shoving you targeted advertisements, enforcing usage of certain other software, and many, many others (read the article!). Add to that the slow
speed and shitty UI and you have a browser you're never going to want to use. August 2020 update: Mozilla has now clearly ceased caring about technology, but is instead fully focusing on social issues - From combatting a
lethal virus and battling systemic racism
. As if it wasn't already obvious earlier, they have now thrown out 250 people mostly working on technical stuff such as their
rendering engine or browser security. I suspect this is preparation for ceding control of the web browsing ecosystem to Google soon (as predicted in Mozilla - Devil
Incarnate, they were always controlled opposition). I doubt any Firefox based browsers will survive this apocalypse, to be honest.
GNU IceCat Firefox fork from the Free Software Foundation - with a huge focus on freetardism. This means no Flash Player compatibility as well as an annoying LibreJS addon included by default. Older versions had some spyware in there, but 60.2 removed all of it as far as I can see. Some privacy addons are included by default, but you should still use uMatrix - though newbies might like having some privacy built-in. Though it is made by more ethical people, this browser still suffers from many of Firefox' ills - like the shitty UI, slow speed, lack of configuration, deprecated addons etc. All in all, IceCat fixes many Firefox issues but leaves more of them in - and it can't be otherwise since they are fully dependent on Mozilla's decisions in the end. UPDATE: it's fucking August 2020, and the latest release of IceCat is still version 60.7 compared to Firefox 79. Packages for most distros are also not provided, so you'll have to compile. I recommend skipping this one especially in light of the recent happenings at Mozilla.
LibreWolf LibreWolf is to Firefox what Ungoogled-Chromium is to Chrome. The first version (Librefox) was considered just an "enhanced" Firefox - until it was killed by Mozilla (archive). Some community members revived it as an independent project this time. LibreWolf aims to fix many of the issues vanilla FF has - it will be compiled with no telemetry, Pocket or pulseaudio requirements. All included search engines will be private by default (no big G) and no unsolicited requests will be made. At least, that was the plan but then it died and was inactive for a very long time apparently until now (March 12) - so watch this space for updates! UPDATE April 3: the new appimage release has no problems aside from the lists for uBlock Origin being automatically updated. Clearly nothing compared to what Firefox is doing, but LibreWolf is still dependent on Mozilla - if they start adding more nonsense, removing about:config options, userchrome.css support (as they were planning to do), Alsa support, etc. then LibreWolf devs will have to maintain those features themselves, and I doubt they can keep up with such a small dev power. But for now, it is a fine alternative to vanilla Firefox if you really want to base on it. UPDATE August 2020: the dev team admits they have a problem (archive) with Mozilla firing their employees and has doubts about the future of the project.
Waterfox Another browser pretending to care about your privacy (archive) - We’re obsessed with protecting your privacy.
That’s why we’ve made Waterfox Private Browsing more powerful than the others.
, when in fact Waterfox does nothing whatsoever to protect it and actually spies on you almost as much as Firefox (archive) (it made 109 unsolicited requests upon
my run of it). The more powerful private browsing
mode is a sham as well - anyone caring about their privacy will not rely on this but install essential
privacy addons, so his deceptive claims are designed to lure in newbies only. This browser is completely dependent on Firefox, has its shitty UI and all the other flaws and does not even
bother to remove much of the spyware. It's also run by a single developer (who is also a liar and hates privacy as proven above) so you don't know how long it will keep going. There are some
positives, however - Waterfox is the only browser out there to support both XUL and WebExtensions, as well as NPAPI plugins. Still, due to all the other issues, this browser
should be ignored. UPDATE FEBRUARY 2020: yet another reason to avoid Waterfox - it's been sold to an advertising company (archive), the same one that claimed
StartPage.
Firefox is absolutely terrible and its forks have not much to be proud of either, as we can see. Though some of them do remove (some or all of) the spyware problems, they either add their own
or have some other issues, like IceCat's incompatibility with Flash Player and lack of updates, or Waterfox' shady ownership. LibreWolf, the only project with actual potential, has been abandoned resurrected, but still only a few people are involved. The other, more important reason to avoid Firefox-based browsers is that they are all still dependent on the evil Mozilla. If they ever officially cede control to Google (as is already happening in all but name [archive]) - the whole Internet will be pretty much
taken over by an even more evil corpo. I have predicted this in the report above, but it was somewhat speculative at the time. Now, it's pretty much a certainty it will happen in a few years.
UPDATE August 2020: Mozilla is self-destructing (see above) so a Google owned web might soon become a reality. Knowing this, it is obvious Chrome forks can't be any better,
but let us check them out anyway:
Google Chrome A massive platform dedicated entirely to data collection (archive)...but at least it doesn't pretend to be something else, unlike Firefox. Shitty "modern" UI (like Firefox), lack of customizability (no in-built proxy settings, even?), little in-built features, slow, dependent on the evil Google company...Avoid like the plague.
Iridium Browser Billing itself as A BROWSER SECURING YOUR PRIVACY. THAT’S IT
, it actually fulfills the claim aside from a few spyware issues still left in. Specifically, your private
Iridium Browser will make a connection to Big G every 30 minutes to download their Safe Browsing database - what a joke. The devs have reacted dismissingly (archive) to the issue, plus have sneakily added more recent spyware (archive) - so I don't think they're to be trusted. Iridium has a hasn't been updated in a long time (it's August 2020, but the last release is from April based on Chromium 81 - compared
to Ungoogled-Chromium's 84). There's no AppImage or portable build, making installation a bigger problem. This was my browser of choice for a long time (until I found the one below), but it
doesn't do anything aside from disabling automatic connections - and not even all of them, at that. If you want a private Chrome based browser, this one is a much better choice:
Ungoogled-chromium Unlike Iridium, Ungoogled-Chromium actually disables all automatic connections and other Google integration. The dev is also a really nice and skilled guy (at least he doesn't have a problem with people reporting stuff - unlike Pale Moon, or worse - Mozilla). However, keep in mind the Chromium codebase is massive, and it's doubtful this single guy can keep up for long (then again, he does lift patches from other similar projects such as Bromite, and has a helpful userbase). He's doing better than the Iridium team, though - with his browser being much more up to date. In the end, Ungoogled-Chromium is still just a bunch of bandages applied to Chromium, and keeps Uncle G in control of the Web. There's not any real features added beyond the privacy fixes and a few CLI options (archive). Still, it is surely the best Chromium fork out there if a Google monopoly doesn't bother you. The packages are available only for a few distros (plus Windows and Mac), but fortunately, there's an AppImage as well as a portable build that work everywhere.
Brave Browser This browser has made waves thanks to its built-in privacy protections - such as AdBlock, HTTPS everywhere and script blocking - but in the end, they are outclassed by uMatrix. More than that
- after checking them out, I can confidently say the Shields are pretty useless - the vast majority of trackers are left alone; in fact, sometimes it seems that a site can
have hundreds of them, and yet none of them will be blocked by the Shields. Script blocking option simply blocks JavaScript fully - it's just NoScript revisited. Brave used to be able to
install Chrome extensions only from source, but now does it the same as the other Chrome based browsers. Despite those, it not only spies on you (archive) but is actively working against your
privacy by whitelisting Facebook and Twitter trackers. Brave has also been soliciting donations in the name of other people without their consent!
Here (archive) is a thread
discussing the issue. UPDATE August 2020: since I wrote this, more shady shit from these guys has surfaced. For example, not only do they have sponsored backgrounds (recall Mozilla's Directory Tiles?) in their New Tab page but they were also earning big money from the included affiliate links without telling you (this is illegal and they've locked the convo as expected)! More recently, they
were caught rewriting typed web addresses to add referrals for various partners. Brave Browser also has auto-updates (archive) that cannot be disabled which is extremely malicious (complete with a closed topic, of course - in a Mozilla-esque fashion). The only
real reason to use Brave is their so-called Brave Rewards
program with which you can earn their Basic Attention Tokens
in exchange for watching ads (displayed as system
notifications). Here's the catch: to pay out their BATshit tokens, you need an account on Uphold, whose Privacy Policy states this:
To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Facebook tier surveillance. But wait, it's not over:
We may obtain information from affiliated and non-affiliated third parties, such as credit bureaus, identity verification services, and other screening services to verify that you are eligible to use our Services, and will associate that information with the information we collected from you.
They will also stalk you all over the Internet to try to find already existing information. There's still more violations coming, so sit back and watch:
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.
As soon as I think I've found the biggest privacy violator possible, the cold hammer of reality strikes that stupid idea right out of my skull. Anyway - again - the only way to pay
out BATshit tokens is by using this service. Even then, you can only do it once a month and Brave still swipes 30% (archive) of it - You’ll earn 70% of the ad revenue that we receive from advertisers.
This is portrayed as a way of revolutionizing the Internet
ad industry - the middlemen and platform operators capture most of today’s ad revenue, while creating malware distribution and ad fraud opportunities. Brave Rewards upends this broken
system and provides a new way forward for creator support.
However, the real revolution will happen when the whole ad business model is dead and buried, or even better - when content
creators don't need to worry about "earning a living" because the capitalist monster has been slain or at least put on a leash. For now, you can just
support the sites you like directly with Bitcoin, anonymously and on your own terms. All you need is a wallet and a person you want to donate to (I have an address at the top of the page ^_^).
Anyway, at the beginning I was way too forgiving for Slave (certainly nothing Brave
about it) Browser - let it rot along with all the scams they're pulling.
Dissenter Browser This Brave fork was whipped out in literally a few days in response to the recent wave of censorship from Twitter, Facebook, Mozilla etc. Its claim to fame is being integrated with the Dissenter extension (banned from Firefox's and Chrome's extension stores (archive)) which allows you to comment on any article from any website, bypassing their censorship policies. Quite handy. To use it, however, you need to sign up for their social network, which requires ReCaptcha (devs have dismissed the issue (archive)). Then, to post a comment, you of course have to share the site you're on with Dissenter, which, if used extensively, could build quite a profile of your browsing history. Who's to say they won't run away with all that data then? Their privacy policy (archive), consisting of one fucking sentence says literally nothing about what they collect and share, so you might assume it's everything with whoever. As for the browser, it contains the usual Brave shit like Shields, whitelisted trackers and safebrowsing. In addition to those - whenever you open a new tab, Dissenter will connect to a bunch of news sites and youtube, as well as clearbit to download their icons; fortunately, this can be disabled. Their site is also cloudflared, which means all your history and comments will be shared with the evil tech giant (archive), MITMing from the shadows. All in all, this browser is just a fad riding on the current anti-censorship climate. In fact, I'd say it's very likely a honeypot designed to collect the browsing and comment history from as many people as possible and share them with the great centralizer (Cloudflare), to help eventually create an Internet that is fully controlled by the elites. The idea is nice (and I hope someone worthy repeats it) but the execution could not have been worse. Run the fuck away faster than you would from an angry, rabid dog! Speaking of dogs, the Spyware Watchdog has an in-depth review of some other issues with Dissenter.
Opera Used to use a custom engine and was highly praised by the users, but after switching to Blink (Chrome engine) it dropped most of its features and left waves of dissatisfied users. A few years
later it was bought by a Chinese company which put the final nail in its coffin. Forget about its bullshit marketing talk such as Now with a built-in ad blocker, battery saver and free
VPN.
Opera heavily spies on you (archive), including on your whole browsing history. Integrated by
default with spyware platforms such as Facebook, WhatsApp (owned by FB), and Telegram (apparently insecure according to the cryptographers). The VPN is very likely a Chinese honeypot and
uMatrix outclasses all adblockers. Though it has some nice features like mouse gestures and automatic currency conversion, there's not much reason to use nuOpera over the other Chrome forks.
Avoid.
Vivaldi UPDATE: it's August 2020, and nothing has changed for Vivaldi. It's still the most featureful browser out of the box (mouse gestures, screenshots, web panels, notes...) and boasts massive amounts of customizability (in regards to tabs, bookmarks, keyboard shortcuts that no other browser can change by default). However, it also still includes a bunch of spyware such as Google SafeBrowsing and auto-updates. But their most egregious way of privacy violation is this:
When you install Vivaldi browser (“Vivaldi”), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message.
The above cannot be disabled even if you're a programming ninja - because Vivaldi's source code is unavailable! Their New Tab page is filled with various partners' websites by default, including violators such as YouTube and Amazon - though you can fortunately remove those. The default search engine is the anti-privacy Bing. Tracking protection is included but it's off by default. It doesn't seem as if Vivaldi cares about privacy too much - it's also closed source. The only saving grace is the massive amount of features, which is of course significant - but most of those can be replaced with extensions on browsers that support them. There also comes a point where a piece of software is trying to do too much - and Vivaldi might have crossed that bridge already. But at least it's something different compared to all the browsers that are bare-bones.
The situation with Chrome forks is better than Firefox ones - there's more of them and they are more commonly updated. We've got more variety in terms of features, included addons, looks, philosophies, etc. But something seems to be missing. The ones with more features introduce their own problems such as custom spyware, false advertising, lack of ethics, even less speed, or crashes. The ones removing all the spyware don't introduce anything new. And they all still rely on the Blink engine (and thus Google). And since Google keeps including anti-user changes (archive), the forks will have to remove / modify those in the code, which some of the smaller teams might not be able to eventually keep up with. Is that it? Are we really stuck with desperately trying to patch up the big corpo abominations?
The Fallen Hero - Pale Moon It used to be fucking good - and still has several advantages over FF / Chrome such as independent development, lack of some antifeatures, less vulnerabilities, XUL addons support, better UI, smaller codebase, and more customizability. However it recently went off the deep end so much that I cannot in good conscience call it an "alternative" to anything anymore. Let me give some examples:
economic damageto websites. But actually, it's the ads and trackers that are causing human damage (archive) and if extensions such as AdNauseam help kill the "economy" based on them, they should be praised instead of banned. Re-enabling AdNauseam requires fiddling with about:config.
deviating from official configuration- something the PM devs hate. They also hardcode compiler parameters, especially with libvpx to use specific opcodes instead of using whatever the user or operating system sets ${CFLAGS}/${CXXFLAGS} to, breaking portability with different CPUs and operating systems.
AAA games that have heavy assets,
VR and augmented realityand
Live video augmentationonto web browsers. Talk about scope creep! It pretty much turns your web browser into another operating system since it's literally assembly to which you can compile other languages and run all kinds of "apps". Of course, you can imagine all the new security vulnerabilities coming along with that. And just a year ago it was a not recommended technology (archive)...
obsessive packrat tendancies..and Moonchild followed with
hoarding addiction. Now contrast that attitude with the quotes on their main page -
Your browser, Your wayor
offering full customization. Doesn't this sound familiar?
a terrible Web Compat footgunthat the users shouldn't have access to. Of course, it's somehow fine to allow UA setting per site or request, despite it being terribly inefficient. Even then, a global custom UA actually helps web compatibility by sneaking past those UA-sniffing sites (which will not stop existing anytime soon). All of this is besides the point though - what matters is that the users should be able to shoot themselves in the foot if they so desire, and this recent change goes against that. For honesty's sake, let me say that Moonchild reverted the change - but only because of the huge backlash (archive) on the forums. The fact that this was an idea in his mind for even one second proves he doesn't give two shits about freedom, customizability, or user respect.
sinking shipsome time ago. I hate to be the bearer of bad news but it's clear it has actually sank now. The reason? You cannot install (archive) extensions from the Classic Addons Archive anymore - just because Sensei Moonkid decided so. Hope you got out in time!
And with that, it's obvious that Pale Moon is a sinking ship. A few months ago I've said that the browser is in the beginning stages of degradation
. Now, the stage
is clearly advanced, the cancer has metastasized and cannot be removed anymore. Pale Moon has become exactly what they've fought against for so long - Mozilla-lite. It's
still a good enough piece of software (and the only decent one for browsing the modern web) - but one I cannot recommend anymore due to violating the most important
principles (which for years have defined it). So what do we do now that the giant has commited suicide?
If you're worried about Pale Moon's issues, know that one of our community chatroom members is developing a fork called Web Browser that is focused on stability, privacy and customizability even more so than its predecessor. Pale Moon still has auto-updates, OCSP and a few other unsolicited requests by default - as well as an extension blocklist. Web Browser either lacks PM's issues (no automatic connections or an extension blocklist) or is in the process of fixing them (using system libraries instead of bundling your own, disabling WebAssembly by default). There's a NixOS package and a SlackBuild (archive) with support for other operating system coming soon (or you can compile from source). The guy is looking for additional developers, so go check the project out if you want to help.
There is everything wrong with autoupdate, basically you are giving whoever controls the updates full control over your software and data, with autoupdates it is possible to:
- Insert backdoors, spyware and malware.
- Add unnecessary features.
- Remove features.
- Target a single user with shit like A/B testing, treating people like guinea pigs.
- Make unwanted changes, like the dreaded UI changes.
- Locking down content behind paywalls
- Whatever else malicious developers want to do with you.
Autoupdate has always been used for bad, its purpose was always to take control away from the user, updating should ALWAYS be a choice.
Source: Nanon - hope he doesn't mind me reposting this. And let me add modifying user settings to the list of auto-update issues - something which Firefox has done many times, for example.
Pale Moon is still the only decent way to browse the modern web that's actually relevant - but it's slowly rotting from the inside. Firefox is dying and will soon bring down all its forks alongside itself, surrendering the Web to Google whose abomination of a browser is just as worthless. Promising projects such as Otter Browser or suckless surf suffer from small dev teams, no / low addon support and don't have their own engines - so depend on Google / Apple, anyway. The only reasonable choice is Pale Moon until Web Browser gets more support. Or, just try wean yourself off the modern web by sticking to websites such as the ones on Neocities, wiby.me, etc. which are functional in NetSurf or terminal browsers. I hate to kill the positivity of yet another summary, but if reality forces me to - what can I do?
