←back to thread

Hardening Firefox – a checklist for improved browser privacy

(andrewmarder.net)
263 points amarder | 3 comments | 30 Aug 25 11:26 UTC | HN request time: 0.8s | source
Show context
geekamongus ◴[30 Aug 25 19:13 UTC] No.45077202[source]
I've been a Firefox die-hard since it was called Phoenix a couple decades ago. That said, over the last two months I've been testing Orion Browser (from Kagi, to which I subscribe), and am smitten with it. It's Apple only at the moment, which is a drawback, but if you live in that ecosphere, it's worth a look.

Orion is Webkit-based, can install extensions from Chrome OR Firefox, privacy respecting, and a whole lotta niceties for per-website tweaks and other customizations.

[0] https://kagi.com/orion/

replies(3): >>45077488 #>>45079439 #>>45079523 #
1. thisislife2 ◴[31 Aug 25 01:07 UTC] No.45079439[source]
Orion indeed is a decent option for the privacy conscious as it is one of the few browsers that doesn't make any automated connections on startup (with the right config). But, if I remember right, they are still trying to get Ublock Origin to work perfectly on it (i.e. WebExtension support is still not fully supported on Orion).

PaleMoon ( http://www.palemoon.org/ ) is a hard fork of Firefox, with a mix of old tech (XUL) and new tech (from current codebase of Gecko), that is another full-featured zero-telemetry browser that doesn't make any automated connections. But on this too, the full features of uBlock Origin isn't supported as it is based on the abandoned uBlock Origin (legacy) codebase (though the legacy codebase has been updated by some PaleMoon developers, the original developers of uBlock Origin do not wish to support PaleMoon as it doesn't support WebExtension.

Then there's the Tor Browser ( https://www.torproject.org/ ) - it is a soft fork of Firefox, that supports the Tor network and has been configured by default to be "privacy hardened" - it has none of the crap that Mozilla bundles into Firefox, like Pocket, AI, Ads etc. The Tor software bundled in it can be easily deleted, to use it as privacy hardened Firefox. However, there are two issues with it - it does make unauthorised and unwanted automated connections (to SecureDrop) and you can no longer remove the NoScript browser extension that is bundled in it (you could from previous versions). When a browser maker forcefully bundles something in it, (however useful it may be), and does not allow you to modify it, that's well-founded ground to be suspicious of it. (Note: I did finally figure out that one can stop automated phoning to SecureDrop, after disabling it in about:rulesets ).

As the tor browser laid a good foundation to create a privacy hardened Firefox, there are many other browsers that are Forks of the Tor browser - the Mullvad Browser ( https://mullvad.net/en/browser ) is a popular one, and Mullvad bundles its VPN service in it instead of the Tor network. Last I checked, it made some automated connections on startup, so I didn't bother to explore it further).

replies(1): >>45083182 #
2. noman-land ◴[31 Aug 25 13:57 UTC] No.45083182[source]
Curious you specified "hard" fork. What exactly would a soft fork look like for a git repo?
replies(1): >>45083886 #
3. comprev ◴[31 Aug 25 15:23 UTC] No.45083886[source]
A soft fork would still be able to merge changes in the upstream project and then add their own changes on top. The most basic example would be a soft fork that only changes the default search engine - everything else is the same.

A hard fork - as I understand it - means the development takes a new direction and integrating the original upstream code becomes more difficult as projects diverge, to the point where they are basically incompatible with each other.