1. 19
  1. 17

    I’d also love to see an entry for Firefox with uBlock Origin. I have a lot of reasons not to use Brave, while Firefox seems to do quite bad with these synthetic tests. I’m sure that with such plugin, it would do much better.

    1. 10

      Another interesting comparison would be with FF with multi account containers and third party cookies disabled. It’s one of those “removing a bug class” ideas. What use is tracking for Facebook if they’ll only see their own pages in their own container.

      It makes a few of the entries in the table irrelevant. Ok, you get some cookies or signatures. They’re not shared between pages, so they’re not going to cause privacy issues.

      1. 2

        I believe the first-party isolate setting in Fx obsolesces the security part of multi-account containers (though still useful for multiple accounts). CanvasBlocker may be a more valuable 2nd pick.

        1. 3

          True, but first party iso has some downsides. For example it breaks some cases of SSO.

          1. 3

            ISTM that any sort of privacy or harm mitigation on the web cuts across how it fundamentally works, and such, will always cause breakage. This seems to put anyone trying to make things better in the privacy direction in an impossible position.

            1. 1

              This is true, but it’s often safer to just have a separate password and 2FA

              1. 4

                For companies with many employees, SSO allows better security through things like easier offboarding, enforcing 2fa policies, forced credentials rotation on compromise, access auditing, etc. For a single person, sure, use a separate account rather than FB login. But for corps you want the opposite (still not FB though :-) )

      2. 6

        Should “Tor enabled” be an unqualified privacy win? Would love to hear from a Tor advocate why trusting anonymous volunteers with one’s Internet traffic is not the problem it appears to be.

        1. 2

          I wonder what, if any of this changes with iCloud private relay turned on?

          1. 1

            That should at least change the “IP address leak” row (in “Misc tests”), because the description of this test reads:

            IP addresses can be used to uniquely identify a large percentage of users. A proxy, VPN, or Tor can mask a user’s IP address.

          2. 2

            I’m sad to see Firefox doing so poorly on this list. Maybe I should give Brave a spin…

            1. 7

              This is for basic firefox after clicking the link and installing. It is a relevant metric because that is how most people use browsers, but if you are privacy conscious and have the technical knowledge of the average lobste.rs user, then these stats are simply innaccurate. I have ublock origin (which is not available for brave, though they claim to already block the same things), privacy badger, and noscript on my browser and I imagine there are a lot more green ticks on my browser than on a basic vanilla firefox installation.

              A lot of these browsers are probably configurable in this way and many of them probably support the same plugins. For people like us that bother to configure, a better metric would be a similar table but showing the situation when all possible privacy settings and all the major plugins are set up correctly. Such a table would show which browsers have flaws that can not be completely secured even with a careful setup.

              1. 2

                Librewolf seems to score the highest out of everything, but isn’t it just a fully-tricked-out Firefox with Mozilla telemetry yanked out? Not at all to diminish the work the Librewolf team are doing - they deserve credit for their accomplishment building and packaging a hardened Firefox.

                1. 2

                  yeah, I’m using Firefox with uMatrix, so I guess it’ll be a lot more private than the list here. It’s difficult for me to understand what all these terms refer to (and I don’t much care to really dig in), but it leaves me with a vague feeling of “maybe vanilla Firefox doesn’t do enough stop these targeting methods, some of which uMatrix can’t even hook into”.

                  1. 3

                    I was wondering the same thing, but I’m also wondering how much this test is influenced by features rather than exploits. Is each green check an equal X% increase in privacy? Or does the whole class of referid’s that brave blocks only affect people who use those services and aren’t protected by another aspect. Also, when one browser has all checks and nothing else does, it’s hard to know if it’s an emerging threat or just a new feature being advertised by that single vendor.

              2. 1

                I thought to try Librewolf, but sadly the OS prevents it being run after installation for security reasons (unsigned), on modern Macs.

                1. 1

                  Since companies focus on big players, I often wonder whether privacy focus reduces browser’s perceived market share. Also in context of whether users in general take measures to prevent tracking. By extension I wonder if this has an effect on OS user share statistics.