So I upgrade Firefox and I get a “Curated by Pocket” section in my previously-blank new tab view that also has sponsored content in it.

I cannot stress this enough:

Fuck you, @mozilla
And fuck you, Pocket.


May I suggest Librewolf to you? A project, which takes the latest Firefox build and automatically applys privacy and security settings. Instead of other project based on Firefox, it stays alligned to Firefox, which enables them to use new versions of firefox fast and easily.

It comes without firefox pocket and a lot of privacy enhancements.

It also has a nice page on recommended addons:

They even (used to) make code reviews on these addons to make sure they are actually trustworthy and worth to recommend. However, I think this was halted sometime ago, since they lacked the resources.

@The_Observer6955 Thanks, I’d downloaded it but for some reason had trouble getting it to work. Just installed the latest via Flatpak. Will give it another shot. Appreciate the nudge :)

@walruslifestyle @The_Observer6955 I hear you. Not happy with it‘s “sandbox” either. And Pop!_OS seems to be adopting it as the default.

@aral @The_Observer6955 it's distressing. some of these container technologies function to hide security flaws that would otherwise be more easily detectable at the application level. personally I view them with skepticism.

IIRC that site is very old at this point and most concerns have been address. Flatpak isn't a security nightmare, perhaps some repos are, but fedora provides flatpaks on silverblue by default and those get all the same updates that their rpm counter parts receive.
@aral @The_Observer6955

@RandomPhoton @aral @The_Observer6955 the article is from 2018 and they have not resolved most of the issues raised.

see also

suggesting anyone can submit any app to Flathub with minimal vetting, and if you find that someone else put your app there your only recourse is to talk to the admins.

that's not a hypothetical. as of a few weeks ago there was a BitWarden flat oak at was not listed on BitWarden's list of releases

@RandomPhoton @aral @The_Observer6955 some random malicious person could have compiled a version of BitWarden that sends the accounts and passwords of anyone who uses it back to them, posted it on flatpak, and sat back collecting credentials till someone noticed. this could be happening as we speak. if you don't think that's a security nightmare then I don't know what to tell you

Its not.... That as I said is an issue with the repo. Flatpak the sandboxing and packaging system is perfectly fine.

I wouldn't say rpms are a security nightmare if rpmfusion had issues. I would say avoid rpmfusion... Not that I think flathub is a problem. Its a community repo like any other. If its open source it can be packages by the community.
@aral @The_Observer6955

@RandomPhoton @aral @The_Observer6955 flatpak is not fine, no matter how many times you repeat that. nor is the standard distribution mechanism (flathub). good for you if you feel safe taking risks, but that does not imply the software's creators are using best practices in their security. they are not.

I mean no matter how many times you assert its insecure doesn't make it true.

Flatpak and associated runtimes have been updated numerous times since 2018. If you really believe that article holds true today I don't know what else to tell you. That site and the issues it raised have been discussed ad infinitum. So I'll just have to refer you to those.
@aral @The_Observer6955

Once again that's a flathub issue not flatpak. Fedoras repos avoid those issues above unless you don't trust the maintainers who also maintain rpms in which case I guess you shouldn't use fedora or [insert distro here].

Also if you don't like the default permissions override them... You just have to use the CLI.
@aral @The_Observer6955

Icecat is based on Firefox ESR, so not the latest release.
Icecat uses plugins for some of their features
Librewolf just has a little different scope and features. For example librewolf is planning on implementing a extensions firewall, which will prevent extensions from making unwanted connections.


This looks pretty good! I just gave the AppImage a try and it's working well.

Re. Aral's original message, it looks like Pocket is disabled by default:

I'm going to give it a good try over the next few days.

They're not recommending the PrivacyBadger add-on, that's interesting: I still need to understand why

cc @aral


I forgot the most important: thank you for this recommendation 🙂

@The_Observer6955 @aral

Abrowser and Icecat are two other privacy focussed browsers based odf Firefix I can recommend.

@The_Observer6955 @aral Er, which is to say the company Chase (who you should never do business with) do a ton of browser fingerprinting on their website, to try and ban alternative browsers, but they do allow vanilla Firefox. And the site breaks itself in a really obvious fashion, so you can use it tell if a browser can pass as Firefox or not.

If you mean, then yes that seams to work. It just uses the default firefox useragent which is enabled when privacy.resistFingerprinting is enabled, so it is the same which Tor uses.

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community