Tor Browser
Pros: using helps hide illegal traffic.
Cons: using helps hide illegal traffic.
Skip to main content
Was using it a few years back until it got bought out by a data broker/malware corpo. Think it was the same folks that also bought start page search… Can’t bring myself to trust people like that no matter how privacy focused they say they suddenly are. Two perfectly good utilities ruined.
Palemoon is actually not a fork of firefox, or technically it is, but it’s not based on any recent firefox code. Their engine is a fork of gecko that separated years ago and they are doing their own independent thing. Compatibility is not nearly as good as FF based browsers.
In the Same vane there is Basilisk, which was started by the palemoon team but is a separate project now with it’s own developer.
Garuda ships a fork of Floorp as their browser now (used to be based on librewolf but now floorp), which looks interesting as well, and more usable to me than Floorp itself, who’s website, last I checked, wasn’t even fully translated to english yet (it’s japanese), and there was very sparse info on what the point of the whole project was even supposed to be.
I see that Brave is also terribly talkative:
These domains are blocked by my dns, but of course it’s a matter of the lists that are used…
ads.brave.com
ads-admin.brave.com
ads-help.brave.com
referrals.brave.com
analytics.brave.com
search.anonymous.ads.brave.com
p3a.brave.com
variations.brave.com
star-randsrv.bsg.brave.com
usage-ping.brave.com
And those not blocked…
brave.com
laptop-updates.brave.com
dl.brave.com
go-updater.brave.com
brave-core-ext.s3.brave.com
componentupdater.brave.com
redirector.brave.com
safebrowsing.brave.com
support.brave.com
https://x.com/LundukeJournal/status/1895967597176525082 1
I absolutely do not know the story behind it. But if the lead dev is making strange moves it does not bode well for the project’s future stability.
An example was “Why I deleted GrapheneOS - Louis Rossmann” where it was only after the negative buzz that the dev resigned so as not to poison the project.
And with such important software as a web browser, there is not much room for crazy situations.
Unfortunately most people seem to be simple enough to be manipulated into politics, so politics are in everything now. I have taken the stance of not caring about it unless it’s in my face in the actual software. I don’t have to interact with the developers of the software I use, or hear about anything they have to say online, that does not relate to the software they produce.
Back to topic: Mozilla has updated their TOS somewhat to “clarify” it, but they fail to explain any of their choices. They also commented on why they removed any reference to selling data from their FAQ and actually said they do share your data for advertising and suggestions, if you have them turned on, which by default, they are on the official binaries from mozilla. They do fail to mention the new AI features that are also turned on by default now, afaik, but at least with that I think you have to choose a provider yourself for it to do anything(?) Anyways they still retain that they do not sell our data, per say.
I’m not sure how we are supposed to think sharing our data for free is any better than selling it, or how we are supposed to believe they are just sharing the data they collect for absolutely no monetary value at all in the first place. 
EDIT: So in the definition they themselves are stating, citing california legislation, they are absolutely, without a question, selling our data. They should just come out and say it. Vague legal language should not protect them in case there is confusion about it, since confusion is the only goal they have when using such vague language in the first place.
I think that it makes more sense to use Librewolf than it’s to try to configure Firefox to be closer like Librewolf. In my experience it has been a good fork and that’s what you want anyway. It removes telemetry from the source and also does other good things too. It’s also easier to configure Librewolf to be more permissive than it’s to get FF to be just right.
I use pretty strict settings and these might break some sites:
librewolf.overrides.cfg.txt (10.5 KB)
I don’t recall anything like that off the top of my head. Although in the back of my mind I have the feeling that I saw something like that before…
The problem with all these FF-based forks is that if Moz goes down, none of these projects will likely survive in the long term in terms of maintaining code quality and especially security.
I don’t suspect Mozilla to disappear any time soon.
But they really do seem intent on alienating the remain like 3% ? users left…
And by there own had as well. That dagger will be a hard one to pull back out!
did some more reading, it should be noted that those push URL’s are also used for CRLite certification revocations. Disable at own risk.
That would explain why LW has it enabled.
After watching Louis’s summary of the Firefox issue I agree that it’s at the same time a nothingburger and PR nightmare/failure of the week, and at least the part about “selling your data” in light of California law. Because if you think about it, even setting Google as the default search engine falls within the definition of “selling customer data”.
The license part still seems fishy to me and reeks of “ai”.
https://x.com/LundukeJournal/status/1896674034542334096 1
Yes, Mozilla Receives USAID Money.
The Firefox maker spends millions from tax payers on “social and political” training, “centering marginalized groups”, and “engaging race, gender, sexuality perspectives”.
So I had to dig into this and I don’t personally see how this is a problem as it’s been a Mozilla’s foundation project for years, but to each their own for it’s relevance.
But how is this even relevant to the OP which is for privacy?
Evolution of the discussion… Privacy is a broad issue and a general state of being that may bode poorly for the future.
I can understand that privacy is broad, but I just don’t see how this relates to privacy. It just looks like identity politics to me.
Which part do you mean exactly?
People talking different things? Funding USAID? Changing TOS? Collecting and selling data?
Changing TOS is the spark of the problem.
Collecting and selling data is the problem.
Funding USAID has been controversial lately and especially in the context of what this money was spent on and whether it should have been spent in the first place is a problem.
Firefox is a very important browser on the market. Everything about it and Mozilla in general causes concern and various fears, including privacy.
As for moving away from OP, it happens that long threads sometimes veer off to the side, but here the discussion was still initiated by the TOS issue affecting privacy. So instead of creating 10 threads, this one seems more appropriate for a cumulative discussion.
Also take into account that it was the OP who brought up the situation with TOS and did not object to further discussion in this thread.
@0xDE57 So I guess it’s ok?
Apologies if I caused any confusion, but I was referring to USAID.
I’m not really seeing the controversy and it largely feels manufactured with little understanding of what was actually going on with that funding. Especially considering once could easily have looked at what was being funded on the state department website(ex: FY 2023 International Affairs Budget - United States Department of State)
I don’t see how them receiving USAID funding, which they’ve received for years now, is related to their TOS change.
Ok, I can agree that the USAID case doesn’t have to be directly related to privacy, but one could argue that it could affect the overall assessment of the organization’s character and decision-making processes.
As for my post about it, I’m not presenting it as an aspect related to privacy, but as a collective flow of information related to Mozilla as a whole. A collective aggregation of information, nothing more. 
LOL…
I don’t really see what the change in TOS and data collection has to do with politics, unless said politics are directly interfering with the functionality or operation of the browser.
It’s fine as long as it doesn’t get off the rails, as political topics tend too… I don’t want to moderate what people can talk about, but obviously I’d prefer to keep this thread on the technical side.
A collective aggregation of information, nothing more. 
Ok, to make it a bit technical…
Fun facts about this Firefox bug: (1) According to Mozilla, it got introduced in 2003, it predates Firefox 1.0! (2) Although it’s a UaF, it doesn’t rely on any JS callback, the entire PoC is a single function. (3) It was a purely manual find and just a fun bug to PoC
https://x.com/ifsecure/status/1897676576109596821
Mozilla promoted Firefox 136 to the stable channel with patches for 15 vulnerabilities, including eight high-severity bugs, five medium-severity issues, and two low-severity defects.
The high-severity vulnerabilities could lead to sandbox escape, users being tricked into granting sensitive permissions, potentially exploitable crashes, potentially exploitable out-of-bounds access, and arbitrary code execution.
On Tuesday, Mozilla also announced the release of Firefox ESR 128.8 with patches for 10 vulnerabilities (including one critical- and six high-severity flaws) and Firefox ESR 115.21 with fixes for five security defects (one critical- and four high-severity bugs).
https://www.securityweek.com/chrome-134-firefox-136-patch-high-severity-vulnerabilities/ 1
Mozilla’s promotion of bug squashing the last few years has been questionable, especially with making change notes easily accessible. They’ve become like every other company with links to themselves saying “just trust me”. It’s a CHORE to get real developer notes from them anymore.
It’s been made clear for a while with the focus on presentation for the masses instead of just being transparent what’s going on. I still use it because there really isn’t a better alternative, but come on.
I hate it. Like, don’t make PR or social media posts “correcting yourselves”, JUST PUT IT IN THE CHANGE NOTES!
If no more firefox or chromium based browsers then which one?
hey maybe I missed it but where in the OP does any of the described configs block browser fingerprinting? I have been using most of these methods for years and every time I do a browser fingerprint test, I get basically a “100% unique” score, or whatever score means that my browser is easy to identify, supposedly because of these precise settings. It seems to me that its basically impossible to block tracking with the basic browser configs described here, because by turning off all these features and settings in your browser, and by using Firefox in the first place, you are just making your browser “signature” more and more unique compared to the rest of the population.
To illustrate the point, using this test
I get a score of
Yes! You are unique among the 3487513 fingerprints in our entire dataset.
Here is a fun one
1 - User agent
0.02 % Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:135.0) Gecko/20100101 Firefox/135.0
Simply by using Firefox on Ubuntu you are differentiated from 99.98% of other internet users, it seems.
In light of these basic facts it seems like “blocking browser tracking” is basically not possible.
lol never knew of this website before. I heard people say monitor layouts are the easiest to fingerprint and I guess mine is as well
20 - Screen width |0.04 %|2176|
21 - Screen height| 0.01 % 1110
Not sure how accurate this is though as I get almost as low a value for windows 11 and Firefox. Maybe it checks specific version of firefox as well? I can’t imagine it being that rare as the database even has 1/3 of users on firefox and half on windows
0.28 % Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
The short answer is you’re right. It’s not really possible to block all tracking. The goal here is to lessen it.
Unfortunately it’s not so straight forward to solve and depending on how you have your browser setup, and that’s why you must test your specific setup.
Hence why I stated in OP:
NOTE: some of these settings and plugins can make you MORE UNIQUE in terms of Fingerprinting. There is a trade off between privacy and uniqueness. Evaluate for your self what you care about.
If you don’t want to mess with settings, try stock Mullvad which is better anti-fingerprint out of the box. But the use case is that you don’t touch any settings to blend in with other Mullvad users.
True. Try changing your user agent to the most common string: Chrome on Windows.
Current most common string according to: User Agents — Microlink
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36
general.useragent.override does not seem to be working anymore to set the agent manually. *only works when RFP is off. How to reset the default user agent on Firefox | Firefox Help
However even with spoof, Chrome and FF do not have feature parity and some fingerprinting tech uses browser specific techniques and will likely be able to sus out that you’re still using Firefox with a spoofed agent. Again making you stand out.
A lot of fingerprinting is javascript based, so simply disabling javascript will kill some fingerprinting, but now your fingerprint says that you have javascript disabled which most people don’t, again making you stand out…
Unfortunately it’s not so easy problem to solve. As evidenced by this thread…
Perhaps a chromium based browser such as ungoogled-chromium to blend in more with the google crowd will better suit your needs.
Letterboxing.
The choice is yours. Mostly comes down to user preference.
ironically, Firefox’s constant “bug squashing” got it banned from my company. Evidently the director of IT dept got tired of seeing multiple critical updates required to Firefox every month and just decided that it would be 100% banned from all company computers. Now you cannot even install it, you get a pop up telling you “this app is blocked by the IT Dept”
There are a few available based on FF, such as LibreWolf, and something based on Chromium, such as Brave, for example.
The problem is not their lack of existence, but their complete dependence on the source. No project is likely to be able to sustain itself and develop without the source. The main changes and fixes are created by the source, and everything else is just more or less configuration changes.
For example, if FF were to stop developing tomorrow, none of these modifications would have the resources imho to effectively develop and maintain the code. They could still exist, of course, but the scale of growing problems and bugs, especially security, will very quickly make such a modification very dangerous.
Browsers have become so large and complex that almost no one has the resources to effectively create a truly independent fork from the source. Even Brave, which is probably the most popular chromium mod, is fully dependent on it and each new version.
Nothing else that is not FF or Chromium that is relatively current in 2025 exists. There were and probably are some attempts to build on different engines, but I would not call it the final desired solution.
And projects like Ladybird are just emerging and at the moment are far, far away from the starting line. Building a completely new independent browser is a gigantic job and as a result, we currently have the world of FF and Chromium and various evolutions of this code under different names.
Of course, there is Edge, Opera, Chrome which is a bit different from Chromium, but it is still, in a big simplification, one and the same at the base, deriving from the Chromium code.
There is no point in writing about Safari because it is an Apple ecosystem.
The usual defense against screen resolution detection is to keep the browser as a smaller window rather than full screen. Tor does this…
What do you use instead? For companies, ESR FF is usually better.
Alternatively, we should all talk about Safari and WebKit as WebKit is another widely used browser engine, with a backing (so it shouldn’t disappear overnight), and supports not only the Apple ecosystem; last time I used Linux on desktop I vaguely remember many apps were using WebKit under the hood.