Is Firefox really an appropriate default browser for Qubes?

I’ve known about this ever since I installed my own DNS qube a while ago, but now I just gotta ask… why the hell is Firefox allowed to be the default browser on a privacy/security OS when every time I launch it it wants to call all of its friends back home? Literally all of them, even its grandma.

Sample roster of domains Firefox (at least the one in the Fedora templates) likes to call on every launch:

All of the mozilla and firefox ones I understand, but… Twitter? NY Times? National Geographic? Slashfilms? What the heck is even Slashfilms and why do they need to be notified every time I launch my browser? This smells like either a) capitalism or b) surveillance and I’m praying it’s just the former.

I don’t know about y’all but I’m making it next weekend’s project to completely remove this bloatware spyware from all of my qubes. Screw all 'em weird domains. I’ll probably get Librewolf unless I get better recommendations.

4 Likes

My guess is that Qubes relies on whatever is packaged in Fedora/Debian and go with the “easy” choice. It’s either the stock Firefox or Chromium, both are questionable privacy-wise and phone home. Better alternatives would be LibreWolf and Ungoogled Chromium, but they are not officially packaged.

I’ve been using Librewolf for over 2 years now and recommend it. The defaults are even sane enough to make it run a fresh profile on each DispVM run. I keep Ungoogled Chromium around solely for the rare cases when a website breaks, and chromium-based browser is the quick dirty way to run it in most “compatible” environment.

4 Likes

Try to use harkenfox to change many Firefox defaults to make it private, I wrote a small guide here:

8 Likes

Qubes-Whonix with the Tor Browser is pre-configured for more security, privacy, and anonymity by default.

5 Likes

While I agree that you should use Tor Browser whenever you can, it still makes sense to have a good secondary browser for cases when an important website you rely on blocks Tor, or if you log in to accounts that know your identity anyway.

3 Likes

why the hell is Firefox allowed to be the default browser on a privacy/security OS

Qubes is not privacy focused.

when every time I launch it it wants to call all of its friends back home? Literally all of them, even its grandma.

Use DNS filtering and firewall to restrict connections.

All of the mozilla and firefox ones I understand, but… Twitter? NY Times? National Geographic? Slashfilms? What the heck is even Slashfilms and why do they need to be notified every time I launch my browser? This smells like either a) capitalism or b) surveillance and I’m praying it’s just the former.

a = b. Welcome to the new world order.

I don’t know about y’all but I’m making it next weekend’s project to completely remove this bloatware spyware from all of my qubes. Screw all 'em weird domains. I’ll probably get Librewolf unless I get better recommendations.

You may want to have a look at ungoogled-chromium too. Last time I checked it was possible to achieve radio silence with it.

1 Like

I’d stay away from chromium. FF is far from being perfect, but at least there is no DRM by default (yet):

Web-Environment-Integrity

Made it to chromium:

https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd

1 Like

You can use Mullvad Browser which has the same configuration as Tor
Browser without Tor. Although produced by Mullvad it does not rely on
a VPN.
You can, of course, use the Mullvad Browser with Tor, and/or with a
VPN if you so choose.

It’s not the easy choice. But it is the default.
As a general principle Qubes tries to follow the base distribution in
the default templates. Most users who use Fedora(Linux?) would expect to have
Firefox installed - it makes for an easier transition to using Qubes.

It would be useful to have Qubes Blends - there has been a long standing
issue on this, but no one has yet stepped up with working code.

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.
6 Likes

Looks like a preload of recommended sites / pre-installed bookmarks/plugins/whatever. I’,m quite sure: If you delete them, the phoning will be gone.

If you are still looking for alternatives, I’d test some nice (and fast) text browsers like lynx, links2 or w3m.

2 Likes

That’s a longer list of random domains than I’m comfortable with. A fork of the default template that just disables these in Firefox would be nice to have alongside the Whonix/tor option. Does that seem like a high fingerprinting risk?

How much does the user base care about privacy? Seems like a lot.

1 Like

I’d stay away from chromium.

I said ungoogled chromium
There is a reason it is called Ungoogled.

2 Likes

I’m guessing that many of these are part of the “Recommended by Pocket”
feature. Easily disabled.

How much does the vocal small number of users in the Forum care about
privacy? FTFY

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.
2 Likes

Do you have any insight into your user base? Qubes has a major tie-in with whonix and advertises other privacy features, so while I get that security is the core focus, it’s reasonable to ask how much of a priority privacy is.

2 Likes

Sure. Got that.

Well, the WEI api got abandoned, too, since many devs protested. But that‘s not the point, I tried to make. I wanted to point out, that since chromium (and heavily patched/stripped forks, too) rely on upstream code built by google … rhethoricalpause … the trust level for me is diminished by some bars on the rely‘o‘meter.

2 Likes

Posters to the Forum represent a small percentage of the estimated
userbase.
Polls in the Forum generally get a tiny number of responses.

Judging by the update statistics, (all we have), Tor users represent
about 20% of the userbase.
I dont recall survey results showing any relevant data.

Qubes does indeed provide privacy features, but also includes Whonix
integration for those for whom privacy is their core focus.

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.
2 Likes

upstream code built by google … rhethoricalpause … the trust level for me is diminished by some bars on the rely‘o‘meter.

2 Likes

Sure. But changing default search engine is a matter of clicks. Auditing code and stripping unwanted parts, even non-blobs, while keeping things functional is another one. (btw: I think there is a slight difference concerning business models between the Mozilla Foundation and Alphabet Inc., too.)

Again: my point was about w3c standards, enforced drm and upstream code dependcies. While FF isn‘t perfect, it seems more trustworthy to me than anything google built (so far).

2 Likes

Sure. But changing default search engine is a matter of clicks. Auditing code and stripping unwanted parts, even non-blobs, while keeping things functional is another one.

Why are the code parts in Firefox which call multiple homes less bad than the code parts in Chromium which call home only to Google? (which parts do not exist in ungoogled chromium, exactly because unwanted parts have been removed)

I am nobody’s advocate, just trying to see the logic.

1 Like

It’s a matter of control: hard coded parts vs. configurable parts. Pocket can be disabled. Default bookmarks/“favourites” can be deleted.

Furthermore: Google deprecates manifest v.2 AFAIK, while FF does not.

Etc.

While ungoogled-chromium is very good concerning privacy since it won’t start phoning anyone without user activity, it’s a fork. It relies on code, that has to be cleaned/stripped down since it’s not under “original control”. The project got less developers than google or Mozilla. Furthermore: it’s not just done by stripping things down, some parts of the code have to be swapped out/replaced by other pieces of (free) code. Who audits those parts? How fast are general security updates incorporated?

2 Likes

I agree with the explanation of @OvalZero regarding the difference between a fork and a separate project with other/better intentions behind it.
This is where I realised that Librewolf (my favorite browser) also is a fork of Firefox.

Does anyone know the existence/extent of the homecalling from librewolf (standard settings?

I can see why firefox was chosen (focusing on simplicity to the user and using trusted install sources), still phoning home isn’t a great thing for a standard browser IMO.
But I would also assume that if a user installed Qubes for Security & Privacy, this user is probably capable of selecting and installing a browser that suits their choice, hopefully…

3 Likes