I think it would be if it was a complete privacy solution. On reflection, I find it reassuring that it’s clear that privacy - if I want it - remains mainly my responsibility (using an upstream without a clear privacy commitment does this well enough for me), instead of Qubes trying to do some best effort thing that misleads users. Whonix integration is smooth and signposted well while being clearly separated from the core of Qubes.
I’m interested in packaged/low-customization solutions that focus on privacy and use Qubes (instead of wanting Qubes to meet my privacy needs by itself). Qubes-Whonix is a good example - it’s basically a turnkey. With Firefox, you don’t need the extra qube in the middle, but a template could still be a user-friendly solution.
Low-customization partly for anti-fingerprinting (many options will make no difference, but it can be hard to tell or keep track), partly laziness. Agreeing on defaults would clearly be tricky at best, though.
It’s 2024, BBrother G has long “been evil” , it seems the Debian browsers and less enabled for stupid things.
EFF cover my tracks, but Mullvad Browser makes you into a windows user, linux by itself is a “tell” ; sadly in my experience MB is constantly crashing, use it in a dvm , be reasonably secure and private
I was trying to make a point in my previous post but didn’t actually state it: I don’t think it makes sense to talk about privacy as something that can be achieved. I’ve seen a number of threads in this forum discussing whether or not something is “private enough” or if QubesOS is “privacy focused”, but privacy is always a value judgement based on a particular context and set of concerns. It’s not possible to determine whether or not a particular configuration is “private enough” without considering a specific user in a specific time and place.
I think it might be more productive to discuss what use-cases people are concerned about and which configurations would meet those use-cases. This is why I started the Qubes User Profiles thread. @boreas quickly pointed out that How to organize your qubes | Qubes OS lists some specific use-cases. I think that this page is helpful, but it is also (understandably) singularly focused on professional situations and I think a lot of the criticisms I’ve seen in this forum come from non-professional contexts where people are addressing personal concerns. So I think it would be useful to define the kind of data we are concerned about the threats that might attack that data. Then it will be easier to create actionable steps and separate conflicting opinions into different “spins”, as mentioned above.
Agreeing on defaults would definitely be difficult but I think an all in one privacy solution is important. A large part of the reason digital privacy is difficult and most people give up is that a large amount of knowledge is required to even know the ways you are being tracked.
For that reason there’s a lot of value in an all-in-one solution to lower the knowledge and effort threshold. Maybe this is less important on qubes as you already need a lot of knowledge to run it (In my view tied with compatibility issues as it’s biggest failing) but it would still be valuable.
Just to be clear this is not a criticism of the qubes team it isn’t realistic to expect a small team to produce a massive project like qubes in a highly polished state and what they have managed is incredibly impressive.
Why both librewolf AND mulvad. I get brave in mullvad, one chromium and one firefox based, given that some stuff just doesn’t work as well on firefox but my understanding was that mullvad was basically librewolf but better as they’re both running on the same base but the mulvad team presumably has far more money and is therefore bigger and able to implement more features resulting in better privacy.
If you mess with the settings then you are identifiable. However, librewolf has great defaults (though admittedly mulvad still beats it for the best non-tor browser) if you are logging into websites though it’s better to block stuff than to have a non-unique signature.
My typical decision process is:
no-log in and low bandwidth requirements → tor and/or whonix
log in / high bandwidth → mulvad
doesn’t work well on firefox → brave
If you don’t need persistent storage and privacy matters above all else I’d still go tails rather than anything on qubes (though qubes whonix is an extremely strong second place) as being solely loaded into ram and the entire OS being amnesic is a massive advantage.
I use both as part of browser isolation technic. the purpose is to use differents browser regarding what you need to do to avoid cross informations and dont have same finger print. You can for exemple use google to log to youtube, gmail… because they are own by Google. Take Mullvad for social media like facebook, insta, linkdin… Use Brave for others search (not connect to google account and any of your social media. Did you get the idea ? if not I invite you to watch Rob Braxman for that.
Did you check with this and this that such approach actually results in significantly different fingerprints? AFAIK it doesn’t. Only Whonix guarantees privacy.
regarding thoses test we can see fingerprint is not the same when using differents browsers even in the same qube. So its seems than using browsers isolation have still benefits. I din’t spoke only about anonymous but privacy in general. We can also understand than Brave, and Librewolf are better for privacy than Chrome or Firefox.
I share again this test who explain clearly witch benefits regarding browsers choices https://privacytests.org/
The most interesting part is behind the “Learn More” button. Even though, technically, the fingerprints are different, the big part of them, related to your system and not browser, can be sufficiently similar to eventually deanonymize your other identities, as far as I understand. Only Tor/Mullvad browser provides a sufficient protection against the dedicated fingerprinting.
In my opinion as a community member (not speaking for Qubes), Firefox is not the ideal default browser for Qubes. However, the choice of a default browser is a complex issue. Here’s an analysis of the situation:
Lack of Suitable Alternatives: There’s a noticeable absence of well-maintained, vendor-neutral browsers with timely security updates and acceptable usability. Even finding a project with “radio silence” [1] as a development goal has proven difficult.
Hardening Difficulties: Hardening Firefox by default is problematic for Linux distributions due to:
a) Potential legal risks related to Mozilla’s trademark. (This could be potentially worked around by requiring the user to press a “harden Firefox” button.)
b) The complexity of modern browsers, which are essentially “reinventing the operating system” with millions of lines of code.
Evolving Web Standards: Rapidly changing web standards, often driven by major players like Google [2], make it challenging for alternative browsers to keep pace.
Sustainability Issues: There’s a lack of sustainable open-source business models for browser development (excluding search engine deals, user data monetization, crypto, etc.).
The broader question we should perhaps ask is: “Why are mainstream browsers so inadequate for privacy and security?”
Qubes currently seems to focus on security-by-isolation (the “outside” of the VMs) rather than comprehensively hardening the “inside” of VMs. This approach is due to:
The lack of a suitable security-focused Linux distribution with a hardened-by-default browser; and
In conclusion, while Firefox may not be ideal, finding a truly appropriate default browser for Qubes is a complex challenge that extends beyond the scope of the Qubes project alone.
