lone-cloud: > No, I am not misrepresenting the linked guide. It’s not a big deal. I only wanted for you to understand that going against a strong recommendation from GrapheneOS on how to get the best out of GrapheneOS is not ‘distrusting the project’. It’s simply making a personal choice based on factors beyond the project’s current scope. See docs/Limitations.md · dev · IronFox OSS / IronFox · GitLab and docs/FAQ.md · dev · IronFox OSS / IronFox · GitLab.

This is just pathetic for a company like apple. Especially the fact that they don’t allow him to escalate the support case. I’m not sure from where he comes, but here in the EU big tech is required to allow any escalation of any support request. Even if they try to make it as complicated as hell (Microsoft).

I’m not trying to be a contrarian, but I don’t understand the points you 3 are trying to make. GorujoCY: > IronFox is a hardened Firefox, While chromium is more secure and it will be on Mobile, For those insisting on Firefox, that is basically the browser to get I’m not sure what you’re saying. IronFox is just for Android. Chromium-based browsers are more secure, yes. So IronFox is the best browser for users that are dead set on making the bad decision (from a security standpoint) of using gecko-based browsers on Android? That’s the target audience? SkewedZeppelin: > But at the same time the modern web is a cesspool of predation without uBlock Origin. I think DNS-based blocking works pretty well for most things as long as the ads/bad stuff are not coming from the not-blacklisted hosts (ex. youtube servings ads from its own host). uBO is also great for getting rid of some annoying web stuff (ex. cookie banner), yes, but this is not uxguides.net and by using gecko/IronFox you’re sacrificing security for a slightly better UX. That’s what you’re saying? Is that a reasonable compromise to make? privacyisconsent: > I think your comment is slightly tongue-in-cheek but you are unintentionally misrepresenting what has been said. The context here is a usage guide for GrapheneOS. Essentially, please preface every section with the usage guide with: in order to achieve very good privacy/security on GrapheneOS… > > Anyway, the GrapheneOS project has acknowledged previously that Mull (DivestOS’s Firefox project) is a privacy-hardened browser, but they implement no restrictions in the OS on what browser you can use and as an anti-authoritarian project they have no intention of doing so. Whether you want to use a similar/inspired application (IronFox) is always completely up to you. No, I am not misrepresenting the linked guide. Chromium-based browser are more secure on any version of Android, GOS or not. The guide reads that beside the sandboxing disadvantages, gecko-based browsers don’t provide nor replace the Android webview, so you’ll essentially be running two web engines on your phone which will increase your surface area to attacks and worsen your security. Any privacy-hardening enhancements that mull/ironfox may bring to the table at that point are completely irrelevant, as security is the base pillar for privacy. As I user, I don’t care if mull/ironfox can fool 10% of naive fingerprinting scripts if I get hacked by a gecko 0 day.

Yeah no, noscript is essential to tor/mullvad browser For me I use Safer preset with Ublock to control what scripts (most sites they usually need inline scripting and/or first party scripts) and communications get allowed

SkewedZeppelin: > I never said to remove NoScript, that would be quite bad since the security slider relies on it. I misunderstood. I assumed one wouldn’t want two extensions with similar functionality.

lone-cloud: > Our lord and savior GOS says that all gecko-based browsers should be avoided. I think your comment is slightly tongue-in-cheek but you are unintentionally misrepresenting what has been said. The context here is a usage guide for GrapheneOS. Essentially, please preface every section with the usage guide with: in order to achieve very good privacy/security on GrapheneOS… Anyway, the GrapheneOS project has acknowledged previously that Mull (DivestOS’s Firefox project) is a privacy-hardened browser, but they implement no restrictions in the OS on what browser you can use and as an anti-authoritarian project they have no intention of doing so. Whether you want to use a similar/inspired application (IronFox) is always completely up to you.

Tangential: We literally got uBOL on Safari and still don’t have it on Android Chromium. I thought about this a lot recently and every reason shows Google will never allow it because: a) $$$ and b) extensions are a hazard, we already see them tightening their grip on Play, why would they loosen it on Chrome?

I was also gonna say when did you mention removing noscript, and if you did that’s a big no no but good it’s a misunderstanding Because I otherwise completely agree on adding uBlock origin, the tor project needs to add it as standard (I even have uBlock on the desktop for browser, because as much as I wanna avoid installing it on the desktop one it is just unbearable to surf the modern internet without it, I at least block third parties doe and manually added which one are needed for functionality eg. And this is an eg. I allow Amazon to just communicate itself and the media(dot)amazon(dot)com but all other communications get blocked and usually I have to allow inline scripting and/or first party scripts but otherwise they can work without for some sites

lone-cloud: > should be avoided. Chromium, especially Vanadium with CFI and MTE, is objectively more secure than any Gecko browser. But at the same time the modern web is a cesspool of predation without uBlock Origin. FedWSGOS: > Are you sure That is my personal recommendation, you should account for your own _personal_ threat model if that meshes. FedWSGOS: > Removing NoScript I never said to remove NoScript, that would be quite bad since the security slider relies on it. FedWSGOS: > installing UBO Both Mullvad Browser and Tails include uBO, hopefully one day vanilla TBB will too with a unified/lockstep approach.

There are other options available: Harper ### Harper | Privacy-First Offline Grammar Checker Harper checks your writing instantly—fast, lightweight and utterly private—so you can polish every clause without surrendering a single keystroke.

unseen: > My current workaround is to turn on VPN whenever I check emails Is there a reason you can’t always have it on? That’s what I suggest doing unless its a deal breaker somehow for you.

I’ve been a happy paying user for nearly 4 years now. Yes, I can self-host, but I chose not to for this very reason. If that service ever goes away, I will miss it a lot!

@thorin has posted a response to this here Consider disabling things related to artifical intelligence and machine learning · Issue #1998 · arkenfox/user.js · GitHub

Hi! I’ve been using AliasVault web version and enjoy it a lot so far. Is there any way I can turn off the loading of remote content when I check the email? I’d like to prevent certain sites from knowing my IP address. My current workaround is to turn on VPN whenever I check emails on AliasVault, but it would be awesome if I can just turn off remote content completely.

I hope you didn’t feel you foreshadowed but AI Tracing is a thing and it tricks many people, Basically artists who trace off of an AI generated art. So unfortunately speed painting is not necessarily enough evidence or that is it depends on how the speed paint looks like but yeah artists like them make it so that speed paint is not enough at this point But I’m not best at explaining but Mujin does a very detailed explaination based on one of the legit artists did (and yeah don’t eff around with this artist or they can expose you clear as day) a Superb Detailed Google Docs exposé YouTube ### How a New AI Art Method Managed to Trick Over 100k People - The Unprecedented... GAMERSUPPS: https://gamersupps.gg/Mujin!DISCORD SERVER LINK! https://discord.gg/mujinHIGHLIGHTS CHANNEL: https://www.youtube.com/@MujinHighlightsI STREAM ON ... If you wanna go straight to the superb detailed Google doc as it also just includes the aftermath and stuff as much as the video, here it is Google Docs ### @asamiarts tracing over AI Best viewed on PC, the formatting is broken on mobile and image descriptions might not display on the intended places. There is a big issue at the moment with artists tracing over AI while charging hundreds of dollars for commissions in platforms...

External Image web.archive.org – 21 Aug 22 ### A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as... Google has an automated tool to detect abusive images of children. But the system can get it wrong, and the consequences are serious. The dad did not get the account back, data lost, even despite being proven innocent. Which is exactly why I hate it when someone says “Oh well if you were proven innocent you will be fine” No you are not and it will not last

GorujoCY: > With Google and the Dad What’s this one? I think I missed this one.

lone-cloud: > I don’t think server code being closed source is a flag. They’re a business, so why would they open source the entire platform for somebody to copy/paste? Note that this is exactly the case for Bitwarden, Ente’s suite, Peergos, Addy/SimpleLogin, AmneziaVPN, Adguard, LanguageTool, Standard Notes, ForwardEmail and more. If anything, in an ideal world you might **only** recommend services that also allow you to migrate to your own self-hosted instance.

koocmit: > I do think that publishing that would be useless, since a bad actor (if signal was one) would simply pretend to be another person online and post false reproducibility information. The best way to ensure that is to build it yourself. I’m mostly thinking about this in terms of scaling this as a useful signal to Signal’s intended audience. They probably won’t be building the app themselves or going through the efforts required to build it reproducibly. You’re right that some sort of verification of independent building parties would be needed for it to be useful.

(post deleted by author)

Proton seems to have mostly open sourced most of their clients now. It sounds like you’ve seen: Proton Mail · GitHub They have a mail export script here: GitHub - ProtonMail/proton-mail-export I do think you have a point about them not making it easy to switch away. You need to use a custom email domain, export your emails with that script above and use third-party proton drive Proton Drive stuff if you’re on Linux. Not a great experience. I don’t think server code being closed source is a flag. They’re a business, so why would they open source the entire platform for somebody to copy/paste? Also open sourcing server code does not prove that, that code is actually running in prod.

I’m somewhat inclined to agree especially if you look at Google’s blog article on the issue. They state very clearly state signed out users aren’t effected, and then go on to say by doing that you’re now not able to use their parental controls. The post actually comes across as very human and not the usual corporate lip service most companies do most of the time. I also doubt that social networks are going to start using all the signals e-karen has suggested. The goal of making it more difficult for kids to use their platform is at odds with their overall goal of gaining users. I think they’ll do just enough to comply but not enough to really matter. You can already see it with the facial verification features, they’re quick to fall back on the tldr of “those things not perfect, not our fault”. I think it will only be a problem where the account is known to belong to an Australian kid either from advertising data or because they have admitted to it somewhere like in a profile and of course given their birth date.

Vanadium behind my own DNS server (I use Hagezi’s blacklists to filter ads and malware domains). Use NewPipe if you want to block YT ads.

It’s super cool that WebGPU exists, as I didn’t know about it, but it’s not very practical for most users. The ensu ente guys were nice enough to leave their app source unminified, so I can see exactly what they’re doing and it was not meant to be anything serious. I can see that they quickly vibe coded the site and it’s a very simple wrapper around: GitHub - mlc-ai/web-llm: High-performance In-browser LLM Inference Engine I see the web-llm guys have a much nicer demo site built out with their lib here: https://chat.webllm.ai/ I think the problem with WebGPU-based apps like this is that your handheld devices are too weak for local inference and if you’re on a desktop you may as well be using a more integrated native tool which will have advantages. I know this because I created my own local LLM desktop app ( Gerbil ). What I personally do is run an LLM locally through my app with the “Remote Tunnel” (via cloudflared) setting enabled and then I can chat with it when I’m away.

SkewedZeppelin: > IronFox: changes too much I find it odd to claim that IronFox should be **avoided** , just because, _in your personal opinion_ : its changes are “too much”. IronFox’s changes are carefully considered to meaningfully improve privacy, security, freedom, and the overall browsing experience for users _(But, honestly, even if this wasn’t the case, I would still never recommend against a project for something this strange/highly subjective)_. For reference, unlike your Brace: * IronFox does **not** disable support for Firefox Sync for no reason. * Sync is E2EE, can be self-hosted by users - no privacy risk whatsoever. * You enforce this via policies, so users have no way to override if desired. * IronFox does **not** prevent installing all extensions besides 2 you chose to arbitrarily allow. * Also enforced by policies, so users have no way to override if desired. * IronFox does **not** disable random settings just because they have the word `ML` in them. * IronFox does **not** set random preferences that have been removed from Firefox for several years _(ExhibitsA, B, C, D, E, and F)_. And yet, to be clear, in spite of these questionable changes, I still think Brace is a good project that is worth looking at for people with Fedora/Linux systems. So, I’m interested to hear more about what changes IronFox makes that you consider to be “too much”, why you think our changes are “too much”, why the examples I provided from your Brace _aren’t_ too much, and why users should avoid IronFox just for the crime of making them _(On a more serious note: I do genuinely mean this - if you have anything of actual substance here, I’d like to hear it)_. As for your other response: Add Betterfox > Thorin has asked me to post this reply… My response to the inaccurate claims raised in this thread can be found here: Add Betterfox Tool Suggestions > I’m deeply disappointed to see you and Thorin spread objectively false claims against my work, and, admittedly, I lost respect for both of you on a personal level . Phoenix absolutely does not “break shit left right and center”. This claim is verifiably false, and it’d be great if you could provide any kind of evidence to support it. Phoenix goes to a significant extent to minimize breakage while meaningfully improving privacy and security for users, and, based on the feedback I rece…