
Kicksecure Default Browser - Development Considerations
Exploring the ideal default browser for Kicksecure with a focus on security and privacy, Firefox vs Chromium, browser hardening, considering user freedom, maintainability, security, privacy, no phone home.
Mainstream Browsers[edit]
Most mainstream browsers are considered spyware by many people. See also Firefox Selling User Data.
- Blame Google.
- Blame Mozilla.
- This issue cannot be solved by operating system vendors. For reasons why that is, see In-House Browser Development.
What Users Can Do[edit]
- Stay in the loop. Subscribe to relevant discussions.
- Conduct deep research.
- Stay vigilant.
- Demand transparency.
- Support Geminispace, SmolNet.
- Wait for privacy-respecting browsers to become available.
Kicksecure Default Browser Considerations[edit]
Introduction[edit]
Kicksecure is primarily a security-focused Linux distribution, preferring security over privacy if such a decision is unavoidable. However, Kicksecure will never implement outrageous privacy violations. It will even provide slightly better privacy than most other Linux distributions (such as no popularity contest installed), but otherwise, no huge efforts are made to optimize privacy as in Whonix®. (And yet, Kicksecure would be a suitable host for Kicksecure until
Whonix-Host
materializes. There is no contradiction here since Kicksecure works fine on top of any secure Linux distribution that does not implement outrageous privacy violations.) See also Privacy Goals and Non-Goals of Kicksecure.
Chromium might be more secure than Firefox. [1] Therefore, it would be the natural choice as the default browser for Kicksecure.
Very hard to notice phishing scam - Firefox / Tor Browser URL not showing real domain name - Homograph attack (Punycode)
Even if Firefox provides better privacy than Chromium, this still does not argue in favor of choosing Firefox as the only browser installed by default in Kicksecure, because as elaborated in the first paragraph of this chapter, Kicksecure is primarily a security-focused Linux distribution.
Other browsers not available from packages.debian.org are not considered (at least not in initial versions) because Kicksecure will have a default application policy similar to
Whonix default application policy
.
However, Firefox should be preferred for reasons other than security and privacy. See threats to user freedom through market share domination. In the future, Firefox might have better advertising blocking capabilities?
See also these Chromium considerations.
Therefore, the decision on which browser to install by default in Kicksecure is a difficult one.
To not let the perfect be the enemy of the good,
Nowadays, Firefox is installed by default due to Chromium Debian Package Security Issues.
There is the issue of Firefox Selling User Data. However, as documented on this wiki page, there is no better choice available at the time of writing.
The decision is based on practicality, available resources, and achievable initial goals. It is a significant development effort to create a dedicated website for Kicksecure and to create a new Linux distribution. Kicksecure does not have to find solutions to the difficult, mostly globally unaddressed, Miscellaneous Threats to User Freedom right from the start.
See also #Potential Future Solutions, which might be implemented in later stages of development.
Installation Source[edit]
Flatpak[edit]
In some cases, Flatpak might be unsuitable. See Flatpak Breaking the Native Sandbox of Applications.
Disregarded Solutions[edit]
No browser installed by default[edit]
- That would result in a terrible user experience, especially for Live ISO / USB users, who would have to wait until all browser-related packages are downloaded and installed using APT. Users want a ready-to-go solution. The fact that they already have to invest time in getting a new operating system is already a barrier. Asking them to wait until a browser downloads is too much.
Install both firefox-esr and chromium by default[edit]
- A waste of disk space.
- Longer update times, as both packages would need to be downloaded in the future.
- Does not take a strong stance against Chromium.
Potential Future Solutions[edit]
Might be implemented in a later version but not in the initial versions.
Browser Choice Dialog[edit]
Similar to this:
https://upload.wikimedia.org/wikipedia/en/e/e2/BrowserChoice.gif
During the build process of Kicksecure, download (cache) both packages, firefox-esr and chromium, but do not install them. This is to avoid APT traffic and time wasted on network downloads. In more technical terms, similar to this:
sudo apt update sudo apt install --download-only firefox-esr sudo apt install --download-only chromium
The packages will then be cached but not actually installed. These downloaded package files will reside in the folder /var/cache/apt/archives
and otherwise do nothing. They would be cleaned up once the user runs sudo apt clean
.
This approach would work well for an ISO release but not for installation from a repository. The latter may not be a long-term priority and perhaps only relevant for servers (server vendors will not offer Kicksecure pre-installed anytime soon), but then, servers do not require a browser.
It is not yet certain if this can work with the ISO build process.
Additionally, there is a technical issue after the first boot. Suppose users run sudo apt update
followed by sudo apt full-upgrade
before ever starting a browser, which is recommended and good security practice. Then, when running the browser choice dialog (by clicking the browser icon in the start menu)...
At this point, the browser choice tool will likely be unable to run sudo apt install firefox-esr
or sudo apt install chromium
on behalf of the user without network traffic. This is because dependencies and package versions may have changed in the meantime. (Users who ran sudo apt update
would have noticed this.) This decreases usability. Thus, the browser choice tool would change from offline install of a previously downloaded browser package
to a network-dependent download and install of the browser
.
To keep the browser choice tool as an offline install of a previously downloaded browser package
, should the browser choice prompt appear as a popup at first boot?
There may be technical solutions for all of this, but making the default browser choice a seamless experience would be a major development task.
Draft Text for Browser Choice Dialog[edit]
Not relevant yet since the browser choice dialog will not be implemented soon.
Kicksecure supports any Debian-compatible browser but defaults to two major choices: Chromium and Firefox.
- Firefox - Pros: Keeps the web open and free as we know it. Less secure.
- Chromium - Pros: More secure. Cons: Increases Google's influence, which may harm user freedom and choice in the future.
Please make a selection:
[x] Firefox
[ ] Chromium
[ ] Do not install any browser at this time
[ ] Do not ask again
[ ] Quit
Comparison of Browsers[edit]
Original Firefox[edit]
Trademark Disclaimer: Kicksecure is not officially associated with Mozilla Firefox. See Disclaimer.
Advantages:
Keeping the Firefox branding and improving upon it might be more user-friendly than shipping unpopular brand browsers.https://github.com/Kicksecure/security-misc/issues/192#issuecomment-1910675642
Issues:
- Trademark issues:
- With Debian: Past trademark disputes with Mozilla, see Debian–Mozilla trademark dispute
. This was resolved and hopefully will not happen again.
- With LibreFox: What happened? See LibreFox.
- Future: Firefox Potential Legal Risk
- With Debian: Past trademark disputes with Mozilla, see Debian–Mozilla trademark dispute
Disadvantages:
- Promotes non-freedom software: Easily downloads the non-freedom DRM
plugin from Google. Related: Avoid non-freedom software
- Needs hardening: Not as hardened by default (lower attack surface, disabled telemetry) as it could be, creating demand for a hardened Firefox fork or Firefox settings project such as Arkenfox.
Enabling non-freedom DRM is just one click away:
You must enable DRM to play some audio or video on this page. Learn more
![]()
[Enable DRM]
Firefox when visiting a DRM test website
TODO:
- As part of taming Firefox, a Firefox settings project such as Arkenfox or Firefox might make it harder to accidentally enable DRM?
Firefox Selling User Data[edit]
Mozilla Firefox website used to have a promise.
Does Firefox sell your personal data? Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise.
This promise has been deleted. (recorded in this git commit)
This was perceived very badly by the community.
- https://discourse.mozilla.org/t/why-does-mozilla-now-require-a-nonexclusive-royalty-free-worldwide-license-when-entering-information-in-firefox/140700
- https://bugzilla.mozilla.org/show_bug.cgi?id=1951088
- https://connect.mozilla.org/t5/discussions/information-about-the-new-terms-of-use-and-updated-privacy/m-p/88189/highlight/true
- https://discuss.privacyguides.net/t/mozillas-new-terms-of-use-causes-confusion-among-firefox-users/25325
- https://mastodon.social/@sarahjamielewis/114078061987172475
Mozilla attempted to "clarify" this issue but rarely posts by users could be found that believed the clarification.
These issues are not new and have existed long before. Privacy must be by design, technology. Not by privacy policy.
Firefox long had functionality considered spyware by many people. Here are some examples of features often considered spyware:
- Feature Request: Radio Silence by Default for Browser Startup and Background Connections aka "Disable Phone Home"
- https://www.pcmag.com/news/firefox-mozilla-data-collection-feature-sparks-privacy-concerns
- https://support.mozilla.org/en-US/kb/privacy-preserving-attribution#w_how-does-privacy-preserving-attribution-protect-my-data
- https://github.com/mozilla/activity-stream/blob/master/docs/v2-system-addon/data_events.md
- https://www.mozilla.org/en-US/privacy/firefox/
- Mozilla is an advertising company.
So they will sell your personal data, just anonymized which we know doesn't really work. OHTTPS requires you to trust third parties.https://www.reddit.com/r/firefox/comments/1iznn90/in_response_to_people_saying_mozilla_is_removing/
Firefox Miscellaneous[edit]
Firefox directly from Upstream Mozilla using Flatpak[edit]
Advantages:
- Fast stable Firefox upgrades directly from upstream, Mozilla.
Issues:
- Most likely ignores
/etc/firefox
settings folder. It is most likely possible to add a workaround for that. - Potential issue: Flatpak Breaking the Native Sandbox of Applications.
See also:
Firefox directly from Upstream Mozilla using packages.mozilla.org[edit]
advantages:
- Fast stable Firefox upgrades directly from upstream, Mozilla.
potential issues:
- TODO: Does it honor
/etc/firefox
settings folder? It might not as this might only be a feature by Debian's firefox-esr package.
disadvantages:
- Same as in above wiki chapter.
- Foreign Sources
Firefox from packages.debian.org[edit]
Also when using Debian's Firefox package, enabling non-freedom software DRM is just 1 click away.
Disclaimer[edit]
There are two different entities.
- A) Mozilla: Developer of the Mozilla Firefox browser. Versus,
- B) Kicksecure: An independent Linux distribution.
Kicksecure is not officially associated with Mozilla Firefox. The Mozilla Firefox logo is trademarked by Mozilla.
Why this disclaimer? See Firefox Potential Legal Risk.
Firefox Potential Legal Risk[edit]
Background story: Debian–Mozilla trademark dispute (resolved in 2017)
Quote:
= About the Debian specific patches =
Mozilla recognizes that patches applied to Iceweasel/Firefox don't impact the quality of the product. Patches which should be reported upstream to improve the product always have been forward upstream by the Debian packagers. Mozilla agrees about specific patches to facilitate the support of Iceweasel on architecture supported by Debian or Debian-specific patches.
More generally, Mozilla trusts the Debian packagers to use their best judgment to achieve the same quality as the official Firefox binaries.
In case of derivatives of Debian, Firefox branding can be used as long as the patches applied are in the same category as described above.
Ubuntu having a different packaging, this does not apply to that distribution.Debian issue tracker, Renaming Iceweasel to Firefox
Opinion by a non-lawyer:
The phrasing can be used as long as the patches applied are in the same category as described above
could be interpreted as in a patch which disables all telemetry, tracking and phone-home as much as possible would be in a different category and hence might in the viewpoint of Mozilla violate their trademark.
Mozilla vs portapps.io from 2019
Following a trademark violation report (#11
) from Mozilla, Firefox portable has been named Phyrox portable on Portapps. Nothing changes except its name.phyrox-portable
But even modest changes to preferences (such as whether "Know Your Rights" information is displayed to users) are sufficient to violate our policy against distributing modified versions of Mozilla software with our trademarks. Of course, end-users may choose to change preferences and settings in Firefox. But we don't allow others to distribute unofficial versions of "Firefox" with modified configurations or preferences.phyrox-portable published an e-mail from a Mozilla attorney.
Does this apply to Linux distributions that is not really primarily about distributing Firefox? Probably yes, since Mozilla had also a past conflict with Debian.
Changes requiring Mozilla’s prior written permission include (but are not limited to):
- Changing the default home page or adding bookmarks,Mozilla Trademark Distribution Policy
Potentially also Mozilla vs LibreFox had a trademark conflict.
Correspondence with Mozilla about its Trademark[edit]
15 February 2024[edit]
From:
adrelanos
To:
trademark-permissions@mozilla.com
subject:
Kicksecure Default Browser Configuration Trademark Question
body:
06 March 2024[edit]
Patrick, Thanks for your email. Unfortunately the changes you would like to make do not comply with our distribution policy <https://www.mozilla.org/foundation/trademarks/distribution-policy/>, including the following: You may not add to, remove, or change any part of the software, including the Mozilla trademarks themselves. For example, you may not add any extensions to Firefox, change default settings, or alter search codes. If you would like to distribute Firefox unmodified, you can use our .deb. You can, of course, make any modifications you wish to Firefox’s open source software if you distribute a browser without Mozilla and Firefox trademarks. Based on your requirements, the Tor Browser might also be an option you could consider. Mike Kaply Technical Partner Lead Mozilla Corporation
For the full e-mail including headers see footnote. [2]
Firefox Potential Legal Risk - Workaround[edit]
Opinion by a non-lawyer:
If there was an opt-in package that users can choose to install, this might not violate Mozilla's trademark. This is because this solution would be similar to a user visiting the arkenfox project website and manually installing a settings file in /etc/firefox
or /etc/firefox-esr
folder. This solution might be good enough for Kicksecure.
LibreWolf[edit]
LibreWolf - Lack of Radio Silence as a Development Goal[edit]
LibreWolf inherits many of the same phone home features from Firefox. At the time of writing, LibreWolf feature request Radio Silence by Default for Browser Startup and Background Connections aka "Disable Phone Home" #1779 has not been acknowledged by LibreWolf developers as a development goal.
LibreWolf - IJWY (I Just Want You To Shut Up) Feature Removal[edit]
LibreFox, from which LibreWolf was forked, also had a IJWY (I Just Want You To Shut Up) feature.
This is a set of settings that aim to remove all the server links embedded in Firefox and other calling home functions in the purpose of blocking un-needed connections. The objective is zero unauthorized connection (ping/telemetry/Mozilla/Google...).LibreFox, IJWY (I Just Want You To Shut Up)
feature
Last mention of IJWY in LibreWolf's settings file has been removed in this git diff.
git diff -C eac7585b211bf11bf60ee6548213be5c43cdff3b^ eac7585b211bf11bf60ee6548213be5c43cdff3b
In this way to huge change which would be very time-intensive to audit:
eac7585b21 (diff-a99c222015516778b4c513319f0596469737a885)
commit eac7585b211bf11bf60ee6548213be5c43cdff3b Author: fabrizio ft.compiled@simplelogin.co Date: Mon May 10 08:55:27 2021 +0000 Settings revamp
LibreWolf - Updates[edit]
LibreWolf lags behind Firefox a few days up to 1 week.
Regarding Librewolf’s slow updates, I think this issue has been very greatly exaggerated, having used it as one of my browsers for almost over 30 months, I personally do not recall it ever really being more than one week behind Firefox, usually it is only a couple working days at worst.https://github.com/Kicksecure/security-misc/issues/192#issuecomment-1910407278
LibreWolf - Bugs[edit]
Bugs reported to only be reproducible in LibreWolf but not in Firefox:
Bugs maybe specific to LibreWolf only but not Firefox:
LibreFox[edit]
https://github.com/intika/Librefox is dead as per https://github.com/intika/Librefox/issues/141
LibreWolf (https://librewolf-community.gitlab.io/) is active.
LibreFox had a potential legal issue with Mozilla:
- https://github.com/intika/Librefox/commit/45a4d3ce647b8c896e81ce3e5ac5ddc95ff045e0
mentions legal issues.
- Question about it: https://github.com/intika/Librefox/issues/125#issuecomment-1913347606
intika, the developer of Librefox disappeared. The website linuxhacks.org
is still online so one could assume that someone is still paying the bills. Still active on StackExchange
.
Mullvad Browser[edit]
Upstream Documentation:
Kicksecure user documentation:
- Opt-in Installation: Users can easily opt-in to install Mullvad Browser (MB).
Advantages:
- Anti-browser fingerprinting: Provides enhanced privacy by preventing tracking through browser fingerprint techniques.
- Company stability: Unlikely to be deprecated, as Mullvad has been established for a significant duration.
- VPN support: Compatible with VPNs, though does not require one by default.
- Security features: Includes a security slider for customizable security settings.
- Software compatibility: Supported by tb-updater and tb-starter, as noted in Kicksecure user documentation.
Disadvantages:
- Vendor branding: Features specific Mullvad branding, therefore not vendor-neutral.
- Home page and extensions: Includes a default homepage and browser extension specific to Mullvad.
MULLVAD BROWSER
Developed in collaboration between the Tor Project and Mullvad VPN
Disable Mullvad DoH (encrypted DNS)
- Home page and extensions: Includes a default homepage and browser extension specific to Mullvad.
- Purpose of browser:
- Opinion: This is interpretation, opinion-based.
- A) Mullvad users: MB's primary purpose is to increase the usefulness of Mullvad's VPN service.
- B) Advertisement: MB serves as a distinguishing advantage over Mullvad's competitors and an advertisement for Mullvad.
- C) Non-Mullvad users: Enhanced privacy and security.
- Opinion: This is interpretation, opinion-based.
- VPN confusion: Users might mistakenly believe that the VPN is active by default. This is addressed in the Mullvad VPN section of the user documentation.
- Browser basis: Based on Firefox ESR (extended support release), not the latest stable version of Firefox.
- DNS configuration:
- Mullvad Browser default DNS configuration: DNS over HTTPS enabled by default, utilizing Mullvad's services.
- Privacy implications: Not the DNS server a user or corporate might have configured (such as on the router level) will be used but Mullvad's DNS server. Therefore, Mullvad will also learn all DNS queries by the user.
- Violation of separation of power: For example, the developers of Tor do not host Tor relays. One party is maintaining the software and other parties are maintaining the infrastructure. Similarly, it could be argued browser developers should only maintain the browser but stay neutral regarding network infrastructure.
- DNS settings inconsistency: This leads to inconsistency with system-wide DNS settings. There would be one set of DNS settings for the system and a different set of settings for Mullvad Browser.
- Usability: This is a violation of the principle of least astonishment (POLA).
- Increased DNS Configuration Changes Complexity: Changes to system DNS settings by the user or Kicksecure should apply consistently across the entire system, including the browser. Using separate DNS settings in MB could complicate development of a more secure default system DNS configuration and cause the browser to use different DNS settings than the system default.
- See also: DNS Security and the forum discussion Use DNSCrypt by default in Kicksecure? (not Whonix)
.
- Usability:
- No stored logins: Does not save logins because Mullvad Browser does not save cookies after a browser restart. Therefore, users would have to log in repeatedly.
- No password manager: Does not come with a password manager by default. Users would need to re-enter their passwords for pages where they intend to use logins repeatedly. [3]
Other:
- uBlock Origin: Pre-installed but not enabled by default.
Packaging Mullvad Browser (MB):
- Future packaging plans: Efforts to release deb/rpm packages are confirmed for this year.
Getting deb/rpm package for Mullvad Browser is firmly in the plans for this year.
- MB feature request: Add rpm/deb package repositories?
Related:
Mullvad Browser as Kicksecure Default Browser
- Summary: No. This is a declined feature request. Details? See below.
- Comparison with others: No other Linux distribution is installing Mullvad Browser by default. This implies that such a decision needs to be considered with extra care.
- Qubes: At time of writing, there is no Mullvad Browser related feature request at the Qubes issue tracker
.
- Qubes: At time of writing, there is no Mullvad Browser related feature request at the Qubes issue tracker
- Opinion: By Kicksecure founder and developer:
- Trademark: No trademark policy issues.
- Not vendor neutral: Unfortunately, Mullvad Browser is not a vendor-neutral browser project as Base Browser might be.
- Community project vs corporate project: MB is developed by a VPN company and not a community project solely focusing on maintaining an independent web browser.
- Omnipresent VPN company advertisements: Many or even most podcasts, popular YouTube channels, and so forth contain advertisements for VPN companies. While Mullvad at the time of writing does not seem to sponsor any content creators, it is in the same category as VPN companies, which matters for reputational reasons.
- VPN review websites: Most VPN review websites and reviews seem to be sponsored by VPN companies. This seems to be a popular opinion
.
- Low Quality and Questionable Morality of VPNs generally: VPNs often come across as low-quality due to their pervasive and morally dubious advertising practices.
VPNs don't make you anonymous
but are often advertised or perceived as anonymity tools by many users. For examples of that, please follow this link
and press expand on the right side. This criticism is general and not directed at Mullvad, which does not seem to engage in such practices.
- Implied Relationship of VPN Company Sponsoring: If any Linux distribution (such as Kicksecure) would install a browser by default that contains the branding of a VPN company (such as Mullvad Browser), this might lead to users strongly suspecting that the VPN company is paying the Linux distribution for this and as a result might have inappropriate influence over the Linux distributions. This would happen irrespective of whether there actually has been an advertisement deal or not. Disclaimers would only partially help as these might often either not be noticed or regarded as incredible.
- Reputational impact: Any reputation risk or damage is best avoided. Reputational integrity is deemed to be more foundational for the project's success than any technical advantages that any browser might provide.
- Actual impact: While the facts (non-existence of a sponsorship deal, no influence by the VPN company on the Linux distribution) are all positive, avoidance of easily confused and negative impressions is best pursued for pragmatic reasons to avoid jeopardizing the overall success of the project.
- Conclusion: To avoid any confusion, suspicion of having sold out, I have decided not to install any software by default that comes with branding or advertisements from any VPN companies.
Tor Browser[edit]
Not an option by default in Kicksecure because it is torified, hence slow. For that use case, it would be better to use Whonix. See also Privacy Goals and Non-Goals of Kicksecure.
However, easily installable, opt-in for users of Kicksecure, see Tor Browser.
Tor Browser without Tor[edit]
As long as Tor Browser still says "Tor Browser" in the title bar, it will be too confusing. Same issue that
SecBrowser
had. Related: In-House Browser Development
Base Browser[edit]
Both Mullvad Browser (MB) and Tor Browser (TB) are based on Base Browser (BB). However, Base Browser only exists as a source code repository. There are no binary builds available. Base Browser presumably has neither the Mullvad Browser nor Tor Browser branding, which is good. It is not separately maintained as a standalone project by any upstream. Not suitable for the same reasons as documented in chapter Unbranded or Rebranded Browser.
Feature Request Maintain a Standalone "Base Browser" has been rejected.
Unbranded or Rebranded Browser[edit]
Unbranded or Rebranded Browser is not a third-party project. It means that the Kicksecure project would take an existing browser such as Mullvad Browser to unbrand or rebrand it.
This is not an option at this time because it is difficult and time-consuming to unbrand, for example, Mullvad Browser, and compile it. The maintenance effort is high and not justified given the current available project resources.
Mozilla Firefox feature request: Add an Unbranding Option in Firefox Settings
Related:
https://searchfox.org/mozilla-central/source/browser/branding/unofficial
In-House Browser Development[edit]
Not possible with the current available project resources. See also Too Much Source Code, Too Much Complexity and Difficulty to Create a Browser.
For example, see https://codeberg.org/librewolf/issues/issues to see the flood of complex issues that are constantly coming up.
PureOS previously maintained PureBrowser, but it got deprecated due to the too high maintenance effort.
There seem to be lots projects out there to “unMozilla” Firefox (removing things like DRM, telemetry, Pocket integration, etc) but it’s getting harder to do that with every Firefox release. That’s what we were up against with PureBrowser and it unfortunately became too daunting of a task (even with tracking ESR like we were). We also wanted to release close to upstream so we had the latest security patches ASAP but again, became unfeasible for our small team.https://forums.puri.sm/t/purebrowser-removed-after-update/8635/11
A Librewolf developer also confirmed that hard forking Firefox is infeasible.
[...]
No, we are absolutely not prepared to do that. We are a (very) small team with a rather limited amount of time (and energy) to work on LibreWolf even with it just the way it currently is. We would not even remotely be able to fork and maintain a browser fully, let alone to continually develop and improve it. Nor would we have the expertise to do so. Which would mean that if we tried to do that, we would most certainly release an insecure product, getting worse over time, which I would not ever want to be responsible for.
Sorry to disappoint on that front – but: it is what it is.Librewolf feature request: Prepared to fork Firefox?
, reply by ohfp
, Librewolf developer
Waterfox[edit]
Developed by BrowserWorks Ltd. https://browser.works/ A soft-fork of Firefox. First released in March 2011[4] and continuously maintained since then as of March 2025. Claims to not send any telemetry by default.
Several concerns listed at https://github.com/Kicksecure/security-misc/issues/192#issuecomment-2269688442 Some additional concerns and comments:
- Very little information about Waterfox is visible on the front page, aside from general claims about security and privacy. Much more info is visible in the Waterfox blog at https://www.waterfox.net/blog/
- BrowserWorks' website is very minimal. It links to Waterfox Desktop, Waterfox Android, Waterfox Search (broken), and "Oblivious Proxy" (link appears to do nothing). The primary email address given for contacting BrowserWorks is someone's personal fastmail.com email address. This raises some maintainability concerns, though Waterfox has been continuously maintained for a long time.
- Waterfox is not "part of the hyper-privacy community" according to the lead developer. They recommend the use of Tor for users with high privacy requirements. https://www.waterfox.net/blog/waterfox-has-joined-system1/#ethics-and-privacy
It is focused on speed and customization, it does not appear to have security hardening as a primary goal.
- No pre-built deb package, binaries are only available as a tarball.
- Only supports x86_64, no ARM64 binaries.
- Does NOT pass the radio silence test - Wireshark shows a flurry of activity as soon as Waterfox is launched for the first time, much of which appears to be connecting to Google's CDN.
Pale Moon[edit]
Several concerns listed at https://github.com/Kicksecure/security-misc/issues/192#issuecomment-2276225662. Very small development team, potentially high risk of security vulnerabilities due to low developer resources. Extreme amounts of controversy and drama within the project have led to questionable decisions with regard to browser development (https://www.palemoon.org/history.shtml
, section "2021, or: how Open Source ends"), and they report on this same history page that their infrastructure has been compromised at least once (section "A (failed) reboot into the Goanna Runtime Environment").
GNUzilla / IceCat[edit]
Developed by the Free Software Foundation. A Firefox ESR soft-fork. Appears to be actively maintained by a team of three developers[5] as of March 2025. Additional features include:
- Non-free JavaScript blocking
- Blocks all third-party content linked to by web pages by default, thus automatically blocking ads
- Some forms of anti-fingerprinting (such as JShelter and avoiding leaking IP addresses when using WebRTC)
- Supposedly disabled telemetry[6]
Cons:
- No official binaries available for any platform, must be built from source or installed via the Guix package manager
- Does not appear to have security hardening as a primary objective, though disabling non-free JS is a good step in that direction
Trivalent[edit]
- https://github.com/secureblue/Trivalent
- Developed by the the secureblue project. A soft-fork of Chromium, basically applies two patch stacks on top of Fedora's packaged version of Chromium.
- Primary goal is security hardening.
- Uses patches from GrapheneOS's Vanadium project, a security-hardened Chromium soft-fork for Android. Explicitly designed to be used with hardened_malloc.
- Makes secondary browser features opt-in rather than opt-out (such as search suggestions).
- If it was available from packages.debian.org, Trivalent would be considered for being Kicksecure default browser.
- Only offers binaries for secureblue itself, unclear whether these binaries would work on even Fedora.
- Fedora-centric build process, may be difficult or very difficult to build for Debian.
Ladybird[edit]
- https://ladybird.org/
- Fully independent web browser, not based on Firefox or Chromium.
- Still in early development, not generally usable and very likely has security issues in its current state of development.
- May be usable in the future, once mature and packaged for Debian. Will likely require multiple years more development before it is secure and usable.
Customized Settings Projects[edit]
There are a number of projects that provide customized settings for Firefox. It is unlikely that most of these projects will be useful to Kicksecure, since they may enable settings that are potentially dangerous or disable settings that users need enabled, thus adding extra risk and support burden to the project. They are listed together here since they are not really web browsers, simply different ways of configuring existing browsers.
ffprofile.com[edit]
Creates custom configuration profiles for Firefox, allowing one to customize a large number of settings that Firefox does not directly expose to the user. Can also provide features beyond ones included in Firefox by default via browser extensions.
- Provides a wizard-like user interface to the end user for selecting settings.
- Takes all of the input from the user, and builds it into two files,
profile.zip
andenterprise_policy.zip
. The user is supposed to then unzip these files into appropriate directories to apply their selected settings to the web browser. - Pros:
- Allows customizing a large number of privacy-related features, including disabling telemetry and features that could be used to more easily track a user.
- Relatively intuitive, wizard-like user interface, with each page similar to an application's settings dialog. Much easier to use than having to fiddle with
about:config
and enterprise policy JSON manually. - Avoids some of the problems with opinionated configuration projects such as arkenfox, Betterfox, and the like - the user gets to choose their own settings rather than living with whatever settings a random stranger decided was good for them.
- Cons:
- The profile config files are built on the server side, not on the client side in the web browser itself, meaning if the project's web server is compromised, it may serve compromised zip files.
- Can bundle Firefox extensions into the zip files, further increasing the damage a web server compromise could do.
- Running locally requires setting up a local web app, which is non-trivial. You can't just download it and run it.
- The extensions appear to be stored directly on the host server, not downloaded dynamically from Mozilla. This further increases the risk of a compromised project.
- Requires the user to manually unzip the built files into the correct directories. This is arguably the best that a web app can do, however this is likely to be a very challenging step for non-technical users, and may even be slightly tricky for technical users.
- To avoid trusting the project to be fully trustworthy, the end user would have to read through the entire generated configuration, ensuring no harmful features were enabled, and no important features were disabled. Browser addons would also have to be removed from the configuration, and then manually installed by the end user directly from Mozilla.
- The applicable versions of Firefox are not spelled out on the website, thus it is unclear if all of the configuration options are actually available in Firefox ESR or if attempting to enable them would break Firefox ESR.
- Potential ideas:
- Re-implement an audited version of ffprofile as a desktop app and include in Kicksecure? The app would be able to download addons from Mozilla directly (if it offered addons as a feature), install configuration automatically, and would come from a source users of Kicksecure already trust. Configuration builds would also be done client-side, removing most of the risks inherent if a compromised server provided the configuration.
- Would require a simple "use recommended settings, please proceed" button for most users.
arkenfox[edit]
https://github.com/arkenfox/user.js
A settings file improving Firefox security and privacy.
Todo
Advantages:
- Disabled telemetry by default.
Issues:
- Phone home. Does not do anything about Firefox phone home. Feature Request: Radio Silence by Default for Browser Startup and Background Connections aka "Disable Phone Home"
got instantly closed, rejected and locked for further discussion.
- https://github.com/arkenfox/user.js/issues/917
was deleted but is still available on https://web.archive.org/web/20210602135212/https://github.com/arkenfox/user.js/issues/917#issuecomment-609087428
- Has a different viewpoint on telemetry. Quote https://github.com/arkenfox/user.js/blob/4f37c32a0e219cc7deefff33b5683f546e3d8ac9/user.js
- https://github.com/arkenfox/user.js/issues/917
/*** [SECTION 8500]: TELEMETRY Arkenfox does not consider Firefox telemetry to be a privacy or security concern - comments below. But since most arkenfox users prefer it disabled for peace of mind, we'll do that rather than cause overrides. Opt-out - Telemetry is essential: a browser engine is a _very_ large complex beast costing billions to maintain - Opt-in telemetry _does not_ work and results in data that is unrepresentative and may be misleading Choice - Every new profile on first use provides data collection/use policy and the abillty to opt-out - It can be disabled at any time (Settings>Privacy & Security>Data Collection and Use) Data - no PII (Personally Identifiable Information) - all data can be viewed in about:telemetry - uses Prio [1][2][3], Glean [4], Oblivious HTTP [5][6] Firefox code is open source. Mozilla is responsible with opt-out. They are transparent, and they have gone above and beyond in terms of privacy preserving technologies. At this point, if you don't trust Firefox, then why are you using their browser? - not to be confused with holding them to a higher standard and checking browser changes/implementations [1] https://crypto.stanford.edu/prio/ [2] https://hacks.mozilla.org/2018/10/testing-privacy-preserving-telemetry-with-prio/ [3] https://blog.mozilla.org/security/2019/06/06/next-steps-in-privacy-preserving-telemetry-with-prio/ [4] https://firefox-source-docs.mozilla.org/toolkit/components/glean/index.html [5] https://firefox-source-docs.mozilla.org/toolkit/components/glean/user/ohttp.html [6] https://blog.mozilla.org/en/tag/oblivious-http/ ***/
Non-issues:
- https://github.com/arkenfox/user.js/issues/1795
- Telemetry. Ticket https://github.com/arkenfox/user.js/issues/1660
is confusing but it's not about enabling telemetry. Only about moving it to its own section in the config file. Which is more like a textual, stylistic change.
- Using
pref(
instead ofuser_pref(
is not an issue as per: https://github.com/Kicksecure/security-misc/pull/183#issuecomment-1895948795
That could easily be handled during the package build process with something like this:
search='pref("' replace='user_pref("' file_name='user.js' str_replace "$search" "$replace" "$file_name"
The diff
would be reasonably simple.
deskapps-harden[edit]
https://github.com/monsieuremre/deskapps-harden
A settings file improving Firefox security and privacy.
todo:
- Discuss if settings locking is really necessary: https://github.com/Kicksecure/security-misc/issues/192#issuecomment-1905981518
Advantages:
- Responsive upstream.
- Founded by a Kicksecure contributor.
- Clean, small, policy, single 1 file.
Disadvantages:
- New project.
- Few users, bug reports, and feature requests yet, hence difficult to judge the merits of the project.
- No known third-party reviews yet.
- Project name might be too limiting to gain lots of non-Kicksecure users using the same, which would be an advantage to get more users (fingerprint shared by more users and hopefully more review, suggestions).
- Seems to no longer be actively maintained.
pyllyukko user.js[edit]
https://github.com/pyllyukko/user.js
no phone home feature request: https://github.com/pyllyukko/user.js/issues/509#issuecomment-1947855378
More[edit]
- https://codeberg.org/rusty-snake/firefox-config
- https://github.com/crssi/Firefox
- https://github.com/yokoffing/Betterfox
TODO: ?
Criteria[edit]
Primary importance for Kicksecure must be security. Anti-fingerprinting is nice but secondary. Disabled telemetry can be considered a security feature since it lowers attack surface and a privacy feature. Radio Silence (as defined in LibreWolf feature request Radio Silence by Default for Browser Startup and Background Connections aka "Disable Phone Home" #1779) would be nice to have.
See also Privacy Goals and Non-Goals of Kicksecure.
- Settings projects: With thousands of relevant settings required to tame mainstream browser Chromium or Firefox and reports that these settings are flipped, reversed or ignored, this will probably remain mission impossible.
- Soft forks: Soft forking huge mainstream browser will most likely result in incomplete solutions. These browsers are not fork-friendly. Continuous re-base is not possible. For reasons, see Too Much Source Code, Too Much Complexity and Difficulty to Create a Browser.
- Hard forks: Hard forking or an independent source code base is a much better option. It may however be economically infeasible for a third-party project to clean up and maintain a gigantic source code base of millions of lines of code.
- Independent browsers not based on Chromium or Firefox: This is likely the best option.
If forks: Source code of anti-features needs to be completely removed. Not just disabled. As long as the source code is still there, it's still potentially dangerous.
IP addresses and domain names: The source code of a browser shouldn't contain any IP addresses and/or domain names.
Any browser used by Kicksecure must be well-maintained, ideally by a project or entity large enough to continue reliably maintaining the browser for the foreseeable future. An abandoned default browser may be very difficult for users to reliably migrate away from, and very dangerous to continue using.
Conclusion[edit]
A lot of presumably more secure by default (and better privacy by default) browsers have been considered.
No suitable, well-maintained with timely security upgrades, vendor-neutral, acceptable usability browser project could be found.
Discussions[edit]
- Chromium Browser for Kicksecure Discussions (not Whonix)
- Kicksecure Default Browser Discussion
- https://forum.qubes-os.org/t/is-there-a-reason-firefox-needs-to-have-vulnerable-insecure-settings-in-the-templates/23566
- https://forum.qubes-os.org/t/is-firefox-really-an-appropriate-default-browser-for-qubes/26042
Resources[edit]
- https://www.unixsheikh.com/articles/choose-your-browser-carefully.html
- https://digdeeper.club/articles/browsers.xhtml
Difficulty to Create a Browser[edit]
This is an application which can require more than 6 hours per build on a fast computer. We allocated a new build server with high specifications (Ryzen 9 3900, 128GB RAM, NMVe) and reduced the time it took to build Chromium to a little more than an hour.Linux Mint
- https://www.youtube.com/watch?v=z1Eq0xlVs3g
- https://blog.samuelmaddock.com/posts/google-widevine-blocked-my-browser/
- https://www.theregister.com/2019/04/03/googles_widevine_drm/
Hard Fork versus Soft Fork[edit]
https://codeberg.org/librewolf/issues/issues/2252
Browser Deals[edit]
Related[edit]
- Chrome
- Chromium
- Dev/Chromium
- Dev/Default Browser
- Google Chrome Repository Insecurity
- https://forums.whonix.org/t/chromium-browser-for-kicksecure-discussions-not-whonix/10388
Footnotes[edit]
- ↑ Dev/Chromium#Firefox_and_Chromium_Security
- ↑
From - Wed Mar 6 09:46:50 2024 X-Account-Key: account17 X-UIDL: 000007a4614cbb3b X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <mkaply@mozilla.com> X-Original-To: adrelanos@kicksecure.com Delivered-To: adrelanos@kicksecure.com DMARC-Filter: OpenDMARC Filter v1.4.2 kicksecure.com 434B3360215 Authentication-Results: OpenDMARC; dmarc=pass (p=none dis=none) header.from=mozilla.com Authentication-Results: kicksecure.com; dkim=pass (1024-bit key; unprotected) header.d=mozilla.com header.i=@mozilla.com header.a=rsa-sha256 header.s=google header.b=KO0pwwTC; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.128.41; helo=mail-wm1-f41.google.com; envelope-from=mkaply@mozilla.com; receiver=kicksecure.com Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by kicksecure.com (Postfix) with ESMTPS id 434B3360215 for <adrelanos@kicksecure.com>; Mon, 4 Mar 2024 21:53:55 +0000 (UTC) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-412ecbe4b57so5235e9.3 for <adrelanos@kicksecure.com>; Mon, 04 Mar 2024 13:53:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; t=1709589235; x=1710194035; darn=kicksecure.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=XP05dmdJPTeHoyDZnAH+TBrLnk5Pk9nN86hupFmiynM=; b=KO0pwwTCrnXP5ndCK8Idwaw02FaGISaHDio7cvLHI5kUVEftpDvfZqIwVUiUlf+ejo Vwza2tyLTSXsXargMX/r6DweuvcaXr/ORbStaNFj6/5FIdggVHnuFWRt3z7YpaiUX55u Bg5c4HLAlo22WBp/GbDgA5CPz1NLOfBnLH+a0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1709589235; x=1710194035; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XP05dmdJPTeHoyDZnAH+TBrLnk5Pk9nN86hupFmiynM=; b=Bcwyyj+W6zE5/e+hllNZwdi+utLxDjBq+Km8vDpIZ4hqd7yTkgfmxGJwMgJlKjV9Su 5kSnHn+9cHaDYqj97VgHiMojtHCdfR+AuXAj8R3eKcd82BPYLuD/o0FPz22KviwxyOOi gH7VMuTkeYh1bDu60PdHKj4Qf5ihieIK+ZzH4a0+Uty0IiqdsE1sIfa8Li6HWkspd8pK wtWM9+ba+KZE6AlE7YlmkB24QzI8U/JCRvKbRBIC2nJgk8a/G7IRAC5VRSeeuWS9PAqY hGOAcimCEzLwge2yYe9wBLzlCuw132yGwb9lku72aDxDhM7BGzLac3lmH97qKLrOfLEl o2pg== X-Gm-Message-State: AOJu0YxpDPXGivRK0mFs4G9dtgoxCoyTfJ/mX6t7leiFUBLyQI2wez40 IQvQ4VkXhchvSNDMu9PEn2ZPA32/fuMZtTXo1/Y2nHnm6iCosmb7zOT9bxH4jmL+J2qyDibpTbB XbXJvmbMkTV+18tIkP72ZCCabFHBunQ2vdgQGK/UAGc8VC/HydA== X-Google-Smtp-Source: AGHT+IEGi33bUA1HhC2dlhFxFORD6YygNB0bn9HZl9i8sVjS5DMuaQWavGTA9U6pafzoOu4Qw7iQzV6Y/MLCJ+h7FPc= X-Received: by 2002:a05:600c:3581:b0:412:c29d:a3d7 with SMTP id p1-20020a05600c358100b00412c29da3d7mr7819910wmq.16.1709589235005; Mon, 04 Mar 2024 13:53:55 -0800 (PST) MIME-Version: 1.0 References: <0cff8095-6714-43e2-abcc-effba6bd1ba9@kicksecure.com> <CABrFwTKbdhb9Dso46ywiVW1KOoLzF1PmEEM7z0cYAMMWXr2XuA@mail.gmail.com> In-Reply-To: <CABrFwTKbdhb9Dso46ywiVW1KOoLzF1PmEEM7z0cYAMMWXr2XuA@mail.gmail.com> From: Mike Kaply <mkaply@mozilla.com> Date: Mon, 4 Mar 2024 16:53:43 -0500 Message-ID: <CAHueOzDskb_3-oCNwja0D6ea2TMnOHTqJ==xV0bn-5VcBJv-Wg@mail.gmail.com> Subject: Fwd: Kicksecure Default Browser Configuration Trademark Question To: adrelanos@kicksecure.com Content-Type: multipart/alternative; boundary="000000000000109e5d0612dcc396" X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_MSPIKE_H2, URIBL_BLOCKED autolearn=ham autolearn_force=no version=4.0.0 X-Spam-Report: * -1.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) * [209.85.128.41 listed in wl.mailspike.net] * 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. * See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block * for more information. * [URI: mozilla.org] * 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily * valid * -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from * envelope-from domain * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's * domain * 0.0 HTML_MESSAGE BODY: HTML included in message X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on kicksecure.com --000000000000109e5d0612dcc396 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Patrick, Thanks for your email. Unfortunately the changes you would like to make do not comply with our distribution policy <https://www.mozilla.org/foundation/trademarks/distribution-policy/>, including the following: You may not add to, remove, or change any part of the software, including the Mozilla trademarks themselves. For example, you may not add any extensions to Firefox, change default settings, or alter search codes. If you would like to distribute Firefox unmodified, you can use our .deb. You can, of course, make any modifications you wish to Firefox=E2=80=99s op= en source software if you distribute a browser without Mozilla and Firefox trademarks. Based on your requirements, the Tor Browser might also be an option you could consider. Mike Kaply Technical Partner Lead Mozilla Corporation On Thu, Feb 15, 2024 at 12:32=E2=80=AFAM 'Patrick Schleizer' via trademark permissions <trademark-permissions@mozilla.com> wrote: > I am the lead developer of the Kicksecure project, a Linux distribution > focused on security and based on Debian. Kicksecure is developed by the > same team as Whonix, which is somewhat more well-known. > > Our hardened defaults extend to the default user applications on the > system, including a daily drivable web browser. > > We are currently in the process of reviewing and considering potential > candidates to be the default web browser on Kicksecure. > > With good intentions, various Kicksecure contributors have suggested > shipping Mozilla Firefox as the default browser. However, some > contributors, including myself, are concerned about the modifications to > Firefox's default settings we intend to make, versus Mozilla's Trademark > Policy. We have no intention of rebranding or changing the compilation > options of Firefox binaries. In fact, we prefer to keep the Mozilla > trademarked names for the products to provide our users with a sense of > familiarity. > > We would acquire unaltered binaries from one of the following sources: > > - Debian's official packages.debian.org repository > - Mozilla's official packages.mozilla.org repository > - Mozilla's official Firefox Flathub repository > > Ideally, we would use Mozilla sources. > > Here is a trademark-respecting list of things we are aware of and want > to avoid for understandable reasons: > > * Not using Mozilla trademarks in the name of our business, product, > service, app, domain name, publication, or other offering. > * Not using marks, logos, company names, slogans, domain names, or > designs that are confusingly similar to Mozilla trademarks. > * Not using Mozilla trademarks in a way that incorrectly implies > affiliation with, or sponsorship, endorsement, or approval by Mozilla of > our products or services. > * Not displaying Mozilla trademarks more prominently than our product, > service, or company name. > * Not using Mozilla trademarks on merchandise for sale (e.g., selling > t-shirts, mugs, etc.) > * Not using Mozilla trademarks for any other form of commercial use > (e.g., offering technical support services), unless such use is limited > to a truthful and descriptive reference (e.g., =E2=80=9CIndependent techn= ical > support for Mozilla=E2=80=99s Firefox browser=E2=80=9D). > * Not modifying Mozilla=E2=80=99s trademarks, abbreviating them, or combi= ning > them with any other symbols, words, or images, or incorporating them > into a tagline or slogan. > > And here is a list of things that we would like to do. Our primary > intention is to have a default policy (or employ other means if more > appropriate) to do the following: > > * Use unaltered binaries. > * Disable all Telemetry, Studies, Reports, and non-essential implicit > outgoing connections. > * Force install the addon "uBlock Origin" by Raymond Hill. > * Set and lock hardened SSL/TLS-related settings, including, but not > limited to, setting HTTPS-only mode as the default, blocking mixed > content, not trusting unsafe negotiations, disabling unencrypted > background requests, etc. > * Disable sponsored components, like bookmarks and suggestions. > * Set and lock strict mode for ETP. > * Change the default homepage. > * Disable the default display of the "Know Your Rights" information page. > > As an illustrative point of how specifically we plan to apply these > changes: > > - Our intended changes would be made by providing a separate package > (for example, named "hardened-browser-config"). > - This package would install config file(s) in folder(s) such as > /etc/firefox or /etc/firefox-esr. > - The package would be installed by default. > > We are willing to elaborate on the details and consider making > modifications upon request by Mozilla. > > We are not asking for any special permission that does not extend to > derivatives. As stated on the Debian issue tracker: > > > In case of derivatives of Debian, Firefox branding can be used as long > > as the patches applied are in the same category as described above. > > This is related to the Debian Free Software Guidelines (DFSG) (item 8): > > > License must not be specific to Debian > > > > The rights attached to the program must not depend on the program's > being part of a Debian system. If the program is extracted from Debian > and used or distributed without Debian but otherwise within the terms of > the program's license, all parties to whom the program is redistributed > should have the same rights as those that are granted in conjunction > with the Debian system. > > We would like to be able to state similarly: > > > In case of derivatives of Kicksecure, Firefox branding can be used as > long as the patches applied are in the same category as described above. > > We are asking for your opinion on whether this would be in conflict with > Mozilla's Trademark Policy. > > We intend to publish our correspondence for the sake of transparency. > Our communications and your responses will be publicized in full, > verbatim, without modifications. > > -- > You received this message because you are subscribed to the Google Groups > "trademark permissions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to trademark-permissions+unsubscribe@mozilla.com. > --000000000000109e5d0612dcc396 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div>Patrick,</div><div><br></div><div>Thanks for your ema= il.<br></div><div><br></div><div>Unfortunately the changes you would like t= o make do not comply with our<a href=3D"https://www.mozilla.org/foundation/= trademarks/distribution-policy/"> distribution policy</a>, including the fo= llowing:</div><br><div style=3D"margin-left:40px">You may not add to, remov= e, or change any part of the software, including the Mozilla trademarks the= mselves. For example, you may not add any extensions to Firefox, change def= ault settings, or alter search codes.<br></div><br>If you would like to dis= tribute Firefox unmodified, you can use our .deb.<br><br>You can, of course= , make any modifications you wish to Firefox=E2=80=99s open source software= if you distribute a browser without Mozilla and Firefox trademarks. Based = on your requirements, the Tor Browser might also be an option you could con= sider.<br><div><br></div><div>Mike Kaply</div><div>Technical Partner Lead</= div><div>Mozilla Corporation<br></div><div class=3D"gmail_quote"><br><div c= lass=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Feb 15, = 2024 at 12:32=E2=80=AFAM 'Patrick Schleizer' via trademark permissi= ons <<a href=3D"mailto:trademark-permissions@mozilla.com" target=3D"_bla= nk">trademark-permissions@mozilla.com</a>> wrote:<br></div><blockquote c= lass=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px soli= d rgb(204,204,204);padding-left:1ex">I am the lead developer of the Kicksec= ure project, a Linux distribution <br> focused on security and based on Debian. Kicksecure is developed by the <br= > same team as Whonix, which is somewhat more well-known.<br> <br> Our hardened defaults extend to the default user applications on the <br> system, including a daily drivable web browser.<br> <br> We are currently in the process of reviewing and considering potential <br> candidates to be the default web browser on Kicksecure.<br> <br> With good intentions, various Kicksecure contributors have suggested <br> shipping Mozilla Firefox as the default browser. However, some <br> contributors, including myself, are concerned about the modifications to <b= r> Firefox's default settings we intend to make, versus Mozilla's Trad= emark <br> Policy. We have no intention of rebranding or changing the compilation <br> options of Firefox binaries. In fact, we prefer to keep the Mozilla <br> trademarked names for the products to provide our users with a sense of <br= > familiarity.<br> <br> We would acquire unaltered binaries from one of the following sources:<br> <br> - Debian's official <a href=3D"http://packages.debian.org" rel=3D"noref= errer" target=3D"_blank">packages.debian.org</a> repository<br> - Mozilla's official <a href=3D"http://packages.mozilla.org" rel=3D"nor= eferrer" target=3D"_blank">packages.mozilla.org</a> repository<br> - Mozilla's official Firefox Flathub repository<br> <br> Ideally, we would use Mozilla sources.<br> <br> Here is a trademark-respecting list of things we are aware of and want <br> to avoid for understandable reasons:<br> <br> * Not using Mozilla trademarks in the name of our business, product, <br> service, app, domain name, publication, or other offering.<br> * Not using marks, logos, company names, slogans, domain names, or <br> designs that are confusingly similar to Mozilla trademarks.<br> * Not using Mozilla trademarks in a way that incorrectly implies <br> affiliation with, or sponsorship, endorsement, or approval by Mozilla of <b= r> our products or services.<br> * Not displaying Mozilla trademarks more prominently than our product, <br> service, or company name.<br> * Not using Mozilla trademarks on merchandise for sale (e.g., selling <br> t-shirts, mugs, etc.)<br> * Not using Mozilla trademarks for any other form of commercial use <br> (e.g., offering technical support services), unless such use is limited <br= > to a truthful and descriptive reference (e.g., =E2=80=9CIndependent technic= al <br> support for Mozilla=E2=80=99s Firefox browser=E2=80=9D).<br> * Not modifying Mozilla=E2=80=99s trademarks, abbreviating them, or combini= ng <br> them with any other symbols, words, or images, or incorporating them <br> into a tagline or slogan.<br> <br> And here is a list of things that we would like to do. Our primary <br> intention is to have a default policy (or employ other means if more <br> appropriate) to do the following:<br> <br> * Use unaltered binaries.<br> * Disable all Telemetry, Studies, Reports, and non-essential implicit <br> outgoing connections.<br> * Force install the addon "uBlock Origin" by Raymond Hill.<br> * Set and lock hardened SSL/TLS-related settings, including, but not <br> limited to, setting HTTPS-only mode as the default, blocking mixed <br> content, not trusting unsafe negotiations, disabling unencrypted <br> background requests, etc.<br> * Disable sponsored components, like bookmarks and suggestions.<br> * Set and lock strict mode for ETP.<br> * Change the default homepage.<br> * Disable the default display of the "Know Your Rights" informati= on page.<br> <br> As an illustrative point of how specifically we plan to apply these changes= :<br> <br> - Our intended changes would be made by providing a separate package <br> (for example, named "hardened-browser-config").<br> - This package would install config file(s) in folder(s) such as <br> /etc/firefox or /etc/firefox-esr.<br> - The package would be installed by default.<br> <br> We are willing to elaborate on the details and consider making <br> modifications upon request by Mozilla.<br> <br> We are not asking for any special permission that does not extend to <br> derivatives. As stated on the Debian issue tracker:<br> <br> =C2=A0> In case of derivatives of Debian, Firefox branding can be used a= s long<br> =C2=A0> as the patches applied are in the same category as described abo= ve.<br> <br> This is related to the Debian Free Software Guidelines (DFSG) (item 8):<br> <br> =C2=A0> License must not be specific to Debian<br> =C2=A0><br> =C2=A0> The rights attached to the program must not depend on the progra= m's <br> being part of a Debian system. If the program is extracted from Debian <br> and used or distributed without Debian but otherwise within the terms of <b= r> the program's license, all parties to whom the program is redistributed= <br> should have the same rights as those that are granted in conjunction <br> with the Debian system.<br> <br> We would like to be able to state similarly:<br> <br> =C2=A0> In case of derivatives of Kicksecure, Firefox branding can be us= ed as <br> long as the patches applied are in the same category as described above.<br= > <br> We are asking for your opinion on whether this would be in conflict with <b= r> Mozilla's Trademark Policy.<br> <br> We intend to publish our correspondence for the sake of transparency. <br> Our communications and your responses will be publicized in full, <br> verbatim, without modifications.<br> <br> -- <br> You received this message because you are subscribed to the Google Groups &= quot;trademark permissions" group.<br> To unsubscribe from this group and stop receiving emails from it, send an e= mail to <a href=3D"mailto:trademark-permissions%2Bunsubscribe@mozilla.com" = target=3D"_blank">trademark-permissions+unsubscribe@mozilla.com</a>.<br> </blockquote></div><div dir=3D"ltr"><div><div dir=3D"ltr"><div><br><span><s= pan></span></span></div></div></div></div> </div></div> --000000000000109e5d0612dcc396--
- ↑
- Quote Mullvad: The Mullvad Browser hard facts: list of settings and modifications.
:
No password manager (it's better to keep the password manager as a separate tool)
- Mullvad Browser issue: MISSING: Settings -> Privacy & Security -> Logins and passwords -> Ask to save logins and passwords for websites
- Quote Mullvad: The Mullvad Browser hard facts: list of settings and modifications.
- ↑ https://en.wikipedia.org/wiki/Waterfox
- ↑ From https://www.gnu.org/software/gnuzilla/
: "The GNUzilla project is currently maintained by Ruben Rodriguez, Amin Bandali, and Mark H. Weaver. Please use the mailing lists for contact."
- ↑ https://spyware.neocities.org/articles/icecat

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!