[PLUG] Sync sucks, downgrading firefox, then alternatives

james at bertelson.me james at bertelson.me
Sun Apr 25 17:07:36 UTC 2021 

The day Firefox defaulted to sending all of my DNS queries to cloudflare 
out of the box, I was out. Like you mention, I understood that I too can 
look at the code and even turn the feature off, but I'm not a fan of the 
mentality behind that kind of blatant breach of privacy as a default. I 
ended up switching to Waterfox, and I'm quite happy with it. It's based 
on Firefox 78 ESR with a bunch of changes focused on being libre, 
backwards compatible, and fast. A few big ones:

  - Pocket is removed
  - Telemetry is removed
  - Data collection is removed
  - Startup profiling is removed
  - All 64-bit NPAPI plugins are allowed
  - Sponsored tiles on the new tab page are removed

I'd recommend giving it a spin! It does include support for Firefox Sync 
but is not in any way required nor would I expect it to be.

--
  James Bertelson
  james at bertelson.me
  :wq


On 2021-04-24 21:57, Keith Lofstrom wrote:
> Best Mozilla alternatives?
> 
> In order to enable some misbehaving web videos, I made
> the foolish mistake of updating firefox on my desktop
> machine yesterday.  Silly me, "update" in Firefox-eze
> means "submit to Mozilla arrogance, delete older data."
> 
> In this case, it means that Firefox now requires "Sync"
> and "Lockwise".  Passwords stored (allegedly encrypted)
> on Mozilla servers.
> 
> With a password I don't have anyway.
> 
> No f***ing way are my passwords leaving my machine.  No
> f***ing way will Mozilla Galactica get any password or
> hash thereof.  It's bad enough that I trust their
> allegedly-open-source browser to access my passwords (*)
> 
> My systems are designed to keep running when the internet
> (or the cable modem, or the power grid) does not, with
> local html copies of all the important html content that
> I create.  Different machines have different sets of
> passwords, and the portables do NOT have most passwords,
> Bank and health passwords are "stored" on paper and
> locked in a safe.
> 
> No external password storage, except unique passwords for
> each web-service (stored here on a subset of secure
> internal machines, and on backups).
> 
> Grr.  I want to give the Mozilla designers wifi-enabled
> pacemakers, then switch off the wifi.  Instead, I shall
> keep calm and find truly open source alternatives.
> 
> I do have daily backups of the .mozilla files.  Also,
> a few months ago, I printed out my Mozilla passwords
> (about 200 of them) and keep them "in a safe place".
> 
> So for now, I will delete the newer firefox, then reinstall
> an older version without "Sync", and a backup version of
> .mozilla/firefox/ to verify those older passwords work.
> 
> Then I will move on to Chromium ... presuming that does
> not use the same insane offsite password storage method.
> 
> Any other suggestions?
> 
> Keith L.
> 
> (*) P.S. In theory, I can read Firefox source and prove
> that my passwords are properly encrypted and decrypted
> before they are sent to and from Mozilla.  In actuality,
> by subtle misuse of API calls and function prototypes,
> encryption can be crippled.  I am not nearly clever
> enough to find subtle exploits in Firefox code, and
> few of us bother to try.  No verify, no trust.

More information about the PLUG mailing list