Most are, most are affiliate link-farms in disguise as well, and privacyguides.org is written in response to such guides.
It is called privacy guides and not security guides for a reason, and many of our basic "recommendations" are geared towards a specific threat model that does not include, for example, being targeted by law enforcement or others with access to zero-day vulnerabilities or similarly targeted exploits. They are geared towards avoiding commercial-grade tracking, especially by corporations, and dragnet mass surveillance programs.
This is why we place so much of an emphasis on threat modeling before suggesting recommendations in the first place though, to make sure readers know exactly when the recommendations apply to them and when they instead need to seek additional resources. We have countless pages within our community forum detailing why and when Chromium is technically superior to Firefox.
This is also why we don't recommend Firefox on mobile devices at all, because while we do feel Firefox on desktop is adequately secure for many people, we don't feel that is the case on Android, unfortunately.
Anyways, thank you for your insight. I will look into making this more clear at a glance.
We don't have a deal with Brave. It was added almost 3 years ago, and nobody has even proposed removing it in the time since. Furthermore, it would be insane and likely illegal for a public charity to strike a deal to serve an undisclosed advertisement for a product from a private company.
I think our position on Brave is clear enough from the very first paragraph in the guide:
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box
Just want to put emphasis on “out of the box”. Changing any of the default settings will cause you to stand out. The fingerprinting protection is essentially to have a bunch of people all using the same browser with all of the mechanisms used for fingerprinting being either disabled or giving the same results on all installations; everyone has the same fingerprint.
We cover that too [0]. In addition, while I wouldn't blanket recommend a VPN usually, it's important to use a VPN in conjunction with Mullvad Browser (specifically). If you're not blending in with a crowd of similar browsers at the network level too, the fingerprinting protections are a bit pointless.
> Like Tor Browser, Mullvad Browser is designed to prevent fingerprinting by making your browser fingerprint identical to all other Mullvad Browser users, and it includes default settings and extensions that are automatically configured by the default security levels: Standard, Safer and Safest. Therefore, it is imperative that you do not modify the browser at all outside adjusting the default security levels. Other modifications would make your fingerprint unique, defeating the purpose of using this browser.
> We recommend Mullvad Browser if you are focused on strong privacy protections and anti-fingerprinting out of the box, Firefox for casual internet browsers looking for a good alternative to Google Chrome, and Brave if you need Chromium browser compatibility.
What about a WebKit based browser?
"Orion comes with state-of-the-art ad and tracker blocking enabled by default, unlike any other browser in existence... Beyond blocking all ads and trackers by default, Orion is also a zero telemetry browser. It protects you from websites on the web, and the browser itself never leaks your private information anywhere."
I've always worried that Proton might succumb to the enshittification that seems to eventually plague all tech companies. This news makes me a lot more optimistic that won't be the case.
Yeah, that is interesting to me. I would imagine one of the main reasons people have been asking for alternative browser engine support in the first place is the potential to have more features added to PWAs by competing platforms, since they were clearly not a priority in WebKit for a very long time.
> How am I supposed to contribute to a NoDerivatives project?
I don’t understand this question, like literally how? The process has not changed.
The FSF recommends CC BY-ND for works which state a viewpoint (opinion) to avoid being misquoted. To distribute a modified version of the website would misrepresent the authors who wrote it, which would serve no useful purpose.
> I don’t understand this question, like literally how? The process has not changed.
IANAL but the licence prevents me from modifying it, which means that I'm not allowed to make any changes, not matter what. Me making a PR would be me breaking the licence.
> The FSF recommends CC BY-ND for works which state a viewpoint (opinion) to avoid being misquoted.
And FSF is silly in many ways. Who would you be misquoted by? Also misquoting is illegal if it was done with malice, just like how breaking licence terms is illegal. And keep in mind that to prevent either, you need to be ready to go to court :).
It "misses the point" in the sense that it wasn't what the article was about at all, I suppose. Ultimately the point was that people need to be aware of VPN reviewer's practices, it is definitely not encouraging the use of a VPN. Otherwise I'd agree with you, which is why we wrote about and recommend self-hosting with Outline: https://blog.privacytools.io/self-hosting-a-shadowsocks-vpn-...
The problem with a lot of these affiliate sites (which I alluded to in the conclusion of the article but perhaps didn't spend quite enough time on) is that they provide a small disclosure of their relationships in their footer or in the article. But they do it as inconspicuously as possible to avoid the drawbacks of disclosing anything.
I have a lot more respect for the sites that prominently disclose their relationships, like Wirecutter. Most of these sites are a business, they've gotta make money somehow. But IMO most readers aren't seeking out such disclosures automatically when they see a "review", so the hidden-in-the-footer nonsense is entirely useless.
It is called privacy guides and not security guides for a reason, and many of our basic "recommendations" are geared towards a specific threat model that does not include, for example, being targeted by law enforcement or others with access to zero-day vulnerabilities or similarly targeted exploits. They are geared towards avoiding commercial-grade tracking, especially by corporations, and dragnet mass surveillance programs.
This is why we place so much of an emphasis on threat modeling before suggesting recommendations in the first place though, to make sure readers know exactly when the recommendations apply to them and when they instead need to seek additional resources. We have countless pages within our community forum detailing why and when Chromium is technically superior to Firefox.
This is also why we don't recommend Firefox on mobile devices at all, because while we do feel Firefox on desktop is adequately secure for many people, we don't feel that is the case on Android, unfortunately.
Anyways, thank you for your insight. I will look into making this more clear at a glance.
reply