Web Browser

From Kicksecure
Jump to navigation Jump to search
Documentation Previous page: SSH Index page: Documentation Next page: Chrome Web Browser

Web Browsers Comparisons

Introduction[edit]

A browser is a program you use to access and view websites on the internet, like Chrome, Safari, or Firefox. It lets you search for information, watch videos, check email, and more by showing web pages.

Kicksecure Default Browser[edit]

  • At time of writing: Firefox is installed by default inside Kicksecure.
  • Future: For a future version of Kicksecure, it is planned to no longer install a browser by default inside Kicksecure.

No Default Browser[edit]

No browser exists at time of writing that can be wholeheartedly recommended for users of Kicksecure according to technical Criteria (security, privacy and user freedom).

These reasons are elaborated on the Kicksecure Default Browser - Development Considerations wiki page and will soon be summarized here.

Recommended Browser[edit]

None.

Issues with Browsers[edit]

Most mainstream browsers are considered spyware by many people. See also Firefox Selling User Data.

This issue cannot be solved by operating system vendors such as Kicksecure. For reasons why that is, see In-House Browser Development.

Browser Comparison[edit]

Browser Comparison - Introduction[edit]

Here is a list of commonly discussed browser within the security and privacy communities with their main disadvantages.

The browsers are listed in rough order of their market share and popularity.

Chrome[edit]

Advantages:

  • Most popular and therefore presumably most compatible browser.

Disadvantages:

Based on: Chromium.

Why not default in Kicksecure:

Chromium[edit]

Advantages:

  • Might be similarly compatible as Chrome due to its shared code base.

Disadvantages:

Why not default in Kicksecure:

  • No official binary builds.
  • Refer to disadvantages.

Based on: Not based on any other browser.

More technical details: Chromium

Firefox[edit]

Advantages:

  • Might be similarly compatible as Chrome due to its past popularity.

Disadvantages:

  • Needs hardening: Not as hardened by default (lower attack surface, disabled telemetry) as it could be, creating demand for a hardened Firefox fork or Firefox settings project such as Arkenfox.
  • Punicode security issue: Very hard to notice phishing scam - Firefox / Tor Browser URL not showing real domain name - Homograph attack (Punycode)archive.org iconarchive.today icon A homograph attack is a type of phishing attack where characters from different writing systems are used to create deceptive URLs. These URLs appear identical or very similar to legitimate ones. Punycode is a way of encoding these special characters so they can be used in domain names.

Why not default in Kicksecure: Planned!

Based on: Not based on any other browser.

More technical details: See Original Firefox.

Mullvad Browser[edit]

Advantages:

  • Anti-browser fingerprinting: Makes it harder for websites to track you based on your browser’s settings. This helps protect your privacy.
  • Security features: Includes a "security level" setting that lets you choose stronger protection. Higher levels may break some websites but offer better security.
  • Installation: Debian package repository available.archive.org iconarchive.today icon This allows users on Debian-based systems, including Kicksecure, to easily install and update Mullvad Browser using tools like apt.

Disadvantages:

Why not default in Kicksecure:

  • Not vendor neutral
    • Includes Mullvad branding, uses Mullvad DNS by default, and promotes its VPN service, tying it to a specific commercial provider.
    • Creates potential reputational risks for Kicksecure by suggesting endorsement or sponsorship by a VPN company.
    • Could lead to user suspicion of paid promotion, harming the project's perception of independence and trustworthiness.

Based on: Base Browser, which is based on Firefox ESR.

More technical details: Mullvad Browser

Tor Browser[edit]

Advantages:

  • Same privacy and security benefits as Mullvad Browser.

Disadvantages:

Why not default in Kicksecure:

  • Sends all web traffic through the Tor network. This is good for anonymity (like in Whonix), but Kicksecure needs a regular (clearnet) browser instead.

Based on: Base Browser, which is based on Firefox ESR.

More technical details: Tor Browser

Brave Browser[edit]

Advantages:

  • Built-in ad blocker: Brave includes an advertisement blocker by default, which helps reduce tracking and speeds up web browsing.

Disadvantages:

Why not default in Kicksecure:

  • Because of disadvantages listed above.

Based on: Chromium.

More technical details: Brave Browser

LibreWolf[edit]

Advantages:

  • Firefox Rapid Release instead of ESR.

Disadvantages:

Why not default in Kicksecure:

  • Due to disadvantages listed above.

Based on: Firefox Rapid Release

More technical details: See LibreWolf.

Other Browsers[edit]

Other browsers might be listed on Kicksecure Default Browser - Development Considerations.

What Users Can Do[edit]

The situation is clearly unsatisfactory. Here is what users can do:

  • Stay in the loop. Subscribe to relevant discussions.
  • Conduct deep research.
  • Stay vigilant.
  • Demand transparency.
  • Demand radio silence.
  • Support Geminispace‎, SmolNet.
  • Wait for privacy-respecting browsers to become available.

Activist Statement[edit]

Market Stance: Using any browser other than Firefox or Chrome(ium) is seen by some as a stand against the dominance of Firefox and Chrome.

Extended Support Release - ESR[edit]

Browsers based on Firefox ESR might be less secure than browsers based on Firefox Rapid Release, see Firefox Security - ESR (Extended Support Release) versus Rapid Release.

Open Source Browsers Only[edit]

Browsers that are non-freedom software (closed source) (not Open Source) are only briefly mentioned and discouraged. See also Reasons for Freedom Software / Open Source.

Advanced Topics[edit]

The following topics are for Advanced Users only.

Browser DDOS Vulnerabilities[edit]

Can browser be frozen by heavy JavaScript as an attack? Other vulnerabilities? What happens if JavaScript is constantly fetched or if the browser's DOM is 1 GB++ large?

  • Vulnerabilities
    1. Infinite Loops / Infinite Recursion : while(true) {} can cause the browser to freeze and function recursive() { recursive(); } can crash the browser due to stack overflow. There are safeguards in place in modern browsers but it's still a risk especially if combined with other attacks
    2. Memory consumption : By creating an extremely large DOM or an extremely large array the memory can be consumed leading to slowdown of the OS or crash of the browser
    3. Fetching humongous data : Constantly / infinitely fetching giant data files can slow down the browser or freeze it
    4. Forced reflows and layouts : By constantly changing huge parts of the layout of the page in short intervals the browser can be slowed down
    5. iframe overload : Creating a huge amount of iframes - even without source - and adding them to the page can slow down the browser
    6. iframe inception : an iframe references the same page it is on, which in turn creates another iframe that references the same page, and so on. This can lead to an infinite loop, causing the browser to consume significant resources and potentially become unresponsive or crash.
  • These are the most common and even some less likely DDOS vulnerabilites for the browser. Most modern browsers are safeguarded against this as much as possible. But as there is often no way to differentiate if a huge memory consumption is benevolent or malevolent the browser has to accept most of these commands
  • In the past Javascript was more powerful in the browsers giving it some OS access. But due to virusses and malware all browsers now use a sandbox to severely limit Javascript capabilities

Footnotes[edit]

Documentation Previous page: SSH Index page: Documentation Next page: Chrome

Notification image

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!