Kicksecure ™

Download

On Computer USB Installation Intel / AMD64 ARM64 Raspberry Pi PPC64 Windows (VM) Mac Linux (VM) VirtualBox (VM) Qubes (VM) KVM (VM) Debian morph to Kicksecure More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Web Browsers Comparisons

A browser is a program you use to access and view websites on the internet, like Chrome, Safari, or Firefox. It lets you search for information, watch videos, check email, and more by showing web pages.

• At time of writing: Firefox is installed by default inside Kicksecure.
• Future: For a future version of Kicksecure, it is planned to no longer install a browser by default inside Kicksecure.

Coming soon!

Most operating systems come with a web browser already installed. But Kicksecure, a security-focused system, does not. This might seem unusual, but there’s a good reason behind it.

Kicksecure’s main goal is to protect your security (and privacy). See also Privacy Goals and Non-Goals of Kicksecure.

Web browsers are one of the most dangerous programs on any computer. They connect to the internet, can be targeted by hackers, and might collect information about you. Some browsers, even well-known ones, include tracking features or need extra work to be truly private. Because of this, Kicksecure doesn’t want to assume which browser is best for everyone.

Instead of picking a browser for you, Kicksecure lets you choose the one that fits your needs. Different people have different goals. Some want to avoid advertisements, while others need strong protection against online spying. By not including a browser, Kicksecure avoids making a risky or biased choice.

In short, Kicksecure doesn’t include a browser by default because no browser today is perfect for security (and privacy). It leaves the choice up to you, the user, so you can pick what’s best for your situation.

Recommended reading:

• Kicksecure Default Browser - Development Considerations

None.

No browser exists at time of writing that can be wholeheartedly recommended for users of Kicksecure according to technical Criteria (security, privacy and user freedom).

Most mainstream browsers are considered spyware by many people. See also Firefox Selling User Data.

This issue cannot be solved by operating system vendors such as Kicksecure. For reasons why that is, see In-House Browser Development.

Here is a list of commonly discussed browser within the security and privacy communities with their main disadvantages.

The browsers are listed in rough order of their market share and popularity.

Advantages:

• Most popular and therefore presumably most compatible browser.

Disadvantages:

• Closed source, non-freedom software.
• concerns about user autonomy related to browser market dominance
• data harvesting / tracking issues

Based on: Chromium.

Why not default in Kicksecure:

• Not Open Source. See Open Source Browsers Only.

User documentation: Chrome

Advantages:

• Might be similarly compatible as Chrome due to its shared code base.

Disadvantages:

• Similar to Chrome, see above, except Chromium is Open Source.
• security issues with the Chromium package in Debian
• data harvesting / tracking issues

Why not default in Kicksecure:

• No official binary builds.
• Refer to disadvantages.

Based on: Not based on any other browser.

User documentation: Chromium

More technical details: Chromium (developers)

Advantages:

• Might be similarly compatible as Chrome due to its past popularity.

Disadvantages:

• Needs hardening: Not as hardened by default (lower attack surface, disabled telemetry) as it could be, creating demand for a hardened Firefox fork or Firefox settings project such as Arkenfox.
• Punicode security issue: Very hard to notice phishing scam - Firefox / Tor Browser URL not showing real domain name - Homograph attack (Punycode) A homograph attack is a type of phishing attack where characters from different writing systems are used to create deceptive URLs. These URLs appear identical or very similar to legitimate ones. Punycode is a way of encoding these special characters so they can be used in domain names.

Why not default in Kicksecure: Planned!

• The issue of Firefox Selling User Data was perceived very badly by the community. Therefore Firefox will be no longer installed by default inside Kicksecure in a future version as soon as Dev/browser-choice has been implemented.

Based on: Not based on any other browser.

User documentation: Firefox

More technical details: See Original Firefox (developers).

Advantages:

• Anti-browser fingerprinting: Makes it harder for websites to track you based on your browser’s settings. This helps protect your privacy.
• Security features: Includes a "security level" setting that lets you choose stronger protection. Higher levels may break some websites but offer better security.
• Installation: Debian package repository available. This allows users on Debian-based systems, including Kicksecure, to easily install and update Mullvad Browser using tools like apt.

Disadvantages:

• ESR

Why not default in Kicksecure:

• Not vendor neutral
  • Includes Mullvad branding, uses Mullvad DNS by default, and promotes its VPN service, tying it to a specific commercial provider.
  • Creates potential reputational risks for Kicksecure by suggesting endorsement or sponsorship by a VPN company.
  • Could lead to user suspicion of paid promotion, harming the project's perception of independence and trustworthiness.

Based on: Base Browser, which is based on Firefox ESR.

User documentation: Mullvad Browser

More technical details: Mullvad Browser (developers)

Advantages:

• Same privacy and security benefits as Mullvad Browser.

Disadvantages:

• Cannot be installed or updated using the usual Debian software tools yet. ^[1]
• ESR

Why not default in Kicksecure:

• Sends all web traffic through the Tor network. This is good for anonymity (like in Whonix), but Kicksecure needs a regular (clearnet) browser instead.

Based on: Base Browser, which is based on Firefox ESR.

User documentation: Tor Browser

More technical details: Tor Browser (developers)

Advantages:

• Built-in ad blocker: Brave includes an advertisement blocker by default, which helps reduce tracking and speeds up web browsing.

Disadvantages:

• Ad-funded business model: Despite blocking ads, Brave is itself an advertising company. It replaces traditional ads with its own ad system.
  • Brave Business Model on Wikipedia
• Controversies: Brave has faced criticism for certain business decisions and privacy concerns.
  • Brave Controversies on Wikipedia

Why not default in Kicksecure:

• Because of disadvantages listed above.

Based on: Chromium.

User documentation: Brave Browser

More technical details: Brave Browser (developers)

Advantages:

• Firefox Rapid Release instead of ESR.

Disadvantages:

• LibreWolf - Lack of Radio Silence as a Development Goal
• LibreWolf - IJWY (I Just Want You To Shut Up) Feature Removal

Why not default in Kicksecure:

• Due to disadvantages listed above.

Based on: Firefox Rapid Release

User documentation: No dedicated wiki page (yet).

More technical details: See LibreWolf (developers).

Other browsers might be listed on Kicksecure Default Browser - Development Considerations.

The situation is clearly unsatisfactory. Here is what users can do:

• Stay in the loop. Subscribe to relevant discussions.
• Conduct deep research.
• Stay vigilant.
• Demand transparency.
• Demand radio silence.
• Support Geminispace‎, SmolNet.
• Wait for privacy-respecting browsers to become available.

Market Stance: Using any browser other than Firefox or Chrome(ium) is seen by some as a stand against the dominance of Firefox and Chrome.

Browsers based on Firefox ESR might be less secure than browsers based on Firefox Rapid Release, see Firefox Security - ESR (Extended Support Release) versus Rapid Release.

Browsers that are non-freedom software (closed source) (not Open Source) are only briefly mentioned and discouraged. See also Reasons for Freedom Software / Open Source.

The vault domain is an ultimately trusted one where I generate and keep all my passwords (using keepass) and master GPG keys. Of course, this vault domain has no networking access. Most of those passwords, such as the email server access password is also kept in the specific domains which uses them, such as the work domain, and more specifically in the Thunderbird client (there is absolutely no point in not allowing e.g. Thunderbird to remember the password – if it got compromised it would just steal it the next time I manually enter it)Joanna Rutkowska, security researcher and founder of Qubes OS blog post Partitioning my digital life into security domains

• Low value account passwords:
  • Such as news websites' login walls, forums, Reddit to ask for support, recommendations, accounts unlikely to get hacked, with no personal relationships, and no financial impact.
  • The browser built-in password manager can be used without hesitation for convenience.
• High value passwords
  • Such as bank accounts.
  • The browser built-in password manager might have some caveats, such as:
    • synchronization: The user might want to disable synchronization when using high value passwords to avoid uploading the passwords to the browser vendor's cloud, even if encrypted, in case of security issues with their implementation.
    • local encryption: The browser's local encryption of the password database might not be as strong as Full Disk Encryption (FDE). Therefore, FDE might be preferable.

The following topics are for Advanced Users only.

Can browser be frozen by heavy JavaScript as an attack? Other vulnerabilities? What happens if JavaScript is constantly fetched or if the browser's DOM is 1 GB++ large?

• Vulnerabilities
  1. Infinite Loops / Infinite Recursion : while(true) {} can cause the browser to freeze and function recursive() { recursive(); } can crash the browser due to stack overflow. There are safeguards in place in modern browsers but it's still a risk especially if combined with other attacks
  2. Memory consumption : By creating an extremely large DOM or an extremely large array the memory can be consumed leading to slowdown of the OS or crash of the browser
  3. Fetching humongous data : Constantly / infinitely fetching giant data files can slow down the browser or freeze it
  4. Forced reflows and layouts : By constantly changing huge parts of the layout of the page in short intervals the browser can be slowed down
  5. iframe overload : Creating a huge amount of iframes - even without source - and adding them to the page can slow down the browser
  6. iframe inception : an iframe references the same page it is on, which in turn creates another iframe that references the same page, and so on. This can lead to an infinite loop, causing the browser to consume significant resources and potentially become unresponsive or crash.
• These are the most common and even some less likely DDOS vulnerabilites for the browser. Most modern browsers are safeguarded against this as much as possible. But as there is often no way to differentiate if a huge memory consumption is benevolent or malevolent the browser has to accept most of these commands
• In the past Javascript was more powerful in the browsers giving it some OS access. But due to virusses and malware all browsers now use a sandbox to severely limit Javascript capabilities

SSH Documentation Browser-choice Previous page: SSH Index page: Documentation Next page: Browser-choice

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!