Saw a link to this in passing today:

https://privacytests.org/

Compares privacy test results for the main browsers. Never heard of
"Mullvad" or "Ungoogled" before though.

--
John C. No ad, CD, cripple, demo, nag, pay, pirated, share, spy,
time-limited, trial or web wares for me please.

So that I don't see them, I filter out crossposts (messages sent to
multiple newsgroups at a time) and from various trolls (like "al" AKA
"Bill Bennett".)
If you do the same, the group will be easier for you to read.

"John C." <r9jmg0@yahoo.com> wrote:

> Saw a link to this in passing today:
>
> https://privacytests.org/
>
> Compares privacy test results for the main browsers. Never heard of
> "Mullvad" or "Ungoogled" before though.

I use Firefox with uBlock Origin (uBO). Some features they say are
missing in Firefox are:

tracking data when you click a link (aka hyperlink auditing)
Disabled in uBlock Origin. See:
https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#disable-hyperlink-auditing
https://www.wilderssecurity.com/threads/hyperlink-auditing-aka-a-ping-and-beacon-aka-navigator-sendbeacon.364904/
While uBO disable hyperlink auditing, it sets an option within Firefox.
However, when I visited about:config, those settings are not bolded
which means they are their default values which disabled hyperlink
auditing.

insecure web site warning
upgradeable address
upgradeable hyperlink
Firefox has that despite what the privacytests claim. Enable HTTPS-only
mode. If you still visit lots of HTTP sites, you'll tire of the
intervening security prompts telling you HTTPS was not used.

upgradeable image
Even on HTTPS pages, image may come from HTTP sources. If you enable
this security option, you'll see lots of empty spots or placeholders in
a web page. It is superfluous security. The images a site is sending
you don't need to be encrypted.

GPC headers
Stupid. Oh yes, tell sites you don't want them selling your data.
Yeah, sure, those collecting your data would always obey this request.
Do you put a sign on your house door saying "To burglar: please don't
burgle these premises", too? Just as stupid as the Do Not Track header.

IP leak
All connections require the receiving host to know the IP address of the
sending host. A VPN can hide your WAN-side IP address of your
router/modem, but won't protect against Javascript that returns the IP
address of each of your intranet hosts.

Tor enabled
Tor *is* a variant of Firefox. Duh! Everything a Tor web browser can
do can also be done in Firefox.

removing URL args used for tracking
uBO already covers that in the blocklists which can be by domain, or
substrings in the URL, like args.

which web browser keep their DNS queries encrypted
Gee, interesting how they are completely blind to Firefox's option to
use DoH (DNS over HTTPS) to your choice of DoH-capable DNS servers.

I gave up on analyzing the rest of their tests. They are obviously
biased to the Brave web browser. For example, they neglect to mention
Brave includes its own blocklists, but don't test other web browser with
adblock add-ons. "filter lists sourced from the excellent work of the
Easylist, Easyprivacy, and uBlock Origin list maintainers"
(https://brave.com/privacy-updates/10-custom-filter-lists/). Well, same
blocklists uBO can use. So, you can use a web browser that subscribes
to the blocklists, or use an add-on that subscribes to them along with
additional features.

Don't see the tests mention CSP reports. uBO has an option for it. See
https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#block-csp-reports.

Also interesting is that they claim their tests are open source, yet
they provide no means for *YOU* to test their claims using your web
browser in your configuration of it. Their source code is at a Github
project site. So, you see someone claiming the privacy coverage of your
web browser, but you don't have the means of verifying their claims. If
they let me test my web browser similar to how benchmarking sites let me
test its performance then I'd consider their results to be significant.

On Wed, 17 Apr 2024 22:51:01 -0500, John C. <r9jmg0@yahoo.com> wrote:

> Saw a link to this in passing today:
>
> https://privacytests.org/
>
> Compares privacy test results for the main browsers. Never heard of
> "Mullvad" or "Ungoogled" before though.
>

I'm not too concerned with the default settings of Vivaldi, since I have uBlock Origin to block tracking.
The Gecko-based browsers are much better at fingerprinting resistance.
I posted in the past about an extension called JShelter.
It works very well for improving that in the Chromium-based browsers.

https://jshelter.org/

On Wed, 17 Apr 2024 20:51:01 -0700, John C. wrote:
> Saw a link to this in passing today:
>
> https://privacytests.org/
>
> Compares privacy test results for the main browsers. Never heard of
> "Mullvad" or "Ungoogled" before though.

Mullvad is Tor Browser minus the Tor.

https://blog.torproject.org/releasing-mullvad-browser/

https://mullvad.net/en/browser

But I DO NOT like it one bit, because it seems like it's trying to break out
of Sandboxie. My hunch tells me that, it's not telling us everything.

Ungoogled is Chromium without Google related "system addons" (read:
pre-bundled, uninstallable, unlisted [by default] browser extensions), and
without anything which phones home. i.e. no dictionary, no Safe Browsing,
etc. Yes my fellow victims, Safe Browsing is ACTUALLY a privacy leaker.
Remember: Google is evil.

https://chromium.woolyss.com/

Note: look for the magenta "ungoogled" tag on the download entries.

On Wed, 17 Apr 2024 23:34:15 -0500, VanguardLH wrote:
>
> Don't see the tests mention CSP reports. uBO has an option for it. See
> https://github.com/gorhill/uBlock/wiki/Dashboard:-Settings#block-csp-reports.

FYI, CSP is a one-sided security which only favors the website (sic). It is
an anti content-control at HTML level.