How secure and private is Palemoon Vs other browsers?

[GREGBKK]

Hi guys, go easy on me please. I’m a long-time Palemoon user that doesn’t have a lot of technical knowledge regarding browsers and doesn’t pretend to.


With all the media attention regarding privacy, I’ve noticed a new browser (Brave) that claims to be as private as possible.
I got to wondering: what steps does Palemoon take regarding privacy? Is it more private than, say FF?

I’m aware of basic steps such as requesting not to be tracked and warning if sites try to install add-ons? Are there any other things that layman users should be aware of?

Does PM take steps to avoid the backdoor hacks the NSA allegedly use in other browsers?

Don’t worry I’m not a paranoid, just curious.

Keep up the great work,
Greg

[adisib]

With all the media attention regarding privacy, I’ve noticed a new browser (Brave) that claims to be as private as possible.

I am under the impression that Brave places its own ads into webpages. This would automatically make me consider any claims to privacy as dubious, but I'm not familiar with the browser.

I got to wondering: what steps does Palemoon take regarding privacy? Is it more private than, say FF?

Firefox has a built-in tracker-blocking feature, and Pale Moon does not. However, there are addons available (such as uBlock Origin) that will block trackers as well or better than what Firefox offers. Firefox includes telemetry, which means it collects data about users and so is a privacy concern, but Pale Moon does not include telemetry. Pale Moon's community is also dominated by privacy-conscious users, and Pale Moon's philosophy highly values user's needs and requests. As a result, it is a very privacy-conscious browser, and has done things such as implementing a canvas data poisoning option due to being requested, where you would need an extension for this in Firefox. Pale Moon also uses DuckDuckGo as the default search engine which is privacy focused; Firefox does not use a privacy focused search engine by default, nor does Brave. If you are trying to choose a browser primarily for privacy concerns, Pale Moon is the one I would recommend.

You mentioned security as well in the page title, and this was mentioned previously:

On top of that we are ahead of the curve in terms of security-conscious development and configuration. Sometimes to the chagrin of our users if we e.g. disable insecure ciphers before the "main [browsers]" do, even if they are known to be weak.

I’m aware of basic steps such as requesting not to be tracked and warning if sites try to install add-ons? Are there any other things that layman users should be aware of?

If you want to increase privacy, you will want to look at addons. You can see a list of privacy and security addons that specifically target Pale Moon here:
https://addons.palemoon.org/extensions/ ... -security/
I would recommend using uBlock Origin if you are not already (and be sure to consider whitelisting the Pale Moon website and forum if you use it to block ads).

[GREGBKK]

A very comprehensive answer, thank you! I will look into the suggestions you made.

[snertev]

If Forefox devs will implement this:

https://groups.google.com/forum/#!topic ... 1gMQeMEL0w

it would be the final step towards a "opt-out privacy" lie any chrome browser.

It's rather disturbing.

I've finally uninstalled Firefox from my PC because I thin Mozilla Corporation is not respecting Mozilla Foundation's Manifesto anymore: "Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional."

[Moonchild]

I don't think they've followed their own manifesto since the first day they posted it.

[snertev]

I don't think they've followed their own manifesto since the first day they posted it.

The main problem is that they pretend Firefox is a privacy champion.

Before uninstalling, I had found two new entries for telemetry in about:config:

toolkit.telemetry.newProfilePing.enabled
toolkit.telemetry.shutdownPingSender.enabled

No warning at all, they simply are there.

BTW, telemetry.unified is still set to TRUE without any opt-in request in STABLE branch of Firefox...

[Moonchild]

Don't forget Firefox also has a bunch of partnerships and 3rd party code in it, that are all subject to their own privacy policies.
e.g. geolocation uses Google, which collects information about local networks (including wifi access points) that is all sent across to them. While this may theoretically allow very accurate locations, it is also a collection of data that is not public otherwise.
Another example is e.g. pocket.

[snertev]

Don't forget Firefox also has a bunch of partnerships and 3rd party code in it, that are all subject to their own privacy policies.
e.g. geolocation uses Google, which collects information about local networks (including wifi access points) that is all sent across to them. While this may theoretically allow very accurate locations, it is also a collection of data that is not public otherwise.
Another example is e.g. pocket.

And those "service workers" that do "things".

[Moonraker]

I don't think they've followed their own manifesto since the first day they posted it.

The main problem is that they pretend Firefox is a privacy champion.

Before uninstalling, I had found two new entries for telemetry in about:config:

toolkit.telemetry.newProfilePing.enabled
toolkit.telemetry.shutdownPingSender.enabled

No warning at all, they simply are there.

BTW, telemetry.unified is still set to TRUE without any opt-in request in STABLE branch of Firefox...

In all fairness if such paranoid privacy is of such eminence to you then you could of entered about:config,done a search for telemetry and disabled them yourself.
100% privacy is non existent.
For example users try to hide themselves with the browser but your ISP provider has you located off the bat especially with static landline connections.

I find it odd that people try to anonymise themselves on the internet but are quite willing to fill in paper forms to unknown organisations.

[snertev]

In all fairness if such paranoid privacy is of such eminence to you then you could of entered about:config,done a search for telemetry and disabled them yourself.

In fact, I did so. In this way I found the new telemetry entries.

However, people should know of their existence and decide on their own if they want share something or not.

Opt-ot tracking features works because of average user's apathy, until they discover their habits are tracked in a way they don't like.

You know, civil rights must be protected even on behalf of those people who don't care (now).

100% privacy is non existent.

Sure. I'm looking for a reasonable privacy.

Mozilla Corp has no reason to look at my browsing history without consent. It's not their business. Period.

For example users try to hide themselves with the browser but your ISP provider has you located off the bat especially with static landline connections.

For that reason God created VPNs and HTTPS connections. They are not perfect, you have to trust your VPN provider and website owners, but they give reasonable privacy against ISP that collect big data.

I find it odd that people try to anonymise themselves on the internet but are quite willing to fill in paper forms to unknown organisations.

Pay attention, privacy is not anonymization.

Anonymization is like you're walking along a street with a mask on your face.

Privacy is like you put curtains on your home's windows. Everybody knows you live in that house, but it's not their business what happens inside.

Are "you" commiting a crime in your house? Well, there is that thing called warrant, signed by a judge, that authorizes police and other state authorities to search for evidence inside your sweet home or to intercept your communications.

[Moonspirit]

Personally I think Brave is garbage. Like I said in another post I also have it on my PC, but I hardly use it. It is way too buggy, has very few Extensions and the only ones they do have are Corporate style "Fremium" Password managers. Add to that there is no customization available what so ever. People are over hyping the browser too much and are blinding themselves by the claim of it being Open Source and for Crypto Currency and privacy. All Brave is, is another corporation using the current political climate to it's advantage. At the bottom of their page it says "Brave Software Inc" and you add to that they control everything about the browser and do not give users any control and that should tell you something.

[joe04]

specific info on Local Storage settings, which pertains to privacy:
viewtopic.php?f=19&t=16475

[GREGBKK]

Personally I think Brave is garbage. Like I said in another post I also have it on my PC, but I hardly use it. It is way too buggy, has very few Extensions and the only ones they do have are Corporate style "Fremium" Password managers. Add to that there is no customization available what so ever. People are over hyping the browser too much and are blinding themselves by the claim of it being Open Source and for Crypto Currency and privacy. All Brave is, is another corporation using the current political climate to it's advantage. At the bottom of their page it says "Brave Software Inc" and you add to that they control everything about the browser and do not give users any control and that should tell you something.

In fairness they are at a very early stage of development, no?

[adesh]

Direction for a project is set well before the first line of code is written. Later you can add features, change UI, do round corners, implement this and that, but it's hard to change the motivation for the browser.

[TwoTankAmin]

I am a privacy nut. P M is the only browser I use. To insure maximum privacy I also:

Do not register with nor use social media sites.
Do not use a smart phone (I do own a flip phone for voice when away from home).
Do not use the cloud.
Download very, very little.
Delete any email with an attachment without opening it that is not expected (or pre-cleared).
Have never owned anything made by Apple.
Am not registered with Google in any way and use none of their software.
Windows 7 is the last Microsoft OS I will use unless they make changes they never will.
Do not game online except for poker (and then only for play money).

I do still have a copy of FF ver 28, it is my only so called back-up browser. I think I open it fewer than 10 times a year. I only do so to determine if something that wont load is broken or the issue is with P M. The lesson from this is that I also run across sites which will work with FF 28 but insist P M is not safe to use. If you think most sites give a rats butt about your privacy or security, I have an Atari Super Computer I could sell you for $5,000. It also plays Pong if you have a TV........ (Aside: we had the very first model Pong game released.)

I often see the saying, in reference to things digital, that, "If you did not pay for the product, then you are the product." But I think that no longer applies. Even when you pay for it, you are still the product.

Because Pale Moon is the best browser available in regards to respecting user privacy and security, please consider donating your time and/or money to help insure this browser will remain available for as long as possible. If you cannot do that, consider turning off your ad blocker (or white listing) when visiting Pale Moon pages.

[Moonraker]

Interesting post and thanks.Just to add if privacy is paramount to you then have you considered switching from windows to linux or bsd.?

[Moonchild]

Interesting post and thanks.Just to add if privacy is paramount to you then have you considered switching from windows to linux or bsd.?

Off-topic:
Totally off-topic here, and let me just say that Linux or any other UNIX-like O.S. isn't a magic wand when it comes to either security or privacy. In fact, setting up a Linux system is so opaque that many people on Linux aren't even aware that out-of-the-box configurations of installed applications are often not secure, with no indicator of when, how or why to reconfigure for the average user. Let alone base installations for servers (leading to e.g. the massive issue of open SMTP and Web relays on the internet)

[Moonraker]

thanks for that insight moonchild.i must add i do find linux more stable for me than windows but of course mileage may vary for different people.

[TwoTankAmin]

@Moonraker
I am planning to move to Linux between now and the end of life for Win 7. I would stop using the internet before I would ever use Win 10. But based on the sort of warnings Moonchild offered, I would likely pay somebody to set Linux up for me to insure it ran as securely as possible.

I am still using the classic windows layout. I don't do tabbed browsing. My needs are basic, so any moderately useful OS might do. I see Windows 10 as a combination of bloatware/spyware/malware. But then most of the alternatives are not much better. The one potential advantage I see to Linux is is is basically to smaller a target for serious hackers and bad actors. it is less profitable or disruptive to hack something Google, Microsoft, Apple etc. than something Linux. That doesn't mean its safe, just safer than the popular platforms.

But when it comes to browsers. IE, Chrome and FireFox are unusable imo. Since Edge only works with Win 10. it isn't even in the realm of possibility. The other niche browsers seem to need to get into bed with other providers and/or advertisers. So despite their claims, they really are not much better. And then there is that whole niche thing relative to security. Pale Moon is not going to be a prime target for those out to do harm.

And then there is the final advantage to P M over the rest. The person responsible for it will actually talk to users. So ask yourself who you think is more trustworthy. Somehow I doubt anybody at Microsoft gives hoot about anything but towing the company line and making Microsoft more profitable. These days Microsoft does not respect you, does not care what you want and will lie all day long if they believe its will make them a one more dollar. They were not always like this. Consider what the two founders of Microsoft have been doing for the past 10+ years. One other hand, I have not seen anything like the Microsoft attitude from Moonchild. Either he is the worlds best con artist or else he is exactly what he appears to be. That makes me either a big sucker or a smart user in my choice of browser. Since I have not been hacked, not seen any directed ads, not gotten loads of spam emails since I began using P M a few years back, I opt for the latter.

As always. this is just one user's opinion here.

[Night Wing]

I am planning to move to Linux between now and the end of life for Win 7. I would stop using the internet before I would ever use Win 10. But based on the sort of warnings Moonchild offered, I would likely pay somebody to set Linux up for me to insure it ran as securely as possible.

One of the easiest and most friendly of all linux distros is linux Mint. Below is a long 56 minute video starting with downloading, installing and configuring linux Mint. And since I'm no linux power user, if I can use and configure linux Mint, anybody can. So you really don't need to pay anyone to do it for you if you ever choose Mint.

In the video, Cinnamon is his choice, but Xfce is another good choice. I use Mint with the Xfce desktop environment. BTW, I don't use linux Virtual Box. All of my four computers have two hard drives for each computer so I install linux Mint on one of the two hard drives. The second hard drive is installed with Windows 7. I'm not a fan of running two operating systems on one hard drive.

https://www.youtube.com/watch?v=HhHu-1glWps