Simple Wireshark test.. Kudos to palemoon

General project discussion.
Use this as a last resort if your topic does not fit in any of the other boards but it still on-topic.
Forum rules
This General Discussion board is meant for topics that are still relevant to Pale Moon, web browsers, browser tech, UXP applications, and related, but don't have a more fitting board available.

Please stick to the relevance of this forum here, which focuses on everything around the Pale Moon project and its user community. "Random" subjects don't belong here, and should be posted in the Off-Topic board.
freedom4all
Moonbather
Moonbather
Posts: 51
Joined: 2022-11-08, 03:11

Simple Wireshark test.. Kudos to palemoon

Unread post by freedom4all » 2022-11-10, 15:58

I just ran a little test between Firefox vs Palemoon in Wireshark to analyze what packets are sent out upon launching the application in the most minimal state possible.

I launched each application in safe mode (extensions off) to about:blank and monitored packets going in and out.

Code: Select all

firefox --safe-mode about:blank
palemoon --safe-mode about:blank
Results:

Firefox - Within 5 seconds, over 500 packets and outgoing payloads containing significant amounts of encrypted data containing who knows what. Destination IPs point to Google Cloud servers, Amazon servers, Mozilla servers, etc. To be fair, most of it seemed to be relatively harmless and related to security/sync. One to Mozilla Contile Tile Service (ad partners). A lot of activity nevertheless.

Pale Moon - Nothing. A blank log. Not a single solitary packet to be found.

Good job Pale Moon :thumbup:

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2183
Joined: 2018-05-05, 13:29

Re: Simple Wireshark test.. Kudos to palemoon

Unread post by vannilla » 2022-11-10, 17:20

Pale Moon has partnerships with a few third-party services, e.g. Start.me, so on a clean profile the browser might connect to sites that seem suspicious, but that's only because said third-party service does the request and not because it's coded within the browser itself like Firefox and Chrome (and clones) do.
In fact, if you didn't specify about:blank, you'd see the Start.me request traffic, which does connect to advertising services and other stuff.
Other than that, Pale Moon periodically connects to server(s) managed by Moonchild to check for updates, either for the browser itself, for extensions or for other stuff like dynamic SSUAOs.

freedom4all
Moonbather
Moonbather
Posts: 51
Joined: 2022-11-08, 03:11

Re: Simple Wireshark test.. Kudos to palemoon

Unread post by freedom4all » 2022-11-10, 19:06

said third-party service does the request and not because it's coded within the browser itself
This is what I was specifically looking for, and PM passed that test with flying colors. I do understand that start.me calls out to third parties, that's why I wanted to run a clean start on about:blank. Thanks for the info.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Simple Wireshark test.. Kudos to palemoon

Unread post by Moonchild » 2022-11-10, 21:38

Just be aware that Pale Moon will still contact servers even if you are not browsing, abut as stated those are for update checks and similar services.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

freedom4all
Moonbather
Moonbather
Posts: 51
Joined: 2022-11-08, 03:11

Re: Simple Wireshark test.. Kudos to palemoon

Unread post by freedom4all » 2022-11-10, 21:53

Update checks are not a big deal if that's all it's doing. Given your stance on https, I'm assuming this is all coming through in cleartext over http and easily inspectable.

Of course I'm just guessing at this point.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35481
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Simple Wireshark test.. Kudos to palemoon

Unread post by Moonchild » 2022-11-10, 23:41

freedom4all wrote:
2022-11-10, 21:53
I'm assuming this is all coming through in cleartext over http and easily inspectable.
No, it isn't, because in cleartext for application and extension updates there would be the risk of forged responses causing malicious update manifests that would compromise update and in turn application security. It's important that update manifests be served over https because of that.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 4942
Joined: 2015-12-09, 15:45
Contact:

Re: Simple Wireshark test.. Kudos to palemoon

Unread post by moonbat » 2022-11-11, 00:08

The best way to test both browsers' behavior out of the box is to create a fresh profile on each and launch using that, instead of safe mode. So you can monitor their behavior literally fresh and untouched by the user, when they run them for the first time.If you do that, you will see the start.me traffic, which as explained is due to the site and not baked into Pale Moon.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

Locked