Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is it worth it running the Tor Browser without Tor itself if I wanted a Firefox version without Mozilla, pocket and tracking?


I adapted a user.js template [1] that hardens Firefox by disabling a lot of features, including disabling Mozilla products like Pocket.

By default it is very strict though, so you will probably want to go through the config setting by setting and relax it a bit. Like enabling Webassembly and the search engine integration of the URL bar.

Most settings have inline comments explaining what they do and why they are chosen.

[1] https://github.com/pyllyukko/user.js


Yes. It disables many (all?) mozilla integrations such as password manager and intermediate certificate preload.

I prefer to use the story network with standard Firefox because I value the mozilla features except for Pocket.


Is there an extra fork for de-tored Tor Browser or do you just have to live with the warning that Tor is disabled?

I've heard that Whonix makes a custom tor based browser but I don't think it is supported anymore.


Waterfox is a decent de-Mozzila'd fork of Firefox


Yes. There is SecBrowser from Whonix which is actually a guide do to exactly that.

https://www.whonix.org/wiki/SecBrowser


There's also LibreWolf, which has a flatpak/AppImage and is more up to date with the latest Firefox - https://gitlab.com/librewolf-community/browser


I use GNU Icecat [1]. It is Firefox ESR rebranded, without Mozilla, tracking, pocket, etc. Please note that it does come with some fairly opinionated addons. LibreJS blocks all nonfree javascript for example. You can of course disable these addons if you find them too cumbersome.

[1] https://www.gnu.org/software/gnuzilla/


No. It's a hacked up, out of date, insecure version of Firefox. It is the opposite of worth it to ever run Tor Browser.


I'm not sure where you got the idea that it's out of date. It's based on Firefox ESR and is kept up to date with upstream patches. I'm also not sure how you came to the conclusion that it's "hacked up", considering many of its privacy enhancing patches made it into Firefox.


ESR is basically a stripped and reconfigured browser for organizational deployments where the trade-offs and defaults are geared towards organizational efficiency and management issues, not individual security and privacy. It pretty much says so right on the tin. It's a weird thing to use that as a starting point for a supposedly security and privacy-focused browser. That's before they add their own cruft.

Tor Browser is the browser equivalent of adding sparklers around the gas tank of a Ford Pinto and then claiming you've now got a vehicle uniquely suited for demolition derbies and bank robberies.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: