dialhome-study/browser-network-insights: they have played us for absolute fools
Set up a framework to fully man-in-the-middle my own browsers' networking and see what they're up to beyond just looking at their DNS queries and encrypted tcp packets. We force the browser to trust our mitmproxy cacert so we can peek inside cleartext traffic and made it conveniently reproducible and extensible.
It has containers for official Firefox, its Debian version, and some other FF derivatives that market a focus on privacy or security. Might add a few more of those or do the chromium family later - if you read the thing and want more then please let us know what you want to see under the lens in a future update!
Tests were run against a basic protocol for each of them and results are aggregated at the end of the post.
Posting with ambition that this can trigger some follow-ups sharing derived or similar things. Maybe someone could make a viral blog post by doing some deeper tests and making their results digestible ;)
Cross-post. Original Thread @ discuss.tchncs.de/post/5384551…
browser-network-insights/README.md at main
browser-network-insights - they have played us for absolute foolsCodeberg.org
like this
machiavellian
in reply to ken • • •MonkderVierte
in reply to machiavellian • • •ken
in reply to MonkderVierte • • •What are you curious about with Dillo And Netsurf? Isn't it safe to assume at this point they will both be
0across the board for all the queries in the report?I think we need a different testing protocol for them to be interesting to include. AFAIK they don't have add-ons that could be interesting to test either? Do you have any suggestion for step(s) you think could be added to the test in order to make those meaningful to include? Or is my assumption about Dillo and Netsurf out of date?
MonkderVierte
in reply to ken • • •ken
in reply to machiavellian • • •marcie (she/her)
in reply to ken • • •ken
in reply to marcie (she/her) • • •Assuming you mean the Mullvad extension (which is installed by default in MB) and not the Mullvad VPN app (which also exists but never came close to these machines) :)
That will indeed likely make a difference on Mullvad Browser numbers. However for now I'm not changing the "keep addons at stock defaults" invariant or the test matrix might get really out of hand.. Should we disable uBlock Origin in LibreWolf? How about uBO or NoSccript in Mullvad then? Konform Browser loads uBO but only if its apt package is installed; should we do that? What happens when we try to explicitly opt out of everything under Preferences in Firefox? I guess the last one is something to actually consider but for now not touching the addons.
(Would be super cool if anyone else tries this out and reports back though! The compose should hopefully be straight forward and easy to get started with if you are on Linux and have podman available. The report mentions it TL;DR we had to work around the oBO install in LW not properly utilizing the proxy (?)
... Show more...Assuming you mean the Mullvad extension (which is installed by default in MB) and not the Mullvad VPN app (which also exists but never came close to these machines) :)
That will indeed likely make a difference on Mullvad Browser numbers. However for now I'm not changing the "keep addons at stock defaults" invariant or the test matrix might get really out of hand.. Should we disable uBlock Origin in LibreWolf? How about uBO or NoSccript in Mullvad then? Konform Browser loads uBO but only if its apt package is installed; should we do that? What happens when we try to explicitly opt out of everything under Preferences in Firefox? I guess the last one is something to actually consider but for now not touching the addons.
(Would be super cool if anyone else tries this out and reports back though! The compose should hopefully be straight forward and easy to get started with if you are on Linux and have podman available. The report mentions it TL;DR we had to work around the oBO install in LW not properly utilizing the proxy (?) like this and I think same approach could be used to
UninstallMullvad extension from Mullvad Browser and prevent it from even loading)browser-network-insights/compose/images/librewolf/policies.json at main
Codeberg.orgScoffingLizard
in reply to ken • • •ken
in reply to ScoffingLizard • • •Daily-driving it now. I think it's great. If you're somewhat familiar with the landscape otherwise I think readme explains how it's different and why. If you don't mind losing out on some "safety"^1^ and latest upstream features^2^ for the sake of a more stable and predictable base, not having reliance on proprietary integrations or even internet, and really removing all non-essential network integrations, then definitely worth a try!
^1^: A surprising amount of people think (or at least write online) that a browser that doesn't block user requests completely aligned with the Google SafeBrowsing blocklists is unsafe and that doing those syncs is an essential feature. If you think this is the only safe default option in 2026 I'm sorry but please consider uBlock Origin. See how opinions on who to trust can affect what "most secure" means. Konform Browser removes many assumptions of trust. But not all; Everyone still comes with an assumed PKI after all and there e
... Show more...Daily-driving it now. I think it's great. If you're somewhat familiar with the landscape otherwise I think readme explains how it's different and why. If you don't mind losing out on some "safety"^1^ and latest upstream features^2^ for the sake of a more stable and predictable base, not having reliance on proprietary integrations or even internet, and really removing all non-essential network integrations, then definitely worth a try!
^1^: A surprising amount of people think (or at least write online) that a browser that doesn't block user requests completely aligned with the Google SafeBrowsing blocklists is unsafe and that doing those syncs is an essential feature. If you think this is the only safe default option in 2026 I'm sorry but please consider uBlock Origin. See how opinions on who to trust can affect what "most secure" means. Konform Browser removes many assumptions of trust. But not all; Everyone still comes with an assumed PKI after all and there exists a default for DNS.
^2^: Since it's ESR base it means new feature updates from Mozilla ~yearly instead of ~monthly. Still receiving security updates on the rapid schedule. No AI features out of the box.
source
Codeberg.orgken
in reply to ken • • •Disclaimer: Am konform dev so shouldn't be a surprise that it's working well for ourselves I guess. Eager to hear to what extent it's overfitted for our usage or really as great as I think it is ;)
BTW if you, dear reader, think queries in report of results are cherry-picked in a way that favors it (I don't think they are but hey, fair), I'm also eagerly accepting input and especially PRs for queries (still have the raw dumps so I can add this quickly) or steps to test procedure (this means I have to rerun all of them so might take longer to update) that could illustrate different tradeoffs and show a more complete picture. Bring it on ❤
ScoffingLizard
in reply to ken • • •ken
in reply to ScoffingLizard • • •