Waterfox – 'Spyware Level: High'

Waterfox is a fork of Firefox and i used to use it until it gave me problems that Firefox didn't. Waterfox made its mark as a speedy, 64 bit version of Firefox before there was a 64 bit version of Firefox. More recently the developer started focusing on privacy, or so he claims. I was quite surprised when i ran across this today:

Waterfox – Spyware Level: High

To be clear, the 'spyware' that is claimed to exist in Waterfox is mostly the same kind of stuff that Mozilla Firefox does before it's beaten into submission; phoning home, update checks, search engine shenanigans, etc., but in my book some of that stuff is malware/spyware.

The article is a year old and maybe some of this stuff has been addressed, but not all of it has to my knowledge. Here's some highlights…

If you start up Waterfox for the first time, it will make 109 requests[5] to several spyware platforms, most notably Google Analytics, and Mozilla online services like its Geolocation service, and several other Mozilla services, as well as Waterfox's own update service.

[…] […] Waterfox's privacy policy does not necessarily reflect what information the browser currently collects. The lack of detail and clarity in the privacy policy is also very concerning.


By default Waterfox is using the spyware search engine Bing. Why would a privacy-based Web Browser offer this search engine by default? The other offered search engines are not much better- we have the option of searching with Google, which also logs your internet searches, and Ecosia, which also logs your internet searches (but it gives them to Bing).

And just a note to those who subscribe to new post notifications via email; if you haven't seen the boo-boo i made, please read this.

Tor verses a VPN – Which is right for you?

This article assumes you have a basic understanding of The Onion Router (Tor) and Virtual Private Networks (VPN), as well as a desire to protect your privacy on the Wild World Web. Please visit those links if you're not familiar with Tor and/or a VPN.

Having chosen to not take refuge under a large, dense object for the last several years (not that i'd blame you), you're probably aware of how fragile privacy has become in the digital age. At the network level a lot of people (including Ed) recommend The Onion Router (Tor) in order to better protect ones privacy, while others prefer using a Virtual Private Network (VPN). If you're wondering what i recommend, i don't; i'll leave that up to you to since it's not a one-size-fits-all thing. Here i'd just like to point out some of the differences between the two because Tor has certain distinct advantages that VPNs lack, and vise-versa. Consider the following…

  • Using the Tor network is free, as is the Tor Browser which is a privacy and security hardened version of Firefox used to connect to the network. The Tor Project source code is public and the servers are run by volunteers, some of which may be malicious, however there is debate as to how much damage a malicious node can do. Using a VPN will cost you roughly $5 to $10 per month and many of the companies providing VPN services are also highly unethical (never trust a "free" VPN provider).
  • While it is true that no VPN can be fully trusted regarding security and privacy, this is technically true with Tor as well. We know there is a massive amount of money to be made in the malware department and vendors, many of which sell exploits to governments and intelligence communities, have little or no incentive to disclose the vulnerabilities they discover. These vulnerabilities can remain secret for weeks, months, or years. Knowing this, i think it is dangerously illogical to conclude that anything is secure, including Tor, though Tor is quite possibly generally more secure than even the best VPN.
  • Picking a bad VPN that logs traffic and doesn't respect your privacy is easier than getting your drone stuck in a tree, however there is only one Tor Project and one Tor Browser and they are widely trusted, in part because the source code is public.
  • When using the Tor network, it is strongly suggested to use the Tor Browser in its default configuration. Remaining anonymous on the network depends largely on uniformity and so, with few exceptions, you can kiss your beloved add-ons goodbye. With a VPN one has more choices as to what browser and add-ons they use, though these choices must be weighed carefully.
  • Avoiding browser fingerprinting and tracking is much easier to achieve with Tor, while preventing fingerprinting outside of Tor is quite difficult whether using a VPN or not. In both cases however, the websites you visit will not know your physical location and will be less able to fingerprint and track your browser as long as you take some necessary precautions. That said, nothing can protect your privacy completely if you log on to privacy hating platforms like Facebook, Instagram, Twitter, etc., using your real identity or the same credentials you used prior to using Tor or a VPN.
  • Because of the layers of encryption that Tor employs, bandwidth limitations, the load on the nodes, etc., Tor will generally provide a slower web experience, higher latency, and a less stable connection than a good VPN would. This problem is exacerbated if one adds more nodes to the Tor circuit (three nodes is considered the minimum).
  • Tor may insulate users from a malicious operator better than a VPN, partly because a Tor circuit is composed of multiple nodes whereas a VPN usually presents a single point of attack. Though some VPN providers offer an option to route traffic through more than one node, all the nodes are controlled by the same company.
  • Different people require different levels of privacy. A journalist wishing to communicate privately with a source is probably better able to protect the identity of their source and the content of their communication using Tor verses a VPN. On the other hand, someone wanting to download copyrighted content whilst avoiding nasty-grams from their ISP, or stream high resolution videos or most other non-sensitive and bandwidth intensive operations, may be better off with a VPN. For example, torrenting is actually discouraged on the Tor network because of bandwidth and other limitations.
  • With Tor it is non-trivial (and ill advised) to choose what exit node you want to use, whereas any good VPN provider will allow you to connect to any of their servers with just a couple of clicks using their client software. One advantage of being able to choose among servers is the ability to watch videos or access other content which is blocked in a particular geographical region.
  • VPN client software may not be open source and may not respect your privacy even if it is, though any good VPN provider will allow connections using other methods, such as with OpenVPN. This issue is non-existent with Tor and the Tor Browser.
  • Both Tor exit nodes and VPN nodes are subject to having their IP addresses blacklisted, meaning a website may deny access. In the case of a VPN this is fairly rare in my experience, however those who shop and do their banking online are more likely to have trouble with either Tor or a VPN, though the problem may be exacerbated with Tor.
  • Choosing to use Tor is a simple yes or no decision, while choosing to use a VPN may require some serious research in order to locate a good and trustworthy provider. The VPN market seems to be exploding and so are the number of ethically retarded providers. Be careful when reading VPN "reviews" because many of them are written by VPN providers "reviewing" their own service, bashing another providers service, or by paid bloggers.

Personal notes:

Because of the garbage disseminated in the mainstream media, much of the public sees Tor as being synonymous with the 'Dark Web' which many believe is nothing more than a haven for criminals. Tor is simply a tool and, like any tool, it can be used by bad people to do bad things or good people to do good things. For the average person wanting to protect their privacy, the Tor network simply provides a portal to access the same websites one visits every day, but in a more private and secure way. For those who are at risk of being persecuted, such as a whistle-blower disclosing highly sensitive information, Tor can be a life saver, literally. That said, yes, there is a 'deep' or 'dark' web that is accessible primarily through Tor and while some of the content available there is indeed illegal and extremely offensive, there is also a lot of quality content which is otherwise censored on the regular web.

Some people believe that Tor will attract the attention of the intelligence community. While it is apparently true that using encryption will raise the eyebrow of 'The Man', such criminal spying on the public by governments is not at all limited to those using Tor. More importantly, our inherent right of free speech is under attack simply because people believe they are being watched and therefore they self-censor. This is a very dangerous thing because we cannot work toward a truly free and transparent society if our ability to communicate is compromised.

Lastly, i am very hesitant to recommend a VPN provider if you decide to go that route, however in the interest of hopefully steering you away from much of the garbage, i will say that i have used and liked AirVPN. I currently use NordVPN, but i'm not convinced the company is fully transparent. Many seem to speak very highly of Mullvad VPN, though i have no experience with them. See the resources below for more information.

Resources, Tor:

Resources, VPN:

Resources, miscellaneous:

Firefox user-overrides.js updated

I issued a small update to my user-overrides.js (click here and press Ctrl+S to grab the file). Change log follows…

 * added 'dom.targetBlankNoOpener.enabled'
 * added 'font.name.serif.x-unicode'
 * added 'font.name.serif.x-western'
 * removed 'network.trr.uri'
 * removed 'network.trr.bootstrapAddress'
 * removed redundant pref
 * set 'webgl.disabled' to 'false'
 * minor pref description edits

New: A privacy-centric configuration file for Thunderbird!

A very thoughtful 'dngray' forked the ghacks-user.js repository for Firefox and created a privacy-centric version for Thunderbird over at the ghacks-thunderbird-user.js repository on GitHub, so go grab it!

If you want a script to update the user.js, and you run Linux, you can copy the code i left in this issue and paste it to a new file named 'updater.sh' in your Thunderbird profile directory (don't forget to make it executable).

If you want to use my personal preferences on top of those in the user.js, grab my user-overrides.js at my GitLab repository, then run the updater.sh script and it will append that stuff to your user.js.

This is all a bit experimental at the moment, so leave a comment if you have any issues.

Lastly, if you want to made aware of updates to my user-overrides.js, here's what you can do…

  • If you're already receiving email notifications for this website, click the 'To change the categories you're subscribed to, go here:' link in the email notification you received for this post and make sure you're subscribed to the Thunderbird category
  • If you're a new subscriber, go to the Subscribe page and add you name (optional) and email address in the 'Post notifications' section. You'll receive an email from which you can edit your subscription.

Note that i decided to notify those that are subscribed to the Firefox category about this post since i'm guessing some/all of you will be interested in the Thunderbird stuff. I won't bother Firefox subscribers again, so make sure to edit your notification subscriptions to hear about Thunderbird stuff in the future.

Minor update: Firefox Configuration Guide for Privacy Freaks and Performance Buffs

Made a few small changes to both the Firefox Configuration Guide for Privacy Freaks and Performance Buffs and the The Firefox Privacy Guide For Dummies!. There's no need to revisit them if you've already read them, but there is one IMPORTANT addition i want to highlight: Neither of my Firefox configuration guides should be used with the Tor browser! Doing so can cause a serious risk to your privacy.

I should've made that clear long ago, however i personally don't use Tor and so i wasn't really aware of the risks associated with installing certain add-ons with the Tor browser (which is Firefox, or a derivative thereof). Plus i'm not sure how how compatible the 'ghacks' user.js is with the Tor browser, much less my personal supplements.