Chrome Betrayed You – How To Recover

Six months ago I wrote about browser security. Around the same time, Google automatically changed everyone’s “sync” settings, signing them into Chrome (i.e. Google’s browser tracking) whenever they signed into GMail, regardless of their previous setting. Even if you had previously turned off browser sync and never signed in. Again, without telling you. Of course they didn’t sign back OUT of the browser when you sign OUT of GMail.
And Google already had (and still has) a ton of trackers. They’re in the data business; they pay for Chrome by selling information about you.
You can almost keep Chrome somewhat private, but not when Google plays Silly-Buggers with settings like that, and as they talk about disabling ad blockers, because it’s impacting their tracking and revenue dontchaknow.
So… time to switch browsers.

But the other major player, Firefox, doesn’t have clean hands either.

From the Reality Dispatch perspective, another challenge is that Google has been exposed for working towards bias and Firefox (Mozilla) is doubling-down as a far-left propaganda site. (How you feel about these often depends on your political perspective, but either way, these companies are not agnostic. To quote Martin Niemöller :

First they came for the Communists
And I did not speak out
Because I was not a Communist
Then they came for the Socialists
And I did not speak out
Because I was not a Socialist
Then they came for the trade unionists
And I did not speak out
Because I was not a trade unionist
Then they came for the Jews
And I did not speak out
Because I was not a Jew
Then they came for me
And there was no one left
To speak out for me

Brave was founded by Brendan Eich, co-founder and eventual CEO of Mozilla, co-inventer of JavaScript, who was forced out of Mozilla for supporting Prop. 8 (banning same-sex marriage) in California… which won the election. Keep in mind that in that same timeframe, both Clintons and Obama also strongly supported “traditional marriage” to the exclusion of “same sex marriage”.

He founded Brave subsequently, while Mozilla remains a holier-than-thou “woke” company that has been caught lying about giving away your personal data… all while demonizing you for disagreeing.

The Alternatives

Chrome is “the standard” and Firefox is a distant, also-ran, second, but there are several types of alternatives. The hard part of writing a browser is the HTML processing engine. On an iOS device, your only option is Apple’s WebKit, which is why they all look the same and suck the same. But everywhere else, there are choices. With Chromium, an open source engine supported by Google, the main one. But Mozilla has had several, and there are other options too. Unfortunately, those other options are too slow and limited, so we’ll limit this to browsers you could conceivably actually use:

  • Iridium – a de-Googled and hardened Chromium-base browser.
  • Waterfox – Derived from a Firefox of days of old, providing “openness”
  • Pale Moon – Derived also from an older Firefox, but a different one, and with more active development
  • Brave – Which has switched engines, designed to be the “Privacy Browser”, currently Chromium based.

We aren’t looking at also-rans such as:

  • Opera – once a great browser, now owned by a Chinese company.
  • ungoogled-chromium – which you can’t actually use on Windows without building for yourself.
  • Gnu’s IceCat – which is focused more on being based on truly free software than on usability (which it fails at) or privacy (which is irrelevant if you can’t use it.)

The goals were specifically:

  • Is it usable?
    • With several problematic sites
  • Can I block media auto-play?
  • Can I import my bookmarks?

In the process of testing, a few other issues popped up. Read on for more.

Ignore The Hyperventilators

Unfortunately, the internet is awash in activists, agitators and screamers. The louder your voice, the more attention. “Grievance is”, they say, “authenticity.

Except it isn’t. Grievance is hypersensitivity and being a drama queen. There are quite a few “science is settled” lies that must be repeated these days. Joan Rivers used to say, Can we talk? but now there’s so much we can’t talk honestly about…

  • Male and female have different physiques. Changing your “identity” doesn’t change that.
  • Oh yeah, the physical impacts the brain. Different brains. We used to be able to acknowledge the math vs language gaps. But now?…
  • Everyone knows, from experience and from lore, that you sunburn faster right after winter than after a bunch of time in the sun, but dermatologists are required to repeat the lie that a base tan doesn’t protect you from a burn at all.
  • Even statistical correlations of populations, which could be used to concentrate resources (e.g. educational, crime prevention) where needed, cannot be considered, so we waste resources.

Similarly, we know that concerns over up-to-date browsers (in the weeks timeframe – multiples of years would be different) are overblown. The major attacks have not been via browser weaknesses, but by clueless users clicking-and-running stuff they shouldn’t. Which the malware/virus detection programs are getting better at catching.

This problem, of users clicking “OK” on every permission request, was caused by these same breathless idiots who insisted that every potentially damaging behavior, no matter how remote the risk, be associated with a warning and permission request. Users now have been conditioned to accept there is no risk and it must be done to accomplish anything. In short, so much crying wolf… So if you see charlatans claiming these alternatives are unsafe, consider whether they caused the problem and whether they seem to be thinking it through – or merely are issuing clickbait.

The Tests

My browsing environment probably doesn’t mimic yours. As you may recall from my previous articles, security requires a (small) bit of setup. I consider uBlock Origin essential. I hate auto-play media; I don’t want video or even audio assaulting me just because I went to a new page. And I want to be able to copy or get the link to whatever is on the page easily. But the page should also render accurately and reasonably quickly. That latter qualification is important in that it isn’t a race. You really shouldn’t care which browser is the fastest, as long as the one you use is fast enough. And, if you get accustomed to opening new links in background tabs, reading a different page while those load, the speed becomes even less important. And pop-up control… does the browser prevent some of the newer popups from bypassing the controls.

The Competition

Brave

Brave was created and positioned to be the “privacy browser.” They promised to not sell your data or information. But, of course, they have to make money. So they have their own ad platform, BAT (Basic Attention Token), which converts also to Etherium and Bitcoin, in theory monetizing you while protecting your identity. That’s right… they help you block ads, but want you to view the right ads.

Brave was initially Firefox-based, but now seems to be Chromium-based. This matters later. Brave does have a github repo and appears to be open-source.

Iridium

Iridium is an open attempt to protect you from Google and other trackers.

It is Chromium with the Google-phone-home bits removed and some other enhancements to the defaults. For those wanting ungoogled-chromium, this is the source of some of their patches… and it’s available for Windows.

(Unlike ungoogled-chromium.) The biggest ding against Iridium is that it is seldom (although recently as of this writing) updated.

Pale Moon

Pale Moon is the odd one of this list. It is forked from an older Firefox, but actively patched and maintained. It comes with apparent baggage in that the two primary developers, Moonchild and Matt Tobin, both have reputations as bomb-throwers in forums. Reality Dispatch must, of course, dive in to find the reality. And the reality is that Moonchild and Matt Tobin both are, well, usually right. They are arrogant and unyielding, but also frustrated (as is Reality Dispatch) that the internet grants a big platform to clueless idiots who yell a lot.

Waterfox

Waterfox is not really aimed at being tightened; it was designed to be more customizable, more controllable. It is forked from pre-Quantum Firefox.

The Tests

To verify the browsers, a few problematic goals and sites were chosen.

  • Installing uBlock Origin
    • This plugin should be on your must-have list. It allows you to block a lot of the web’s evils.
  • Installing or having equivalent to “Absolute Enable Copy”
    • Some sites block the context menu, preventing you copying text, pasting text or seeing the image source links. This re-enables it.
  • Turning off media autoplay
    • Chrome is no good at this. Because Google likes ad revenue. Can the browser prevent video (and audio) autoplay from a few sites. These included:
    • King5.com – a TV news station in Seattle, Washington. This video specifically.
    • YouTube – which Google prevents blocking generally.
  • YouTube – can it be played in HD mode? (i.e. is DRM nominally supported?)
    The selected video was the Irish Try channel, “Irish People Try Caribbean Rum“. No browsers had an issue with this. Two pineapples were mortally wounded however.
  • Custom Search Engines. You want this, you just didn’t know it until now… I have a handful, goow, goom, good and goo2, for “Search Google constrained to the last {week | month | day | two years}This is extremely useful when looking for new API support or recent news. And it’s easy… if the browser allows it. Google has a query timeframe,
    • The total query is: https://www.google.com/search?q=<query>&safe=off&tbs=qdr:<timeframe>
      • <query> is where the search terms go.
      • <timeframe> can be, e.g., h for an hour, h8 for 8 hours, d for a day, y2 for two years.
  • Search Engine tests included:
    • Can I create it?
    • How easy is the created engine to use.
  • A few tricky websites:
    • BroBible – Daily Pic Dump. This is a fun, but annoying, page. Especially because they regularly weigh it down with ads and crap. My uBlock settings help. And then transitioning to their “Success” page.
      Oddly, Chrome showed more than any of the hardened browsers on BroBible’s “Success” page. This looks like they were blocking “MediaVine”. The question is, why didn’t Chrome, since it had precisely the same uBlock rules?
      BroBible also wants to notify you. You don’t ever want this. Only Pale Moon and Waterfox blocked the query. I suspect Pale Moon did it intentionally and Waterfox just never implemented it, but that may just be a sign of how jaded I got.
    • random personals ad, used as a source for TinEye, except that it exposed the context-menu disable issue.
      I searched for “Seattle personals ads” to try to find sketchy photos for testing with TinEye. I succeeded on my first hit, as the above-link has a fake photo used for over six years and is link-view blocked.
    • TinEye, for reverse-image-search. None of the sites had an issue with this, so the results aren’t reported.
    • A particularly onerous bank. But only Chrome had issues with it; all these candidates, plus Edge, worked fine. Hate the site, love the bank.
Extensions Prevent
Autoplay
Play Search Context
Enable
No
Notify
Iridium All Audio mute Yes Yes Extension Config
Brave All Audio mute Yes Yes Extension Config
Pale Moon Some…
But not needed
Yes Yes B Shift-Right-Click Yes
Waterfox No Yes Yes D Extension Yes

AutoPlay Notes

A note on media auto-play: Few browsers block it. Chrome doesn’t, because so many video ads are sold by Google. In theory, setting “Autoplay Policy” to “Document user Activation” should prevent autoplay, but doesn’t generally, especially upon page reload.

Chrome also allows audio blocking via the Mute Site options, but those are site-wide. What we wanted was no autoplay of audio or video, but click to enable. Which sounds like what the Chrome setting (“Document user Activation”) should do. Just not in Google-speak.

Iridium

Iridium is so closely Chrome that it should come as little surprise that it scored precisely as Chrome would. It was able to pass all tests except the autoplay blocking.

In the process, it lost a few Chrome conveniences. If you really want Chrome without calling Google, though, this is your best choice. For example, Iridium has U.I. elements implying you can sign into Google/Chrome, but they don’t work. They address this on their FAQ, but that just smells of sloppiness or incompleteness. Iridium did not pass the media autoblock completely; can be muted per site… but is also unmuted per site. Video cannot be blocked. Not really the goal; we wanted user-activated media only. Adding a search engine is just like in Chrome: edit it in settings. It just works.

Iridium is the most open of this set of competitors. Completely open source and free. It has a sporadic update history, but good technology behind it.

Brave

Brave started after Brendan Eich was forced out of Mozilla by non-employees (the LGBT employees verifying that he was indeed lifestyle-supportive despite his Prop 8 support – similar to pretty much every other Democrat ever.) With his history and browser-firepower, it should be an easy win. Once upon a time, Brave was special. Well, not in a good way really. It focused on privacy, but couldn’t support custom search engines, at all. (I had a bug in their system for that for years.) Now, Brave is just another Chromium clone. Other than selling your data a different way, it behaved precisely as Iridium for our tests. Keeping in mind that we did not test whether browsers called home to Google.

Brave did not pass the media autoblock completely; can be muted per site… but is also unmuted per site. Video cannot be blocked. Not really the goal; we wanted user-activated media only.
As I mentioned before, Brave did not have custom search engine support in a recent version. Now it behaves just as Chrome does; edit the search engine in the Settings and use it from the OmniBox.

Brave won the Most Paranoid award, for warning that uBlock Origin might be a malicious extension. I can’t think of a more pervasive or trusted extension. But the extension loaded and functioned as desired.

Pale Moon

Where to start… Pale Moon is based on an obsolete version of Firefox, on an older engine. In rendering tests, it’s usually behind. The developers come across as jerks, even in their (short and not particularly helpful) communications to me. It started behind in the competition due to these hurdles.

And it not only wins on points, I switched to it as my primary browser midway through the comparison.
Pale Moon is not extension-compatible. Well, actually it is, but it seems to tell you it isn’t. Switching to the “Add On Manager”, selecting “addsons.palemoon.org” and searching for uBlock gives… an updater but no uBlock.
You can install uBlock Origin, but it’s a manual process, requiring the Firefox Legacy version. Which seems typical of Pale Moon… when a touch of documentation would suffice, provide none or misleading links instead. This will be a general problem with Pale Moon… it does more than most browsers, but while it is theoretically more extensible, supporting a wider variety of obsolete technologies, it doesn’t make them easy to find or use.
Pale Moon completely won the media blocking. Media only starts when told to.
Pale Moon won on enabling the context (copy) menu… even though I had to go to the forum to find out how. Shift-Right-Click always works. (Right-Click is how you bring up the menu.) While not as intuitive as an exposed menu option or clicking on an icon for an extension, it’s much better than having to find and install an extension. And it works.
You could also flip the about:config flag “dom.event.contextmenu.enabled”, but then you’ll get both context menus in Office 365, and have to hit <escape> to clear one. But still, and this matters, done purely internally.
Pale Moon also initially annoyed me with the search engine support. Like, natively, it’s almost non-existent. You can only choose from a tiny selection, with a few more on their plug-in site, and no editing. You can, however, load search engines from http://ready.to/search/en/, so you can use that to create and modify them. It works fine, and then the resulting search engine works both as a drop-down in the search bar (to the right of the address bar) and with the keyword (e.g. “goo2” for my two-year Google), in the address bar itself. (The keyword does not work in the search bar.)

Pale Moon receives some operational revenue from sending searches through DuckDuckGo (which is my preferred search engine; it’s anonymized and trustworthy), so I understand part of this, but they should provide an in-app link to a generator such as ready.to.

Waterfox

To some degree, this isn’t fair to Waterfox; it’s not intended to be a better browser. Just a more configurable one, “speedy and ethical.” Unfortunately, it failed at that also.

Waterfox did sort-of succeed at blocking media autoplay… after we hopped through a few hoops. As far as I could tell, media playback controls are not in the menu system. Going to “about:config”, the standard trick in Firefox-derived browsers, resulted in a stern “This might void your warranty” warning. But disabling “media.autoplay.enabled” seemed to kill the King5 and YouTube autoplay.   The settings menu is unfriendly and makes Pale Moon’s menus look comprehensive. (This is a much bigger problem than it sounds… the menu was foreign enough that I resorted to the about:config far more than appropriate.)

Waterfox was the hardest to load extensions into. Mostly because it was hard not just to find the extensions, but even the page to search for them from.  And it seems to have spotty compatibility.

Waterfox was the worst at search-engine configuration. No editing, and while you can create a new one with ready.to as with Pale Moon,  it’s not as good as an integrated editor. And the result is still a fail, as neither the URL nor the Search box recognize the keyword. The search engine cannot be chosen before typing in a term – it’s just not visible. And when it can be chosen, the engine names are not listed, just icons… which will be identical for all custom engines… and it pretty much requires a mouse-click.

Interestingly, Waterfox provided a more ad-free BroBible than the other browsers. Although I suspect this was simply that Waterfox wasn’t compatible with the newest technologies.

Conclusion / Results

Starting this, I expected some issues but thought I’d find Iridium the winner, as it’s the most standard while also being “hardened.” The mostly likely alternate (since I’d already been jaded about Brave), Pale Moon, was maligned by some of the web and the developers were accused of “attitude.”, and Pale Moon has s devs have, well, “a reputation.”

 

Much to my surprise, what actually happened was that Pale Moon worked really well where it mattered most, the Chrome-babies are too Chrome-tied, and the attacks against both Pale Moon and the developers don’t really withstand daylight. I don’t like Moonchild’s or Tobin’s online personas, but if you read and study the topics, you’ll still agree with them… although perhaps quietly and while holding your nose. And that matters. Another interesting point, that didn’t show in the tests, is that some annoyances were clear in Chrome, Iridium and Brave but absent in Pale Moon and Waterfox. My guess is that malicious and advertising (but I repeat myself) technology are focused on the cutting edge, which Pale Moon sandboxes or screens out and Waterfox hasn’t yet heard about.

Leave a Reply