So, first off, to make it for daily browsing use I did some basic alterations to the browser by allowing it to keep history, caches, cookies, disabling always-on incognito, and so on. I also installed my favorite addons (Dark Reader, Sponsorblock, I try to be as minimalistic in my choices as possible). This of course harms the privacy, but you can just ctrl+shift+p to basically turn all of that shit off when you decide you need to get serious. I kept the letterboxing on, its hard to get used to initially but after about a month of using Mullvad as a daily driver I got used to it. It seems most sites aren’t able to detect my alterations to the browser.
I don’t think any other privacy browser spin (Librewolf, Waterfox, Brave, Tor Browser etc) comes anywhere close to the snappiness and privacy intersection of Mullvad Browser. I’m able to skirt bans due to using anonymity services trivially and the captchas are short and quick and not a never-ending slug fest. Its good enough at faking a unique identity out of the box that most things cannot tell that its fake. I’m in such love that I’m going to swap away from my current vpn (IVPN, sub should end in November) to Mullvad due to how well polished this project is. I’m really interested if their multihop service can get around VPN IP bans better than Tor can.
Kudos to the Mullvad team 🥂 I hope you make an android version soon!
I would just caution you to make sure the changes you make to Mullvad don’t change its fingerprint otherwise its kind of moot to use it over a privacy configured version of Firefox.
Even if you do change its fingerprint, I’d argue its still better than most privacy configured versions of Firefox. What you should be careful to do is only change things that can be reverted by going into incognito mode if you seek to daily drive this browser.
Neat. Never heard of it. I’ll take a look. One thing I read about was how Tor/Tails actually made itself more identifiable in some ways by having a “set” kind of user profile fingerprint (blank), and specific screen size/resolution and keyboard used. To actually pose as a real user, then spoofing a bunch of different hardware each time you turn on the OS/Browser seems like it would make you appear more authentic? That was a long time ago, maybe it’s being done already, or there is a reason they don’t that I do not understand. It seems like something they would obviously have thought of. At least in the US we aren’t using those kind of low resolutions as often anymore. When you say it’s based on tor, does it connect to the tor network? That always felt like a red flag for ISPs and spies to look deeper when connecting from say, a residential WiFi connection.
Realistically you can only spoof specific things, spoofing hardware is actually a bad idea oftentimes because its possible to tell that you’re doing that. Spoofing certain things like audio readings do make sense tho.
Its based on Tor but its meant to be used with a VPN
Running Librewolf myself and have done so for a while (at least before mullvad browser became a thing). I’m curious. How do they compare with each other? Mainly on the aspect of privacy.
Mullvad is much better privacy wise than Librewolf, its also snappier and has faster security and privacy updates. The only thing you really lose out on is Firefox sync (if you enabled it on Librewolf). The new identity button helps you reset to a stock state and allows you to circumvent fingerprinting (such as the fingerprinting used for enforcing bans) trivially. Mullvad takes Tor Browser’s approach to heart, while Librewolf takes Arkenfox’s changes to heart. Its factual that Tor Browser is the most private browser, so emulating aspects of it is certainly the way to go.
Some things you will probably find annoying:
-
Its so good at stock that you shouldn’t customize it much if you don’t know what you’re doing.
-
Letterboxing is hard to get used to
-
Without nonstock modifications, its not suitable as a daily driver in my opinion, its a privacy tool first and foremost with stock settings. When you make it nonstock, it becomes very good as a daily driver but you really must be as minimalist as possible in your alterations. Take only what you desperately need, and make sure your settings do not interfere with the normal function of incognito mode which will essentially set the browser back to stock for you fingerprint wise by disabling cookies, history, extra addons, etc.
Some things you will like:
- Librewolf is sort of bloated feeling stock. It doesn’f feel as quick and snappy as Mullvad does.
Suppose I’ll try it then. Thank for the explanation! The privacy first and convinience when chosen is the approach im looking for personally.
-
Agree - love Mullvad!
Good choice for Privacy, apart it’s an european browser (Sweden), but somewhat basic in other features and sync with Mozilla. Only 2 other EU browsers, Konqueror (KHTML, Germany) and Vivaldi (degoogled Chromium, Norway), UR (France) sadly death since years.
Using firefox + arkenfox user.js and addtional changes like disabling deletion of cookies per site took a lot of effort. Now I just use brave.
In Vivaldi I’ve an global/per site setting
You’re basically just running Firefox ESR with some config changes at that point and completely defeating the point of running Mulvad browser specifically by producing an absolutely unique fingerprint.
You’re basically just running Firefox ESR with some config changes at that point and completely defeating the point of running Mulvad browser specifically by producing an absolutely unique fingerprint.
This is not really correct, most sites do not look for injections into the page by addons, only a few do. I’ve run tests where I speedrun site bans on Facebook, Reddit, Github, and YouTube just to see if the fingerprinting on those sites prevents signups with my config, and it did not. Firefox ESR also does not include arkenfox + tor browser tweaks + removals of firefox telemetries baseline which provide gigantic privacy benefits and cannot be understated.
Of course, this is more detectable in comparison to stock Mullvad Browser, but stock Mullvad Browser is a hard sell without more robust features for daily use. By pressing ctrl+shift+p you can go back to stock if the situation calls for it.
And the alternative of course is using a much less private and secure browser, basically no one wants to constantly resign into accounts, browse slower, and miss out on certain crucial ways to block ads. If you want to be a privacy maximalist, stock Tor Browser is over there. For people that want a lot more privacy, good speed, while still keeping a handful of crucial addons and accessibility tweaks, nonstock Mullvad is a great choice.
basically no one wants to constantly resign into accounts
Raises hand. I must be doing it wrong. Signing back in (with MFA, no less) every time I restart the browser does get tiring after a while though.
I loathe every time my work IAM forces me to sign in again, as it always asks for MFA. They use Okta and promote password managers, idk why we can’t enable passkeys to remove this hassle already.
My best solution to the login problem on stock Mullvad is to use KeepassXC with Autotype (if you’re on Linux with Wayland, use the experimental keepass snapshot). You can press the hotkey and autotype will pop up with a quick search for you to add the username and password. It can also save TOTP and passkeys. This of course doesn’t use any add-ons so its a decent solution to the problem.
Even with it streamlined like this, I still find it tedious lol. KeepassDX handles it so much better on android, wish linux could get functionality like that.
I do this too, keepassdx form filling works really well on android.
yeah, I do use Bitwarden, which has these things. But I store my TOTP codes on the phone to be separate from the passwords and… well, actually serve as multi-factor I suppose.
Yeah, I did that for a long time but I’m pretty done with it on most accounts. I only do it properly on the most important accounts.
I log back in every time, and I like it. Bitwarden fills in the logins for me with ease.
Cries in manual logins with manually copying passwords from keepass. :'(
I’ve also tried to use Mullvad as regular browser but even though I turn off always private mode, after restart all cookie exceptions disappear
6·22 hours agoThe last line makes me wonder, how much is mullvad involved in the browser, and how much is just the Tor browser team?
Quite a lot of it is tor stuff with (edit:) some arkenfox slapped on. Most of the config are Tor base, Ublock added, and it has a New Identity feature that is similar to Tor. Biggest benefit is being able to use a comparatively much speedier VPN with it over Tor’s proxies. For the most private setup, you should run it stock with Mullvad’s VPN service, but I’ve found it works great with Proton VPN and IVPN as well. Personally, I have very sensitive eyes so I cannot run it with only stock, I need Dark Reader and uBlock at the minimum, and Sponsorblock and anything else is simply a nice thing to have.
I’ve been testing it on many sites and the amount of extra info from addons is very small and few sites keep track of it in my real world testing. It is readable though and a few can notice the difference, and its mostly financial sites that you need to use real ID for anyways.
Not just a lot. It is the same base as Tor Browser.
Edit: which is also why it is wrong to say it has arxenfox slapped on.
You can find a more in depth conversation on this (arkenfox additions and shortcomings vs what mullvad specifically does) here: https://github.com/mullvad/mullvad-browser/issues/1 and here https://mullvad.net/en/browser/hard-facts
I was mostly referring to some similarities between Mullvad and arkenfox’s base profile
They are similar, yes, but I dont think there is any arkenfox added on. Its just TB stuff.
Not that any of this matters.
Do they have a mobile version?
They do not unfortunately, I desperately wish they did. The best options on mobile right now for a Firefox based privacy browser are IronFox and Tor Browser for Android. Personally, I don’t think either of these are as polished and as snappy as Mullvad Browser on desktop. I think the chrome based browsers are more battery efficient as well, so its unfortunately best to go with them for now I think if you want privacy and efficiency at the same time. Of course, if you want to maximize anonymity you should always run base Tor Browser, but it is not fast and suitable for daily browsing imo, Tor Browser is for specific use cases where you need to maximize anonymity or to change IP from your vpn or local ip for some reason.
If I were to recommend an Android browser, it’d probably be GrapheneOS’s Vanadium (can only get it stock on Graphene) with RethinkDNS’s adblocking and tracking filters and Cromite barring that. Neither of these are as good as Mullvad Browser on Desktop in terms of its speed and privacy benefits, though. Mullvad Browser is truly the crème de la crème for everyday sensible privacy use cases.
cheers! mullvad browser, ftw!
Just curious, why are you getting banned?
I’ve learned how to get under rich people’s skin and in my free time when I’m bored I harass them. It’s an unguilty pleasure of mine. It brings me great joy to see a multimillionaire or a transphobe so pissed about something I said that they complain to spez to get me banned.
I also just have a general interest in security and privacy, sometimes I just do things like spam an ad site to see how long it takes to react.
Haha, I do have a soft spot in my heart for trolling. That’s great. They’ve got money, I’m sure they can hire a therapist to massage their ego and make them feel like they’re a good person again. Unfortunately. Just once it would be cool if one of these billionaires/millionaires read something, woke up and used their money to help humanity instead of exploiting it buuut… probably not going to happen…
Share your secrets! How do you piss off multimillionaires?
They have big egos. You need to be sure they’re an avid poster and will respond to what you say. There’s also the public aspect, they don’t like having something awful they’ve done brought up in a community they like. You can set up a bot to post things like “Hey remember that time you sexually harassed a woman 20 years younger than you and a court ruled against you” as soon as they post an AMA so it’ll be the top comment. Reddit really hates when you use bots like this and will likely remove the comment after it gets a lot of attention which further inflames other people against the target.
A lot of this requires practice to get good at heckling. It’s all a case by case basis. You should always be aware of your audience and what the audience finds most unacceptable about someone’s behavior.
uncritical support
