Suggestion for the creator of the Mull browser

Good afternoon:

I wanted to thank the creator of the Mull browser. For bringing and creating a Mozilla with a user.js already included in the application itself.

For those who don’t know this new browser, I mean Mull | F-Droid - Free and Open Source Android App Repository

I wanted to make a suggestion to improve this application. And no offense to the creator or the creator of the user Arkenfox

But for the mobile version it creates less connections and gives more privacy. This other user

And also I don’t know if there is a way to add to the browser the plugins of: Chameleon, LocalCDN, Canvas Blocker or Cookie AutoDelete.

As well as adding qwant, or qwant lite, or searx as a search engine. Instead of Google or Duckduckgo.

Thank you for your time and help. And I apologize if I have done something wrong.

It was not my intention, I only pretend to help to improve the application and privacy or security.

Best regards

You can add your addon collection and custom search engine.

My response from Suggestion for the creator of the Mull browser (#4) · Issues · DivestOS Mobile / Mull-Fenix · GitLab :

And I apologize if I have done something wrong.

All suggestions are welcome, you are always welcome to ask questions.

Chameleon, Canvas Blocker

Not needed with resistFingerprinting

LocalCDN, Cookie AutoDelete

Partially mitigated by firstparty.isolate

Cookie AutoDelete

You can set your Mull to clear on quit or always use private tabs.

qwant, or qwant lite

I don’t like Qwant.

searx

There is no single Searx instance to use, and I don’t feel like running my own.

Narsil/mobile_user.js: user.js file for configuring Firefox Fenix Nightly, Iceraven Fennec and Mull privacy, security and anti-fingerprinting. - Forgejo

I will skim through that, but it looks mostly like arkenfox.js
The benefit of arkenfox.js is that it has been militantly maintained for many years.

Of extra note, Mull pulls in arkenfox.js from Brace, a sister project, and it is maintained first there:

Good evening @SkewedZeppelin

First of all thank you very much for your reply, help and time.

Regarding search engines, I use the qwant lite https://lite.qwant.com/ gives good results and does not generate telemetry or anything weird.

Then the plugins help to mitigate the digital footprint that we leave with browsers, devices and others on the network. You can check it out at http://amiunique.org/fp as it is usually unique. Or traces and so on.

LocalCDN. (also open source, naturally)
As we cannot block www.gstatic.com nor www.google.com because they break the webs that require captchas, to minimize the tracking of the first we will install the extension (it also falsifies the cdns of the webs).
Inside the options (the little wheel at the bottom) we will give to Advanced and we will look for the last entry, Generate the set of rules for your advertising blocker. There we will choose ublock and paste those domains inside ublock origin, in the My rules section. (or Decentraleyes)

Cookie AutoDelete. Every time we close a tab in the browser will delete cookies from that site. It is highly recommended to set AutoClean enabled (with 1 second) and Notifications disabled. This way we avoid cookie problems.

Chameleon. Very complete tool loaded with lots of options to reduce our digital footprint. What interests us most is the ability to generate a different fingerprint every x time, otherwise we will always have the same one.
We will leave the real profile.
In the Options section, Injection, only the screen size should be checked, choosing 1920x1080.
The other options should be marked by the changes of the user.js so we will not touch anything else.
If some web gives error, we go to the section of White list, we give to Open in white list and we add this page.

Then in ublock I usually use: https://www.i-dont-care-about-cookies.eu/abp/ and https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt , among others as https://gitlab.com/Jorgu81/hosts/raw/master/Mozilla/Mozilla or https://gitlab.com/Jorgu81/hosts/raw/master/Google/HostsGoogle

Then there are some recommendations in: 🔒 privacytools-es - cifrado contra la vigilancia masiva or 🔒 privacytools-es - cifrado contra la vigilancia masiva , 🔒 privacytools-es - cifrado contra la vigilancia masiva, Firefox about:config privacy settings · GitHub

As far as the user.js is concerned, Narsil’s user.js is based on arke’s one. But with changed things and adapted to mobiles. And it gives very good results and avoids a lot of connections. Besides I can assure that the creator of it, is very, very much in favor of privacy. And he is for example against Google or Mozilla tracking. And he updates it very often. Even as quindecim did at the time with his user quindecim/mobile_user.js: user.js file for configuring and hardening Fennec F-Droid privacy, security and anti-fingerprinting. - mobile_user.js - Forgejo

He even has a thread to avoid Google https://m.forocoches.com/foro/showthread.php?t=6649428 or Microsoft https://m.forocoches.com/foro/showthread.php?t=7160249

And without discrediting the work of Arke that I also take off my hat with all his work and effort. But some automatic connection escapes.

Ideally, in Mull’s about:config you could delete the Google entries and leave them empty. To avoid telemetry. As you could do in the old Fennec versions of fdroid.

Thanks a lot for your time

Arkenfox maintains a sane overview of addons here:

I also maintain my own blocklists you can use:
https://divested.dev/index.php?page=dnsbl

Good afternoon @SkewedZeppelin

First of all I apologize for not being able to answer you sooner. But I have family problems and it was impossible for me before. Please excuse me.

Then thank you for your time and effort.

About the add-ons, if you want I would give Chameleon a try. Because it has new functions to spoof the fingerprint.

Chameleon. Very complete tool loaded with lots of options to reduce our digital footprint. What interests us most is the ability to generate a different fingerprint every x time, otherwise we will always have the same one.
We will leave the real profile.
In Headers we will check “Prevent Etag tracking”.
In the Options section, Injection, “Block CSS Exfil, protect window name, fake client rects and screen size”, choosing 1920x1080.
The other options should be marked by the changes in the user.js so we will not touch anything else.
If some web gives error, we go to the section of White list, we give to Open in white list and we add this page.

Cookie AutoDelete would also allow us to delete the cookies of a possible tracking every x time.

Then the user, the arke one is very well but it generates telemetry to google or mozilla. That can be mitigated with Jorgu81’s hosts as I told you. But more for mobile I see Narsil’s as I said. Since it uses things of Quindecim, arke and things that it is discovering that generate connections.

But of course this is a suggestion, I beg you not to take it badly. Or I apologize if I did or do something wrong. It is not my intention, on the contrary. Since my intention is to help.

What I did notice with the latest version of Mull. It comes activated to start with the system. It is not a worrying thing because with fdroid app manager or fdroid autostart can be solved.

Receive a warm hug and thanks for your time and help.

Interesting things to know. Watching this to see and engage when I can.

I really like Mull but there is just one request to remove limit on extensions. At present it only shows top 50 addons of Iceraven collection and it left out uMatrix and other extensions.
Thanks

@PaperCut

remove limit on extensions

I extremely strongly believe you only need uBlock Origin.

Good afternoon:

I have looked at app manager from fdroid or with warden from xda.

And I get trackers in Mull. I upload screenshot:

A hug

Pd: @PaperCut welcome to the fdroid forum.

Umatrix I don’t recommend it, since if I’m not mistaken it was discontinued. Better to use ublock as @SkewedZeppelin says.

I agree. Analytics, fingerprinting and advertisements are there. I can see it from tracker control as well.

@gallegonovato Thanks
uMatrix received security update to resolve a vulnerability recently which was present in both uBlock and uMatrix and also an update to uncloak canonical names but code is still archived afaik.

Good afternoon @PaperCut Well, you’re absolutely right, there is a new version of umatrix from 14 days ago on the add-ons website for mozilla uMatrix – Consigue esta extensión para 🦊 Firefox (es) My fault, sorry for not saying well. But since umatrix has it as archived in its github, I thought that it no longer supported it GitHub - gorhill/uMatrix: uMatrix: Point and click matrix to filter net requests according to source, destination and type

sorry for the failure. A hug

Hello, you can use my collection if you want. It does not contain canvas blocker since firefox should do that automatically, and changing the user agent usually just makes things worse as there are other ways to detect what browser you use, and “firefox with chrome agent” is less common than “firefox with firefox agent”. For the search engine you can change that in settings–>search–>add search engine–>other.

Can you add a plug-in for full-text translation to the built-in extension list?

Here we have SkewedZeppelin frequently dismissing proposals without offering any reason other than dislike, is Mull Browser/Diven OS a project for individuals?

Maintaining a fork is so much work already, even without others asking you to add and maintain their pet peeve. Wanna help? Ask Mozilla to fix your issues.

Please don’t respond in a way that misses the point.

Maybe we are lost in translation? What was your point exactly?

The main purpose of forks like mull/fennec is to make firefox available in the official f-droid repo by removing the closed source parts and, in the case of mull, adding some configurations to increase privacy and security, not to add new features to the original project. For this reason it would be preferable to ask for new features directly upstream to mozilla.