Looking for Privacy-Oriented Open-Source Android Browsers
I’m looking for a privacy-focused, open-source Android browser. Here are some options I’ve found:
- IronFox
- recommended by LibreWolf
- Fennec
- no repo
- Waterfox
- Vanadium
- only available on GrapheneOS
- better security
- iceraven
- most stars
- bromite
- no longer maintained
- Bromite has a fingerprint randomization and Vanadium doesn’t. But Vanadium has better security if you use Graphene. So yeah, for privacy Bromite might be better
- cromite
- Bromite fork
- brave
- controversial
- duckduckgo
Is there any other browser out there that fits this criteria? Is there an even better choice? I’m particularly interested in ones that focus on privacy.
EDIT: in terms of popularity, privacy and functionality I guess the best choices are iceraven (based on firefox) as it has most stars on github and cromite (based on chromium) as brave is controversial
Solved Questions
I know that Brave is a bit controversial, but If Brave does something behind our backs wouldn’t we be able to know it since all the source code is out there? If it has some features we don’t like can’t we simply modify the source code?
@slackness
re: open source In theory: yes. In practice: maybe. It’ll probably eventually be caught by some researcher but unlike popular belief all open source code bases are not constantly being audited by the community. A random person can’t just read Brave source code for all platforms and accurately gauge if they’re doing something nefarious. It is very easy to hide stuff in code or misuse a protocol for evil purposes, etc.
You can modify the source code but as evident by the fact that there’s no Brave fork with crypto removed (there was one but their branding was too similar to Brave’s so they got sued), it’s not an easy feat to maintain that.
few questions
- What is the difference between IronFox, Fennec, Waterfox and iceraven?
firefox
firefox on android does not enable resist fingerprint by default. To protect our browser fingerprint we have to tweak many settings and install several extensions (and I’m not sure those extensions supports android browser). That being said, firefox might not be privacy oriented
yeah, and extensions additionally work against you in fingerprinting. Though I’m totally interested in what extensions you are using.
I should mention that DuckDuckGo recently released an android browser and it is privacy focused. I cant tell you how well it does its job BUT the important thing is that it has an experimental feature that creates a virtual network interface that routes coms and blocks phone home attempts and tells you what app is doing what.
I have had it running for a few months and its crazy to see how much traffic is going on without your knowledge.
Thanks! I will look into that
I would stay away from chromium forks in general. Google is doing some underhanded stuff using web manifest v3, not to mention all the bastard stuff they are doing in general.
I am very curious not only to hear the answer to your question regarding FF forks, but also why they get rated that way.
I use Cromite and Brave (yeah yeah) plus IronFox via Accrescent.
Brave may well have undesireables like the CEO, cryptocurrency etc., but so easy to switch off. Use your device with RethinkDNS (with or without Wireguard configured) to remove further wrinkles.Iceraven often lags behind on security updates. I know you specified privacy, but good to keep in mind.
I use Ironfox, because I previously used Mull (rip) with RethinkDNS, and Orbot
good to know!
Fennec development has not stop, why do you think that’s the case? The github repo shows it’s on the current firefox build.
I’m a bit confused. Its name has changed to Fenix?
No it’s Fennec: https://gitlab.com/relan/fennecbuild maybe you are confusing it with Fenix which was the official android Firefox browser: https://github.com/mozilla-mobile/fenix but is not developed anymore.
Much appreciated!
See also:
Firefox-based
Chromium-based
WebView-based
I know Brave is controversial but they were the only ones (edit: not sure about Vanadium, I’m curious if they were vulnerable) disallowing JS to access localhost thus blocking Meta and Yandex’s recently discovered spying.
Sounds like such a no brainer to not allow random websites to communicate with the localhost and very easily circumvent all sandboxing you spent thousands of hours building. Looking at you Android (Google) and all the browser vendors (also Google?, huh).
actually I’m a bit curious about how an Open Source project could be “controversial”. If Brave does something behind our backs wouldn’t we be able to know it since all the source code is out there? If it has some features we don’t like can’t we simply modify the source code?
It’s backed by Peter Thiel who is a war mongering Nazi billionaire.
Why go that far? Its CEO funding anti-gay efforts is enough to me.
Infuriating as it is, I still have the same question mentioned above
I gave you the real reason it should be controversial. Brave’s fuck ups have not been significantly worse than other companies’.
re: open source In theory: yes. In practice: maybe. It’ll probably eventually be caught by some researcher but unlike popular belief all open source code bases are not constantly being audited by the community. A random person can’t just read Brave source code for all platforms and accurately gauge if they’re doing something nefarious. It is very easy to hide stuff in code or misuse a protocol for evil purposes, etc.
You can modify the source code but as evident by the fact that there’s no Brave fork with crypto removed (there was one but their branding was too similar to Brave’s so they got sued), it’s not an easy feat to maintain that.
it is a shock to me that an Open source project can get sued!?
Why they didn’t create a repo outside github and always use proxy when developing the project to stay anonymous?
It has cryptocurrency integration and it did some shady ad-referral stealing. But yes, it’s fully open source.
Based on this information, I’m really surprised that no one has forked a Brave branch to remove the undesired feature.
There are several alternatives. Keeping up with security patches is a full time job. It’s quite reasonable in this particular case.
thanks for the explanation
Don’t mention it.
Huh, I didn’t know that. I wonder if any of the rest have implemented that since…
Isn’t webview-based still essentially chromium-based?
Sorta. It’s the same engine, but it is generally less private and less secure than actual Chromium.
DivestOS used to have some handy tables, before they shut down the website.
Thanks a lot!
Be aware that Firefox-based browsers on Android are horrible for security and don’t even have an internal sandbox.
If you decide to download IronFox, download it through Accrescent, since it enforces that the devs or anyone else won’t push a malicious update.
Edit: fixed an ambiguous sentence
Thank you so much
So I guess the only option for regular user is brave or cromite?
I’ve never heard of Accrescent. How is it better than F-droid?
I think Louis Rossman has a video explaining why F-Droid is not great
Uhm, the Java VM is already there, separated by Linux groups and caged by SeLinux. Why sandbox?
I don’t think you can install it outside of GrapheneOS though
Updated 1 day ago
Can you drop a github link for Fennec pls?
Just use F-droid and search for Fennec browser there. Or my preferred way is using Obtainium and manually searching for the version on GitHub, latest right now is 139.0.4
in fdroid it gives "The upstream source code is not entirely Free " in the description. Does this mean the project is somewhat semi-Open-Source?
The upstream source code is not entirely Free
It’s complicated but F-Droid flags software that may have parts in it that are not entirely free, fennec is a fork of Firefox and within the source code F-Droid is finding that there is something that isn’t totally foss. I suggest using obtainium ( look for it in F-Droid) and find the GitHub version of fennec.
Sincere thanks! but it seems IceRaven is better, I guess im going to go with that
I installed iceraven on a new device a few days ago and I had to turn off mozilla data collection during the set up process.
This could mean it’s less private right? Then What is the difference between IronFox, Fennec, Waterfox and iceraven and which one is the best to use in terms of privacy?
Probably also Mullvad Browser and Tor Browser, but I don’t know them much
Mullvad has ceased development
Edit: my bad I was confused with a different firefox based browser
Define privacy, because all of these browsers report each URL you visit to the operating system.
If privacy means resist fingerprint, which browser do you recommend?
Firefox with Enhanced Tracking Protection set to Strict and uBlock Origin along with LocalCDN installed.
Ain’t nobody drawing a diagram to get an app.
Hardly asking for a diagram. But outside of Tor, what do the others offer over Firefox really? So it’s a valid question.
You think your OS doesn’t see what your doing in Tor or any other app?
Android seeing where you’re going is by design, there’s no circumventing that.
I guess what I need is a comparison of those browsers since they all seem to be ‘private’ enough. What is the one with the best performance and more features?
exactly, we cant be going by vibes here. lets talk about specific metrics and then say ok, well these metrics are important, and this one has the ones I want.
