> I understand that (even without the excellent shovel example) and > I am questioning the effect of it because accompanied by talks > about ethics and non-harmfulness 1) that creates the false > implication of something friendly, safe etc. 2) people easily > 'buy' free/safe/secure things. In other words - it can be > exploited quite easily. Yes, I agree with your point, and it's similar to RMS's point which I why I suggested the article, not because I thought were unware of the Ubuntu issue itself. My only point is that "This Firefox antifeature is an invasion of privacy" will be a more effective argument than "The fact that this feature can't be disabled without editing the source code violates freedom 0."
> Of course. That's why it is essential that not only Ubuntu but > browsers should also be exposed. I find it disturbing that IceCat > was released by people who are so strict and critical to ethics. It sounds like RMS took your report seriously and I believe they will fix it. > I would be interested to read that claim as I haven't found any > explicit evidence of it. They don't claim anywhere they use > Libreboot but it seems to be a forthcoming step in future: > https://puri.sm/learn/freedom-roadmap/ I don't want to get too sidetracked talking about Purism here, but they don't claim to use libreboot. On the page for their latest Librem laptop they imply that the laptop is entirely libre but to not disclose what BIOS they use. I found another page on their website acknowledging that they use coreboot but erroneously claiming that coreboot is completely libre, when it contains proprietary blobs. There is also a near-zero chance that Purism will ever use libreboot, because post-2010 Intel chips will probably never be supported. If Purism claimed that they plan to use libreboot I would be skeptical, but I'm not aware of them having made that claim. > I don't know how to test Tor Browser with tcpdump due to the > specific way it connects to the network. I don't know either, but I would contact them with your Icecat results (since both Icecat and Tor Browser are based on ESR) and ask them if they are aware of the issue and whether it affects Tor Browser. > As for Abrowser - I > can't find it on openSUSE's repos, neither I find it by DDGing > for it. Where can I download it? Abrowser is from the same developer as Trisquel. It is the default browser in Trisquel and the Trisquel-derived Uruk. I'm having trouble finding it via DDG too because there is apparently an IE-based browser by the same name. I don't have time to look further right now but will get back to you. > Or > can you show a test which demonstrate that Chromium leaks data to > Google? Or any other freedom related issue? Most of what I know about Chromium comes from what Magic Banana and others have shared on this forum, including in this thread and others, regarding why Chromium is excluded from Trisquel. Magic Banana's link in this thread is on its own reason enough. The bug Supertramp links to is apparently closed but alarming. I understand that Chromium is currently being investigated by jxself, so perhaps a libre build will be possible in the future, but until them I'm not going to trust the Chromium developers to declare that their software is libre given (1) the material Magic Banana links to and (2) the fact that they have no real incentive to care about freedom and only even attempt to meet the weaker "open source" definition for strategic reasons. > As for Firefox again: of course is free in the "legal sense" > (just like Ubuntu) but if one prides oneself to be an integral > part of an organization which respects user privacy it is > absolutely unacceptable to: Ubuntu is not quite as free in the sense that Firefox is, since it contains and recommends proprietary software (see https://www.gnu.org/distros/common-distros.html), where Firefox recommends but does not contain proprietary software, but I agree with your overall point. > Due to all this I am reluctant to use any product by Mozilla. > Still we use it on our phones because otherwise we would have to > use Google Chrome (as I don't know of Chromium for Android). I'm about to get a little off-topic, but if you are using Android you might consider switching to Replicant (if you are okay with aquiring and using an older device) or LineageOS (not 100% libre like Replicant but much better than Android and supports more devices than Replicant). I have a Replicant phone that I only carry when I absolutely have to and never use for browsing the web, so I haven't really looked into what its default browser is based on. It isn't Firefox, and it is definitely not Chrome, but it may be Chromium-based. If you live in North America you might want to look into JMP (https://jmp.chat) as an alternative to carrying a cell phone at all. > If one is not extra careful, even through > Tor one can expose a traceable pattern. No, Tor is not foolproof and anyone who uses it should read this first (https://www.torproject.org/download/download-easy.html.en#warning) but using it responsibly is better than taking no steps to preserve your anonymity, or in the cases where you do identify yourself, by logging into an account for instance, to prevent your location from being revealed or having your traffic associated with other activities you do wish to be anonymous. > I think they are different things. When you go to your home you > have privacy. You can have a private conversation with someone in > a public location. That doesn't mean you need to hide your face > or remove the name from your front door in order to do that, > right? They are indeed different things, but one is a precondition for the other in many situations. Your home analogy doesn't apply well because use of the internet is a public interaction that is not confined to your personal computer. Having a private conversation in public is a better analogy, so let's go with that. In that case, assuming you are not being eavesdroped on, you do not need to cover your face to have privacy from a third party, but you would need to cover your face to have privacy from the person you are talking to. Why would you want to do this? Suppose you want to receive information from this person without giving them any information about yourself. This is perhaps not a common situation on the street, but very common when browsing the internet. The act of communication inherently requires giving some information, and in some situations the only way to complete the exchange without the other party learning something about you is if they don't know who the information is coming from. Of course, if the information is unique enough you may be 'unmasked' even while your face is hidden, which is why it is also important to avoid providing identifying information, leave JavaScript disabled, and refain from changing the default Tor Browser configuration in a detectable way. Back to your private conversation analogy, there is also 'eavesdropping' on the internet and using Tor can help protect you from that, although again it is not foolproof. Here's a good link (https://www.eff.org/pages/tor-and-https). Forgive me if you already know about all this.
