Lots of things I like about the site. For one, I value that privacy has been highlighted.
On a slight negative... they feature Firefox but it requires so much work to tweak. I feel this is a reflex recommendation though I do, very much, like that FF allows itself to be tweaked.
On the Desktop... I much prefer LibreWolf - which I didn't see listed. It is what Firefox should be.
On mobile, I prefer DuckDuckGo's Android browser (also not listed). Firefox mobile comes bundled with 3 tracking companies - each collecting a mountain of information! Why must you always shoot yourself in the foot, Mozilla? It's never ending.
DDG is not only open source (https://github.com/duckduckgo/Android) but it also does <strike>not have a single tracker</strike> (thanks for this, byyll). If that wasn't enough, it comes with a module called App Tracking Protection. It's brilliant. It blocks trackers from other apps. I cannot recommend this enough. The sheer amount of information collected from apps on your phone...
I have had apps at 30 attempts in the first few seconds and reach 1,000 tracking attempts within 1/2 an hour. Every single item - from contacts to specific location - is constantly being polled, collected and transmitted by multiple companies.
Every app seems to be running spyware from various multiple companies - even my banking app. DDG's Android Browser helps stop this.
Wall of text, time to stop. Nice site, love that it's not afraid to be technical because, unfortunately, it's necessary at times.
Librewolf is great, I use it everyday. It's mentionned in the "Firefox vs Chrome" drop-down menu, alongside Tor, Ungoogled Chromium & others.
We also mention Mull, Fennec & Bromite for Android. Preferred over DDG, which had some fallouts lately.
Regarding FF – Yes, much tweaking is required to get things right. Yes, Mozilla made some questionable technical choices in the past. Yes, Mozilla Corporation earns most of its revenues from Google. Also yes: in a browser landscape dominated by Google, Firefox currently seems to be the only independent contender worth mentioning.
To me, this website makes FOSS seem like the only way to keep your data private. FOSS software can still have trackers in it, and it can absolutely be backdoored. Unless you're auditing the source code and building it yourself, you're trusting the developers as much as any other piece of software.
The fact you have access to the source code and CAN audit software and modify it (ie to remove trackers) makes it much more balanced relationship.
Note you do not have to do it yourself you can rely on someone to do it for you (there is no monopoly here)
If you use Oracle you have no choice you Have to trust Oracle - if you use PostgreSQL you can chose to choose to PostgreSQL Global development team or of many commercial and community vendors who provide PostgreSQL builds for you.
> Note you do not have to do it yourself you can rely on someone to do it for you (there is no monopoly here)
Which is why the "but but but you can access the source" argument the FOSS people put up is such bullshit.
I mean:
a) Let's be honest, with most FOSS projects, security is an afterthought, assuming it was ever thought of at all. Very few go to the extents of OpenBSD or, indeed, anywhere remotely near it. Most don't even have any security bods on the team to start with.
b) If you're relying on someone else to audit it, then its no different to employing someone to blackbox fuzz test some closed source software and attach some monitors to your network to watch for undocumented exfiltration.
c) If you're relying on someone else to audit it, then that "someone else" with sufficient skills will come with $$$ attached.
d) If you're reviewing it yourself, assuming you can speak the relevant programming language in the first place, there are few people who can speak a programming language well enough for the purposes of security auditing.
e) If you're relying on "the community" to review it, then well, we all know how your average open source community is ... lots of infighting, lots of egos amongst the core maintainers, and occasionally some work gets done in the middle.
Don't get me wrong, I'm not suggesting closed-source is some panacea. But I am also equally enlightened enough to know that FOSS is not the panacea either.
Both have their strengths, both have their weaknesses. And certainly in terms of code security, neither is perfect by any means.
Most, if not all, closed source software builds on open source software at this point, if not directly then at least in the tooling around the development process (compilers/interpreters, version control, build systems, etc.). I doubt that most developers of closed source software have audited their entire tech stack.
So in the end you have all the same problems with proprietary software as you describe for foss, but you don't even have the opportunity to audit the source code yourself, should you want to.
I'm not a security expert. Heck, I'm not even a hacker. So take this comment with a pinch of salt.
For all its merits, Free Software is not free from criticism. This includes security vulnerabilities.
On the flip side, keeping the source code a secret doesn’t necessarily increase security. Arguing that closed source code is vastly more secure than FOSS conveniently omits the fact that proprietary stacks are increasingly built on top of open source code.
Sure, FOSS is not immune to security breaches. But neither are proprietary solutions, as illustrated by the leaks of a billion people’s data from Facebook, LinkedIn and Clubhouse. Or the spectacular security attacks against SolarWind and Colonial Pipeline.
I do believe that Free Software is instrumental in promoting online privacy. For nearly forty years, FOSS has been encouraging developers to audit the code, fix issues and ensure nothing shady goes on in the background.
Ultimately, FOSS is not only about technology. It’s about social, political and economic emancipation.
The other issue is that most users won't maintain their own server or keep up with security updates and such. That's why I launched https://pikapods.com, which allows anyone to run FOSS apps with a few clicks, while supporting app authors via our revenue share. Our 'app store' is here: https://www.pikapods.com/apps
I'm happy to see such well crafted website. I will save some time to work on a translation into Brazilian Portuguese. Brazil is under an escalating process of judiciary dictatorship in which a significant portion of the population will suffer oppression from the government at levels never seen in country's recent history. FOSS and strong cryptography must be Brazilians digital tooth brush and paste from now on.
In case you do or will do business with Brazil soon, I recommend watching recent Glen Greenwald videos in Rumble about what's going on in the country.
On a slight negative... they feature Firefox but it requires so much work to tweak. I feel this is a reflex recommendation though I do, very much, like that FF allows itself to be tweaked.
On the Desktop... I much prefer LibreWolf - which I didn't see listed. It is what Firefox should be.
On mobile, I prefer DuckDuckGo's Android browser (also not listed). Firefox mobile comes bundled with 3 tracking companies - each collecting a mountain of information! Why must you always shoot yourself in the foot, Mozilla? It's never ending.
DDG is not only open source (https://github.com/duckduckgo/Android) but it also does <strike>not have a single tracker</strike> (thanks for this, byyll). If that wasn't enough, it comes with a module called App Tracking Protection. It's brilliant. It blocks trackers from other apps. I cannot recommend this enough. The sheer amount of information collected from apps on your phone...
I have had apps at 30 attempts in the first few seconds and reach 1,000 tracking attempts within 1/2 an hour. Every single item - from contacts to specific location - is constantly being polled, collected and transmitted by multiple companies.
Every app seems to be running spyware from various multiple companies - even my banking app. DDG's Android Browser helps stop this.
Wall of text, time to stop. Nice site, love that it's not afraid to be technical because, unfortunately, it's necessary at times.