Secure browser and Firefox about:config

From reading other posts it seems the default /e/ browser has trackers in it … as does apparently every other available browser except Firefox if you go into about:config and change some settings according to this post:

I would reply there but it’s closed, so my question is how can I get into the about:config settings? When I type that into the Firefox browser bar on my fairphone 3 with e installed I just get this:

Screenshot_20201213-135447_Firefox

The URL in that screenshot is:
resource://android/assets/low_and_medium_risk_error_pages.html?&title=Cannot+Complete+Request&button=Try+Again&description=%3Cp%3EAdditional+information+about+this+problem+or+error+is+currently+unavailable.%3C%2Fp%3E&image=&showSSL=false&badCertAdvanced=Advanced%E2%80%A6&badCertTechInfo=%3Clabel%3ESomeone+could+be+trying+to+impersonate+the+site+and+you+should+not+continue.%3C%2Flabel%3E+%3Cbr%3E%3Cbr%3E+%3Clabel%3EWeb+sites+prove+their+identity+via+certificates.+Firefox+does+not+trust+%3Cb%3Eabout%3Aconfig%3C%2Fb%3E+because+its+certificate+issuer+is+unknown%2C+the+certificate+is+self-signed%2C+or+the+server+is+not+sending+the+correct+intermediate+certificates.%3C%2Flabel%3E&badCertGoBack=Go+Back+%28Recommended%29&badCertAcceptTemporary=Accept+the+Risk+and+Continue

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

Ok according to this post with Firefox help:

it’s a problem with Firefox and to access about:config I need to install Firefox Nightly instead. I guess I’ll do that and maybe try it with Firefox Klar as well … unless anyone has suggestions on a secure browser that’s better and doesn’t require all this?

I’m not sure, maybe the Privacy Browser?

I have no issues with accessing about:config on any ROM or Android version. Granted I’m using either Fennec or Mull (Fennec from DivestOS repo). Not sure why regular Firefox has such an issue.

To clarify, is your screenshot from regular Firefox or from Klar/Focus? The latter do no have an about:config (thus producing that error) because they are not based on Firefox, despite the name. They are mostly simple webview-based browsers. Meant to be fast, clean, and mostly secure. Little in the way of tweaking.

EDIT: Just read the posted link. Since I don’t use Firefox I didn’t know it was an issue. Is that a recent thing?

about:config working fine in Fennec F-Droid 83.1.0 …

Screenshot_20201213-102139_Fennec

There are several trackers in Firefox Mobile:
Adjust
Google AdMod
LeanPlum
Google Firebase Analytics

Good browsers to me:


/e/ browser is an outdated fork from Bromite. Can be buggy sometimes (would crash on launch on my phone on some builds).
Fully featured chromium browser with no trackers, built in ad-blocker,sync and extensions support soon. Crypto stuffs are opt-in.
Lightweight, less features. Newer builds on Aurora Store. Good option for old phones.
1 Like

Sure about that? I observe trackers while browsing (by third parties) but non in the /e/ browser by default.

IMG_20201213_103733

2 Likes

Confirmed. App Manager (called AM Prerelease in F-Droid) also shows /e/ Browser has no trackers.

@Tony, if you’re not stuck on the Mozilla/Chromium camps there are a number of other browsers to check out. The aforementioned Privacy Browser is probably the most secure. SmartCookieWeb seems to have a lot features/options similarly. FOSS Browser maybe.
For fans of LineageOS’ Jelly there’s jQuatks (mash up of Jelly and Carbon ROM’s Quarks) with some extras. Never liked that style of browser (each tab is a separate instance, cluttering up Recents/Overview) but there it is.

Most of those are best if the underlying webview is regularly updated also. All of my ROMs, where applicable, use Bromite’s webview. Always an update along with the browser.

that’s what I recommend App Manager - Android package manager (A full-featured open source package manager for android.) - https://f-droid.org/packages/io.github.muntashirakon.AppManager

2 Likes

Oh, LOL. I didn’t realize that screen was from the same app.
App Manager is one the bestest, coolest, awesomest apps around. ClassyShark and a few other apps have long since been removed in favor of it. A must have.

1 Like

Hi Genjuro, thanks for the recommendations. F-droid says duckduckgo browser has the following anti-feature:

Screenshot_20201215-093502_Browser_1

I’m not sure what a non-free network even is so don’t know how seriously I should take that anti feature.

According to the e app store brave browser has no trackers and doesn’t request any permissions which is good, but for some reason only has a 6/10 confidentiality rating:

Screenshot_20201215-094333_Apps_1

Bromite isn’t appearing on f droid or the e app store

I’m using the app TrackerControl and a lot of trackers are being blocked. I’ve just installed app manager and, you’re right, it says there are no trackers in the browser. Can I conclude the trackers that TrackerControl are showing from the sites I’m visiting then?

Thanks for the replies. I’ve just installed app manager on your and tyxo’s recommendation. Why is it one of the best apps? What functionality does it offer?

App Manager’s features are listed in its app description. I’ve barely scratched the surface of what’s offered. I mostly use it to block trackers, manage permissions, a few other minor things.

It integrates with Termux, handles split APKs and APKMs, can do backups, check every little detail of an app, etc. etc.
Doesn’t necessarily need root as it can do a lot of functions via adb.

1 Like

Most likely yes. Both apps look for known trackers. App manager relies on a manually curated database of trackers collected in the exodus project. Tracker Control uses also a host list that is more or less complete. You can add your own list to tracker control too.

1 Like

The warning about the DDG Browser comes from the fact that DuckDuckGo (the search engine) is not open source itself. Feel free to trust it or not (as you can only use this search engine in that peculiar browser).

About the Brave rating in /e/ apps, I’m afraid this doesn’t mean much at the moment. I’d trust them more than Firefox.

Bromite requires to add an additional repo in F-Droid as mentionned on the website. Great browser as well.

1 Like

How do you actually block the trackers using app manager? I can find the page where it shows what trackers are in an app, but not an option to control them

@Tony,
There seems to be several methods of blocking trackers in App Manager. From blocking all in one fell swoop (not recommended) to individually.

Method 1: Block All At Once

Press 3-dot menu at upper right to bring down main menu.
Select +1 1-Click Ops from menu.
Select Block/unblock trackers.
Dialog will prompt if you want to apply to system apps also.
Apps and the number of trackers they include will appear. From here you can choose what to block or unblock.
I’ve never used this method.

202012363_212108

202012363_212127

202012363_212150

202012363_212213


Method 2: Manually Select Apps, Then Block

From the main display, long press apps to select them.
Press 3-dot menu at lower right.
Choose Block trackers from menu.
Trackers blocked without further action.
Never used this one either except for testing.

202012363_213132


Method 3: Individual App, Block All Trackers

Tap on any app you’re interested in.
If app has trackers, tap on the pill button denoting number of trackers.
List of trackers will appear. Select BLOCK or UNBLOCK as appropriate.
This one doesn’t work for me. App Manager crashes every time for some reason.

202012363_213232

202012363_213251


Method 4: Individual App, Block As Needed

Sort of a two parter. If trackers are present they will be under one or more of the following tabs: ACTIVITIES, SERVICES, RECEIVERS, PROVIDERS.
Go to any tab, choose Sort and select Tracker first to put trackers up top so you don’t have to look for them. Trackers will have a different colored background than non-trackers. Orange-ish I guess. Blocked trackers will have a red background.

202012363_214624

Individual Blocking

Tap the little symbol on the right side of any tracker until it changes to what looks like a clock with circle arrow. Doing so will cause a notice to appear stating Rules are not applied.
To apply, tap on 3-dot menu and choose Apply Rules. May have to do that for each tab but not sure.

202012363_214708

202012363_214834

Block Trackers In All Tabs

My preferred method.
After examing the trackers in each tab, from 3-dot menu select Block trackers. All trackers present in any tab will be blocked.

202012363_215105

202012363_215123

202012363_215140


That’s it I believe. Hope this helps.
Reason I don’t do block-all actions is because not all trackers are bad and should be left to the user to determine if they should be kept. Crash log reporting in some cases. Let’s be honest, we’ll use some alpha/beta level apps that crash but are too lazy to send in bug reports. :smiley:

I have one rare case. For years I’ve been using Advanced Download Manager Pro (no longer available, promise I’m moving over to Download Navi). It’s package name is com.dv.adm.pro. Apparently there’s a tracker that uses com.dv somewhere. As a result almost all of the app is considered full of trackers, about 20. I gave a look see at the “new” version available from Play Store and it has over 30. Of course that’s not true but every part of the app with com.dv is flagged.
As you may notice from one of the screen shots, there are apps I forgot have trackers, like TrackerControl itself. Hardly bad though.

4 Likes

I tried the “1 click ops” trackers blocker of the App Manager for a test, then set TrackerControl to see if something has changed, but all the trackers seem to be still there and effective.

Probably a point I missed…

I have been wondering about that myself recently. Is the in-app blocking actually working or not. Before App Manager I used to use MyAndroidTools and at some point Blocker.
I will have to do some testing and compare different types of apps, too. For instance a standalone app with trackers versus glorified web frontends (social media, banking apps, forum apps, most Google stuff, etc.).

When messing with the new XDA app, I blocked all the trackers but TC showed them anyway as you experienced. The app is a front-end to the web where the same tracking is being done. Made me wonder if the blocking is not actually working or if the requests are going through the webview (which is used to render the forums). Doesn’t sound likely on second thought.

I have a ROM that still has MyAndroidTools (MAT) on it. Using the XDA app again, I go into AppMgr (AM) and disable any blocks. Tracker background color is orange.
I go into MAT and locate the individual trackers for XDA. As I block them I check in AM in real time and notice the tracker color changes from orange to brown (actually, the colors are different depending on light or dark modes. I use dark. The Instructions from the main AM menu explains the colors). Brown is actually “very dark red”.
Anyway, that shows that blocking in MAT is at least applied.

In TrackerControl (TC) I cleared the info for XDA and checked anew. Had to turn off the Tor first. XDA hates it. Captchas and then getting stuck while it checks. Cloudfront, BAH!
Four trackers showed up in TC, marked as Essential (cloudfront, cloudflare, googleapis), and facebook (blocked under Social).

Cleared all blocking from MAT and TC then blocked all in AM. Same four trackers showed up in TC. Lastly, ran XDA with no trackers blocked. Same four trackers show up.
Note that the XDA app doesn’t fully work on most of my ROMs so I don’t know if more trackers would show up or not at the moment.

Don’t know what to make of all the tracker stuff anyway. Apps with no trackers still access things for whatever reason that gets caught by TC. Necessary and not-so-necessary calls to various content/storage/servers.
In short, I really couldn’t say if in-app blocking works or not without a lot of testing. :man_shrugging:

1 Like