The post Microsoft Lost Its Keys, Voice Cloning Scams, The Biden-Harris Cybersecurity Labeling Program appeared first on Shared Security Podcast.

The post Microsoft Lost Its Keys, Voice Cloning Scams, The Biden-Harris Cybersecurity Labeling Program appeared first on Security Boulevard.

Waterfox came into the browser scene in 2011, coming right out the box with official x64 support (a rarity among browsers at the time) and promoted itself as an "ethical browser."

However, many things have changed in the browser landscape, and even the Waterfox project as whole since 2011.

With these changes, can Waterfox be a viable privacy-focused browser?

Let's do our best to find out.

Overview

Here's Waterfox at a glance...

• Light on System Resources ()
• Compatible with most Firefox Extensions ()
• "No telemetry" and "Limited Data Collection" (this could change, given the first con below)

• Bought by analytics/adverising company, System1, which is the same company that bought search engine StartPage. More info
• Still needs
  about:config tweaks
  found in Mozilla Firefox to be a more "true" privacy browser
• Nonexistent mobile support (this may be a con for some people)

Revisiting Waterfox in 2023

Waterfox has changed some since publishing this post. Most notably, Waterfox has returned to its previous independent status and has streamlined its lineup.

Waterfox is independent

As of July 2023, Waterfox announced it has returned to its former status as an independent project - presumably, shedding their association with System1. For the unaware, System1 had invested in Waterfox in late 2019, and while they did nothing explicitly violating user privacy, their “backing” of Waterfox wasn’t well-received by many (including myself in the initial version of this review)

This association with System1 was the primary con associated with Waterfox; Waterfox had been partnered with System1 for roughly 1 year when the initial post was published. At the time it seemed deliver on its promises of an optimized and more private experience for users, despite its association with System1.

As noted later in the review, System1 had never (overtly) did anything to be labeled as “untrustworthy,” but suspicions persisted because of its analytics/advertising connections. As such, because of this association, it appeared the greater privacy community (and myself included) lost trust in Waterfox - or confidence was shaken up enough not to widely recommend it over other privacy-oriented browsers.

A refreshed download/install experience

Waterfox still downloads and installs quickly. The website has been overall simplified. It is far easier to find relevant information and download the appropriate version of Waterfox.

Since the publication of the initial version of this post, Waterfox has moved into release of its 4th generation. Waterfox Classic is still around, though it appears to no longer share the same code repository or immediate resources with the newest generation of Waterfox.

With the 4th generation of Waterfox, users on substantially older systems may find difficulty running the browser. However, users are still able to download older, stable releases of Waterfox if desired. though isn’t expressly recommended due to older versions (including Waterfox Classic) missing security patches from upstream Gecko.

While Waterfox still does not have an official release on Android or iOS as of this update, users can download the older Android version if desired - though this isn’t recommended because the Android version is ridiculously old and missing years’ worth of security fixes and updates. Running extremely outdated software, such as a browser, undermines basic security and negatively affects your privacy due to needless exposure to vulnerabilities.

First Launch

Waterfox launches quickly, which was also noted in the initial post. Nothing’s changed there.

Upon first launch of this new, independent-from-System1 Waterfox version, I used Portmaster to capture DNS queries made:

Background connections made by Waterfox on initial launch

A little bit to unpack here for the initial launch, but nothing too bad. On my first launch since last installing this browser, Waterfox took me to its patch notes hosted on its website waterfox.net - so this is not really a background connection.

The server hosting Waterfox.net has OCSP stapling enabled, which checks websites' certificates revocation status; Digicert is perhaps the most well-known provider of this service. Lencr.org is owned by Let's Encrypt, which provides free TLS certificates for websites (so you connect via HTTPS instead of HTTP).

Like Firefox, on the first launch after install, Waterfox fetches and downloads Cisco's OpenH264 video codec from ciscobinary.openh264.org. This video codec encodes and decodes in real-time, which makes it great for use in other real-time browser applications (ex: WebRTC).

The other domains are connections to various Mozilla services, as noted in the table.

Waterfox appears to still uphold its no telemetry claim

Similar to vanilla Firefox, Waterfox can be configured using the about:config settings to be more privacy-friendly. It is also compatible with add-ons designed for vanilla Firefox as well; Waterfox still comes with uBlock Origin, an open-source wide spectrum ad/tracker blocker, by default. Additionally, the default search remains Bing.

By default, Waterfox still does not have the opt-out telemetry ("Firefox Data Collection and Use") in its settings, signaling this has been removed in the source code - which is a good thing. Waterfox still uses some Mozilla services, though.

While using Waterfox, I noticed regardless of the sites I visited, it usually made background connections to:

Background queries made by Waterfox while browsing

Connecting to Bing (bing.com) in the background concerned me. But I relatively quickly found that in the preferences/settings pane, Waterfox enables search suggestions by default; since Bing is the default search provider, connections to Bing pull search suggestions as you type them in the URL bar.

However, the issue with this is the forwarding of your search queries to the selected default search engine in real-time, before ever hitting Enter. Disabling search suggestions fixed this issue altogether. Though, if you prefer search suggestions, then its best to use a private search engine as the default browser search instead.

Of course, some may find the initial and default connections Waterfox makes concerning. However, let’s remember vanilla default Firefox is just...

The post Review: Can We Trust the Waterfox Browser? (Updated 2023) appeared first on Security Boulevard.

Legislation that would ban law enforcement and federal agencies from buying consumer data from data brokers without a warrant is on its way to the full House.

The post House Panel OK’s Bill to Ban Law Enforcement from Buying Data from Brokers appeared first on Security Boulevard.

The post First Ban on Selling Location Data, Prohibiting Password Managers, Real-Time Crime Center Concerns appeared first on Shared Security Podcast.

The post First Ban on Selling Location Data, Prohibiting Password Managers, Real-Time Crime Center Concerns appeared first on Security Boulevard.

The post The Biggest Data Breach in Australian History: An awakening for Organizations appeared first on WeSecureApp :: Simplifying Enterprise Security.

The post The Biggest Data Breach in Australian History: An awakening for Organizations appeared first on Security Boulevard.

The post Meta’s Threads and Your Privacy, Airline Reservation Scams, IDOR Srikes Back appeared first on Shared Security Podcast.

The post Meta’s Threads and Your Privacy, Airline Reservation Scams, IDOR Srikes Back appeared first on Security Boulevard.

Reducing Risk and Building Trust with Data Privacy Read More »

The post Reducing Risk and Building Trust with Data Privacy appeared first on TechSpective.

The post Reducing Risk and Building Trust with Data Privacy appeared first on Security Boulevard.

The post Data Breaches in June 2023 – Infographic appeared first on WeSecureApp :: Simplifying Enterprise Security.

The post Data Breaches in June 2023 – Infographic appeared first on Security Boulevard.

The post MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches appeared first on Shared Security Podcast.

The post MOVEit Cyberattack, The Problem with Password Rotations, Military Alert on Free Smartwatches appeared first on Security Boulevard.

The EU has proposed legislation that would govern the use of AI and could be used for a blueprint by other countries looking to put guardrails around the technology.

The post As Goes GDPR, So Goes AI: EU Leads With Proposed AI Law appeared first on Security Boulevard.