{{Header}}
{{Title|title=
Web Browser
}}
{{#seo:
|description=todo
}}
{{browser_mininav}}
= Introduction =
A browser is a program you use to access and view websites on the internet, like Chrome, Safari, or Firefox. It lets you search for information, watch videos, check email, and more by showing web pages.

= {{project_name_short}} Default Browser =
* <u>At time of writing:</u> Firefox is installed by default inside {{project_name_short}}.
* <u>Future:</u> For a future version of {{project_name_short}}, it is planned to no longer install a browser by default inside {{project_name_short}}.

= No Default Browser =
No browser exists at time of writing that can be wholeheartedly recommended for users of {{project_name_short}} according to technical [[Dev/Default_Browser#Criteria|Criteria]] (security, privacy and user freedom).

These reasons are elaborated on the [[Dev/Default_Browser|Kicksecure Default Browser - Development Considerations]] wiki page and will soon be summarized here.

= Recommended Browser =
None.

= Issues with Browsers =
Most mainstream browsers are considered spyware by many people. See also [[Dev/Default_Browser#Firefox_Selling_User_Data|Firefox Selling User Data]].

This issue cannot be solved by operating system vendors such as {{project_name_short}}. For reasons why that is, see [[Dev/Default_Browser#In-House_Browser_Development|In-House Browser Development]].

= Browser Comparison =
== Browser Comparison - Introduction ==
Here is a list of commonly discussed browser within the security and privacy communities with their main disadvantages.

The browsers are listed in rough order of their market share and popularity.

== Chrome ==
'''Advantages:'''

* Most popular and therefore presumably most compatible browser.

'''Disadvantages:'''

* Closed source, non-freedom software.
* [[Miscellaneous_Threats_to_User_Freedom#Chromium|concerns about user autonomy related to browser market dominance]]
* tracking issues

'''Based on:''' Chromium.

'''Why not default in Kicksecure:'''

* Not Open Source. See [[Browser#Open_Source_Browsers_Only|Open Source Browsers Only]].

== Chromium ==
'''Advantages:'''

* Might be similarly compatible as Chrome due to its shared code base.

'''Disadvantages:'''

* Similar to Chrome, see above, except Chromium is Open Source.
* [[Dev/Chromium#Chromium_Debian_Package_Security|security issues with the Chromium package in Debian]]
* tracking issues

'''Why not default in Kicksecure:'''

* No official binary builds.
* Refer to disadvantages.

'''Based on:''' Not based on any other browser.

'''More technical details:''' [[Dev/Default_Browser#Chromium|Chromium]]

== Firefox ==

'''Advantages:'''

* Might be similarly compatible as Chrome due to its past popularity.

'''Disadvantages:'''

* '''Needs hardening:''' Not as hardened by default (lower attack surface, disabled telemetry) as it could be, creating demand for a hardened Firefox fork or Firefox settings project such as Arkenfox.
* '''Punicode security issue:''' [https://forums.whonix.org/t/very-hard-to-notice-phishing-scam-firefox-tor-browser-url-not-showing-real-domain-name-homograph-attack-punycode/8373 Very hard to notice phishing scam - Firefox / Tor Browser URL not showing real domain name - Homograph attack (Punycode)] A homograph attack is a type of phishing attack where characters from different writing systems are used to create deceptive URLs. These URLs appear identical or very similar to legitimate ones. Punycode is a way of encoding these special characters so they can be used in domain names.

'''Why not default in Kicksecure:''' '''<u>Planned!</u>'''

* The issue of [[Dev/Default_Browser#Firefox_Selling_User_Data|Firefox Selling User Data]] was [https://connect.mozilla.org/t5/discussions/information-about-the-new-terms-of-use-and-updated-privacy/m-p/88189/highlight/true perceived very badly by the community.] Therefore Firefox will be no longer installed by default inside {{project_name_short}} in a future version as soon as [[Dev/browser-choice]] has been implemented.

'''Based on:''' Not based on any other browser.

'''More technical details:''' See [[Dev/Default_Browser#Original_Firefox|Original Firefox]].

== Mullvad Browser ==
'''Advantages:'''

* <u>Anti-browser fingerprinting:</u> Makes it harder for websites to track you based on your browser’s settings. This helps protect your privacy.
* <u>Security features:</u> Includes a "security level" setting that lets you choose stronger protection. Higher levels may break some websites but offer better security.
* <u>Installation:</u> [https://mullvad.net/en/download/browser/linux Debian package repository available.] This allows users on Debian-based systems, including {{project_name_short}}, to easily install and update Mullvad Browser using tools like <code>apt</code>.

'''Disadvantages:'''

* [[#ESR|ESR]]

'''Why not default in {{project_name_short}}:'''

* Not vendor neutral 
** Includes Mullvad branding, uses Mullvad DNS by default, and promotes its VPN service, tying it to a specific commercial provider.
** Creates potential reputational risks for {{project_name_short}} by suggesting endorsement or sponsorship by a VPN company.
** Could lead to user suspicion of paid promotion, harming the project's perception of independence and trustworthiness.

'''Based on:''' [[Dev/Default_Browser#Base_Browser|Base Browser]], which is based on Firefox ESR.

'''More technical details:''' [[Dev/Default_Browser#Mullvad_Browser|Mullvad Browser]]

== Tor Browser ==
'''Advantages:'''

* Same privacy and security benefits as Mullvad Browser.

'''Disadvantages:'''

* [https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/41179 Cannot be installed or updated using the usual Debian software tools yet.] <ref>
https://forums.whonix.org/t/would-stable-tor-browser-deb-package-help-or-burden-whonix-devs/19995
</ref>
* [[#ESR|ESR]]

'''Why not default in {{project_name_short}}:'''

* Sends all web traffic through the Tor network. This is good for anonymity (like in [[Whonix]]), but {{project_name_short}} needs a regular (clearnet) browser instead.

'''Based on:''' [[Dev/Default_Browser#Base_Browser|Base Browser]], which is based on Firefox ESR.

'''More technical details:''' [[Dev/Default_Browser#Tor_Browser|Tor Browser]]

== Brave Browser ==
'''Advantages:'''

* <u>Built-in ad blocker:</u> Brave includes an advertisement blocker by default, which helps reduce tracking and speeds up web browsing.

'''Disadvantages:'''

* <u>Ad-funded business model:</u> Despite blocking ads, Brave is itself an advertising company. It replaces traditional ads with its own ad system.  
** [https://en.m.wikipedia.org/wiki/Brave_(web_browser)#Business_model Brave Business Model on Wikipedia]
* <u>Controversies:</u> Brave has faced criticism for certain business decisions and privacy concerns.
** [https://en.wikipedia.org/wiki/Brave_(web_browser)#Controversies Brave Controversies on Wikipedia]

'''Why not default in {{project_name_short}}:'''

* Because of disadvantages listed above.

'''Based on:''' Chromium.

'''More technical details:''' [[Dev/Default_Browser#Brave_Browser|Brave Browser]]

== LibreWolf ==

'''Advantages:'''

* Firefox Rapid Release instead of [[#ESR|ESR]].

'''Disadvantages:'''

* [[Dev/Default_Browser#LibreWolf_-_Lack_of_Radio_Silence_as_a_Development_Goal|LibreWolf - Lack of Radio Silence as a Development Goal]]
* [[Dev/Default_Browser#LibreWolf_-_IJWY_.28I_Just_Want_You_To_Shut_Up.29_Feature_Removal|LibreWolf - IJWY (I Just Want You To Shut Up) Feature Removal]]

'''Why not default in Kicksecure:'''

* Due to disadvantages listed above.

'''Based on:''' Firefox Rapid Release

'''More technical details:''' See [[Dev/Default_Browser#LibreWolf|LibreWolf]].

== Other Browsers ==
Other browsers might be listed on [[Dev/Default_Browser|Kicksecure Default Browser - Development Considerations]].

= What Users Can Do =
The situation is clearly unsatisfactory. Here is what users can do:

* Stay in the loop. Subscribe to relevant discussions.
* Conduct deep research.
* Stay vigilant.
* Demand transparency.
* Demand radio silence.
* Support [[Gemini|Geminispace‎]], SmolNet.
* Wait for privacy-respecting browsers to become available.

= Activist Statement =
<u>Market Stance:</u> Using any browser other than Firefox or Chrome(ium) is seen by some as a stand against the dominance of Firefox and Chrome.

= Extended Support Release - ESR =
{{anchor|ESR}}
Browsers based on Firefox ESR might be less secure than browsers based on Firefox Rapid Release, see [[Dev/Default_Browser#Firefox_Security_-_ESR_.28Extended_Support_Release.29_versus_Rapid_Release|Firefox Security - ESR (Extended Support Release) versus Rapid Release]].

= Open Source Browsers Only =
Browsers that are closed source (not Open Source) are only briefly mentioned and discouraged. See also [[Reasons_for_Freedom_Software|Reasons for Freedom Software / Open Source]].

{{Avoid nonfreedom software}}

= Advanced Topics =
The following topics are for [[Advanced Users]] only.

== Browser DDOS Vulnerabilities ==
{{intro|
Can browser be frozen by heavy JavaScript as an attack? Other vulnerabilities? What happens if JavaScript is constantly fetched or if the browser's DOM is 1 GB++ large?
}}

{{AdvancedUsersOnly}}

* Vulnerabilities
*# '''Infinite Loops / Infinite Recursion''' : <code>while(true) {}</code> can cause the browser to freeze and <code>function recursive() { recursive(); }</code> can crash the browser due to stack overflow. There are safeguards in place in modern browsers but it's still a risk especially if combined with other attacks
*# '''Memory consumption''' : By creating an extremely large DOM or an extremely large array the memory can be consumed leading to slowdown of the OS or crash of the browser
*# '''Fetching humongous data''' : Constantly / infinitely fetching giant data files can slow down the browser or freeze it
*# '''Forced reflows and layouts''' : By constantly changing huge parts of the layout of the page in short intervals the browser can be slowed down
*# '''iframe overload''' : Creating a huge amount of iframes - even without source - and adding them to the page can slow down the browser
*# '''iframe inception''' : an iframe references the same page it is on, which in turn creates another iframe that references the same page, and so on. This can lead to an infinite loop, causing the browser to consume significant resources and potentially become unresponsive or crash.
* These are the most common and even some less likely DDOS vulnerabilites for the browser. Most modern browsers are safeguarded against this as much as possible. But as there is often no way to differentiate if a huge memory consumption is benevolent or malevolent the browser has to accept most of these commands
* In the past Javascript was more powerful in the browsers giving it some OS access. But due to virusses and malware all browsers now use a sandbox to severely limit Javascript capabilities

= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]