I’ll put my vote in for LibreWolf. Happy to help anyone with a ‘i can’t get librewolf to…’ or ‘this site is broken on librewolf’, etc to help you tweak it.
But i keep both installed. Libre for my daily driver. FF if there’s a site that i absolutely need to be identifiable for.
I’m probably not the best person to talk to about Firefox hardening. Because… I don’t. I only go as far as using firefox containers.
My threat model is to counter:-
I use a VPN for the first three, and I use Ublock, and don’t use google/meta/twitter/amazon/ebay for last.
I personally believe it is impossible to escape fingerprinting unless you’re on Tor Browser, but using Tor paints you as a target in my country per the first item above.
I also work in financial services, and am a user of my company’s product. We do significant ‘device intelligence’ and ‘behavioral intelligence’ on client devices, auth attempts, and actions taken in sessions. Log in too many times from too many different (seemingly) devices, user agents, IP addresses, regions, etc and it increases our customer risk assessment of you. Tick over a threshold and your account falls under enhanced customer due diligence. Tick over another threshold, and we’ll set auto-blocks until we can investigate. I assume that any other financial services provider worth their salt would do the same to counter fraud, money laundering, and meeting sanctions.
I basically use a split tunnel VPN. VPN traffic for general browsing, email, etc. And looking as much as a regular user as possible when accessing financial services, government websites, etc.
And yeah, agree LibreWolf is great. Only downside for the average user is the lack of an auto-updater. So the only tweak i’d do with LibreWolf would be to set up a cron/systemd timer to update it nightly.
I tried Obsidian, but it didn’t give me anything extra on top of using Helix with Marksman, dprint and git. 1% the ram usage of obsidian, versioning, auto-formatting, link auto-complete, page pickers/traversing, global search, etc. there’s literally no reason to use more electron bloatware.
I basically use Markdown files for anything i would’ve done in Word, and python streamlit + pandas + csv files for anything done in Excel (and capable of handling millions of rows more performantly)
My issue is that while i am concerned about privacy, i’m more concerned with security patching. And none of these smaller browsers have the resources to turn around security fixes as quickly as firefox or chrome.
Firefox is the least of the concerns as long as we have the config options to disable anything deemed not privacy-respecting.
Interesting. I’m surprised it works on any browser.
From what I can see, when www.toonamiaftermath.com loads, it gets a guest id from api.toonamiaftermath.com.
www.toonamiaftermath.com has a well configured SSL chain per https://www.scyscan.com/check-ssl/result/www.toonamiaftermath.com.
However, api.toonamiaftermath.com is missing an intermediary certificate authority per https://www.scyscan.com/check-ssl/result/api.toonamiaftermath.com. Note how there’s only 1 record in the chain at the bottom of the page. It should resolve all the way upto ISRG Root X1 or X2 per https://letsencrypt.org/certificates/
This is on the server admin to fix up.
If however, you like to live dangerously, you can force LibreWolf to ignore the error (Keep in mind, this is the browser saying “We can’t confirm that this server is who they say they are”).
In LibreWolf, open the dev tools panel. (Press F12) Click onto the Network tab. Then load https://www.toonamiaftermath.com/ In the Network panel, you should see one record in red for https://api.toonamiaftermath.com/ trying to load bundle.js with the error NS_ERROR_ blah blah SEC_ERROR_UNKNOWN_ISSUER. Double click that record and it’ll open a new tab showing you FF’s/LibreWolf’s “Warning: Potential Security Risk Ahead” page.
Click on Advanced, then “Accept the Risk and Continue”. You might see the service response, you might only see the screen flicker. In any case, reload https://www.toonamiaftermath.com/ and repeat for any subsequent errors. It should challenge for every subdomain/package.
Once done, the site should work for you. You might need to manually click play depending on your other browser settings.
Good luck. You’ll need to occasionally re-accept the SSL errors. As mentioned, there’s a problem with the trust chain. The site owner likely hasn’t set it up correctly, and should be causing it to fail on all browsers. You might have a cached chain somewhere that’s allowing it to work on that particular browser.