Find out for yourself!

https://codeberg.org/dialhome-study/browser-network-insights

Usage details for running locally under “Testing procedure” -> “Basic test environment usage”

Previously posted on this community here: https://lemmy.ca/post/59519788

I prefer my devices without any malware at all but you do you I guess.

you’re data is safe with small hackers

wat

Yes let’s make sure everyone’s on the exact same provider. What could possibly go wrong. “Just use X” bandwagonning is shortsighted and lazy.

Or factory reset and then don’t install SmartTube. Fool me once?

Would be cool to hear how it goes if you do!

Dev here! Thanks for your interest!

Aw. On Artix, it wants to pull in wayland. No thanks.

Hm, I guess you’re just running text mode browser on that machine…? On Arch the wayland package is pulled in as transitive dependency of the gtk3 package. I don’t believe it will actually be loaded at runtime. However, I think that gtk3 might not be a hard dependency at all anymore (it used to be for Firefox in the past so this might be a leftover that konform inherited).

If you’re comfortable with makepkg I could suggest trying the konform-browser-bin AUR package and simply remove gtk3 as dependency from the PKGBUILD, run makepkg -si and fingers crossed that might work. More details in konform-browser/Arch repo, where contributions are also welcome. If you go the source route, see the note about profiling without wayland.

EDIT: OK I took a look and unless Artix is repackaging some core packages, I don’t see a way to make it work on Arch at least: xorg-server depends on libglvnd depends on mesa depends on wayland. Among others. Are you actually able to run an X server at all without having the wayland package installed? Or is thsi for headless use without any graphical environment…? Curious about the use-case! If you want to see if it runs you can try the binary tarball or just tar -xfing the arch package and invoke the konform binary directly.

Aw. https://gpo.zugaina.org/Search?search=konform no ebuilds on any listed overlays for Gentoo yet.

FWIW, it’s not planned at the moment but here’s the issue currently tracking Gentoo packaging: https://codeberg.org/konform-browser/source/issues/9

good point for the offlineimap cronjob, I’ll take note of that.

I might as well go as far as suggesting to start there with your current mail provider if the local/offline-first flow is something that could work for you (and assuming it’s not something you already do, in which case carry on). Once you’ve adapted to a local-first mail reading flow with any client that’s separate from the “app” or webmail tethered to your mail service, then rest of migrations should be smoother and hopefully feel less daunting. Doesn’t mean you have to keep doing it that way only forever but establishing the infra and habit once for a while can help with both resilience and confidence in everything that follows.

If you’re roaming between devices and places enough that local-first feels untenable then the “syncbox” could be a little SBC or whatever; it could be the machine you also use read and write mail from but doesn’t have to be.

NP and good luck!

No experience with Migadu but yeah, I think 1 account = 1 login is the intended meaning in their FAQ.

At $19/year couldn’t just gifting a separate micro sub to your SO might be a option if you adminning her email feels weird to either of you?

Am I missing something else?

You don’t mention how you’ll be accessing your emails so maybe this is something you already solved for: Regularly syncing down all mail locally means you won’t have to rely on the mail provider as a single-point-of-failure for keeping your emails safe, secure, private and available. This could consist of anything from a simple offlineimap cronjob to a full-blown “offline” separate mail server.

Maybe. But be careful about putting in that PIN or connecting it to your network when you get home, in case you get it back after…

Appreciate the links!

And the option “Always show scrollbars” enabled because I have not found the preference to do it through the configuration file.

The labeling makes it less obvious but that maps to widget.gtk.overlay-scrollbars.enabled=false so also part of Konform upcoming update :) In general I find the quickest way to identify the mapping of a UI configuration and the about:config key is to:

• launch a clean profile
• open about:config
• click Show only modified preferences
• open about:preferences
• change the thing
• tab back. what’s new?

BTW, widget.non-native-theme.enabled is a no-op since the direct GTK integration was removed a while back: https://bugzilla.mozilla.org/show_bug.cgi?id=1726283#c4

You know, I think we should do at least something about those scrollbars¹ too. Not sure how close this is to what you prefer but hopefully a more sane default with more traditional fixed-width scrollbars should be part of next release. In general aiming to keep subjective and aesthetic UI tweaking to a minimum but I think the usability argument supports this one at least until anyone voices a different opinion.

So ty for that suggestion and also thank you for the warm feedback you left on the repo! :3

¹: Not only are they thin; they change the width dynamically when hovered and overlay on top of content. The potential for misclicks is not great.

In case you want to try this for yourself, adding container and running test for Waterfox should be about same as for Floorp that I wrote about here. Then you can really see what’s going on and reason about the difference when you see the URLs and stuff.

BTW the purpose of the report section here isn’t “look at my numbers and take my word for it” but “here’s some examples of things we can look at with this”. Please keep in mind both the Limitations section and that it’s intended as showing one way to easily and independently compare browsers yourself. Just reproducing the examples shown and then scrolling through the .har files JSON is a great start. Of course, me and I assume others would be very happy if you want to share anything that comes out of that so that we can bring people up together. I’m sure there’s a lot more useful insights to derive even with a small and scoped testing protocol like the one in article and wouldn’t mind input of any nuggets other people come up with :)

What are you curious about with Dillo And Netsurf? Isn’t it safe to assume at this point they will both be 0 across the board for all the queries in the report?

I think we need a different testing protocol for them to be interesting to include. AFAIK they don’t have add-ons that could be interesting to test either? Do you have any suggestion for step(s) you think could be added to the test in order to make those meaningful to include? Or is my assumption about Dillo and Netsurf out of date?

Oh, thanks for reminding me of Trivalent, I realize now I’ve come across it before but totally slipped my mind. If/when testing for chromium in place I think this can be interesting to sample next.

Assuming you mean the Mullvad extension (which is installed by default in MB) and not the Mullvad VPN app (which also exists but never came close to these machines) :)

That will indeed likely make a difference on Mullvad Browser numbers. However for now I’m not changing the “keep addons at stock defaults” invariant or the test matrix might get really out of hand… Should we disable uBlock Origin in LibreWolf? How about uBO or NoSccript in Mullvad then? Konform Browser loads uBO but only if its apt package is installed; should we do that? What happens when we try to explicitly opt out of everything under Preferences in Firefox? I guess the last one is something to actually consider but for now not touching the addons.

(Would be super cool if anyone else tries this out and reports back though! The compose should hopefully be straight forward and easy to get started with if you are on Linux and have podman available. The report mentions it TL;DR we had to work around the oBO install in LW not properly utilizing the proxy (?) like this and I think same approach could be used to Uninstall Mullvad extension from Mullvad Browser and prevent it from even loading)

Disclaimer: Am konform dev so shouldn’t be a surprise that it’s working well for ourselves I guess. Eager to hear to what extent it’s overfitted for our usage or really as great as I think it is ;)

BTW if you, dear reader, think queries in report of results are cherry-picked in a way that favors it (I don’t think they are but hey, fair), I’m also eagerly accepting input and especially PRs for queries (still have the raw dumps so I can add this quickly) or steps to test procedure (this means I have to rerun all of them so might take longer to update) that could illustrate different tradeoffs and show a more complete picture. Bring it on <3

Daily-driving it now. I think it’s great. If you’re somewhat familiar with the landscape otherwise I think readme explains how it’s different and why. If you don’t mind losing out on some "safety"¹ and latest upstream features² for the sake of a more stable and predictable base, not having reliance on proprietary integrations or even internet, and really removing all non-essential network integrations, then definitely worth a try!

¹: A surprising amount of people think (or at least write online) that a browser that doesn’t block user requests completely aligned with the Google SafeBrowsing blocklists is unsafe and that doing those syncs is an essential feature. If you think this is the only safe default option in 2026 I’m sorry but please consider uBlock Origin. See how opinions on who to trust can affect what “most secure” means. Konform Browser removes many assumptions of trust. But not all; Everyone still comes with an assumed PKI after all and there exists a default for DNS.

²: Since it’s ESR base it means new feature updates from Mozilla ~yearly instead of ~monthly. Still receiving security updates on the rapid schedule. No AI features out of the box.

There can still be winners, the good, the bad, and the ugly. It’s just that we have to engage a bit deeper than a quick scroll and a oneliner to figure it out¹ than that.

they’re all doing differently privacy impacting things, but there are no “winners”.

The difference matters. Looking into the raw URLs and bodies involved is enlightening. Apart from that, which other queries can we run with jq (or other tools) can we add to the post to add more useful dimensions?

¹: The answer might be different for each of us and depend on what we’re doing at the moment. Different situations might call for different browsers.

At least in most cases, the data is being leaked back to the developer and not third parties.

What is this based on? Why not see if that assumption is true¹? There’s quite a big difference in nature and quality here between them. This doesn’t really come through in the data aggregation put on display in the post but I hope more people will try to run this on their own. Zen and Mozilla are the only ones with significant (and it is significant) telemetry of their own at all between these while LibreWolf and Konform have 0 data going to the devs, for one.

The whole idea here is to be able to achieve more nuanced and accurate understanding so more educated decisions can be made and enlightening conversation be had. Not just keep rehashing the same memes we based on vibes and hearsay.

Was hoping more for answering questions or getting new input than shooting down uninformed takes 😅

¹: Well, staying inside the system we can’t prove that no sharing with third-parties is going on if we only see one domain involved. But that is not the case everywhere here. We can easily see when separate servers operated by multiple parties are involved by looking at the URLs and looking up the domain names. And then we can go look at what’s being sent to where.

Thanks! Adding Floorp should be straightforward if you feel like tackling it yourself as it’s “just another FF fork”. Adding a new browser consists of adding a new Containerfile for it. I guess Floorp might be most similar to Mozilla firefox out of the existing ones. PRs much appreciated for new browsers as well as any interesting queries to get more insight into data I can run on existing dumps and add to Report section.

They have official PPA: https://ppa.floorp.app/

For Brave got it running but didn’t yet figure out why it crashes as soon as I try to proceed with the onboarding. Judging by the probably unrelated error noise in the console, it might be trying something weird with a graphics driver or hardware sensor and not gracefully handling not having access to whatever it is 🤷 But didn’t even ldd or strace it properly yet so maybe just a missing library.

There’s a lot that could be done but had to wrap up and publish somewhere.