What does HackerNews think of user.js?

https://github.com/arkenfox/user.js -- If you're constrained using ff

Fun fact: this makes you extremely easy to identify, because it gives your browser a very unique fingerprint. If JS is enabled, that is, which you can disable by default, but JS is simply a requirement for many websites to function.

I wonder how they approached this problem this for the Mullvad Browser.

But it needs tech skill to adopt, so even if this Mullvad Browser is basically just prepackaged Arkenfox, that's great to drive adoption.

There are also firefox forks that disable background requests. Librewolf (https://librewolf.net/) is a popular fork that uses a combination of about:config tweaks, policies, and patches to disable all background requests (technically some requests still go through, but are replaced with a dummy url that you can block). Librewolf also downloads uBlock Origin by default, and is close to upstream. Overall it's a pretty good out-of-the-box solution.

My browsers block connections to trackers and 3rd party cookies. Sometimes scripts too, for good measure, and some selected stuff from user.js (https://github.com/arkenfox/user.js). Separate profiles for each service just to make really sure important stuff doesn't get affected by casual browsing, and vice versa.

No google- or apple- owned phone. Phoning home from the PC is also at minimum - just Firefox does it and the package manager.

It's not total privacy because for some interactions you want to share your details, like payment info, but what I get is that I know where I pierce the boundary.

I would interpret that as a Linux distribution that is kept up to date, is easy to configure, does not have dial-home cruft and has decent documentation. This is just my own take but opinions will vary wildly for everything I will add here.

- Kept up to date would be all the popular distributions that are not niche focused such as the security/privacy distro's that you mentioned. They have a small user base and do not has as regular of a cadence of updates. So Arch, Alpine, Alma, Debian, CentOS/Redhat, Fedora, QubesOS, Rocky, Void, Ubuntu. Fedora and Ubuntu will have the most recent a.k.a. bleeding edge versions of upstream packages but most of the distributions are not far behind. The oldest and most battle hardened versions of software would be on CentOS/RHEL with back-ported bug and security fixes. I intentionally left out Gentoo and LinuxFromScratch as those are for people that love tinkering and troubleshooting.

- Not dialing home is devolving by the day but Alpine, Alma, Arch, Debian, CentOS, Qubues, Rocky, Void are not chatty. Fedora recently started dialing home quite heavily for desktop users and even mimic some Microsoft behavior in the latest Beta. Hopefully they will turn this off after Beta because blocking it breaks the desktop. Ubuntu had a few mis-steps in this area in the past but I do not know if Canonical curtailed the dialing home, this was some time ago. Something to keep an eye on in this area is systemd-resolvd as this is evolving and has the potential to get leaky but that is a topic in and of itself.

- Arch has incredible documentation. They are an outlier in this area. Behind them I would place Debian, CentOS, Fedora and Ubuntu. The others have hit-or-miss documentation that sometimes requires a search engine to fill the gaps, especially as it pertains to real world examples.

- Easiest to configure would be Ubuntu as it had heavy adoption early on by many developers, followed by Fedora. Both have a myriad of example configurations in their documentation and endless examples on StackExchange, Serverfault, etc...

Again, just my own opinions. I tried to not be biased. I am a pragmatic minimalist and do not like shiny or trendy things. I personally prefer Void and Qubes for desktop and Alpine for VM's, Routers, Firewalls, etc... Qubes should have a decent amount of memory, maybe 32GB+. Both have some minor annoyances that would frustrate people new to Linux. All of the popular distributions can be locked down to be less chatty using outbound firewall rules with the iptables "owner" module with exception to Fedora's Beta.

If you want to go beyond user-based+port-based rules then there is an open source project called OpenSnitch that mimics the behavior of LittleSnitch (mac). [1] Blocking the chatty behavior of Fedora will break it, especially their admin sub-domain. It is equivalent to Microsofts access sub-domain used heavily be the Home edition.

Beyond the basic hardening of an OS if one wanted to really lock things down and assuming they understand Linux networking principals, then QubesOS + a custom Firewall VM clone + Custom Whonix VM clone has the potential to leak the least data but this assumes that one already greatly understands networking, linux, all the internet services. There are no turn-key solutions for this that fill knowledge gaps, despite there being several that claim to do so. If going down this path, I suggest using a spare machine that you would not mind blowing away and re-configuring VM's as a matter of a learning exercise.

Reducing chatty'ness of user-space applications like Firefox would be user.js [2] and controlling what those applications can see or not see would be firejail available in some distro repos. [3]

Additional hardening can be implemented using one of the five security modules in the Linux kernel, with the most common being AppArmor and SELinux but one must really learn how these work to get the most out of them. Most applications in a Linux distro have existing MAC rules. Custom applications would need custom MAC rules to secure them. The default rules in AppArmor and SELinux are designed for a balance of security and usability rather than security+privacy.

All of the distributions can be stripped down to be as lean as you want.

[1] - https://github.com/evilsocket/opensnitch

[2] - https://github.com/arkenfox/user.js

[3] - https://github.com/netblue30/firejail

    programs.firefox.profiles..extraConfig = builtins.readFile ./user.js;

[1] https://github.com/arkenfox/user.js/

[1] https://github.com/arkenfox/user.js

[2] https://github.com/cmitsakis/tmpfox

https://github.com/arkenfox/user.js

Contrary to what LibreWolf claims you do have to sacrifice usability though, including WebGL, DRM, Firefox Sync, autofill, history, and the occasional breakage. With arkenfox there is also letterboxing, and even more breakage. If you set uBlock Origin to the recommended medium mode you usually still have to whitelist third-party scripts to make websites work.

It's a pain to go through all of it the first time, less so with subsequent updates, but it's extremely comprehensive for most Firefox issues.

Then, I run uBO, uMatrix, NoScript, and Temporary Containers.

This being said, I'm interested in LibreWolf and how much user.js manipulation they make unnecessary.

For addons in general I recommend sticking to this: https://github.com/arkenfox/user.js/wiki/4.1-Extensions

For Firefox on Android I maintain Mull for 4+ years now:

- https://f-droid.org/en/packages/us.spotco.fennec_dos/

- Comparison: https://divestos.org/index.php?page=browsers