Review: Privacy Browser – The most underrated Firefox fork for Android?

There good Firefox forks and there a lot of bad Firefox forks floating around the Internet. Today I’ll take a closer look at the Privacy Browser for Android which is maybe a good alternative since it has some neat privacy related function on board.

Privacy Browser

Overview

Privacy Browser is a fork of Mozilla’s Firefox developed by Stoutner. There not much developer working on it, in fact from the git.stoutner.com it seems that’s a one-man show from Soren Stoutner the founder of this project – but this doesn’t mean anything as you can see there lots of commits and he seems to work hard on it. The project itself is pretty young compared to other projects, it started in 2016 and was released under the GPLv3+ license. The source code is provided and everyone can contribute to the project. The known issue and ‘todo’ related things are visible here for everyone. There is also a roadmap provided which tells us a lot (without the need to browse the issue tickets) what’s already on the todo and what we will see in the coming major builds.

The Browser privacy policy can be reviewed here.

Features

This slideshow requires JavaScript.

• Tor Orbot proxy support
• SSL certificate pinning
• Full screen browsing mode
• Night mode
• No Ads
• You can set the privacy features based on per Domain
User-Agent can be automatically updated
• Incognito Mode
• JavaScript by default disabled (can be enabled for all or per Domain)
• Clear all cookies or clear all data like DOM Storage etc during the exit
• Multi-Language support
• Integration of several filter lists in order to block ads (EasyList, EasyPrivacy Fanboy’s annoying list and Fanboy’s social blocking list [in order to use the last one you have to uncheck the annoyance list])
• Do-not-Track DnT support
• User-Agent control
• Search can be configured, there is a pre-given list or you can choose ‘custom’ to use your own search provider
• Multi-Language support (currently English, Russian, Italian, Spanish and German)
• Full Screen management
• Font size control
• Dark theme
• Multi-Language support
• Night mode which renders all pages in dark
• Swipe to refresh
• Additional icons in the app bar can be turned on or off
• Supports bookmarking of your favorite site
• SSL certificate pinning by domain (which e.g. Orfox doesn’t support)

Download

Privacy Browser by Soren Stoutner is available on all known places, like F-DroidGoogle PlayXDA Labs and the Amazon Appstore.

The free version has all the features of the standard version with the addition of a banner ad across the bottom of the screen. It is available on Google PlayXDA Labs, and the Amazon Appstore. You can buy the app for 1 dollar (which I believe is only to support the project/developer) to keep it alive since you anyway could download all builds (even the pro one) over here. BitCoin is also accepted.

The difference basically is the file-size since the free version comes with a banner and additional libraries (Google’s AdMob network) which are required to display such a thing it’s bigger (Free = around 10 MB | Donate = around 9.1 MB) the size will of course change over the time once there more features and code given but it’s clear that the free version stays a bit bigger.

What does the free version collect?

  • Total impressions
  • Total clicks
  • Platforms (eg. high-end mobile devices, tablets)
  • Activity by country

Basically, nothing to worry about.

U no tabbed?

Tabbed Browsing is already a default and it’s currently not integrated into the version I tested (2.10) but the developer already mentioned that this is on the todo list. The main page states that this will be introduced in version 3.x.

WebView

Currently, Privacy Browser uses Android’s WebView to render websites. WebView is built from the same source code base as Chromium and is included with Android as the default OS HTML renderer. WebView does not allow programs to control a large number of settings that are important for a user’s privacy. For example, JavaScript can be turned on or off, but it is not possible to enable some JavaScript commands while disabling others. It is not possible to send generic canvas and WebGL fingerprint hashes. It is not possible to control the list of system fonts or the screen size that is sent.

For the 4.x series of Privacy Browser, I am planning to create a rolling fork of Android’s WebView called Privacy WebView. Privacy WebView will expose controls for all of these features. There is more information on the roadmap and the feature requests.

Integrating the Browser into your custom ROM

The developer allows you to integrate the Privacy Browser into your custom ROM which is, in my opinion, a big plus. He even provides some kind of guidance how you do this.

Permissions

  • android.permission.INTERNET
  • com.android.launcher.permission.INSTALL_SHORTCUT
  • android.permission.WRITE_EXTERNAL_STORAGE
  • android.permission.READ_EXTERNAL_STORAGE

Overall almost no permissions, the integrated ones are making sense in order to Browse the Internet or store something on your SDCard or upload something from your SDCard which is maybe required for several pages you like to use.

An almost perfect Browser?

What did I miss:

  • The ability to configure or set my own ad-blocking list, the integrated ones are good but I like to take control over it
  • Speaking of Ads, you can’t exclude something in case a filter list has a problem so you have to disable ad-blocking, a better solution would be to whitelist the page temporarily or permanent
  • Tabbed browsing (it’s coming!)
  • Lack of development power (it’s not a big deal but I would ‘wish’ it get more support/contributors)
  • Enabling dark mode does currently require JavaScript to be enabled because Privacy Browser is using JavaScript to override CSS settings in Android’s WebView (it’s planned to fix this with a fork of WebView)
  • There is no HTTPS-Everywhere or SmartHTTPS integration
  • There is no ‘mobile’ view of websites (but it’s already on the roadmap)
  • I was unable to install add-ons (maybe already on the todo)

What I like:

  • Setting domain settings for specific sites
  • Advanced Cookie and DOM Storage control mechanism
  • The integrated Ads blocking function
  • Less permission compared to Brave Browser
  • It’s available on F-Droid and an APK file
  • 1 Dollar is really a solid price and you help continue the development
  • Overall good support, the developer response to all questions on XDA or Reddit

Test against Panopticlick

I quickly tested the Browser against EFF’s Panopticlick (even if I’m not really a fan of it) to compare if it compares better than Brave Browser. The result is okay.

Everything under 18 is pretty much okay, not perfect but solid The detection of WebGL and the Canvas fingerprint is already on the todo list and will be improved with upcoming versions.

Speed

In my tests the Browser was on almost all pages faster than Brave, OrFox or Chromium based Browsers. It really worked well and performed well on my Android 8 test device.

Memory consumption

The browser consumes less memory than the normal Firefox or Chrome Browser, because the Privacy Browser is already smaller in file size and has because for example no tabbed browsing right now not as much libraries in it’s requirements, this results overall in less memory consumption. However keep in mind that this will slightly increase when more features are implemented.

Security aspect

The Browser uses the minimum on permissions, the source code is open and you can go ahead pay 1 Dollar to support the development (or make a Donation via BitCoin) which is really not much and everyone can afford it. Or you download the version directly from the official server. It’s up to you, I see the free version not as critical, it, of course, includes AdMob but it doesn’t collect much sensitive information.

The Browser has some really good ideas and more are coming, the integrated filter lists are a really good weapon against tracking and usually enough – the biggest problem is still JavaScript and Cookies, Privacy browser makes everything right here, by default JavaScript is deactivated and Cookies are blocked. Even if you allow them the browser cleans them automatically if you exit the Browser.

I haven’t found anything which is critical, no background connections or something which I was worried about.

Reasons why this Browser gets no attention

I only can speculate why this Browser has not as much attention as it really deserves, the Homepage has definitely room for improvements it’s a bit confusing to find several links to the Blog, Roadmap and Issue Tickets or downloads. it should be directly visible with banners/icons which are clickable which brings you directly to F-Droid & Co.

I think marketing-wise the developer could need some help from the community in order to ‘push’ this Browser forward. Basically, there is only XDA and a subreddit from privacytools.io on Reddit.

Again I only can speculate but marketing is very important today and I also know this is really time-consuming and not a work every developer likes, it seems he did already a lot of background work but without some ‘love’ from the community this Browser gets undetected and I believe it really deserves more attention.

Final Words

Do I remove Brave browser and replace it with Privacy Browser? Hell, YES! I liked the Browser from the first moment.

Privacy Browser makes almost everything right straight from the beginning, the things which aren’t currently implemented are already mentioned in the roadmap and I’m curious to see more from this developer.

The Browser gets my full recommendation because it’s fast, the developer seems to put a huge effort in the development and the integrated anti-fingerprint mechanism are good. I really enjoyed playing with the domain based site settings to take more control over every site I daily visit.

I liked to mention @foo from my Discord channel, he mentioned the Browser to me (which I wasn’t aware of until today).

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: