Zen browser had a backdoor enabled by default
Zen browser had a backdoor enabled by default
Captchas I have read the instructions. I have searched existing issues and avoided creating duplicates. I am not filing an enhancement request. What happened? There are multiple privacy and telemtr...
The "backdoor" mentioned in a single reply is very different from the telemetry issue. https://github.com/zen-browser/desktop/pull/927 was fixed a year ago.
I agree the telemetry should be either disabled or at the very least users should just get a config tab on first launch to opt out but the Lemmy submission is misleading and bordering on fake news.
Either way...reading through this, this developer seems like an idiot.
He doesn't really understand what the code he's shipping is doing, he doesn't want to listen to people or ask real questions. He gets defensive to even constructive criticism
Not who I want driving the project behind something as critical as my browser.
According to their privacy policy there is no telemetry: 1.1. No Telemetry. We do not collect any telemetry data.
According to their privacy policy there is no telemetry: 1.1. No Telemetry. We do not collect any telemetry data.
According to https://github.com/zen-browser/desktop/issues/5947#issuecomment-2737211334 one of the issues is that Mozilla's telemetry remains enabled which (if happening in secret) is bad and also dumb because Mozilla can't even use telemetry of a very different browser.
I'm not sure why you linked to this irrelevant 3 week old issue while referring to something that was fixed a year ago. Referring to it as a backdoor also implies that it was malicious, when it was simply incompetence. Have there been any security issues since? (Not trying to imply that not having any would make it safe, just wondering).
Zen is an amateur hobbyist project, expecting it to be something else is silly. It isn't backed by a company, so you take on these risks when you use the project. The same thing goes for all community run browser forks, and unfortunately, using upstream browsers will 100% be more secure. If you don't want to take those risks, just use Firefox (preferably hardened).
Security costs money, open source browser forks generally don't have much of that.
Edit: I'm not trying to shit on this browser, or even say that nobody should use it. Be aware of your attack surface and know what risks you're taking on when using any piece of software. I'm probably still going to play around with Zen, but I probably won't be doing my banking on it.
I'd like to take this opportunity to say Mullvad browser is maintained by Mullvad and Tor Project which in my eyes sets it way apart from these hobby forks (including librewolf)
Also want to add that this was caused by a configuration issue. If you want security, don't use Firefox (or its forks) default configs, look into Betterfox. Apparently Zen also uses this as the base for its default preferences, which is a good decision.
They just closed the issue without even acknowledging it, lol
They just closed the issue without even acknowledging it, lol
They acknowledged the remote debugging backdoor issue and fixed it a year ago.
It was enabled due that zen was still a toy project and we needed people to easily open the debugger for easier bug fixing. This was due because zen was not in a daily drivable state and didn't gain any sort of popularity yet.
https://github.com/zen-browser/desktop/pull/927
The telemetry issue is entirely different. Their handling of that is naive at best, dishonest at worst but it is completely different from the "backdoor".
are you really surprised? that bugreport did not contain a single actionable detail. and then it refers to some forum without any real reference, name or URL. there may be truth to it, and the other issue was actually very important and ridiculous, but this issue report is a big wontfix, reopen with real details
Industry plant browser lol
Because its a stupid issue. The complaint is that a Firefox fork acts like Firefox.
Whenever people ask about privacy oriented Firefox alternative, firm answer from most of us is Librewolf. However, for some, shiny things are hard to resist.
Librewolf isn't on Android, but IronFox is.
I just found out from another thread that Fennec is alive. When DivestOS went under, Fennec was pronounced dead too (that was when I migrated to IronFox) .
However, it seems someone continued maintenance. Does anyone have more details?
Librewolf also tends to break sites sometimes, I don't want to deal with that
We have different experiences.
I like Floorp but i have no idea how much more/less private it is. I just like customising it
That's okay. Means privacy isn't your primary concern.
Fucks sake, reading through these comments it appears the Zen browser developer doesn’t know what they are doing.
What alternatives are people using? I’m on Mac, iOS and Linux, avoiding Chrome/Safari and not looking to go back to Firefox, is there anything reliable/secure available?
LibreWolf
https://github.com/arkenfox/user.js/issues/1906
Not sure about the health of librewolf either, this thread suggests it's 3 overworked parttimers unable to keep up
"Hey all, I'm on the LibreWolf team, and it's true that since the departure of @fxbrit the project has taken a total nosedive when it comes to keeping up to date with Arkenfox and settings in general. We're still making releases, but settings did not get updated."
"As @threadpanic said, since fxbrit left we have been in a kind of "maintenance" mode in terms of settings. Mainly because we are really only three people left"
"LW since fxbrit left/died/who-knows has gone to shit - I worked with him behind the scenes to make the right choices and while he would do his own analysis, we always agreed, and his voice influenced them. Now they don't know what they are doing, and in fact have compromised security and make really stupid decisions. Same goes for all the other forks - really dubious shit going"
I use mullvad browser as it's maintained by mullvad and tor project and avoid stuff like Zen/floorp completely
I'm looking at librewolf and firedragon. Librewolf to replace Firefox and firedragon to replace zen. Both are on flathub.
throw some waterfox on your firedragon
I didn't see anything about a backdoor at the link.
It's weird link to this issue with that title, since the problem is only referenced in the discussion. The actual backdoor issue is here.
https://github.com/zen-browser/desktop/issues/5947#issuecomment-2741902234
It's a link to a previous issue that was fixed, but it's an egregious one.
Well, at least they explained it! /s
I thought it just allowede easier debugging, sorry
Edit: This comment is a gem, too.
Were they... vibe coding? ⁽ᵖˡᵉᵃˢᵉ ˢᵃʸ ⁿᵒ ᵖˡᵉᵃˢᵉ ˢᵃʸ ⁿᵒ⁾
So disappointing. I just transitioned my personal browsing from Arc to Zen Browser because it was the closest vertical tab experience I could find. Now I hope one of the other browsers will figure out and implement good drawer-based vertical tab UI.
Any Firefox-based browser can use "Tree style tabs" it's vertical tabs from the time before they were cool. Very customizable.
Sure but it's not the closest experience to Arc
If you right click on the tab bar on regular Firefox you can enable vertical tabs. I don't think they're as nice as Zen's vertical tabs but they're still pretty good
I don't use or care that much about vertical tabs, and it seems complicated how big if a deal this actually is, but florp might be worth taking a look at if you're not already familiar with it
I don't know a ton about it but I think it has a similar kind of niche and is more vertical tab focused