"Carlos E.R." <
robin_listas@es.invalid> wrote:
On 2025-07-11 12:33, VanguardLH wrote:
"Carlos E.R." <robin_listas@es.invalid> wrote:
On 2025-07-11 03:43, VanguardLH wrote:
<vjp2.at@at.BioStrategist.dot.dot.com> wrote:
>
A lot of apps don't like little-browser (lynx) because of javascript
>
Is there any other browser that shuts off pictures and videos (ie does not
download them) to conserve mobile data?
>
Way back, browsers let you shut off pictures
>
In web browsers, like Edge, Firefox, and others, there is an auto-play
setting. You configure auto-play to disabled. That way, just loading a
web page does not automatically start playing a video. I hate web sites
that automatically start playing a video, and at 100% volume, to jar me
out of my chair. With auto-play disabled, videos do NOT automatically
start when loading a web page.
>
With Firefox, videos start playing mute in many sites. There is a
setting for this, in "site configuration" where block video and audio
can be selected.
Firefox Desktop has an about:config setting to set the default volume
level for HTML5 <video> content. Doesn't work for Javascripted video.
Alas, Mozilla stole away about:config in Fenix (Firefox Android).
If you configure Firefox to purge all locally cached data on its exit
(except password), and include Site data, you lose any site preferences
per site you saved. You get the default setup, but if you use site
preferences to override at a site (to unblock) then you might not want
to include site data in the purge-on-exit action.
In Android, I use almost always the private version of Firefox. Keeps
away most "disturbances" :-)
Private mode retains site preferences?
Site preferences are a type of super cookie in DOM Storage. Just like a
cookie, but a hell of lot larger storage capacity, a site can use that
data to determine what you were doing on your last visit, when you were
there, what was your IP address, and other, ahem, "user" data.
Also, Firefox treats HSTS (HTTP Strict Transport Security) from sites as
a site preference instead of as a cookie. HSTS is a flag that sites can
set to instruct web browsers to never use HTTP when accessing that site.
Firefox has a setting to not try HTTPS first (i.e., use whatever
protocol is specified in a URL), or use HTTPS first and fallback to
HTTP, or always use HTTPS. That does not preclude the use of the HSTS
header to save a cookie as a site preference which can be used in
fingerprinting. As I recall, probably under your Firefox profile
folder, a file called SiteSecurityServiceState.txt (confirmed at
https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/,
but it's an old article) saves those flags for future reference. I
haven't hit an HSTS site for a very long time, but then I'm not checking
server response headers. AWS (Amazone Web Services) uses HSTS, so maybe
does their amazon.com site. Last time I knowingly hit an HSTS server
was when exposing how HSTS got exposed as a means to set a unique ID on
a web browser that could be tracked across web sessions (there was a
test site for this vulnerability, but it disappeared). CCleaner (on
desktop) treats HSTS cookies as any other cookies, and will clear them
if the option is enabled. Since Firefox handles HSTS cookies as site
preference data, and it can be used for tracking, I add site preferences
to data types purged on Firefox's exit.
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security#Privacy_issues"HSTS can be used to near-indelibly tag visiting browsers with
recoverable identifying data (supercookies) which can persist in and out
of browser "incognito" privacy modes."
https://webkit.org/blog/8146/protecting-against-hsts-abuse/"Well, the HSTS standard describes that web browsers should remember
when redirected to a secure location, and to automatically make that
conversion on behalf of the user if they attempt an insecure connection
in the future. This creates information that can be stored on the user’s
device and referenced later. And this can be used to create a “super
cookie” that can be read by cross-site trackers."
Firefox complies with
https://datatracker.ietf.org/doc/html/rfc6797,
too. While Firefox has anti-fingerprinting, it would be directly
opposed to Firefox supporting HSTS.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-SecurityIncognito/private mode won't protect you from HSTS cookies to track you
history at a site.
Instead of relying on private (incognito) mode to strengthen privacy, I
have the web browser purge all locally stored data on exit, and that
includes all cookies (however the web browser defines those) and all
site preferences.
That's for Firefox Desktop. I don't know how Fenix handles HSTS
"cookies". Just because Mozilla labelled it "Firefox" [Android] doesn't
mean that web browser behaves like Firefox Desktop. Incognito mode
isn't as private as Mozilla wants you to believe, either.
On Android, apps are not unloaded when "exiting" their window. They
remain running in the background until the OS decides it needs the
memory for a newly loaded app. Unlike Windows and Linux, you thought
you exited the app, but you really did not. Firefox, Edge, and Brave an
a Quit or Exit option in the menu that lets you really exit (unload)
their web browsers. Chrome does not. Don't know about others since I
haven't trialed them. Unless you actually exit the web browser app, the
purge-on-exit option is not exercised.
If Firefox doesn't preserve HSTS cookies or DOM Storage (site
preferences) super-cookies in incognito mode, you're covered. Alas,
Fenix (called Firefox Android) is not as strong or safe as Firefox
Desktop. What Firefox Desktop can do does not necessarily equate to
what Fenix does.
Some launchers (e.g., Nova) can display the notification log aka
activity log. Handy if you dismiss a notification you want to see
again, but activity is also tracked. The log is there whether you use a
launcher or activity tool to see the log. Just because the web browser
might be private doesn't mean what you viewed remains a secret. The log
can show what you viewed, and is part of the OS, not of the web browser.
I've read where one user of Pushbullet had his wife seeing what he had
viewed on his on his phone. I've read, but not confirmed, that Fenix
doesn't support this notification/activity logging (i.e., no log
entries); however, I see bug tickets requesting to add the "feature".
https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history"Private Browsing does not save your browsing information, such as
history and cookies, and leaves no trace after you end the session."
No mention of seclusion of site preferences per incognito window, or
deleting site preferences on closing the incognito window.
"Cookies: Cookies store information about websites you visit, such as
site preferences and login status. Cookies can also be used by third
parties to track you across websites."
Still vague, especially since Firefox delineates separately cookies from
site preferences in the purge-on-exit option. Also, what Firefox
Desktop will do may not be what Fenix does. In the above Mozilla
article, the "Customize this article" does not include Android.
https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktopJust what fingerprinting schemes are thwarted aren't mentioned.
https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting"The “Known Fingerprinters” protection feature works by blocking scripts
listed in Disconnect’s fingerprinting list."
If you've ever looked at the Disconnect.me blocklist, it is puny
compared to, say, EasyList and Adguard blocklists. No mention of
thwarting fingerprinting via HSTS cookies, er, site preferences, er,
SiteSecurityServiceState.txt file.
Seems to be most private, even with Fenix, you need to use incognito
mode and purge-on-exit (which includes history, cookies AND site
preferences, and all other data types, except you'll probably want to
retain your passwords, if using Firefox's password manager).
Browser to keep social media from burning up mobile data
Re: Does anyone on this ng use anywhere near 50GB of data per month per line?