- Disable Detectportal Firefox
- Detectportal.firefox.com Malware
- Firefox Captive Portal
- Firefox Detect Portal
- Detectportal.firefox.com
In our environment we have many hundreds of clients/visitors that heavily use the web.
I have set network.captive-portal-service.enabled to false. When I try to run the default AJAX spider, with Firefox, on a URL I've manually browsed it starts a new window with detectportal.firefox.com and hangs the spider because that is forbidden out of context. The connection to the detectportal.firefox.com address is one of the first connections that Firefox makes automatically. This can be seen on the following screenshot: This happens because Firefox is trying to detect if your connection is limited and requires an extra authorization. Host: detectportal.firefox.com. There isn’t a easy checkbox to configure this, however it is possible to disable using about:config. In a new tab, type about:config in the address bar and press Enter. In the search box above the list, type captive. Double-click the network.captive-portal-service.enabled preference to switch the value from.
Needless to say that Firefox is one of the most used web clients.
We noticed a continuous hit on our firewalls which took it's toll on the cpus as the request to hhttp://detectportal.firefox.com/success.txt is from every Firefox browser installed on the desktops/laptops/etc every 3 seconds or so.
As a workaround we've allowed through the firewall an ever growing list of IP addresses and that is plain ridiculous and simply unmanageable.
Are your network gurus/engineers going to implement solutions such as anycast to alleviate this flawed implementation of a simple service as it has been in use for quite sometime now by for example Apple, Google, etc...
For example if you ping 8.8.8.8, it's very likely hosted in a datacentre near your town.
Will you consider anycast towards detectportal.firefox.com?
Please advise.
Thanks in advance.
Disable Detectportal Firefox
Yves
Waterfox came into the browser scene in 2011, coming right out the box with official x64 support (a rarity among browsers at the time) and promoted itself as an 'ethical browser.'
However, many things have changed in the browser landscape, and even the Waterfox project as whole since 2011.
With these changes, can Waterfox be a viable privacy-focused browser?
Let's do our best to find out.
Overview
Here's Waterfox at a glance...
PROS
- Light on System Resources ()
- Compatible with most Firefox Extensions ()
- 'No telemetry' and 'Limited Data Collection' (this could change, given the first con below)
- Bought by analytics/adverising company, System1, which is the same company that bought search engine StartPage. More info
- Still needs about:config tweaks found in Mozilla Firefox to be a more 'true' privacy browser
- Nonexistent mobile support (this may be a con for some people)
What is Waterfox?
Waterfox was a project started in 2011 by Alex Kontos. Waterfox is free and open source. While it has received contributions from multiple developers over the years, the main driving force for maintaining the project seemed to be the founder himself.
Waterfox initially gained a lot of traction because, at the time, it was one of the only browsers available for x64 bit systems. Even Firefox, from which Waterfox was forked, only officially supported 32-bit back then.
Interestingly, Waterfox never took a definitive 'privacy browser stance.' While it did aim to strip Mozilla's telemetry and other somewhat questionably default features, Waterfox was primarily built for speed.
However, in doing all of this, its goal was to be an 'ethical browser,' and you can reasonably argue that this makes it a privacy focused browser.
To me, it seems to just be a game of semantics, but I digress.
Nowadays, it seems Waterfox's biggest draws are still its speed and its support for legacy plugins (ext) - especially those that are no longer supported since the introduction of Firefox Quantum in 2016.
Currently, Waterfox comes in two flavors: Waterfox Current and Waterfox Classic. This review will focus on Waterfox Current (G3).
System1 Acquisition
Waterfox was acquired by System1 in December 2019.
System1 is an advertising company that takes a 'privacy-focused' position in what it does. As noted previously, it is also the same company that purchased private search engine, Startpage (ext), sometime in Q4 of 2018.
However, so far, it appears that System1 hasn't done anything overt to warrant being 'untrustworthy' - outside of being a for-profit advertising company. Granted, some might say that near back-to-back acquisitions of independent and privacy-focused projects seems a little out of place...
Before downloading
Availability
Waterfox is available on Windows, macOS, and specified Linux distros.
On mobile platforms, it seems that Waterfox was available on Android, but appears that development has since stalled.
Requirements
There are minimum system requirements for running this browser. These requirements slightly differ across different operating systems:
Windows | Linux | macOS | |
---|---|---|---|
OS ver | Windows 7 or newer | Requires Glib 2.28+ | macOS 10.10+ |
CPU | x64 processor w/ SSSE3 support | x64 processor w/ SSSE3 support | Intel x64 processor |
RAM | 512 MB | 512 MB | 512 MB |
Disk Space | 200 MB | 200 MB | 200 MB |
First launch and set up
Once the installation finished up, Waterfox launched very quickly.
My immediate first impression is that it looked like a Firefox clone.
And it makes since... after all it is a fork of Firefox.
Like many other desktop browsers, there was no guide for set up before using Waterfox. Power users may be thankful for this, but the average user could be a little offput.
The lack of 'handholding' is most likely due to the browser being geared towards 'power users,' and to people who value choice when it comes to privacy focused (or, in Waterfox's specific case, 'ethical') browsers.
Features
We'll dive into the privacy and security features of Waterfox here. We'll also explore any other unique features this browser has.
Privacy
uBlock Origin
As a neat little 'default,' Waterfox comes with uBlock Origin already installed. This is the same uBlock Origin found in its GitHub, and that you can find in either the Chrome Web Store or Mozilla's official subdomain for Fiefox Add-ons.
If you're not familiar with uBlock Origin, then here's a quick rundown:
- It's a wide spectrum tracker blocker that is highly configurable and light on system resources.
- It's practically the 'gold standard' for free, privacy-respecting and privacy-enhancing browser plugins.
If you don't understand the importance of blocking trackers - not just ads - then learn more about the importance of tracker blocking here.
No Mozilla Telemetry
One thing that Waterfox boasts is that it's stripped of the telemetry Mozilla puts into Firefox's source code.
From what I could find, that appears to be... mostly true.
For starters, Waterfox has the Firefox Data Collection and Use removed from the Privacy & Security section of the options menu:
(Firefox is on the left, Waterfox on the right)
What's also important is that Waterfox doesn't appear to collect its own telemetry either.
When I let Waterfox idle for a few minutes on the standard homepage, it didn't do anything overtly suspicious, according to Sysmon.
Just to note, it did connect to a number of different CDNs, and also AWS. But it seems everything runs off CDNs and to a slightly lesser extent, AWS, these days.
However, it does look like Waterfox did perform a DNS query for mozilla.org and detectportal.firefox.com:
When I did some digging, it looks like Waterfox uses Firefox's service at detectportal.firefox.com for detecting captive portals (if they exist on a connected Wi-Fi network.)
The Firefox 'detectportal' service streamlines the captive portal process. A lot of users might miss a captive portal when trying to use a less familiar (usually public) network, such as a hotel's Wi-Fi network.
Some users may not like this option being enabled default (external), because that means Waterfox is 'talking' with Mozilla, and I can understand that. After all, Waterfox's claim can be interpreted as the browser not 'talking' with Mozilla servers.
Fortunately, you can disable this service by visiting about:config and changing network.captive-portal-service.enabled to false.
Usually if you don't go through the established captive portal, the network will not let your device connect. This can cause a lot of needless frustration for users as they try to diagnose any issues.
If a captive portal detection service is so user-friendly, some might ask why didn't the developer(s) behind Waterfox implement their own
No Phoning Home
Piggybacking off of the no telemetry 'feature'... Waterfox also claims that it does not collect data on its users, nor does it continously phone home, like other less privacy-focused browsers have a tendency to do.
As I noted above, Waterfox does initiate a couple of connections to Mozilla. This is especially true if you are using it on a device connected wirelessly (AKA, you're on a Wi-Fi network, as opposed to using an ethernet connection).
On each start up, Waterfox does a DNSquery for aus.waterfox.net. This is Waterfox's automatic update service, which you can't totally disable. At most, you can tell Waterfox not to automatically install updates. but it will still check for updates anyway.
Other than the few CDN connections - of which some are tied to connection to waterfox.net and mozilla.org - Waterfox doesn't seem to phone home a lot. This is a good thing, especially when you compare it other browsers that constantly phone home.
about:config / Reimagined Settings
about:config
Unlike Firefox, Waterfox does come with some privacy friendly about:config settings tweaked. However, not all of the privacy-related options are enabled. This isn't necessarily a bad thing.
Fortunately, if wanted, you can follow an advanced Firefox privacy set-up guide because the about:config options for Firefox are extremely similar to Waterfox:
Main settings
The standard options and settings pages for Waterfox are noticeably different from, let's say, the likes of Firefox.
For example, you can enable/disable JavaScript from the main options in Waterfox. (In Firefox, disabling JavaScript can only be accomplished via about:config.):
You can also adjust WebRTC settings from the main options in Waterfox too. However, it doesn't look like you can outright disable WebRTC without utilizing about:config...
Also, you can configure referer
header settings straight from the Waterfox's main options as well:
Incorporating these options/functions directly into the main options was a good call, in my opinion. Doing so makes them readily accessible for quick configuring, and also accessible to 'non-power' users that aren't super comfortable fiddling around in about:config for whatever reason.
Security
Browser Engine
Waterfox uses the same Gecko engine that Firefox uses.
Updates
Waterfox is updated very frequently. Updates seem to happen not long after the Firefox's source code is updated - this is important since Waterfox runs on Gecko.
These regular updates fix known bugs, exploits, and add new features.
Other
Legacy Firefox Add-on Support
One of the biggest draws for Waterfox is that it's compatible with the vast majority of Firefox add-ons.
What's more is that the 'Classic' version of Waterfox is compatible with legacy Firefox add-ons - specifically, from the pre-quantum (2016) days.
Detectportal.firefox.com Malware
Chrome Extension Support
A February 2021 update to Waterfox enabled Chrome Extension Support. This enabled the adding of Chrome extensions from the Chrome Web Store directly to Firefox.
I would say this is a double-edged sword. While you now have access to Chromium-only extensions without necessarily using a Chromium browser, this feature is 1) still very buggy and 2) requires a signed-in Google account to download extensions.
The GOOD
Stripped of Telemetry
Many users don't like telemetry. Many users also don't like being opted into software telemetry by default.
Unfortunately, Mozilla Firefox does both. However, what's good is that Waterfox does neither.
As I noted earlier, Waterfox claims that it does not collect telemetry and that it disables Mozilla's telemetry. Admittedly, this is a tall order - made even taller by the fact that ad/analytics company System1 acquired Waterfox.
In my findings, I found that Waterfox doesn't appear to collect its own telemetry. Additionally, it doesn't appear to phone home a lot - which is great!
Compatible with Firefox Add-ons
The easy compatibility with Firefox add-ons makes installing and configuring browser plugins, such as uBlock Origin, a breeze. There is no real need for a 'work-around' to utilize Firefox add-ons.
Therefore, for users that wish to ditch Firefox, the migration is made far less painful.
Note: As noted previously, a February 2021 update made Waterfox G3 compatible with Chrome extensions as well. However, at the time of this review, this new feature is still buggy.
The BAD
Majority owned by an advertising company
As stated previously, as of December 2019 Waterfox is now majority owned by advertising/analytics company, System1.
Firefox Captive Portal
And honestly, this is the biggest con I could find for this browser.
However, it is a con that needs to be considered heavily.
Here's why...
Internet advertising/analytics companies have been more on the dubious side since the dawn of the public Internet. That's not to say all ad and analytics companies are terrible - but let's face it... many are.
Many ad and analytics companies are no strangers to using shady and underhanded tactics to drive sales, get leads, and generate profit. They often work hand-in-hand with Big Data (and even Big Tech), gathering, purchasing, and sharing user data.
Yeah, well, System1 falls under the massive and broad umbrella of ad/analytic companies. However, from what I could find they haven't done anything that explicitly says 'We are tracking you.'
This is good and all, but this doesn't mean that this can't happen in the future.
What's more is that this doesn't mean this can't happen - without users being made explicitly aware - in the future either.
System1 is a company based in the US, which does not have friendly data privacy laws. So, if System1 were to collect telemetry/user data, nothing would really stop them from storing and using (selling, trading, etc) this data indefinitely.
Additionally, companies get acquired all the time. The acquiring company doesn't always follow the same user privacy practices that the asset company had in place -- case in point is the Facebook acquisition of Oculus. Non-profits, such as Mozilla, can't be bought.
Ultimately, you'll need to evaluate if you're willing to trust System1 in the first place. This is especially true for users looking to move away from Mozilla Firefox due to the amounts of telemetry that can be found within the browser's source code.
No mobile support
This could be a deal-breaker for some users. For others, not so much.
Allegedly, Waterfox was once available on Android. However, as we noted before, it looks like development for it has stalled.
There is no iOS version of Waterfox and there doesn't seem to be any development plans for iOS in the near future. At least, for now.
Additionally, the lack of mobile support makes the 'Sync' feature of Waterfox kind of lackluster.
Requires many 'privacy' tweaks
This could be a deal-breaker for some users. For others, not so much.
For users that are more interested in an easy and 'out-of-the-box' privacy browser experience, Waterfox doesn't fit that bill.
However this isn't a con unique to Waterfox. Many other notable privacy browsers, such as Firefox itself and Ungoogled Chromiumdon't come totally configured for privacy without tweaks or the help of browser plugins.
Ultimately, this means that you'll need to run through the main options menu(s), perform some about:config tweaks, and download trusted privacy-friendly browser plugins.
Firefox Detect Portal
Final thoughts
Overall, the Waterfox browser as a piece of software itself is respectable and not a 'bad' pick as far as privacy goes.
It has humble roots, and has been around as an 'ethical' browser for over 10 years. It has proven trustworthy as an alternative browser - at least, in the past. Its classic version is a favorite among users that want to utilize legacy Firefox add-ons and NPAPI plugins.
It's also worthy mentioning one of the better maintained Firefox forks available out there, since it receive regular updates as the team behind Firefox rolls them out.
(This differs from other forks such as Pale Moon, which has effectively become its own browser because it runs on a separate engine.)
While the lack of mobile development can be a big issue for some users, I would say that the core of the issue with Waterfox is the company, System1, that is now behind it.
Can we trust them? Will they try to pull the wool over our eyes? Will they slowly-but-surely attempt to integrate telemetry/user data collection into the browser over time? Only time will tell... and I think that this relative 'unknown' doesn't play well in Waterfox's favor among many users in the privacy community.
I doubt blame anyone for not wanting to use Waterfox because of the company that's now behind it. After all, in that specific area, it's not too different from Brave.
Detectportal.firefox.com
As always, stay safe out there!