this post was submitted on 06 Sep 2025

28 points (96.7% liked)

Privacy

4216 readers

119 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

Be civil and no prejudice
Don't promote big-tech software
No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
No reposting of news that was already posted
No crypto, blockchain, NFTs
No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 1 year ago

MODERATORS

otter@lemmy.ca

shaytan@lemmy.dbzer0.com

is it worth it to swicth to mullvad browser for better privacy? (lemmy.dbzer0.com)

submitted 2 months ago by kennedy@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com

8 comments fedilink hide all child comments

cross-posted from: https://lemmy.dbzer0.com/post/52731585

I was reading around about private browsers and I came across mullvad's browser (only know them for the VPN), do you have experience using it? does it do anything different? I currently use librewolf and from what I can see the mullvad browser also is build from firefox. I generally prefer firefox-like browsers to chromium since i like way its set up and what it allows me to do. Its supposedly build by the same guys who made the tor browser (tbh i feel like thats just marketing). From their website it says its tor without tor but instead with a VPN. So technically I can accomplish the same thing with librewolf and a VPN?? Does the mullvad browser do anything new/different? One thing they do mention is browser fingerprinting does it do anything special to combat that? if i switch to mullvad instead but still have the same extensions is it more private?

all 10 comments

sorted by: hot top controversial new old

[–] Dequei@piefed.social 9 points 2 months ago

Librewolf

[–] ShyFae@piefed.blahaj.zone 5 points 2 months ago

I normally use Mullvad and a hardend Librewolf.

Mullvad seems funtionally the same as the tor browser. I believe the idea with the tor brower was that they would be difficult to distinguish for one person from the next. And same goes for Mullvad. The only differince being that Mullvad does't naturally go through the tor netwok, doesn't onionize sites, and uses mullvad's own search engin and DNS server by default. (Mullard's brower exists so that you have a tor browser without the tor network; And that's different topic of conversation)

Librewolf is closer the firefox experince, and I would happily recommend it to everyone. I personally enabled the sync funtion, switch the default search to ecosia, and hardend up some other settings. I haven't felt the need to add any plugins yet( that wern't installed by default).

In my tests, both have shown to be exellent privacy browsers. But as such, they both also stick out like a sore thumbs.

Overall, if you want the most privet browser, Mullvad seems hide more of my identity and fignerprint. But you will will look very suspicious.

I still recommend Librewolf over Mullvad, does everything I want and need it to do

[–] Sophocles@infosec.pub 4 points 2 months ago (1 children)

In my opinion it does offer the best in class for anti-fingerprint features out of the box. Personally I don't use it because I need browser addons. Adding addons to mullvad kinda defeats the purpose, as they will make your browser extremely unique. Librewolf + addons is more fingerprintable, but still less so than Mullvad + addons imo. I feel like it is useful to have both; Librewolf + addons for your daily driver, and vanilla Mullvad for extra anonymous browsing, web searches, etc.

As a side note too, I have also heard that using Mullvad browser + Mullvad VPN is a bad idea, because it gives Mullvad as a company more information points that might potentially deanonymize you. Part of the reason why Mullvad is so great is that when an entity subpoenas your info, Mullvad can say "we don't know anything sorry." So the more information points you give, the more that defense weakens, even though Mullvad itself is trustworthy

[+] blurb@sh.itjust.works 3 points 2 months ago* (last edited 4 days ago) (1 children)

[deleted]

[–] Sophocles@infosec.pub 2 points 2 months ago (1 children)

I disagree; while Mullvad is very good with their no logs policies and collecting minimal info, it is generally good opsec not to centralize too many assets or data points into one company. Example: using android with chrome and google vpn, all your data is, from start to finish, in the hands of Google. Mullvad is miles better than Google of course, but I believe the same strategy applies

[+] blurb@sh.itjust.works 2 points 2 months ago* (last edited 4 days ago) (1 children)

[deleted]

[–] Sophocles@infosec.pub 0 points 2 months ago

I stand by what I said, and you're misunderstanding my point. I'm not comparing mullvad to google, it was an analogy. Plus a browser handles processes in the Application layer (layer 7) in the OSI model, and therefore is a very essential part of the chain of services required for telecommunication. This is a first year cybersecurity concept.

Mullvad does collect a very small amount of info; see their privacy policy., especially in regards to payment. Seeing that most users probably don't use Monero, Mullvad does have a small amount of info on them. However, this is not what my point is.

While this is a very mininal amount of data, my point is that consolidating more information points into 1 company is a bad idea, no matter the company, and no matter the degree of data collection. You cookies, browsing history, dns record, etc. are all now potentially linked to your payment info as well as http requests, tls encrypted traffic, and network activity via the same company via both browser and VPN.

Side note: a similar opsec strategy to prevent this is defederation, which denies complete control to any 1 entity. (Lemmy!)

If mullvad ever became unhinged (which I doubt would happen, but let's entertain the thought), your entire internet access would be compromised at the browser and the network level, rather than just one or the other. You can break this up over multiple trustworthy applications to fix this. Another analogy would be to use librewolf on linux with Mullvad VPN, which are all tustworthy and come with a degree of separation as well. Now if mullvad were to go crazy, it would not affect your OS or your browser, since you were using librewolf and linux. There are less information points to work with.

[–] otter@lemmy.ca 4 points 2 months ago* (last edited 2 months ago)

The last time I did a comparison, it was much better about fingerprinting. The EFF has this test for example:

https://coveryourtracks.eff.org/

Personally I don't use it as my daily default browser, and I feel that I'd have to change the default privacy-focussed settings in order to do so. Rather I keep it installed/updated for if I need it someday

[–] swelter_spark@reddthat.com 3 points 2 months ago

I've heard nothing but good things about Mullvad. I currently use Librewolf and love it, but if I had to switch, Mullvad might be my #2 choice.

[–] sp3ctr4l@lemmy.dbzer0.com 1 points 2 months ago* (last edited 2 months ago)

I may be the odd duck here with all the librewolf suggestions, but I am fond of waterfox, just configure it / harden it along similar lines as librewolf, force DoH, force HTTPS, have some kind of anti fingerprinting/profiling solution, yada yada.

Uh then what I do is just run I2P and use a silly little 'assign a proxy to a tab type' addon, and now that is my 'private mode' that runs in its own window.

(i ended up with this because i wanted to be able to run and manage i2pd, specifically, also as a distinct thing, and i could not figure out how to do this with any of the existing i2pd -fox land addons... maybe i am just stupid, i dunno lol)

Ultimately, what I would suggest is to just test various configurations of various security oriented browsers in the eff cover your tracks thingie, and find a balance or use style that works for you, balancing functionality and security/privacy.

Like, do actually test things, don't just run with what someone says should work, not even me.

For me, what works is my weird little --just use one browser and have a 'mostly secure' default mode, and a 'more secure' private mode--...

... but maybe you'd get better mileage out of just two totally different browsers, one 'secure-ish' and one 'more secure'... or maybe theres some other way of switching between other levels of JS blocking / ad blocking / general security thresholds via other kinds of mode shifts or something?