Now if only Mozilla can drop Google Search as the default search engine too.
They could be at least give the appearance of neutrality by making no default at all. Requiring an initial choice by the user.
4 Likes
I think that’s worth too much money to Mozilla. Even so, it’s not that difficult to change the default search engine.
What bugs me is that Firefox will do searches by default at all. I would prefer that any search that I do is something that I explicitly choose to do. Hence, for example, should never initiate a search from the address bar.
5 Likes
What bugs me is that Firefox will do searches by default at all. I would prefer that any search that I do is something that I explicitly choose to do. Hence, for example, should never initiate a search from the address bar.
Glad to hear I am not the only person who HATES that.
I was okay with (for example) typing “wikipedia” and having it try “wikipedia.com” and then “wikipedia.org”. But that could be done within the browser without telling Google about every typo you make.
But then it became a search function, typing “wikipedia” would likely serve up a bunch of results with the top one being an ad for wikipedia.org. Forcing me to do it again since I will be DAMNED if Google is getting ad revenue from me because my browser won’t do its effing job.
5 Likes
I’ve done far more than that; I’ve disabled the feature entirely. It takes work and arkenfoxing, but it can be done. (I was addressing the default behavior.)
You cannot, as far as I know, change the greyed out prompt in the search bar for more than its first appearance, but as of now if I type something that’s not a valid URL and hit enter, it tells me it cannot find that site…in other words my typos don’t get sent to any search engine.
3 Likes
No. This design is not OK for security.
I was trying to set up a personal website at one point in my life, and when I was buying the domain but before I had my domain records set up correctly, I tried to navigate to my website. It’s name was something like example.com, basically.
Even cURL is contaminated by this insidious “it should be easy” mentality and as a result, because the domain record for my example.com was not fully set up, cURL automatically redirected to the malicious example.com.com that had been created for the express purpose of exploiting people who build tech meant to make wikipedia autocorrect to wikipedia.com.
It is firstly a failure of the domain registrars to allow com.com instead of excluding it for being obviously malicious, but in a world where they already failed in that duty we should not make the problem worse by having technologies where the user can literally type example.com and the technology navigates to a malicious server that outsmarted you and expected the entire blunder from the moment you started.
8 Likes
Seeing as this topic seems to be pursuing this issue … there are two schools of thought (for me).
- Set a different search engine to the least obnoxious one. That’s what I have done. So obviously not Google.
- Set a different search engine to the least likely to be used one and then use DNS poisoning to hijack (and/or block) that one. However I fear that this approach to controlling the address bar might also stop the search bar from working, which may or may not be what someone wants.
What I would really like to be able to do - directly from the Firefox Preferences GUI - is disable search from the address bar. Period.
Another thing I would like to be able to do, particularly in the absence of being able to disable it, is easily introduce a Custom search engine that is completely under my control. That is, as I already run multiple web sites, I would really like to be able to direct the default search to a custom search engine and then it can decide with more nuance what to do with the search. (I have no interest at this time in actually implementing a search engine, so my custom search engine is either going to block some or all searches and, if allowing some searches, just relay the search to a real search engine.)
5 Likes
Yes, Mozilla should offer that as a GUI option.
But at least you can still do it this way (it seems): I want to disable search in the address bar and browser.urlbar.unifiedcomplete is not an option anymore | Firefox Support Forum | Mozilla Support
2 Likes
This may be more complex. It is inherent behaviour of many DNS clients to use a DNS search path. So domain names that are not fully qualified may have one or more suffixes appended in order to make them fully qualified, particularly if an attempt to resolve the domain ‘as is’ gives “non-existent domain”. That behaviour can then be transparent to the overlying software.
1 Like
keyword.enabled set to false worked for me.
With the default setting (true) - and using the example from that link - entering localhst in the address bar, sent a search request to my default search engine for localhst and that of course gives no useful results.
Changing that setting to false - entering localhst resulted in a complaint that www.localhst.com does not exist as a domain (and I can see from my DNS logs that it did not try any other variations).
Important to note though that it is a case of choosing your poison. If the entered word were sensitive information, you are just choosing whether to share it with a search engine or with the DNS.
Finally, setting browser.fixup.alternate.prefix to the empty string, changes the complaint to localhst.com (and that is what it looked up) and then further setting browser.fixup.alternate.suffix to the empty string, changes the complaint to localhst (and nothing was sent to the internet, I think, because the domain will then be resolved locally by my DNS server, and fail because there is no host on my network with that name - this might technically be a bug in my config but in practice it solves the problem).
4 Likes
Recently I’ve started using Mullvad Browser, that does give the option of not using the address bar for search. You setup a separate search bar in the toolbar. I’ve been enjoying using Mullvad browser on my laptops. Unfortunately they don’t make an arm64 version for the L5. But, I’m hoping in the future.
Does anyone have experience on how good or not so good this browser is?
1 Like
Ah, well, I guess someone should test out the config settings that I have copied / derived from @amarok’s link and verified on my desktop … in Firefox on the Librem 5. In other words, Firefox is giving that option, you just can’t enable it via the GUI. You have to hack around with config settings - but it did work for me on my desktop.
1 Like
Making those 3 config changes in FF-ESR on the L5 appears to work.
I entered “wikipedia” in the address bar and hit go. It tried to link to “https://wikipedia” (without a domain), and failed.
2 Likes
No, define “good”.
No. This design is not OK for security.
OK, I stand corrected.
And gratefully so.
It’s moot now anyway for me at least, as I told amarok I completely disabled any sort of address bar “features.” AND added a search bar pointed to my own choice of search engine (which I forget to use). All via settings available in the Arkenfox config files.
I can probably be fingerprinted on account of some of my customizations, but my main motivation in adapting arkenfox’s stuff was to get the browser to behave as I wanted; any fingerprinting relief it gives is a bonus. And in any case, as a QubesOS user, I run firefox on disposables anyway so every time I open it, it’s a fresh custom install.
2 Likes
Funny thing… When I looked at the source where arm64/aarch64 versions for L5 TorBrowser were made available, I found that the maintainer has added Mullvad there too. Take a look and report back: Tor Browser Ports - Browse Files at SourceForge.net
Edit to add: Mullvad seems to be doing well in the recent privacy comparison list at https://privacytests.org/ as far as “(by) default” desktop browser go. In “privacy modes” list Brave on Tor seems to compete well.
1 Like
Good question 
I’m assuming that a browser is naturally a tradeoff between: 1) Functionality, 2) UX, and 3) Privacy/Security. Like a 3 legged stool, it would be great if all things are equal and at the top of their class, but I am assuming that is really difficult.
I think most people on these forums recognize that FF is a reasonable balance between the 3 which is why it is a popular browser used in this community . I’ve heard pro’s/cons with Brave, I’ve heard of LibreWolf, which takes FF codebase and tries to remove some of the google and spying aspects. And, there is Tor Browser obviously.
So, I’m just adding the Mullvad Browser into the mix in the sense, like LibreWolf and Tor they all have roots from FF (Mullvad Browser is based on Tor – somehow, not exactly sure there). So, from the Functionality and UX side of things it seems comparable to other FF based browsers. I guess, I’m curious if folks here think the “Design choices” made by Mullvad, provide enhanced Privacy/Security relative to other options.
If the answer is yes, I would say it is good or better as an option then?
I don’t see a perfect browser ever being built out there. So, this will always be a moving playing field I think. One product may offer a better balance today, but when a new threat model or vulnerability arrives tomorrow, we might have to reconsider how to find a balance in browser choices?
@JR-Fi , thanks for pointing out the link for arm64/aarch64. I will check it out. I had contacted Mullvad support last year sometime and they said they wouldn’t be developing an arm64 version. But, that was just after they had just released their Browser.
Overall, I feel like I have good options on the desktop side to develop my habits and routines to be as private and secure as my needs dictate. I’m trying to form the habits I need for the L5 that let me get done what I need on a small form-factor computer. And while FF serves my needs on the L5, I do get nervous at times. But, I also want to be supportive of what Mozilla is doing, seeing as how they need to compete with the big bully’s in the industry.
1 Like
Related:
It depends on your use case and threat model.
Up to you.
1 Like