Bonum Certa Men Certa

Don’t Use Mozilla VPN (Security Problems and Incompetence); Just Get Mullvad. Bonus: SeaMonkey 2.53.17, WEI, Firefox on Linux Getting Worse.



No FirefoxReprinted with permission from Ryan

Don’t Use Mozilla VPN (Security Problems and Incompetence); Just Get Mullvad. Bonus: SeaMonkey 2.53.17, WEI, Firefox on Linux Getting Worse.



The special client that Mozilla VPN has for Mullvad (they use Mullvad’s VPN network) has a really nasty security hole that Mozilla has failed to address properly.



The long story short is that Mozilla incompetently designed their client software, then refused to fix the problem for over three months after a security researcher at SUSE reported it to them, at which time it was publicly disclosed.



This is Microsoft-like in how Mozilla responds to security problems. Microsoft typically waits until it’s an emergency and there’s malware making the rounds and they’ve taken a completely unnecessary PR black eye by having to be outed as not caring about security.



And why would you want security in an operating system or some Virtual PRIVATE Network software, right?



Mozilla essentially just repackages Mullvad VPN which already has an excellent privacy policy and open source client that has worked fine for me. Every once in a while I just grab the latest RPM, verify it, and then unpack it on top of the last one using dnf. It works great. I have had no problems with Mullvad VPN.



Basically, Mozilla’s contributions here are raising the price, having a privacy and terms of use policy that go on for miles so you could be selling them a kidney (Who knows? I’m not a lawyer and I don’t have time for this shit.), creating a really piss-poorly designed client (calling it bad would be praise at this point), and then not fixing gaping security holes in it.



To make matters worse, the idiots running Mozilla seem to think that “Linux support” means you shit out an Ubuntu package and ignore the RPM users when making an RPM isn’t even that hard. So apparently they don’t need the money badly enough to have an RPM build bot.



Roy Schestowitz asked me what I’m using lately for Web browsing. I have a really highly custom-configured SeaMonkey 2.53.17 from Fedora RPM, followed by GNOME Web (WebkitGTK), followed by Firefox ESR 115.1, as of this writing. I also have Brave because it’s Chromium without the spyware and garbage. Like Google’s new total Web DRM and super-cookie (WEI and FLoC).



SeaMonkey is certainly not perfect, but NoScript and ubo-legacy make it much more tolerable and secure. I only allow limited amounts of JavaScript and I have some useragent hacks (including so Google won’t log me out of GMail and say my app isn’t secure), and overall I mostly have it set to tell Web sites I’m using Firefox ESR 102.14. It’s a lie, but any sites that detect UAs and break themselves on purpose don’t deserve the truth.



Since I don’t know what will happen when I click on a link for a bank or something, I use “Standalone SeaMonkey Mail” and told it to open /opt/firefox, but not to open links I middle click on anywhere else in Firefox.



The extension also added a right-click menu item to SeaMonkey called “Open in External Browser” so if I hit a page that really doesn’t want to cooperate, I can press that and open the link in Firefox and then close Firefox again. In a way, Firefox ESR is sort of like the “Open in Internet Explorer” I was using in Mozilla Suite sometimes on Windows back in the day. The wheel turns, does it not?



Then I have Palefill (intended for Pale Moon) which applies hacks to make some bad Web sites work in SeaMonkey by rewriting the offending function in a way that works. That’s why I can use my WordPress editor right now.



SeaMonkey 2.53.17 (at least on Fedora) seems to have made some good improvements to Web standards and quality of life (you can more easily add search engines to it now and HLS video sites and MPEG-4 codecs are working again.



Another reason I like SeaMonkey is you can set global prefs and then give individual sites the right to do something else. Something Mozilla pretty much got rid of in Firefox a long time ago. Like, I don’t let sites set cookies in SeaMonkey that persist longer than that browser session, but my search engine and a few others get exemptions (“Allow”) as easily as right-click, view page info, Permissions.



This is important because sites like Reddit track what users who don’t have accounts look at with a 15 year cookie. The point is mainly to tie together a user profile across multiple VPN servers, on and off the VPN, and through different ISPs and WiFi networks. Truly nasty.



Then there’s ChatZilla. So I have an IRC client too.



The Mozilla Suite (which is what Netscape 6/7 were based on) went on as SeaMonkey for a lot of reasons, but mainly because the development practices at Mozilla went on in the wrong direction to the point where they ship a lot of broken crap. The particular person they complained about is at Google now working on Chrome, but there’s bigger problems.



Going back to Mozilla VPN.



Given their generalized incompetence in making software for Linux (Firefox is basically being held together by bird shit and Red Hat patches at this point.), it does not surprise me at all that nobody there, at this company looking to make a quick buck and then call it done, bothered to use PolKit correctly. They obviously gave this one to some pissed off intern or something, and it’s not at all secure and you have to wonder what other horrors are in there.



Even when it comes to Firefox, Mozilla still defaults to giving Linux users software-decoded video, X11, and non-accelerated “WebRender”. You have to dive deep and set environment variables and about:config crap to get it running as well as it does on other platforms.



They half-ass everything on Linux, the only platform where their stinking rotting mess is even the default, and then they pack it full of adware, spyware, and DRM, and wonder why everyone moves to another browser.



The problem is that this other browser is often Google Chrome, and as Vivaldi put it, Google seems to abuse their marketshare to inflict another horrible “proposed standard” that chips away at the open Web every day.



When Google Chrome started out in 2008, it was obvious to me then that Google had ambitions far beyond being a search engine. The only possible reason to not keep sitting back and paying Mozilla to be a Web browser company was that they planned to dump unlimited money into Chrome while slowly bleeding out Mozilla until it couldn’t operate any longer.



As Chrome grows, the open Web is in more and more danger. They’re now in a position to demand not only crippled ad blockers, but a “standard” that won’t allow you to view a site even if you use a proprietary one that has been attested to by an NSA/CIA-affiliate such as Google, Apple, Microsoft, and MAYBE Mozilla.



Tor would be finished, SeaMonkey would be finished, GNOME Web finished. Linux with anything? Who knows. “Here, run this!” What’s in it. “Fuck you.” -Google



That is WEI in a nutshell. And Mozilla will pretend to push back and then go ahead and swallow, like Widevine.



Recent Techrights' Posts

After Microsoft's Bankruptcy in Russia Android (Linux) Will Dominate Asia Completely
Windows probably peaked in "XP" or "2000"
India: Windows Falls to 50% in Desktops/Laptops and 8% Overall
laptops/desktops fell to 16% of the whole
statCounter: GNU/Linux Up to 4.7% "Market Share" This Month
30,000 Microsoft jobs may be eliminated by year's end
Microsoft is in Trouble and Microsofters Know It
"I've been happy on Win 3.11 for years."
Links 02/06/2025: Political Leftovers, DRM, and Patents
Links for the day
 
Last Article From Australia's Sam Varghese Was a Year Ago and It Covered the Release of Julian Assange, Who Will Apparently Come Back as 'Politician'
It'll soon be exactly 12 months
Hungary Seems Hungry for Linux
Windows down by a lot
Like in Europe, Bad News for Microsoft in US and Canada
If it loses those "regions", then what's left?
About 8 Waves of Mass Layoffs at Microsoft in 2025 (in Less Than 5 Months), Now Vista 11 "Market Share" Decreases
Really bad news for shareholders of Microsoft
statCounter Sees Bing "Share" Falling Over 0.5% in One Month, Now Lower Than Before the ChatGPT/Bing Chat Hype
Bing has been part of the mass layoffs for quite some time
Microsoft's Demise is a Global Phenomenon
mass layoffs justified using mindless buzzwords
All-Time Highs for GNU/Linux in EU and the UK, All-Time Lows for Microsoft
Combining ChromeOS and GNU/Linux, it adds up to and almost reaches 6%
[Video] New Introduction to Richard Stallman's Contributions Including GNU Emacs, GNU/Linux, and Software Freedom
from the channel previously bullied for supporting RMS
Links 02/06/2025: South Korea to Vote, Russia Blitzed From Within
Links for the day
Links 02/06/2025: Microsoft Spins Layoffs as "Slop", Frontier Settles Lawsuit
Links for the day
When You Publicly Boast About Wanting to Violently Attack People (Even Colleagues) Finding a Job Will Prove Difficult
there's a lesson to be learned here
The Web We Lost, the Information Lost Due to Microsoft's Attacks on Companies Like Yahoo! (Before the LLM Slop Frenzy)
When it comes to news sites, what can we say?
Covering Corruption in Poland, Including a War on Science (Due to Bad Politicians)
What we're about to show is that skilled and experienced scientists in Poland are besieged by bureaucrats
Gemini Links 02/06/2025: "Star Wars Day" and "Security Day"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 01, 2025
IRC logs for Sunday, June 01, 2025
The Openwashing Shills Initiative (OSI) - Part II: Lying to the IRS is a Big Issue
The OSI of today pretends to be something that it is not
Bloodlust and Love of Blades (Fascination With Murder) Nothing New Among Microsofters
Violence is not a joke and no group is magically entitled to make such "jokes"
Links 01/06/2025: Bird Flu, Food Price Inflation, and Growing US-China Hostilities
Links for the day
Links 01/06/2025: "Vibe Coding" Turns Out to be a Fraud and Amazon Merits Boycott, Argue Bloggers
Links for the day
Gemini Links 01/06/2025: "Stardust" and Ideal PC Setup
Links for the day
Links 01/06/2025: Windows TCO, Openwashing, "It's FOSS" Still Promoting Microsoft
Links for the day
Gemini Links 01/06/2025: Simplification and Networks Everywhere
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, May 31, 2025
IRC logs for Saturday, May 31, 2025
Google Bribes EFF. EFF Promotes LLM Slop as 'Fair Use'. To GAFAM It's a Low-Cost Lobby Hedge.
So the bribes pay off ("slush fund") and the word spreads
Slopwatch: Fake Text and Images, Financial Bubbles, and Scams in "Intelligent" Clothing
Sometimes what they mean by "AI" is just cheap labour somewhere else, as we discussed in IRC a few hours ago
Why Microsoft is Collapsing (Similar to What's Happening at IBM), As Insiders See It
IBM seems like one heck of a mess
Reliable Computing Means Free (Libre) Computing
Sites that want to promote security ought to deal with the biggest issues
Links 31/05/2025: US Court Orders Sides With RFE/RL, War Updates From Ukraine
Links for the day
Gemini Links 31/05/2025: ARM Server and power_supply Subsystem
Links for the day
Links 31/05/2025: Slop Stigmatised as Disinformation, Catalyst/Driver of "Death of Communication"
Links for the day
Common Sense 101: Do Not Write Blog Posts Saying You Want to Murder Colleagues (or Yourself)
Only crazy people would think stabbings are a joke
Microsoft Bankruptcy
"Microsoft unit in Russia to file for bankruptcy, database shows"
Techrights Does Not Compete With LLM Slop, It Exposes the Bastards, Plagiarists and Scammers Who Do That
People like Scam Altman, still facing a lawsuit from his own sister for sexual abuse against her
Links 31/05/2025: Microsoft-Connected Builder.ai is a Fraud and US is Purging Students Based on Race/Nationality
Links for the day
Gemini Links 30/05/2025: Limmat, Doomscrollers, and Arguments Parsing
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, May 30, 2025
IRC logs for Friday, May 30, 2025