Bonum Certa Men Certa

Don’t Use Mozilla VPN (Security Problems and Incompetence); Just Get Mullvad. Bonus: SeaMonkey 2.53.17, WEI, Firefox on Linux Getting Worse.



No FirefoxReprinted with permission from Ryan

Don’t Use Mozilla VPN (Security Problems and Incompetence); Just Get Mullvad. Bonus: SeaMonkey 2.53.17, WEI, Firefox on Linux Getting Worse.



The special client that Mozilla VPN has for Mullvad (they use Mullvad’s VPN network) has a really nasty security hole that Mozilla has failed to address properly.



The long story short is that Mozilla incompetently designed their client software, then refused to fix the problem for over three months after a security researcher at SUSE reported it to them, at which time it was publicly disclosed.



This is Microsoft-like in how Mozilla responds to security problems. Microsoft typically waits until it’s an emergency and there’s malware making the rounds and they’ve taken a completely unnecessary PR black eye by having to be outed as not caring about security.



And why would you want security in an operating system or some Virtual PRIVATE Network software, right?



Mozilla essentially just repackages Mullvad VPN which already has an excellent privacy policy and open source client that has worked fine for me. Every once in a while I just grab the latest RPM, verify it, and then unpack it on top of the last one using dnf. It works great. I have had no problems with Mullvad VPN.



Basically, Mozilla’s contributions here are raising the price, having a privacy and terms of use policy that go on for miles so you could be selling them a kidney (Who knows? I’m not a lawyer and I don’t have time for this shit.), creating a really piss-poorly designed client (calling it bad would be praise at this point), and then not fixing gaping security holes in it.



To make matters worse, the idiots running Mozilla seem to think that “Linux support” means you shit out an Ubuntu package and ignore the RPM users when making an RPM isn’t even that hard. So apparently they don’t need the money badly enough to have an RPM build bot.



Roy Schestowitz asked me what I’m using lately for Web browsing. I have a really highly custom-configured SeaMonkey 2.53.17 from Fedora RPM, followed by GNOME Web (WebkitGTK), followed by Firefox ESR 115.1, as of this writing. I also have Brave because it’s Chromium without the spyware and garbage. Like Google’s new total Web DRM and super-cookie (WEI and FLoC).



SeaMonkey is certainly not perfect, but NoScript and ubo-legacy make it much more tolerable and secure. I only allow limited amounts of JavaScript and I have some useragent hacks (including so Google won’t log me out of GMail and say my app isn’t secure), and overall I mostly have it set to tell Web sites I’m using Firefox ESR 102.14. It’s a lie, but any sites that detect UAs and break themselves on purpose don’t deserve the truth.



Since I don’t know what will happen when I click on a link for a bank or something, I use “Standalone SeaMonkey Mail” and told it to open /opt/firefox, but not to open links I middle click on anywhere else in Firefox.



The extension also added a right-click menu item to SeaMonkey called “Open in External Browser” so if I hit a page that really doesn’t want to cooperate, I can press that and open the link in Firefox and then close Firefox again. In a way, Firefox ESR is sort of like the “Open in Internet Explorer” I was using in Mozilla Suite sometimes on Windows back in the day. The wheel turns, does it not?



Then I have Palefill (intended for Pale Moon) which applies hacks to make some bad Web sites work in SeaMonkey by rewriting the offending function in a way that works. That’s why I can use my WordPress editor right now.



SeaMonkey 2.53.17 (at least on Fedora) seems to have made some good improvements to Web standards and quality of life (you can more easily add search engines to it now and HLS video sites and MPEG-4 codecs are working again.



Another reason I like SeaMonkey is you can set global prefs and then give individual sites the right to do something else. Something Mozilla pretty much got rid of in Firefox a long time ago. Like, I don’t let sites set cookies in SeaMonkey that persist longer than that browser session, but my search engine and a few others get exemptions (“Allow”) as easily as right-click, view page info, Permissions.



This is important because sites like Reddit track what users who don’t have accounts look at with a 15 year cookie. The point is mainly to tie together a user profile across multiple VPN servers, on and off the VPN, and through different ISPs and WiFi networks. Truly nasty.



Then there’s ChatZilla. So I have an IRC client too.



The Mozilla Suite (which is what Netscape 6/7 were based on) went on as SeaMonkey for a lot of reasons, but mainly because the development practices at Mozilla went on in the wrong direction to the point where they ship a lot of broken crap. The particular person they complained about is at Google now working on Chrome, but there’s bigger problems.



Going back to Mozilla VPN.



Given their generalized incompetence in making software for Linux (Firefox is basically being held together by bird shit and Red Hat patches at this point.), it does not surprise me at all that nobody there, at this company looking to make a quick buck and then call it done, bothered to use PolKit correctly. They obviously gave this one to some pissed off intern or something, and it’s not at all secure and you have to wonder what other horrors are in there.



Even when it comes to Firefox, Mozilla still defaults to giving Linux users software-decoded video, X11, and non-accelerated “WebRender”. You have to dive deep and set environment variables and about:config crap to get it running as well as it does on other platforms.



They half-ass everything on Linux, the only platform where their stinking rotting mess is even the default, and then they pack it full of adware, spyware, and DRM, and wonder why everyone moves to another browser.



The problem is that this other browser is often Google Chrome, and as Vivaldi put it, Google seems to abuse their marketshare to inflict another horrible “proposed standard” that chips away at the open Web every day.



When Google Chrome started out in 2008, it was obvious to me then that Google had ambitions far beyond being a search engine. The only possible reason to not keep sitting back and paying Mozilla to be a Web browser company was that they planned to dump unlimited money into Chrome while slowly bleeding out Mozilla until it couldn’t operate any longer.



As Chrome grows, the open Web is in more and more danger. They’re now in a position to demand not only crippled ad blockers, but a “standard” that won’t allow you to view a site even if you use a proprietary one that has been attested to by an NSA/CIA-affiliate such as Google, Apple, Microsoft, and MAYBE Mozilla.



Tor would be finished, SeaMonkey would be finished, GNOME Web finished. Linux with anything? Who knows. “Here, run this!” What’s in it. “Fuck you.” -Google



That is WEI in a nutshell. And Mozilla will pretend to push back and then go ahead and swallow, like Widevine.



Recent Techrights' Posts

Brett Wilson LLP is Downsizing, Apparently Closing Down the Oversized and Overpriced Office
Address changed 13 hours ago
The United States Lost Freedom of Speech
independence refers to a condition, not an activity
SLAPP Censorship - Part 127 Out of 200: Lawsuits by Americans Filed in the UK a Burden on British Taxpayers, No Way to Recover the Funds When Americans Lose Their Cases
Are Garrett and Graveley 'pulling a 4Chan'?
 
American Independence Needs Independent Media
The American regime's hostility towards media is an international problem
Techrights Was Always a Community Platform
Techrights is about whistleblowers
Phenomenal Growth for GNU/Linux in Afghanistan
This is impressive because for many years it was registered at near 0%
Daniel Pocock Pursuing Complaint in the United States Against Software in the Public Interest (SPI) et al
It seems like the only people who don't support him are those whom he criticises
Gemini Links 04/07/2026: Busy Squirrel, Independence Day Celebrations, PalmOS Programming
Links for the day
Canonical/Ubuntu is Breaking CP (cp) to Help Microsoft Turn Coreutils Into Proprietary Software for Windows
What we could do reliably in the 1970s (before GNU) we cannot do in 2026?
Free Software Has No Kings or CEOs
The kingdom is a cross-border phenomenon, so national flags and other such symbolism overlook the core problem [...] Free Software can help lead us out of the current imbalances
IBM Replacing the People Who Built IBM With Cheaper and Younger Staff, According to IBM Insiders
This is a very common sentiment in IBM
For USA 250 Microsoft is Messing With Our Minds (2.50%) to Distract From Mass Layoffs
The slopfarms contribute to this noise
"Defective by Design" Turns 20
DBD is still as relevant as ever (probably more relevant than ever before)
A Bicycle for the Feeble Mind, or How Computers Got Worse for Productivity (Intentionally)
Many of us still adopt and champion the "workstation" mentality
Links 04/07/2026: Microsoft Tax Haven (Evasion) Tactics, Tobacco Bans, and More
Links for the day
Links 04/07/2026: 2026 Old Computer Challenge and Trying Gopher
Links for the day
Links 04/07/2026: USMCA (Covering Software Patents) Might Not be Renewed, Slop Bros Try to Pay Weird Al to Endorse Their Scheme
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 03, 2026
IRC logs for Friday, July 03, 2026
Gemini Links 03/07/2026: Mindfulness Practice and "Slop Is Killing the Human Spirit"
Links for the day
Links 03/07/2026: Openwashing of Slop in "Linux" Clothing and "Happy Birthday, America"
Links for the day
John Been (reallinuxuser.com) May Have Crossed Over to the 'Dark Side' of LLM Slop
It 'smells' like it, a scanner seems to concur
Who or What is "Nadeko"?
Fijxu's services make life a lot easier for Free software sticklers
10 Years Since the World Lost Ian Murdock
My wife and I still use Debian, as does this site
No, Microsoft is Not Laying Off 5,000-6,000 But a Lot More
There are "buyouts", "PIPs" (silence layoffs), pink slips, and future waves, not counting subsidiaries and contractors
The Cyber Show's Andy and Helen Confronting 'Upgrades'
the latest from Andy and Helen
statCounter Sees Almost 1 in 10 Desktops or Laptops in Egypt as GNU/Linux Workstations
10% "market share" (for GNU/Linux) was nearly attained last month
The March of GNU/Linux in the Russian Ally, Belarus
record high for GNU/Linux in Belarus
Being Prevented From Accessing One's Own System Means Getting Locked Out, Not Security
a metaphor
Technology is Getting Objectively Worse and Less Reliable
Something went horribly wrong
FOSS Force 2026 Independence Drive Lacks Independence From GAFAM's 'Linux' Foundation
We're not trying to 'bash' FOSS Force
News That Matters, News That's Exclusive, and News LLM Slop Will Never Get Right
Churning out blog posts just for quantity's sake was never our goal
3/4 (Three-Quarter) of Requests Seen by statCounter (Originating From Desktops/Laptops) Deemed to be "Linux" in San Marino
74% Linux, it says...
The Linux Foundation Does Not Work for Linux, Definitely Not for Free Software
works for its biggest sponsors, i.e. companies like Microsoft, IBM, and others
Independence and Software Freedom
Much work remains to be done
The European Patent Office's (EPO) Crisis Week Ends Today, the Rest of the Year Will be EPO Staff on Strike
The outcome of the two-day meeting won't change the fact that EPO staff is on strike for the whole year
European Patent Office (EPO) Series: Operation Monte Titano: Micro-State Diplomacy
On 28th May 2026 EPO President António Campinos paid a visit to the Most Serene Republic of San Marino where he was received with full diplomatic honours
Links 03/07/2026: Slop "Isn’t Replacing Lawyers", "App Fatigue"
Links for the day
Statement on This Week's DDoS Attacks
DDoS attacks are not a "badge of honour". They are a nuisance.
Skinnerboxes as Health Problems and Impediments (Against Happiness)
skinnerboxes are a form of addiction
Costa Ricans' Adoption of GNU/Linux Reaches New Highs
Windows is doing poorly in general
British Women Don't Want to Work for American Men Who Attack American Women
"[g]reeting clients and preparing beverages"
Mass Layoff Event on June 30 at Red Hat? Let Us Know...
We are looking for more Red Hat whistleblowers
Gaming on Windows is in Trouble, XBox is Practically Dead Already
It seems increasingly clear that Microsoft wants to get rid of XBox
New Record for GNU/Linux in the World's Largest Muslim-Majority Population (287,983,025)
Will Indonesians leave GAFAM behind?
SLAPP Censorship - Part 126 Out of 200: Becoming More Aggressive Against Us Only Proves Us Right
the police involved
IBM Red Hat Kicks Out the Community, Promotes Slop
It has gotten so bad
The Register MS Covers "AI" Because It Gets Paid to
A lot of noise "in the news" about "AI" is paid-for trash
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 02, 2026
IRC logs for Thursday, July 02, 2026
Gemini Links 02/07/2026: OpenBGPD, Newt and OpenBSD, Indieweb Theme for Ghost
Links for the day
Links 02/07/2026: China "Ethnic Unity" Law a Global Threat, "EU Imposes €3 Duty on Parcels From China"
Links for the day
Japan's Share of GNU/Linux Has More Than Doubled
GNU/Linux now sits around 3.5% compared to about 1% two years ago
'Largest Single Layoff Event In Gaming History' or 'Largest Single Layoff Event In Microsoft History'?
we need whistleblowers, not official or semi-official statements from Microsoft
Off-putting Terms or Behaviour That Keep Women Away From Areas of Technology (Not What IBM and GAFAM Tell Us)
the use of language
Microsoft Windows "Goes South" in South America, GNU/Linux Popularity Soaring
Brazil and its neighbours must have paid attention to what happened earlier this year in Venezuela
It's Not the Layoffs, It's the Debt
PIPs and/or "silent layoffs" are about the companies flouting obligations to staff, reducing or eliminating the compensation packages
European Patent Office (EPO) Series: Cutting Ribbons in Sintra While the EPO Burns
Like the Roman Emperor Nero, Campinos fiddles in Sintra while the EPO burns
In Spain, GNU/Linux Now Measured at 5.5%
Microsoft and Windows are generally shrinking
North America: GNU/Linux Leaps to 8% "Market Share"
the trend is clear
statCounter: GNU/Linux Has Risen to All-Time High of 6% Worldwide (July 2026)
GNU/Linux has massive gains
Not Tolerating Death Threats
Death threads are a serious matter
Silent Layoffs, 'Happy' Layoffs, and 'Buyouts' (Pretending to Voluntarily Retire)
We've been seeing lots of that at IBM and Microsoft
SLAPP Censorship - Part 125 Out of 200: Litigants in Person (LIPs) Handling American Lawfare Funded by Third Parties (About a Million Pounds for 100 Kilograms of Legal Papers)
An appeal to the Court of Appeal can be justified at one point
IBM HR "Process is Similar to Raising Farm Animals"
IBM "silent layoffs" won't stop
Attacks on the Sites
These are clearly censorship attempts
Links 02/07/2026: Microsoft May be Shutting Down 5+ Studios, Slop Got Too Expensive, "RAMpocalypse" Discussed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 01, 2026
IRC logs for Wednesday, July 01, 2026
Gemini Links 02/07/2026: Kondo, Theological Thought, and X4
Links for the day