Bonum Certa Men Certa

Don’t Use Mozilla VPN (Security Problems and Incompetence); Just Get Mullvad. Bonus: SeaMonkey 2.53.17, WEI, Firefox on Linux Getting Worse.



No FirefoxReprinted with permission from Ryan

Don’t Use Mozilla VPN (Security Problems and Incompetence); Just Get Mullvad. Bonus: SeaMonkey 2.53.17, WEI, Firefox on Linux Getting Worse.



The special client that Mozilla VPN has for Mullvad (they use Mullvad’s VPN network) has a really nasty security hole that Mozilla has failed to address properly.



The long story short is that Mozilla incompetently designed their client software, then refused to fix the problem for over three months after a security researcher at SUSE reported it to them, at which time it was publicly disclosed.



This is Microsoft-like in how Mozilla responds to security problems. Microsoft typically waits until it’s an emergency and there’s malware making the rounds and they’ve taken a completely unnecessary PR black eye by having to be outed as not caring about security.



And why would you want security in an operating system or some Virtual PRIVATE Network software, right?



Mozilla essentially just repackages Mullvad VPN which already has an excellent privacy policy and open source client that has worked fine for me. Every once in a while I just grab the latest RPM, verify it, and then unpack it on top of the last one using dnf. It works great. I have had no problems with Mullvad VPN.



Basically, Mozilla’s contributions here are raising the price, having a privacy and terms of use policy that go on for miles so you could be selling them a kidney (Who knows? I’m not a lawyer and I don’t have time for this shit.), creating a really piss-poorly designed client (calling it bad would be praise at this point), and then not fixing gaping security holes in it.



To make matters worse, the idiots running Mozilla seem to think that “Linux support” means you shit out an Ubuntu package and ignore the RPM users when making an RPM isn’t even that hard. So apparently they don’t need the money badly enough to have an RPM build bot.



Roy Schestowitz asked me what I’m using lately for Web browsing. I have a really highly custom-configured SeaMonkey 2.53.17 from Fedora RPM, followed by GNOME Web (WebkitGTK), followed by Firefox ESR 115.1, as of this writing. I also have Brave because it’s Chromium without the spyware and garbage. Like Google’s new total Web DRM and super-cookie (WEI and FLoC).



SeaMonkey is certainly not perfect, but NoScript and ubo-legacy make it much more tolerable and secure. I only allow limited amounts of JavaScript and I have some useragent hacks (including so Google won’t log me out of GMail and say my app isn’t secure), and overall I mostly have it set to tell Web sites I’m using Firefox ESR 102.14. It’s a lie, but any sites that detect UAs and break themselves on purpose don’t deserve the truth.



Since I don’t know what will happen when I click on a link for a bank or something, I use “Standalone SeaMonkey Mail” and told it to open /opt/firefox, but not to open links I middle click on anywhere else in Firefox.



The extension also added a right-click menu item to SeaMonkey called “Open in External Browser” so if I hit a page that really doesn’t want to cooperate, I can press that and open the link in Firefox and then close Firefox again. In a way, Firefox ESR is sort of like the “Open in Internet Explorer” I was using in Mozilla Suite sometimes on Windows back in the day. The wheel turns, does it not?



Then I have Palefill (intended for Pale Moon) which applies hacks to make some bad Web sites work in SeaMonkey by rewriting the offending function in a way that works. That’s why I can use my WordPress editor right now.



SeaMonkey 2.53.17 (at least on Fedora) seems to have made some good improvements to Web standards and quality of life (you can more easily add search engines to it now and HLS video sites and MPEG-4 codecs are working again.



Another reason I like SeaMonkey is you can set global prefs and then give individual sites the right to do something else. Something Mozilla pretty much got rid of in Firefox a long time ago. Like, I don’t let sites set cookies in SeaMonkey that persist longer than that browser session, but my search engine and a few others get exemptions (“Allow”) as easily as right-click, view page info, Permissions.



This is important because sites like Reddit track what users who don’t have accounts look at with a 15 year cookie. The point is mainly to tie together a user profile across multiple VPN servers, on and off the VPN, and through different ISPs and WiFi networks. Truly nasty.



Then there’s ChatZilla. So I have an IRC client too.



The Mozilla Suite (which is what Netscape 6/7 were based on) went on as SeaMonkey for a lot of reasons, but mainly because the development practices at Mozilla went on in the wrong direction to the point where they ship a lot of broken crap. The particular person they complained about is at Google now working on Chrome, but there’s bigger problems.



Going back to Mozilla VPN.



Given their generalized incompetence in making software for Linux (Firefox is basically being held together by bird shit and Red Hat patches at this point.), it does not surprise me at all that nobody there, at this company looking to make a quick buck and then call it done, bothered to use PolKit correctly. They obviously gave this one to some pissed off intern or something, and it’s not at all secure and you have to wonder what other horrors are in there.



Even when it comes to Firefox, Mozilla still defaults to giving Linux users software-decoded video, X11, and non-accelerated “WebRender”. You have to dive deep and set environment variables and about:config crap to get it running as well as it does on other platforms.



They half-ass everything on Linux, the only platform where their stinking rotting mess is even the default, and then they pack it full of adware, spyware, and DRM, and wonder why everyone moves to another browser.



The problem is that this other browser is often Google Chrome, and as Vivaldi put it, Google seems to abuse their marketshare to inflict another horrible “proposed standard” that chips away at the open Web every day.



When Google Chrome started out in 2008, it was obvious to me then that Google had ambitions far beyond being a search engine. The only possible reason to not keep sitting back and paying Mozilla to be a Web browser company was that they planned to dump unlimited money into Chrome while slowly bleeding out Mozilla until it couldn’t operate any longer.



As Chrome grows, the open Web is in more and more danger. They’re now in a position to demand not only crippled ad blockers, but a “standard” that won’t allow you to view a site even if you use a proprietary one that has been attested to by an NSA/CIA-affiliate such as Google, Apple, Microsoft, and MAYBE Mozilla.



Tor would be finished, SeaMonkey would be finished, GNOME Web finished. Linux with anything? Who knows. “Here, run this!” What’s in it. “Fuck you.” -Google



That is WEI in a nutshell. And Mozilla will pretend to push back and then go ahead and swallow, like Widevine.



Recent Techrights' Posts

Richard Stallman About to Give More Talks in Europe, Some Confirmed Already
In Göteborg
 
Links 01/10/2025: Long Covid Risk Reiterated, "Bitcoin Queen" Caught
Links for the day
Links 01/10/2025: EA $55 Billion Deal is Debt and Slop "Raises Vishing Risks"
Links for the day
Bluewashing at Red Hat Means Redundancies
The man who sold Red Hat to IBM meanwhile became a Microsoft Mono booster
After Killing OpenSource.com, IBM ('Red Hat') and OSI Told Us OpenSource.net Would Replace It (But That Didn't Happen)
Now it's time to move on, perhaps tarnishing the "Open Source" label some more (for whatever sponsor wants this)
Linux is Not a Community Project, It's a Wall Street Product
The core goal should be freedom
Bad Actors Abusing the Free Software Community, Vandalising It Using Rogue Politics and Old Tactics
Oil giants have long attempted to do this; now, the digital equivalent of Big Oil does this in technology
Social Control Media Isn't the Future, The Federation or Fediverse Isn't Growing, People's Accounts Vanish for Good
users' accounts will get deleted, not just become inactive
IBM is Failing, This Helps Show Wall Street is Entirely Detached From Actual Commercial Performance
IBM is unable to grow, it's just constantly shrinking
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 30, 2025
IRC logs for Tuesday, September 30, 2025
Clerical Aspects of Publishing and Development
In Free software, the management aspects are considerably reduced
Slopwatch: Fake Articles and Google News Promoting "Linux" Spam or Bot-Generated Fear, Uncertainty, Doubt (FUD)
These slopfarms help misplace blame
Third Wave of Microsoft Layoffs in September, This Time Many in Liverpool Affected
Be ready for more waves of layoffs ahead of the so-called "results" in late October
Gemini Links 30/09/2025: Motorcycling in Central Oregon, Protocol Styles and the Flag of Sark
Links for the day
Links 30/09/2025: Death Sentences, Internet Censorship, and Internet Shutdowns
Links for the day
Gemini Links 30/09/2025: Social Control Media and ROOPHLOCH
Links for the day
Links 30/09/2025: CERN in "Have I Been Pwned" and More Windows TCO Blunders
Links for the day
Microsoft Canonical is Selling Mass Surveillance and Back Doors as "Security for Ubuntu"
If you are looking for a GNU/Linux distro to use, just remember that Microsoft has Ubuntu in the bag
Justice for Wildlife
animals cannot speak to humans who hate animals
Cowboys Gonna Be Cowboys (on the Internet, They're Not a New Problem)
Boys will be boys
Cowboys of the "Left" and Cowboys of the "Right"
Don't believe the lie that this is some "leftist" thing
When Codes of Conduct Serve to Protect Criminals From Much-Deserved Scrutiny
CoCs are typically unfit for purpose because enforcement lacks context and suitable understanding of the full background (the "full story")
It Took the Open Source Initiative (OSI) 4+ Years to Address the 'Data Breach' or Data Protection Violation Reported to the California Privacy Protection Agency (CPPA) in March 2025
We may never know the dialogue or its nature
Even Microsoft's Biggest Boosters (and Media Operatives) Are Turning Against Microsoft
Expect many more layoffs before the fake "results" next month
GNU Was Right 42+ Years Ago
Since then the abusive, user-hostile technology has spread like mushrooms
Old Isn't Always Inadequate
How many gadgets manufactured today (in 2025) will still work in 2075?
The Monkey Business of Rust People
Compatibility won't matter
Almost Half of the FSFE's Money (the Fake 'FSF', Misusing the Brand) Comes From Vodafone
That money always comes with strings, even if they're invisible to most of us
Microsoft Lunduke Spreads Deliberate Lies to Incite Online Mobs
Has he lost his reading comprehension skills?
Our 19th Birthday (in Just Over 5 Weeks From Now)
We meanwhile have ongoing, solid plans to cover patent-related issues when the FSF turns 40
British GNU/Linux Distro FydeOS Tops DistroWatch
That seems like a decent site and decent effort to keep an eye on
We'll Soon Have 75,000 GemText Pages
avoid many perils of today's Web
Google Used Free Software to Build a Monopoly. Now Google Kicks Free Software to the Curb
The "G" in "Google" does not stand for GNU. It never did. It's just another greedy company.
Gemini Links 30/09/2025: Retro Hardware, Federated Fragmentation, and Nex Server Written in C
Links for the day
4 More Days Till "4 decades, 4 freedoms, 4 all users"
We are now just 4 days away from the rare anniversary
Two Months After Merging to Hide GitHub Losses Microsoft is Doing It Again (This Time Windows)
Merging those two together is not a sign of strength but a tightening of budget
Speculations About the Next Large Wave of IBM/Red Hat Layoffs
the mass layoffs are likely to happen on week 3 or 4 in October
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 29, 2025
IRC logs for Monday, September 29, 2025
Links 29/09/2025: Opposition to Surveillance Giant Google and Conflicts Worldwide (Moldova Sides With EU)
Links for the day
Why the EPO Never Managed to Silence Us (After Over a Decade of Trying)
Firms like Mishcon de Reya and Brett Wilson LLP contribute to a bad stigma, staining the entire occupation
Links 29/09/2025: Datacenter Fires and "Too Much Internet Use Is Changing Teenage Brains"
Links for the day
Almost a Couple of Years After Microsoft Hijacked the Name 'Sudo' (to Describe Unrelated Windows Stuff) Microsoft Canonical Breaks Sudo in Ubuntu
These are vandals in "goodwill" or "security" clothing
Does the Good Law Project (GLP) Know the Director of Brett Wilson LLP Deems It OK to Endorse Violent Actions Against Trans People?
We were miffed to see this morning's report
Names Are Not Unique IDs and the UK Government's "Digital ID System" Would be a Nightmare
Digital surveillance, "apps", and worse (all the time)
What is Roy and Rianne's Righteously Royalty-free RSS Reader?
A news reader that uses OPML files and parses RSS feeds
The Free Software Foundation (FSF) Turns 40 in 5 Days
We should be talking about software freedom, not "Open Source"
It Feels Like Brett Wilson LLP Has Just Tacitly Admitted That It Defamed Me
It arguably admitted many other things by refusing to deny or address them (altogether)
Stefano Maffulli's Front Page Mentions "AI" 11 Times
They're more focused on slop (plagiarism) than sharing or Software Freedom
CMS Rot
With "modern" (bloated) content management systems (CMSs) there is a long chain of dependencies
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 28, 2025
IRC logs for Sunday, September 28, 2025
Slopwatch: Fake Articles About Linux 6.17 and Microsoft Meddling in Linux Development
today's Slopwatch is short because the picks are from Sunday
Gemini Links 29/09/2025: The Labor Wars and Retro
Links for the day