Mullvad Browser - A first glance
Investigating the brainchild of Tor and Mullvad's collaboration
🛣️Introduction
Mullvad Browser is a multi-platform, free-to-use, an open-source web browser designed to prevent tracking and fingerprinting on the internet.
At its core, it is a "hardened Firefox" that comes bundles with uBlock Origin and a Mullvad Extension
It was developed as a collaboration project between Mullvad VPN and the Tor Project. It was launched recently on April 3, 2023
While TOR has been the de-facto solution for privacy advocates to browse the web (along with the adoption of I2P) in recent years, Mullvad VPN has a strong reputation as a VPN service that ensures the anonymity of its users by collecting no personal information for an account and allowing payments throw postal methods or crypto like Monero
🧠Smaran's Overview
🥊Mullvad Browser vs Mozilla Firefox
Mozilla Firefox "hardened with arkenfox's user.js" works great and I personally have been using it for over two years now.
However, it requires a significant amount of time and fundamental technical capabilities to set up
This makes it cumbersome for the majority of the population who are not tech savvy
On the other hand, Mullvad Browser comes with all such settings to resist fingerprinting and tracking by default. One can just download, install and start using it without having to ever change anything
Unlike the recent versions of Firefox, Telemetry, and Crash Reporting are completely disabled in the browser
In addition to that, the ping sender executable, responsible to send information to Mozilla, while running in the background has been removed
A single click button to clear all cookies and information related to previous browsing activity - creates a new identity every time one presses it
🥊Mullvad Browser vs Librewolf
Librewolf is a fork of the official Mozilla Firefox with enhancements to harden it for privacy
Unlike Librewolf which is maintained by a small number of independent developers, Mullvad Browser has a large company with huge funding behind it. This would ensure a faster rollout of security features and overall better support for users
Librewolf does not provide auto-update while Mullvad Browser does. This again makes it convenient for users who are not tech-savvy
Mullvad lags behind Librewolf when it comes to protection against tracking using query parameters
A comprehensive comparison between Firefox hardened with arkenfox's user.js, Librewolf and Mullvad Browser can be found here
🥊Mullvad Browser vs TOR
The Mullvad Browser does not have a decentralized connection like the TOR network used by the TOR browser. In fact, if used with the paid VPN service, all traffic is routed through a centralized connection which forces one to put all the trust in the Mullvad company
However, the Mullvad team is crystal clear on this topic and does not make any dubious claims
MULLVAD BROWSER IS MEANT TO BE A COMPLIMENT TO TOR AND NOT A REPLACEMENT, i.e. it can be used to access websites that block the proxy server IPs used by TOR
Unlike TOR Browser, Mullvad Browser has WebRTC and WebAudioAPI enabled by default. This is to facilitate live video conferencing and other similar applications that are not possible over TOR
Following the principles of TOR, which is meant to be as far as isolated from the operating system as possible, Mullvad Browser also cannot be set as the default browser for the operating system
🥊Mullvad Browser vs Brave
Brave is built upon the Chromium Browser Engine while Mullvad Browser is built upon the Gecko Browser Engine
Thus, Mullvad Browser assists folks who desire to use multiple browsers to compartmentalize their digital identity yet wish not to use Chromium-based web browsers
The philosophy of protection against fingerprinting adopted by Brave and Mullvad Browsers are absolutely different - Brave strives to provide random browser fingerprints whereas Mullvad Browser strives to provide identical browser fingerprints for each user
We can observe that for the standard Fingerprint resistance tests, Mullvad Browser outperforms Brave and all other Chromium-based web browsers such as Google Chrome (obviously!) and Vivaldi
However, Mullvad Browser falls behind Brave when it comes to protection against tracking using URL query parameters
🔍Search Engine
The default search engine for Mullvad Browser is DuckDuckGo
I would have preferred if the team went for Startpage or SwissCows as the default search engine since in recent years DuckDuckGo has gained a bad reputation for its association with Microsoft
Mullvad Browser does not allow any search suggestions while typing which prevents further leaks of identity
There is another search engine called Leta that is provided by default.
This can only be used if one has a subscription to Mullvad VPN
It returns Google Search Results using Mullvad's servers as proxies while hiding the identity of the user (as they seem to claim😅)
✨Other Features
To enforce good digital privacy habits, the feature to
save passwords
is completely disabled. Hence, every time one would need to manually enter the username and password to log into an accountFurthermore, web authentication is disabled by Default - i.e. if an account requires a YubiKey it won't work unless you temporarily change the setting for it from
about:config
There is no recommendation for external extensions, themes, profile creations, search engines, or third-party services ever. Just a clean and simple UI
Timezone is set to UTC to protect against certain fingerprinting attacks
In all windows, HTTPS-Only Mode is enabled
The source code of the current version of the browser can be found here
🤔The Mullvad Browser Extension?
The Mullvad Extension is open source and comes bundled as a default option with the Mullvad Browser. One can look up the source code here
It is not necessary for using the browser and can be disabled or removed without impacting the privacy-protecting capabilities of the browser
By default, it provides information about the connection such as ISP, IPv4, IPv6 as well as potential IP leaks
For users with a subscription to Mullvad VPN, it can enable one to route all traffic of the browser through a different proxy server (at a different geographical location) as compared to the one used for the entire OS while the VPN is on
It does not limit users from combining other VPN services such as IVPN with the Mullvad Browser
NOTE:
Mullvad is among the best privacy focussed solutions in the market as of April 2023 as it does not require any personal identifiable information such as email, name,address or even a password and accepts anonymous payments
However, no VPN makes one completely anonymous
Moreover, there is no practical way to ensure that a VPN Service never maintains logs
A VPN service that is reliable now may not be so in the future - it may get acquired or merged with other VPN servies owned by a parent company run by spy agencies, collaborate with governments to share your logs or just sell your data to the highest bidder.
Hence always stay vigilant on the latest updates about your VPN service of choice (if any)
PS: NEVER USE VPN WITH TOR
💀Drawbacks
Installation experience for Linux users is cumbersome as the Mullvad Browser is not available as an app image.
It is currently unavailable for usage on Android or IOS devices
It does not have multi-language support
The ability to realistically provide an identical fingerprint to users depends on the number of users using it at any given point. Currently, the adoption is very low
🔗References
🌄Closing Notes
I believe solutions like these would force Firefox to improve its features by default at a higher pace than ever while making it easy for more people to have a privacy focussed browsing experience. Furthermore, it prevents a monopoly to be created with people left to pick up either Braze or a hardened Firefox in addition to recent versions of Librewolf
Thank you🙏🙏 for your time and attention.
If you have any queries, feel free to reach out👋over LinkedIN. I would love to know about your experience👩💻 of incorporating this article into your projects/products.
Don't forget to subscribe to my newsletter below for more such exciting articles delivered to your mailbox every week.
Happy Building!🚀🚀