109

Google, Amazon, Bing extensions have been added to Firedragon browser. These do not show up under "Addons and Themes". I only found them in "about:debugging"

This is a default install, with default settings. It is completely unaltered from what is shipped w/ Garuda. It does seem to be related to search provider settings.

Though Garuda is not a privacy based distro, FireDragon is based on LibreWolf. It seems the Garuda team decided to add these extensions in after the fact. Default Librewolf does not contain these extensions. (or at least the flatpak version I installed to verify didn't)

This may, or may not, directly affect your privacy. I would guess that info is only sent to these providers if they are specifically requested. But it is JUST a guess.

I'm sure this has been done to monetize the distro, provide support, yada yada.

I personally do not care what the reasoning, or whether or not any information is sent to providers. I will be moving away from Garuda ASAFP. If they do this, what else has been done?

As always, stick w/ recommended on privacyguides.

top 16 comments
sorted by: hot top controversial new old
[-] tartarsauce@lemmy.fmhy.ml 72 points 1 year ago* (last edited 1 year ago)

These are literally default search extensions from Mozilla that come with every vanilla Firefox install - some basic digging would've told you that (in fact, your very screenshot shows that the extension IDs come from Mozilla). They're what allows the search options for those sites in Firefox. If you go to search settings and turn those search engines off, they have zero effect on you. Or better yet, simply hit "remove" in those settings to completely get rid of them, which makes them no longer show up anywhere, even about:debugging.

You're welcome to move away from Garuda; it just wouldn't change anything. You could also fork the code to remove the extensions by default, but at that point ask yourself why neither LibreWolf nor the Garuda team found it necessary to remove these extensions by default if they were actually a privacy threat (and again, you could just remove them yourself in 5 seconds through search settings).

Honestly, these default search providers could potentially be removed simply because more privacy-focused users have no reason to use such search engines, but that's something you should take up with the LibreWolf/Garuda team in a polite discussion.

Here, this post could potentially affect Garuda's reputation for something that's completely harmless and is 2 layers upstream from them (FF > LibreWolf > FireDragon). It also makes privacy enthusiasts look silly and paranoid.

I understand why seeing these would make you suspicious, but the next step would be to look it up somewhere rather than jumping to a conclusion.

OP, I'm not trying to scold you (and I'm sorry this comment feels that way) . Rather, this is a reminder to everyone here: please do some due diligence before posting stuff.

(P.S. As someone who once also used this distro and browser, I would also recommend to just setup FF or even LibreWolf the way you want instead of using this specialized distro fork. Not for any malicious reason, but simply because important security updates are bound to come late to a fork of a fork.)

[-] rodneyck@lemmy.world 4 points 1 year ago
[-] tartarsauce@lemmy.fmhy.ml 10 points 1 year ago* (last edited 1 year ago)

Thanks, but I worry it may have been a little too assholish on my part. Again, I wasn't trying to bring OP down and definitely don't want to be one of those smug "I know better than you and will jump on every mistake of yours" types. I know what it's like to have those kind of people jumping on your throat for a relatively minor thing, because I've made this kind of mistake before. Just want to state again that my intent isn't to dogpile on OP but to remind everyone to be cautious before assuming.

I edited the comment to remove the unnecessary snarky chromium bit. !@elltee@lemmy.one I'm sorry if this comment made you feel shitty. It isn't what I intended to do.

[-] rodneyck@lemmy.world 2 points 1 year ago

LOL, we can all come off sounding a little assholish, don't worry about it. You made sound points. The OP came off sounding a bugle of fear without doing any research, or backing up any of their concerns. You stepped up.

[-] Reliant1087@lemmy.world 41 points 1 year ago

From what I can see, these are search providers and vanilla Firefox ships with all of these as well, I think. You will find these under search settings rather then add-ons. I don't think there's anything nefarious about including search options used by a lot of people, especially when they include ddg side by side.

Why don't you reach out to the Garuda team before jumping to conclusions and maybe work with them to remove problematic search engines and add more privacy aware ones?

[-] dngray@lemmy.one 12 points 1 year ago

Just a reminder, we specifically recommend against Garuda due to their unsafe usage of Chaotic-AUR.

[-] rodneyck@lemmy.world 5 points 1 year ago

I would not recommend this guide. It only recommends rolling releases, so basically Arch. I use Arch btw, Garuda. However, it then goes on to say that only moderate or advanced users should use Arch. It also doesn't recommend Debian or any debian based distros. I find this funny as many corporate servers use Debian, and I don't really see any huge security issues since the 90's waving red flags of warnings and issues. By following this guide, it really leaves no option for beginner linux enthusiasts. I (we) recommend not folloing this guide as it reads like privacy paranoia propaganda piece.

[-] dngray@lemmy.one 2 points 1 year ago

If you're going to use Arch use Arch. It is incredibly dangerous to be blindly trusting things in AUR, when they can be contributed by anyone.

However, it then goes on to say that only moderate or advanced users should use Arch

Yes because there is less QA, there is nobody testing those things before they are released to you. It also requires you to make a lot of selections which unless you know what components to choose (I also use Arch) would be not great for a newbie user.

I find this funny as many corporate servers use Debian, and I don’t really see any huge security issues since the 90’s waving red flags of warnings and issues.

A lot of them are Ubuntu these days, or Centos. In a corporate environment you tend to be running a lot of containerized workloads because you want redundancy, and high availability.

By following this guide, it really leaves no option for beginner linux enthusiasts. I (we) recommend not folloing this guide as it reads like privacy paranoia propaganda piece.

TLDR being there is no reason to look beyond Fedora or Ubuntu for a newbie user. That is the point that it makes. These other obscure distributions don't provide anything that you need.

[-] rodneyck@lemmy.world 2 points 1 year ago

TLDR being there is no reason to look beyond Fedora...

This whole privacy issue is about trust. And clearly your privacy recommendations are biased. For example, you seem to put all your trust in Fedora, a corporation owned by Red Hat...OWNED. A distro starting to 'trample on user's privacy with telemetry integration.'

Now you might say that telemetry isn't like the others, it is "anonymised." Except that is what corporations always say before they remove the username from the data collected and keep the unique user id. Again, it is about who you trust, and usually corporations are working and focused on the dollar, not the user.

I encourage anyone to look at other privacy recommendation sites, and form your own conclusions.

[-] nan@lemmy.blahaj.zone 11 points 1 year ago* (last edited 1 year ago)

Those are search engines and created by Mozilla. That’s why they all have @search.mozilla.org.

[-] yote_zip@pawb.social 11 points 1 year ago

I'll just note that I also have these extensions on my LibreWolf install, from the AUR.

[-] rodneyck@lemmy.world 6 points 1 year ago

Curious, have you addressed this with the Garuda team?

[-] PublicLewdness@burggit.moe 1 points 1 year ago

This seems more like a good reason to not use default options than a reason to not use Garuda. Many distros have worse defaults than this.

load more comments
view more: next ›
this post was submitted on 08 Jul 2023
109 points (100.0% liked)

Privacy Guides

16263 readers
3 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 1 year ago
MODERATORS