First of all, I like the simplicity and speed of this browser. However, it is only available in English, not in other languages. I hope it will be as powerful as Tor Browser.
When I open the browser block switch, the test fingerprint URL is not open. No response at all after entering the address.
I turned off the block switch and used https://coveryourtracks.eff.org/
address to test the fingerprint information of this browser, the results are as follows:
If you disable WebRTC (from the Mullvad Browser Extension or in about:config), the preference user_pref(“media.peerconnection.enabled”, false); is written in the prefs.js file, but it’s reset again when the browser is closed.
Looks like a bug in the current version.
And thank you for the ongoing review and testing. I have to say before my comment may cause undue concern: unless you are using WebRTC (and give explicit permission to a website), no IP address should be leaked, regardless of whether the aforementioned configuration option is set or not.
I’ve run some of the usual leak/tracking test with the following setup:
Mullvad browser for Linux (default settings)
ProtonVPN (wireguard config)
The main thing that stood out was IPv6 DNS leaks. This was an easy fix:
about:config >> network.dns.disable.ipv6 = TRUE
The browser uses Mullvad’s DNS servers by default which I don’t mind but of course their location invariably differs from the various ProtonVPN servers.
As others mentioned WebRTC is enabled but seems to be filtered and can be disabled easily.
Another thing that stands out is the BrowserLeaks >> Canvas Fingerprint reports as “100% unique” which is a bit disturbing to me but similar to the Tor Browser IIRC. The EFF ‘Cover your Tracks’ test also reported a “nearly unique” browser fingerprint. Probably fingerprinting is better discussed elsewhere.
Other than that I like the Mullvad browser and hope it keeps improving.
Whereas, in LibreWolf with extensions and after configuring the canvasblocker and NoScript, the confirmations are as expected and informed by the website ( https://privacytests.org/ ).
This friend, you did not provide your system is which. My system is Mac, and I tested Tor Browser with another plugin installed, and the test results are:
The first one, yes
The second item, yes
Third, partial protection
My mullvad Browser test results are more or less the same as yours, but it’s not stable and the results are different every time.
My “system” is openSuse Tumbleweed X86-64 and in the LibreWolf 11.0.1 version everything was yes, but after the 112.0.1 update it also got partial protection. So I decided to remove everything and do a clean install of LibreWolf.
Initially without extensions, it was , yes, yes and partial protection. So I decided to install the extensions one at a time and, in the end, when we didn’t mess with LibreWolf’s default settings and installed CanvasBlocker and NoScript giving full reading permissions, we see that everything is yes. Did you understand?
I am really enjoying this Mullvad Browser! It’s fast, lightweight and doesn’t crash at any time.
The “evil” of using a VPN that does not have a server in the native country is that the most usable big-techs such as: facebook, twitter, outlook, the damn Google family require authentication and tracking in the same way. If we are using an email client with three or four emails, none of them open due to the authentication requirement.