So invidious isn’t working well at the moment, neither is piped. So I’m wondering what the best options are to watch YouTube right now?

And by burned, I mean "realize they have been burning for over a year". I'm referring to a bug in the Tor Browser flatpak that prevented the launcher from updating the actual browser, despite the launcher itself updating every week or so. The fix requires manual intervention, and this was never communicated to users. The browser itself also doesn't alert the user that it is outdated. The only reason I found out today was because the NoScript extension broke due to the browser being so old.

To make matters worse, the outdated version of the browser that I had, differs from the outdated version reported in the Github thread. In other words, if you were hoping that at least everybody affected by the bug would be stuck at the same version (and thus have the same fingerprint), that doesn't seem to be the case.

This is an extreme fingerprinting vulnerability. In fact I checked my fingerprint on multiple websites, and I had a unique fingerprint even with javascript disabled. So in other words, despite following the best privacy and security advice of:

1. using Tor Browser
2. disabling javascript
3. keeping software updated

My online habits have been tracked for over a year. Even if Duckduckgo or Startpage doesn't fingerprint users, Reddit sure does (to detect ban evasions, etc), and we all know 90% of searches lead to Reddit, and that Reddit sells data to Google. So I have been browsing the web for over a year with a false sense of security, all the while most of my browsing was linked to a single identity, and that much data is more than enough to link it to my real identity.

How was I supposed to catch this? Manually check the About page of my browser to make sure the number keeps incrementing? Browse the Github issue tracker before bed? Is all this privacy and security advice actually good, or does it just give people a false sense of security, when in reality the software isn't maintained enough for those recommendations to make a difference? Sorry for the rant, it's just all so tiring.

Edit: I want to clarify that this is not an attack on the lone dev maintaining the Tor Browser flatpak. They mention in the issue that they were fairly busy last year. I just wanted to know how other people handled this issue.

I am looking for a wifi mesh system to improve the coverage in my home. I looked around and found a cheap solution with decent reviews, the Halo 50G by Mercusys (TP Link). I am not a fan of super cheap, super easy to use "magical" solutions, and within minutes of connecting just the access point I was seeing calls to the likes of google, facebook, amazon, etc in my network coming from the device. Not ideal.

I also found that Ubiquiti and Netgear may be the best options out there, but the prices I found are north of 600€ and I can not afford to pay that much right now.

So, my question is: Is there any wifi mesh system that is not using my network against me and does not empty my wallet? I am based in Europe and would like something under 200€ if possible, and ready to buy from the shelf.

Thank you for reading and for any recommendation.

I bought a Garmin Forerunner 255 watch that I want to use only with Gadgetbridge. There is an old software version on the watch and I want to update it and I don't want to connect it with Garmin Connect or Garmin Express app?

I have looked for the possibility to do an “offline” update but have not found it. Maybe the community will help?

Not that I’ve ever wanted a voice assistant, but this shoots it in the head for me.

I'm making this post to share some interesting less talked about things about privacy, security, and other related topics. This post has no direct goal, it's just an interesting thing to read. Anyways, here we go:

I made a post about secureblue, which is a Linux distro* (I'll talk about the technicality later) designed to be as secure as possible without compromising too much usability. I really like the developers, they're one of the nicest, most responsible developers I've seen. I make a lot of bug reports on a wide variety of projects, so they deserve the recognition.

Anyways, secureblue is a lesser known distro* with a growing community. It's a good contrast to the more well known alternative** Qubes OS, which is not very user friendly at all.

* Neither secureblue, nor Qubes OS are "distros" in the classical sense. secureblue modifies and hardens various Fedora Atomic images. Qubes OS is not a distro either, as they state themselves. It's based on the Xen Hypervisor, and virtualizes different Linux distros on their own.

** Qubes OS and secureblue aren't exactly comparable. They have different goals and deal with security in different ways, just as no threat model can be compared as "better" than any other one. This all is without mentioning secureblue can be run inside of Qubes OS, which is a whole other ballpark.

secureblue has the goal of being the most secure option "for those whose first priority is using Linux, and second priority is security." secureblue "does not claim to be the most secure option available on the desktop." (See here) Many people in my post were confused about that sentence and wondered what the most secure option for desktop is. Qubes OS is one option, however the secureblue team likely had a different option in mind when they wrote that sentence: Android.

secureblue quotes Madaiden's Insecurities on some places of their website. Madaiden's Insecurities holds the view that Linux is fundamentally insecure and praises Android as a much better option. It's a hard pill to swallow, but Madaiden's Insecurities does make valid criticisms about Linux.

However, Madaiden's Insecurities makes no mention of secureblue. Why is that? As it turns out, Madaiden's Insecurities has not been updated in over 3 years. It is still a credible source for some occasions, but some recommendations are outdated.

Many people are strictly anti-Google because of Google's extreme history of privacy violations, however those people end up harming a lot of places of security in the process. The reality is, while Google is terrible with privacy, Google is fantastic with security. As such, many projects such as GrapheneOS use Google-made devices for the operating system. GrapheneOS explains their choice, and makes an important note that it would be willing to support other devices as long as it met their security standards. Currently only Google Pixels do.

For those unfamiliar, GrapheneOS is an open source privacy and security focused custom Android distribution. The Android Open Source Project (AOSP) is an open source project developed by Google. Like the Linux kernel, it provides an open source base for Android, which allows developers to make their own custom distributions of it. GrapheneOS is one such distribution, which "DeGoogles" the device, removing the invasive Google elements of the operating system.

Some Google elements, such as Google Play Services can be optionally installed onto the device in a non-privileged way (see here and here). People may be concerned that Google Pixels can still spy on them at a hardware level even with GrapheneOS installed, but that isn't the case.

With that introduction of secure Android out of the way, let's talk about desktop Android. Android has had a hidden option for Desktop Mode for years now. It's gotten much better since it was first introduced, and with the recent release of Android 15 QPR2, Android has been given a native terminal application that virtualizes Linux distros on the device. GrapheneOS is making vast improvements to the terminal app, and there are many improvements to come.

GrapheneOS will also try to support an upcoming Pixel Laptop from Google, which will run full Android on the desktop. All of these combined means that Android is one of, if not the, most secure option for desktop. Although less usable than some more matured desktop operating systems, it is becoming more and more integrated.

By the way, if you didn't know, Android is based on Linux. It uses the Linux kernel as a base, and builds on top of it. Calling Qubes OS a distro would be like calling Android and Chrome OS distros as well. Just an interesting fact.

So, if Android (or more specifically GrapheneOS) is the most secure option for desktop, what does that mean in the future? If the terminal app is able to virtualize Linux distros, secureblue could be run inside of GrapheneOS. GrapheneOS may start to become a better version of Qubes OS, in some respects, especially with the upcoming App Communication Scopes feature, which further sandboxes apps.

However, there is one bump in the road, which is the potential for Google to be broken up. If that happens, it might put GrapheneOS and a lot of security into a weird place. There might be consequences such as Pixels not being as secure or not supporting alternative Android distributions. Android may suffer some slowdowns or halts in development, possibly putting more work on custom Android distribution maintainers. However, some good may come from it as well. Android may become more open source and less Google invasive. It's going to be interesting to see what happens.

Speaking of Google being broken up, what will happen to Chrome? I largely don't care about what happens to Chrome, but instead what happens to Chromium. Like AOSP, Chromium is an open source browser base developed by Google. Many browsers are based on Chromium, including Brave Browser and Vanadium.

Vanadium is a hardened version of Chromium developed by GrapheneOS. Like what GrapheneOS does to Android, Vanadium removes invasive Google elements from the browser and adds some privacy and security fixes. Many users who run browser fingerprinting tests on Vanadium report it having a nearly unique fingerprint. Vanadium does actually include fingerprint protections (see here and here), but not enough users use it for it to be as noticeable as the Tor Browser. "Vanadium will appear the same as any other Vanadium on the same device model, and we don't support a lot of device models." (see here)

There's currently a battle in the browser space between a few different groups, so mentioning any browser is sure to get you involved in a slap fight. The fights usually arise between these groups:

• The group that is strictly anti-Google and uses Firefox-based browsers
• The security focused group that recognizes that Firefox is insecure and opts for privacy enhanced versions of Chromium
• The political group that only care about the politics behind an organization rather than the code itself (examples: Firefox Terms of Use update, Brave Browser including a crypto wallet)

For that last one, I would like to mention that Firefox rewrote the terms after backlash, and users have the ability to disable bloatware in Brave. Since Brave is open source, it is entirely possible for someone to make a fork of it that removes unwanted elements by default, since Brave is another recommended browser by the GrapheneOS team for security reasons.

Another interesting Chromium-based browser to look at is secureblue's Trivalent, which was inspired by Vanadium. It's a good option for users that use Linux instead of Android as a desktop.

Also, about crypto, why is there a negativity around it? The reason is largely due to its use in crime, use in scams, and use in investing. However, not all cryptocurrencies are automatically bad. The original purpose behind cryptocurrency was to solve a very interesting problem.

There are some cryptocurrencies with legitimate uses, such as Monero, which is a cryptocurrency designed to be completely anonymous. Whether or not you invest in it is your own business, and unrelated to the topics of this post. Bitcoin themselves even admit that Bitcoin is not anonymous, so there is a need for Monero if you want fully decentralized, anonymous digital transactions.

On the topic of fully decentralized and anonymous things, what about secure messaging apps? Most people, even GrapheneOS and CISA, are quick to recommend Signal as the gold standard. However, another messenger comes up in discussion (and my personal favorite), which is SimpleX Chat.

SimpleX Chat is recommended by GrapheneOS occasionally, as well as other credible places. This spreadsheet is my all time favorite one comparing different messengers, and SimpleX Chat is the only one that gets full marks. Signal is a close second, but it isn't decentralized and it requires a phone number.

Anyways, if you do use Signal on Android, be sure to check out Molly, which is a client (fork) of Signal for Android with lots of hardening and improvements. It is also available to install from Accrescent.

Accrescent is an open source app store for Android focused on privacy and security. It is one of the default app stores available to install directly on GrapheneOS. It plans to be an alternative to the Google Play Store, which means it will support installing proprietary apps. Accrescent is currently in early stages of development, so there are only a handful of apps on there, but once a few issues are fixed you will find that a lot of familiar apps will support it quickly.

Many people have high hopes for Accrescent, and for good reason. Other app stores like F-Droid are insecure, which pose risks such as supply chain attacks. Accrescent is hoped to be (and currently is) one of the most secure app stores for Android.

The only other secure app store recommended by GrapheneOS is the Google Play Store. However, using it can harm user privacy, as it is a Google service like any other. You also need an account to use it.

Users of GrapheneOS recommend making an anonymous Google account by creating it using fake information from a non-suspicious (i.e. not a VPN or Tor) IP address such as a coffee shop, and always use a VPN afterwards. A lot of people aren't satisfied with that response, since the account is still a unique identifier for your device. This leads to another slap fight about Aurora Store, which allows you to (less securely) install Play Store apps using a randomly given Google account.

The difference between the Play Store approach and the Aurora Store approach is that Aurora Store's approach is k-anonymous, rather than... "normal" anonymity. The preference largely comes down to threat models, but if you value security then Aurora Store is not a good option.

Another criticism of the Play Store is that it is proprietary. The view of security between open source software and proprietary software has shifted significantly. It used to be that people viewed open source software as less secure because the source code is openly available. While technically it's easier to craft an attack for a known exploit if the source code is available, that doesn't make the software itself any less secure.

The view was then shifted to open source software being more secure, because anyone can audit the code and spot vulnerabilities. Sometimes this can help, and many vulnerabilities have been spotted and fixed faster due to the software being open source, but it isn't always the case. Rarely do you see general people looking over every line of code for vulnerabilities.

The reality is that, just because something is open source, doesn't mean it is automatically more or less secure than if it were proprietary. Being open source simply provides integrity in the project (since the developers make it as easy as possible to spot misconduct), and full accountability towards the developers when something goes wrong. Being open source is obviously better than being proprietary, that's why many projects choose to be open source, but it doesn't have to be that way for it to still be secure.

Plus, the workings of proprietary code can technically be viewed, since some code can be decompiled, reverse engineered, or simply read as assembly instructions, but all of those are difficult, time consuming, and might get you sued, so it's rare to see it happen.

I'm not advocating for the use of proprietary software, but I am advocating for less hate regarding proprietary software. Among other things, proprietary software has some security benefits in things like drivers, which is why projects like linux-libre and Libreboot are worse for security than their counterparts (see coreboot).

Those projects still have uses, especially if you value software freedom over security, but for security alone they aren't as recommended.

Disclaimer before this next section: I don't know the difference in terminology between "Atomic", "Immutable", and "Rolling Release", so forgive me for that.

Also, on the topic of software freedom, stop using Debian. Debian is outdated and insecure, and I would argue less stable too. Having used a distro with an Atomic release cycle, I have experienced far less issues than when I used Debian. Not to mention, if you mess anything up on an Atomic distro, you can just rollback to the previous boot like nothing happened, and still keep all your data. That saved me when I almost bricked my computer motifying /etc/fstab/ by hand.

Since fixes are pushed out every day, and all software is kept as up to date as possible, Atomic distros I argue give more stability than having an outdated "tried and tested" system. This is more an opinion rather than factually measured.

Once I realized the stable version of Debian uses Linux kernel 6.1, (which is 3 years old and has had actively exploited vulnerabilities), and the latest stable version of the kernel is 6.13, I switched pretty quick for that reason among others.

Now, many old kernel versions are still maintained, and the latest stable version of Android uses kernels 6.1 and 6.6 (which are still maintained), but it's still not great to use older kernel versions regardless. It isn't the only insecurity about Debian.

I really have nothing more to say. I know I touched on a lot of extremely controversial topics, but I'm sick of privacy being at odds with security, as well as other groups being at odds with each other. This post is sort of a collection of a lot of interesting privacy and security knowledge I've accrued throughout my life, and I wanted to share my perspective. I don't expect everybody to agree with me, but I'm sharing this in case it ever becomes useful to someone else.

Thanks for taking the time to read this whole thing, if you did. I spent hours writing it, so I'm sure it's gotten very long by now.

Happy Pi Day everyone!

Due to the giant GOPstrich in the room. I have switched to linux and been actively trying to learn as much computer science as possible. I set up a TOR relay using Librewolf as the browser, using socks5 to send data from the browser, through the network. As an experiment, I asked Microsoft's AI where I was and it immediately returned my city. I tried again using a VPN, with a different browser and it still got it right. So, I wanted to ask, how can we limit the telemetry collected by these programs? How can we better limit their ability to spy on us?

cross-posted from: https://programming.dev/post/26910708

My small company (less than 30 employees) has been using Skype for internal group meetings and messaging. Since it's closing, we're looking for alternatives.

I think few people in the company are privacy minded (one of the higher ups had to get scolded to stop using some random AI to listen to all his meetings and write summaries), so we need something with a low barrier to entry.

We have basically no IT department, so self hosting would be a challenge. We do self host a redmine server via docker, and we have to connect to it via VPN when we're off-site (we have several full time remote employees).

Our feature requirements are: Group and individual messaging Screen sharing Meetings up to 2 hours Inexpensive Meetings with up to 10 participants Windows (some people use Skype from their phones also, but not a requirement) Minimal friction to setup and use Minimal bugs (mature)

Some of the ideas floated: Teams Discord Google Meet Signal Telegram Jami

I really don't think we could pull off Matrix, but am I wrong? Which of these ideas bothers you the least? Is there something else I'm overlooking?

Someone made a compilation of academic reviews and blogposts here: https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243 but none of them seem to be real security audit reports, ex. compare with real security audits to Delta Chat: https://delta.chat/en/help#security-audits

I'm getting ready to move off of Google (and Private Internet Access), and Proton is looking like the best option. But I'm nervous. Some of the things I worry about:

• Calendar support: I rely really heavily on Google Calendar. How will I share events with others? And what will I do without Google Tasks?
• VPN App Quality: Seeing some mixed reviews on Proton VPN Android app.
• Proton ethics & politics: Look, I really don't want to open up the holy war here. My big stipulation is: I don't want my money to go to a company that will donate its money or services to fascists. To my knowledge, Proton does not do that. I know they made a post that seemed to praise GOP antitrust efforts. I do not believe that that is the same thing as lending material support for fascists. (And, as someone who is very well read-in on antitrust issues, I'll say that -- for a lot of complicated reasons -- there is some truth to Proton's post, but I wish they had framed it as a critique of the corporate wing of the Democratic party and not praise of the GOP.)
• Anything else I haven't thought to ask.

So, folks who have made the switch: What do you wish you had known? What do you wish you had done to make the move easier?

Thank you for your advice.

I feel like this might be something that people here have insight on because VPNs seem to trigger Captchas a lot. What can I do to bypass them on desktop and android?

Porn companies must take strong action to protect privacy and prevent future harms

On March 3, 2025 Canada’s Privacy Commissioner announced that Pornhub’s practices fail to ensure meaningful consent has been obtained from everyone appearing in videos uploaded to the platform. (Shutterstock)

Elaine Craig, Dalhousie University

At a time of increased emphasis on buying Canadian, the country’s porn consumers can presumably rest easy. A Canadian business, Ethical Capital Partners (ECP), owns the world’s largest porn website, Pornhub. But do Canadian porn users have nothing to worry about?

On March 3, Canada’s privacy commissioner announced that Pornhub’s practices fail to ensure meaningful consent has been obtained from everyone appearing in videos uploaded to the platform, and that he will seek a federal court order directing Pornhub to comply with Canada’s privacy laws.

When ECP acquired Aylo (then called MindGeek), which owns Pornhub and other porn businesses, the company made numerous public statements. ECP’s executives stated in a release that Aylo was “built upon a foundation of trust, safety and compliance.” ECP executives also stated they were confident the company operates “legally and responsibly.”

However, class actions and individual lawsuits brought by women who allege Pornhub distributed videos of them without their consent, reports in 2020 of child rape videos on the platform and allegations of widespread content piracy do not align with ECP’s claims about Pornhub’s origins.

Privacy commissioner’s report

ECP’s assertion that Pornhub was built on trust and safety is also refuted by the privacy commissioner’s findings. In 2024, Commissioner Philippe Dufresne released a critical report regarding Aylo, following a complaint by a woman who alleged her ex-boyfriend uploaded a sexually explicit video of her to Pornhub without her consent. The video was copied and shared online hundreds of times.

The commissioner found that in 2015, when the video was posted, Pornhub’s process for ensuring consent was “wholly ineffective,” and that this had “devastating consequences for thousands of individuals whose intimate images were shared” without their knowledge and consent.

Dufresne stated the company was still failing “to ensure that it has obtained valid and meaningful consent from all individuals depicted in content uploaded to its websites.” He maintained this position in his announcement on March 2. ECP, which disputes the commissioner’s findings, launched unsuccessful legal proceedings to prevent Dufresne’s report from being published, delaying its release by nearly a year.

Numerous women have alleged horrific stories about their efforts to have videos removed from Pornhub that they did not consent to have uploaded (or in some cases, even created), only to be met with delay, a lack of response and administrative obstacles.

Today, Pornhub’s systems for verifying consent and responding to take-down requests are significantly more robust; they are likely superior to the mechanisms used by other platforms. But the lawsuits, testimony from victimized women and the commissioner’s report suggest this is hardly a company “built upon a foundation of trust, safety and compliance.” And according to the Dufresne, Pornhub is still not compliant with the law.

Harmful content

When they acquired the company, ECP executives told the media they bought Aylo to promote “consensual and sex-positive adult entertainment.” Academic research, including my own, has examined content on porn platforms that depicts the sexual assault of sleeping or unconscious women, the sexual abuse of children by their fathers or step-fathers and the use of misogynistic meta-data — video titles, tags, and content categories — to promote content to users.

Depictions, including fictional ones, of sexual assault by step-fathers against step-daughters, or of sexual acts imposed upon sleeping women, are not sex-positive. Using misogynistic video titles and tags to organize and amplify hateful assertions about women and adolescent girls is not sex-positive.

Pornhub’s content moderation policies prohibit this type of harmful content. If Pornhub consistently enforced its own rules regarding depictions of non-consensual sex, hate speech and community standards, the depictions of sexual assault and the hateful and discriminatory titles, tags and categories of porn that I found in my research would not be present.

The company could presumably do this, given its claim that every piece of content on its site is approved by human moderators, and the success it has had relative to other platforms in eliminating and preventing child sexual abuse material.

The harms posed by fictional depictions of sexual assault, and the use of misogynistic titles and tags to promote porn, are significantly heightened because of the nature of the porn business today. Porn has changed enormously in the last decade. It has become social media.

Contemporary porn’s ubiquity and social media character greatly enhance its capacity to shape our sexual culture, including in harmful ways. (Shutterstock)

Porn as social media

Like big tech generally, and social media in particular, the porn industry is shaped by search engine optimization, algorithms, data and the advertising revenue that drives the internet’s attention economy. As a result, porn is now freely available to anyone with a cellphone, exploding rates of consumption. And like other forms of social media, porn today is interactive.

These technological changes in the porn industry reveal that, if made easily accessible, many people will watch porn. Indeed, close to 10 per cent of Canadians visit Pornhub every day.

Contemporary porn’s ubiquity and social media character greatly enhance its capacity to shape our sexual culture, including in harmful ways. Broad social engagement with any practice, including the consumption of sexually explicit material, informs our relationships, norms and values. Eroticizing the sexual assault of unconscious women or step-daughters, or deploying misogynistic hate speech to shock, entice and arouse large segments of our communities, shapes how we understand and relate to consent, allegations of sexual assault and concepts of sexual desire.

There is nothing inherently harmful about watching porn, and not all porn contributes negatively to our social environment. However, ECP’s claims about the history of the world’s largest porn company suggest a lack of accountability regarding the tremendous harm that porn websites cause women and girls.

Transparency and accountability

Given porn’s heightened role in shaping our sexual culture in a platform society, content that depicts sexual assault or is framed in the language of misogyny is harmful to all of us. Presumably, this is why Pornhub’s policies prohibit this type of content. But content moderation rules are only as good as their enforcement.

ECP says it rebranded Aylo to reflect a “renewed commitment to…trust and safety” and to allow “the company to refocus its efforts to lead by example through transparency and public engagement.” The type of leadership that ECP contemplates requires a commitment to the truth and a willingness to rigorously uphold one’s own rules: the kind of commitment and willingness exhibited by Canada’s privacy commissioner, in this case.

To “lead by example,” ECP should start with transparency and forthright public accountability regarding the foundations upon which Pornhub was actually built and how it operated for many years. This must be followed by compliance with the privacy commissioner’s recommendations, and insistence that Pornhub’s content moderation policies are consistently and rigorously enforced.

Elaine Craig, Professor of Law, Dalhousie University

This article is republished from The Conversation under a Creative Commons license. Read the original article.

I haven't played Minecraft since 2015, but I get the feeling I might again in the new few years as I wanna find new hobbies. I know that game has changed a whole lot but I don't have any official online data on it.

I've had this Microsoft account for over a decade and its probably full of personal information that I wanna let go of, I've already exported all my data. I would need to pay $30 for another copy of Minecraft, same price I paid in 2013. I just did a bunch of searching and its not possible to transfer my Minecraft license to another account.

I am starting to use a RSS feed (Akregator). I intend to use it to follow youtube channels, and try to learn what else it can do. What kind of privacy issues should I be aware of? Are there settings I can use to improve privacy? I use a vpn, is there something else I should do?

https://x.com/mer__edith/status/1705639399503929643 (https://archive.md/yEaDA)

https://x.com/lorenzofb/status/1705341371014422845 (https://archive.md/0DMFA)

https://www.computerweekly.com/news/366552520/New-revelations-from-the-Snowden-archive-surface (https://archive.md/q95Al)

cross-posted from: https://lemmy.bestiver.se/post/265273

Comments

“Private browsing” on most browsers isn’t comprehensive or easy to use. Klar is next-level privacy that’s free, always on and always on your side — because it’s backed by Mozilla, the non-profit that fights for your rights on the Web.

i was using Focus as a quick less secure browser that doesn't break official websites. I uninstalled it after Mozilla's changes to terms of use/service.

Is Klar, like IronFox, a cleaned fork? If not, why is Guardian project serving it as next level privacy?

cross-posted from: https://programming.dev/post/26664400

Tarlogic developed a new C-based USB Bluetooth driver that is hardware-independent and cross-platform, allowing direct access to the hardware without relying on OS-specific APIs.

Armed with this new tool, which enables raw access to Bluetooth traffic, Tarlogic discovered hidden vendor-specific commands (Opcode 0x3F) in the ESP32 Bluetooth firmware that allow low-level control over Bluetooth functions.

In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.

Espressif has not publicly documented these commands, so either they weren't meant to be accessible, or they were left in by mistake. The issue is now tracked under CVE-2025-27840.

I use Qwant as my default search engine because I thought it was more respectful of my privacy than Google or Bing and DuckDuckGo is not giving so good results in my country (for localization related searches).

I noticed that the engine was removed from the default engines for URL bar in latest IronFox version. So I searched a bit about why so, and found this issue in their tracker : https://gitlab.com/ironfox-oss/IronFox/-/issues/47.

What to think about this ? The message from ironfox dev seems clear but qwant seems to claim that the shared data are anonymized.