This log snippet was generated by starting an instance of a Mozilla Firefox browser container. Here we see that the winsock calls to GetAddrInfo, DnsQuery, etc were made as well as how each of the hosts were resolved. These logs can be especially useful when troubleshooting issues with virtual network routing and proxies. Put Firefox on all your devices Take your privacy with you everywhere. Firefox Browsers for iOS and Android have the same strong privacy settings to block trackers from following you around the web, no matter where you are. Do it all with Firefox. Detectportal.firefox.com receives about 807,452 unique visitors per day, and it is ranked 4,684 in the world. Detectportal.firefox.com uses Amazon Cloudfront, Amazon S3, Amazon Web Services web technologies. Detectportal.firefox.com links to network IP address 18.104.22.168. Find more data about detectportal. Because you probably won’t ever need to use a Captive Portal on your pentesting machine (a VM, in my case), you can completely disable Firefox’s attempts to detect them. Just browse to about:config and enter network.captive-portal-service.enabled. Double click it to change its value to “false” and you should be good to go.
Waterfox came into the browser scene in 2011, coming right out the box with official x64 support (a rarity among browsers at the time) and promoted itself as an 'ethical browser.'
However, many things have changed in the browser landscape, and even the Waterfox project as whole since 2011.
With these changes, can Waterfox be a viable privacy-focused browser?
How To Remove Captive Portal
Let's do our best to find out.
Here's Waterfox at a glance...
- Light on System Resources ()
- Compatible with most Firefox Extensions ()
- 'No telemetry' and 'Limited Data Collection' (this could change, given the first con below)
- Bought by analytics/adverising company, System1, which is the same company that bought search engine StartPage. More info
- Still needs about:config tweaks found in Mozilla Firefox to be a more 'true' privacy browser
- Nonexistent mobile support (this may be a con for some people)
What is Waterfox?
Waterfox was a project started in 2011 by Alex Kontos. Waterfox is free and open source. While it has received contributions from multiple developers over the years, the main driving force for maintaining the project seemed to be the founder himself.
Waterfox initially gained a lot of traction because, at the time, it was one of the only browsers available for x64 bit systems. Even Firefox, from which Waterfox was forked, only officially supported 32-bit back then.
Interestingly, Waterfox never took a definitive 'privacy browser stance.' While it did aim to strip Mozilla's telemetry and other somewhat questionably default features, Waterfox was primarily built for speed.
However, in doing all of this, its goal was to be an 'ethical browser,' and you can reasonably argue that this makes it a privacy focused browser.
To me, it seems to just be a game of semantics, but I digress.
Nowadays, it seems Waterfox's biggest draws are still its speed and its support for legacy plugins (ext) - especially those that are no longer supported since the introduction of Firefox Quantum in 2016.
Currently, Waterfox comes in two flavors: Waterfox Current and Waterfox Classic. This review will focus on Waterfox Current (G3).
Waterfox was acquired by System1 in December 2019.
System1 is an advertising company that takes a 'privacy-focused' position in what it does. As noted previously, it is also the same company that purchased private search engine, Startpage (ext), sometime in Q4 of 2018.
However, so far, it appears that System1 hasn't done anything overt to warrant being 'untrustworthy' - outside of being a for-profit advertising company. Granted, some might say that near back-to-back acquisitions of independent and privacy-focused projects seems a little out of place...
Waterfox is available on Windows, macOS, and specified Linux distros.
On mobile platforms, it seems that Waterfox was available on Android, but appears that development has since stalled.
There are minimum system requirements for running this browser. These requirements slightly differ across different operating systems:
|OS ver||Windows 7|
|Requires Glib 2.28+||macOS 10.10+|
|CPU||x64 processor |
w/ SSSE3 support
|x64 processor |
w/ SSSE3 support
|Intel x64 processor|
|RAM||512 MB||512 MB||512 MB|
|Disk Space||200 MB||200 MB||200 MB|
First launch and set up
Once the installation finished up, Waterfox launched very quickly.
My immediate first impression is that it looked like a Firefox clone.
And it makes since... after all it is a fork of Firefox.
Like many other desktop browsers, there was no guide for set up before using Waterfox. Power users may be thankful for this, but the average user could be a little offput.
The lack of 'handholding' is most likely due to the browser being geared towards 'power users,' and to people who value choice when it comes to privacy focused (or, in Waterfox's specific case, 'ethical') browsers.
We'll dive into the privacy and security features of Waterfox here. We'll also explore any other unique features this browser has.
As a neat little 'default,' Waterfox comes with uBlock Origin already installed. This is the same uBlock Origin found in its GitHub, and that you can find in either the Chrome Web Store or Mozilla's official subdomain for Fiefox Add-ons.
If you're not familiar with uBlock Origin, then here's a quick rundown:
- It's a wide spectrum tracker blocker that is highly configurable and light on system resources.
- It's practically the 'gold standard' for free, privacy-respecting and privacy-enhancing browser plugins.
If you don't understand the importance of blocking trackers - not just ads - then learn more about the importance of tracker blocking here.
No Mozilla Telemetry
One thing that Waterfox boasts is that it's stripped of the telemetry Mozilla puts into Firefox's source code.
From what I could find, that appears to be... mostly true.
For starters, Waterfox has the Firefox Data Collection and Use removed from the Privacy & Security section of the options menu:
(Firefox is on the left, Waterfox on the right)
What's also important is that Waterfox doesn't appear to collect its own telemetry either.
When I let Waterfox idle for a few minutes on the standard homepage, it didn't do anything overtly suspicious, according to Sysmon.
Just to note, it did connect to a number of different CDNs, and also AWS. But it seems everything runs off CDNs and to a slightly lesser extent, AWS, these days.
However, it does look like Waterfox did perform a DNS query for mozilla.org and detectportal.firefox.com:
When I did some digging, it looks like Waterfox uses Firefox's service at detectportal.firefox.com for detecting captive portals (if they exist on a connected Wi-Fi network.)
The Firefox 'detectportal' service streamlines the captive portal process. A lot of users might miss a captive portal when trying to use a less familiar (usually public) network, such as a hotel's Wi-Fi network.
Some users may not like this option being enabled default (external), because that means Waterfox is 'talking' with Mozilla, and I can understand that. After all, Waterfox's claim can be interpreted as the browser not 'talking' with Mozilla servers.
Fortunately, you can disable this service by visiting about:config and changing network.captive-portal-service.enabled to false.
Usually if you don't go through the established captive portal, the network will not let your device connect. This can cause a lot of needless frustration for users as they try to diagnose any issues.
If a captive portal detection service is so user-friendly, some might ask why didn't the developer(s) behind Waterfox implement their own
No Phoning Home
Piggybacking off of the no telemetry 'feature'... Waterfox also claims that it does not collect data on its users, nor does it continously phone home, like other less privacy-focused browsers have a tendency to do.
As I noted above, Waterfox does initiate a couple of connections to Mozilla. This is especially true if you are using it on a device connected wirelessly (AKA, you're on a Wi-Fi network, as opposed to using an ethernet connection).
On each start up, Waterfox does a DNSquery for aus.waterfox.net. This is Waterfox's automatic update service, which you can't totally disable. At most, you can tell Waterfox not to automatically install updates. but it will still check for updates anyway.
Other than the few CDN connections - of which some are tied to connection to waterfox.net and mozilla.org - Waterfox doesn't seem to phone home a lot. This is a good thing, especially when you compare it other browsers that constantly phone home.
about:config / Reimagined Settings
Unlike Firefox, Waterfox does come with some privacy friendly about:config settings tweaked. However, not all of the privacy-related options are enabled. This isn't necessarily a bad thing.
Fortunately, if wanted, you can follow an advanced Firefox privacy set-up guide because the about:config options for Firefox are extremely similar to Waterfox:
The standard options and settings pages for Waterfox are noticeably different from, let's say, the likes of Firefox.
You can also adjust WebRTC settings from the main options in Waterfox too. However, it doesn't look like you can outright disable WebRTC without utilizing about:config...
Also, you can configure
referer header settings straight from the Waterfox's main options as well:
Incorporating these options/functions directly into the main options was a good call, in my opinion. Doing so makes them readily accessible for quick configuring, and also accessible to 'non-power' users that aren't super comfortable fiddling around in about:config for whatever reason.
Waterfox uses the same Gecko engine that Firefox uses.
Waterfox is updated very frequently. Updates seem to happen not long after the Firefox's source code is updated - this is important since Waterfox runs on Gecko.
These regular updates fix known bugs, exploits, and add new features.
Legacy Firefox Add-on Support
One of the biggest draws for Waterfox is that it's compatible with the vast majority of Firefox add-ons.
What's more is that the 'Classic' version of Waterfox is compatible with legacy Firefox add-ons - specifically, from the pre-quantum (2016) days.
Chrome Extension Support
A February 2021 update to Waterfox enabled Chrome Extension Support. This enabled the adding of Chrome extensions from the Chrome Web Store directly to Firefox.
I would say this is a double-edged sword. While you now have access to Chromium-only extensions without necessarily using a Chromium browser, this feature is 1) still very buggy and 2) requires a signed-in Google account to download extensions.
Stripped of Telemetry
Many users don't like telemetry. Many users also don't like being opted into software telemetry by default.
Unfortunately, Mozilla Firefox does both. However, what's good is that Waterfox does neither.
As I noted earlier, Waterfox claims that it does not collect telemetry and that it disables Mozilla's telemetry. Admittedly, this is a tall order - made even taller by the fact that ad/analytics company System1 acquired Waterfox.
In my findings, I found that Waterfox doesn't appear to collect its own telemetry. Additionally, it doesn't appear to phone home a lot - which is great!
Compatible with Firefox Add-ons
Detectportal Firefox Burp Suite
The easy compatibility with Firefox add-ons makes installing and configuring browser plugins, such as uBlock Origin, a breeze. There is no real need for a 'work-around' to utilize Firefox add-ons.
Therefore, for users that wish to ditch Firefox, the migration is made far less painful.
Note: As noted previously, a February 2021 update made Waterfox G3 compatible with Chrome extensions as well. However, at the time of this review, this new feature is still buggy.
Majority owned by an advertising company
As stated previously, as of December 2019 Waterfox is now majority owned by advertising/analytics company, System1.
And honestly, this is the biggest con I could find for this browser.
However, it is a con that needs to be considered heavily.
Internet advertising/analytics companies have been more on the dubious side since the dawn of the public Internet. That's not to say all ad and analytics companies are terrible - but let's face it... many are.
Many ad and analytics companies are no strangers to using shady and underhanded tactics to drive sales, get leads, and generate profit. They often work hand-in-hand with Big Data (and even Big Tech), gathering, purchasing, and sharing user data.
Yeah, well, System1 falls under the massive and broad umbrella of ad/analytic companies. However, from what I could find they haven't done anything that explicitly says 'We are tracking you.'
This is good and all, but this doesn't mean that this can't happen in the future.
What's more is that this doesn't mean this can't happen - without users being made explicitly aware - in the future either.
System1 is a company based in the US, which does not have friendly data privacy laws. So, if System1 were to collect telemetry/user data, nothing would really stop them from storing and using (selling, trading, etc) this data indefinitely.
Additionally, companies get acquired all the time. The acquiring company doesn't always follow the same user privacy practices that the asset company had in place -- case in point is the Facebook acquisition of Oculus. Non-profits, such as Mozilla, can't be bought.
Ultimately, you'll need to evaluate if you're willing to trust System1 in the first place. This is especially true for users looking to move away from Mozilla Firefox due to the amounts of telemetry that can be found within the browser's source code.
No mobile support
This could be a deal-breaker for some users. For others, not so much.
Allegedly, Waterfox was once available on Android. However, as we noted before, it looks like development for it has stalled.
There is no iOS version of Waterfox and there doesn't seem to be any development plans for iOS in the near future. At least, for now.
Additionally, the lack of mobile support makes the 'Sync' feature of Waterfox kind of lackluster.
Requires many 'privacy' tweaks
This could be a deal-breaker for some users. For others, not so much.
For users that are more interested in an easy and 'out-of-the-box' privacy browser experience, Waterfox doesn't fit that bill.
However this isn't a con unique to Waterfox. Many other notable privacy browsers, such as Firefox itself and Ungoogled Chromiumdon't come totally configured for privacy without tweaks or the help of browser plugins.
Ultimately, this means that you'll need to run through the main options menu(s), perform some about:config tweaks, and download trusted privacy-friendly browser plugins.
Overall, the Waterfox browser as a piece of software itself is respectable and not a 'bad' pick as far as privacy goes.
It has humble roots, and has been around as an 'ethical' browser for over 10 years. It has proven trustworthy as an alternative browser - at least, in the past. Its classic version is a favorite among users that want to utilize legacy Firefox add-ons and NPAPI plugins.
It's also worthy mentioning one of the better maintained Firefox forks available out there, since it receive regular updates as the team behind Firefox rolls them out.
(This differs from other forks such as Pale Moon, which has effectively become its own browser because it runs on a separate engine.)
While the lack of mobile development can be a big issue for some users, I would say that the core of the issue with Waterfox is the company, System1, that is now behind it.
Can we trust them? Will they try to pull the wool over our eyes? Will they slowly-but-surely attempt to integrate telemetry/user data collection into the browser over time? Only time will tell... and I think that this relative 'unknown' doesn't play well in Waterfox's favor among many users in the privacy community.
I doubt blame anyone for not wanting to use Waterfox because of the company that's now behind it. After all, in that specific area, it's not too different from Brave.
As always, stay safe out there!