6

Unfortunately, the dark reader extension calls home every couple of hours, this is a privacy issue.

Step to reproduce:

-install dark reader
-notes how as soon as it is installed it automatically opens its homepage (first call home not requested by the user, just to be picky)
-start a network monitor of your choice

  • browse randomly for a few hours, interact with the extension by enabling and disabling in various domains
    -within a few hours you will notice one or more calls to https://darkreader.org
    (I noticed that if you browse many hours, every 2 hours it sends a ping)

Note that this is the extension's fault since it has the same behavior in firefox and safari

since Orion is a zero telemetry browser it should extend this precious feature also to the various add-ons if this doesn't compromise functionality.
Darkreader with no connection works like a charm (meanwhile bitwarden absolutely need to connect to his server to work properly for example)

Solution:

Add darkreader.org to Orion's dns filter blacklist (toggle in settings)

When a user installs dark reader from popular extension before downloading the extension is served with a banner:

  • dark reader calls home periodically (link to further explenation of the term phoning home and privacy implications - if needed - ), is recommended to block connection to domain: darkreader.org
    By blocking the domain your online privacy will be more respected but you'll not be able to visit the site.

Block connection to darkreader.org (toggle)

(If toggled ON)
Alert: as soon as you install the extension it will open a direct panel to its website, since you've blocked the domain you'll be served an error page "Orion can't open this page", you can safely close it and start enjoying the extension! -

I know that are a lot of word and bad written since i'm not native english.
Yes, every medium skilled person will simply blacklist the domain in his own dns settings but the average user who maybe uses only a smartphone knows nothing about DNS so worth informing about blank page after installation etc etc.

all latest RC

Sonoma (14)

17

  • eirk replied to this.

    _I_ there's nothing in the darkreader's options to not allow telemetry

      This is not an Orion issue. As a user you are responsible for what content blockers you use and what extensions you install. If you don’t like how an extension behaves, it is your job to avoid that extension. There are plenty of other open-source (and privacy friendly) extensions that provide similar functionality.

      There is no way Orion could possibly keep up with each extension’s functionality and block network requests without breaking things. There are also thousands of easy to use solutions to this problem like NextDNS, UBlock, AdGaurd, PiHole, Little Snitch, etc. As a user you can easily install another extension to block these kinds of network requests yourself.

        The only alternative I see is a network permission for extensions, it would be an all or nothing situation but might work in cases like these where the extension works completely offline.

          Some useful insight here:
          https://lemmy.dbzer0.com/post/4839906

          I found this post to be relevant to my initial post:
          "Just ran a Wireshark on it for 12 hours. The only thing it ever does is a frequent ping to their home site, but includes no useful data other than an IP address if you’re not on VPN. I wouldn’t worry about it personally. If it’s a big deal, DNS block darkreader.org or block pings to it through your firewall… Chances are it’s just to download the latest css rules when they have them or something."

          ForumNinja404
          As I said, my personal life problem with this issue is already solved since I blacklisted it at dns level.
          In my opinion should be something at least to inform since it broke the "no telemetry" environment.
          blacklisting darkreader.org doesn't broke any functionality and being able to do it from settings with a toggle, or even having the ability to blacklist various domains in general should be something to consider. orion devs doesn't have to play cat & mouse with extensions, just give the user the ability to do so.
          adding a blacklist and allowlist to the content blocker give more control to the user

          dark reader works flawlessly, and is a really useful extension I don't think that there are other dark mode for orion that works this well

          • eirk replied to this.

            maybe this is more a feature request than a bug so someone with superpowers feel free to change the tag

              • Edited

              chorizo it should extend this precious feature also to the various add-ons if this doesn't compromise functionality.

              chorizo broke the "no telemetry" environment

              not sure why orion should extend this beyond itself. what exactly would this entail? blocking extensions from using the internet? preventing all telemetry inside the browser?

              Orion says that the orion browser by itself is "zero telemetry", not stuff you install to it also is.

                eirk

                1 - orion is a zero telemetry browser with a backed-in repository for the most popular/supported extensions. Is not like I'm going out in the wild mindlessly installing whatever i found, should be wise at least put an advice that even if those extensions are avaible in the browser's repo may have unwanted telemetry, to avoid this you should block domains xyz. Note that I'm not saying that the devs have to spot all the extension's telemetry, this could simply be a community work from users for the users

                2 - orion is zero telemetry browser that offer a way to instal the more supported extension directly from the browser, give advice on what extensions have not necessary telemetry and what domains has to be blacklisted to avoid this.
                At this point the privacy commitment of orion is one step further, more good looking, user friendly/informative and with basically little effort from the devs since spotting and flagging those domains can be done by the community.

                3 - orion is zero telemetry browser that offer a way to instal the more supported extension directly from the browser, give advice on what extensions have not necessary telemetry, what domains has to be blacklisted to avoid this and It also have a content blocker with DNS filter! what about give the user the ability to block the aforementioned domains directly from the browser without recurring to asystem-wide network filter?
                I mean, the browser already have a DNS filter, should be straight forward the ability to blacklist (and whitelist) domains.

                4 - ideally in the future this could lead to ship orion with the extensions's telemetry blocked by default.

                • Vlad replied to this.

                  eirk yes…
                  “In future Dark Reader may collect browser version, platform name, display settings and user's filter settings (except website list or any other data which can help identify user). This information is needed for decision on implementing new features, removing unused features or suggesting default settings for new users.It will happen only with your permission“

                  The reality is:
                  -dark reader hasn’t asked for permission
                  -there’s no opt-out
                  -it make a call at least every 2 hours
                  -it make a call everytime you mouse over the lower part of the extension and trigger the donation banner.

                  Are you ok with that?

                    • Edited

                    chorizo Orion is zero telemetry by deault. The claim does not extend to third party extensions that user installs including those listed in popular extensions. Websites you visit may have their own telemetry too.

                    But Orion, unlike almost every other browser, will not phone home. That is what browser being zero-telemetry means.

                    No one is typing