Vivaldi’s powerful privacy settings


  • Community Manager

    Vivaldi’s privacy settings give you the control to safeguard your private data more than any other browser. Let’s take a look at what you can do with Vivaldi.

    Click here to see the full blog post


  • Moderator

    Thanks for writing this up.

    In the future, we may consider switching to something else, for example, Cloudflare’s 1.1.1.1.

    Good idea!

    Form Autofill: For this functionality, we use Chromium’s autofill feature. It does not send your personal information to Google,

    OK. Good to know. You need to change the string that says "Use a Google Service to Assist in Form Autofill" because that's incredibly misleading. It should just be "Let the browser assist in form autofill" if Google is never contacted.


  • Moderator

    @OlgaA Nice explanation for users. 👍


  • Vivaldi Translator

    @lonm: Google is contacted. It doesn't send "personal information". It sends an hash of the URL, and what type of data was filed in the form.
    For example, for a particular hash, it knows you filed a particular field with a payment card number.
    So, yeah, it might be used to track you.
    I would prefer that system be hosted on V's own servers rather than using Google's.



  • while this is less bad than some other built in solutions it still needs to grow a lot to replace gorhills tools and I hope you are aware of that



  • Most websites – especially the ones you want to avoid – aren’t interested in obeying this request.

    Too true. And most websites you visit on a daily basis, like Google, Facebook, Whatsapp, Instagram, Youtube ...


  • Moderator

    @Cqoicebordel eugh. These blog posts are nice, but at the end of the day if I could just get a table with all this info I would be happy.

    Something like:

    Name Description of service provided Data sent externally Data shared with Privacy Risk Learn More
    Safe Browsing Blocks malicious URLs Sends hashed URLs in a staggered fashion Google Google could tell if you visit sites that match a certain fingerprint ↗

  • Moderator

    @LonM +1
    Such table to see what is done/sent would be very useful.
    @OlgaA ^^^^



  • Rightly or wrongly, the perceived wisdom by the online security conscious community is that anything Google is bad news for privacy and security, and to a very large extent rightly so.

    There is no point in wasting resources in implementing Google security solutions, while in fact they are the problem.



  • The browser is suspect as long as it's using Chromium.
    For example, you still won't close the chrome://media-engagement privacy loophole.



  • Thanks for considering the users for all these little tings making a big difference. \o/

    It's also nice to have history and cookies cleaned on exit (session only options) !

    Would it be, please, possible to have:

    • all data clean on exit (like with 'Delete browsing data...' UI)
    • no Filled Form data stored even temporarily (or do we just have to uncheck 'use a google service to assist in form autofill' ?)

    For DNS, would be good to be able to use a service with privacy: dnssec, no-log,... etc and so not on US soil like CloudFare is...

    Thanks ! ❤



  • @LonM said in Vivaldi’s powerful privacy settings:

    In the future, we may consider switching to something else, for example, Cloudflare’s 1.1.1.1.

    Reading wikipedia's cloudflare entry, this might not be a great idea.


  • Vivaldi Translator

    @lonm: Exactly that. Plus a column "Risk for your privacy", so people understand it better.
    Like in that case : "Google could know what website you have visited and made some purchases on".



  • Allow me to differ on this one.

    Auto fill stores information like name, city, telephone number, postal (zip) code, email address, and credit card details including cardholder name, card number and expiration date.

    Using auto fill, whether it communicates with Google servers or not is very bad security advice.

    Auto fill does not indicate what fields it has filled, the user simply has the choice of auto filling forms or not.

    There is nothing to prevent websites from designing logins which display the requirement of a user name and password fields only, leading the user to believe that the only information stored and exchanged for that particular web site is the user name and the password for that site, while the site could also include hidden fields drawn outside the visible screen that require sensitive information which is stored on the user's computer, which is auto filled without the user ever knowing.

    If you want to increase your safety online, simply avoid using the auto fill feature.


  • Vivaldi Translator

    @lonm said:

    In the future, we may consider switching to something else, for example, Cloudflare’s 1.1.1.1.

    Good idea!

    Wonder where that idea came from. Could't possibly be the years of us asking 😉


  • Vivaldi Translator

    There are a few extra settings that can be changed but are not in the main prefs.
    If you know where to look in the vivaldi://flags/ page you can disable or change a few more.
    There is a handy open source extension that collects many privacy options into 1 window.
    (Thankfully you don't need to keep it running)
    0_1561423715832_chrome-privacy.png
    https://add0n.com/privacy-settings.html
    https://github.com/schomery/privacy-settings/




  • Moderator

    @Cqoicebordel Good idea - I made an updated version of the table.

    There's always the risk of information overload, but I think a table with simple columns is very useful.



  • Very interesting! I shall continue reading tomorrow. (One tiny gripelet: the screenshots are a little unclear, at least on my tiny (10") screen.)



  • Thing is, even if you turn off those settings in Vivaldi, Chromium will still "phone home" on start to the Google-owned domain 1e100.net. Starting Vivaldi and looking at the network connections, it has about six different connections to this domain even with the Google services turned off.

    Maybe if the user directly turns off the flags in Chrome it will stop doing this, but regular users can't be expected to know this.

    I think Vivaldi should make sure that if these settings are turned off, Vivaldi will not make calls to Google's domains at all. Unless it's for things like getting updated certificate lists from the global CAs, but these should/could also in the future be provided by Vivaldi.

    I still have some of them turned on because I don't mind them, but the option to completely keep Google out of the browser should be there.


 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.