Prompted by the disturbing privacy defaults in Windows 10 and an enquiry whether Webconverger leaked any intranet information, we reviewed Firefox defaults.
This review was accomplished with Wireshark, a tool that allows us to analyse every packet leaving and entering a Webconverger instance.
- We did notice a lot of network noise chatter caused by safe browsing, location services & a media codec download
- We reduced this chatter by turning off these automatic Firefox services
- Finally, an upgrade process on an install was packet sniffed
Strictly speaking these Firefox defaults don't leak any private information and elements like safe browsing should give an extra layer of malware protection, but in practice the network noise generated by these services are too risky for security. Some future exploit could masquerade as one of the services we turned off and it would have been very difficult to have noticed it otherwise. Furthermore "Safe browsing" doesn't really have value when a typical Webconverger deployment is locked on a customer's homepage.
So our quiet defaults from version 32 can be overridden by your own Firefox
preferences with our prefs=
API to turn them back on for example.
Webconverger 32 with non-noisy defaults and ...
As mentioned what was coming next in Webconverger 31 release, we did make boots a few seconds faster by closing #220!
https://github.com/webconverger/webc/compare/31.0...32.0 for details and Firefox 41 is included.
c3c1ee4c594b50557ffdca62d56ff1e4b8bb106c webc-32.0.iso
Please download from our CDN. Please support our continued operation by purchasing a subscription.
No user tracking
In the course of comparing privacy defaults with our Windows competitors such as Kioware and SiteKiosk, we did notice disturbingly they have features to log where kiosk users surf to.
We don't and by design can't log user activity from our end for privacy reasons. What we suggest customers do, is track the kiosk from their Web analytics platform:
homepage=https://example.com/kiosks/?id=WEBCID
You could then use that expanded WEBCID for tracking the particular kiosk on your site. Of course that strategy only applies to Web sites the kiosk owner controls.
If you, the kiosk owner wanted to know how many visits a kiosk user makes of for example Gmail, we can't tell you! Competitors allow you to do that, but we don't because we don't want to infringe on the privacy of Webconverger users. If you, the kiosk owner, don't want your kiosk users to go on other Websites, you need to use one of our filtering options or simply use our user interface without a URL bar option.
We hope that our policy gives users more confidence to use Webconverger branded kiosks in public spaces, since their privacy will be respected if they are permitted by kiosk owners to surf private Web sites.