this post was submitted on 17 Jan 2024
432 points (97.6% liked)
Firefox
17963 readers
22 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Dear Mozilla, we really appreciated your intentions but we don't need more extensions but Gecko Webview to compete against Google's monopoly in this area. Chrome-based browsers are far ahead when it comes to security, see for example the GrapheneOS team of developers who preferred to adopt a Chromium-based browser rather than adopting Firefox as the default browser, they don't even recommend using it
GrapheneOS isn't a benchmark, it's a choice of a random distro essentially, others choose differently.
If you think Chromium is safer or more secure than Firefox, you are mistaking, just take a look at the changelogs of both
Changelog is not the point but the fundamental concepts and techniques. And unfortunately Chromium is far ahead.
Graphene as the most hardened OS is the benchmark. It's not random. Please inform.
Which 3rd party audit says that
Please don't link a random news site or blog post
I'm not a security expert so I can't say if your right on that point, but somehow I trust the Mozilla foundation much more than Google. Isn't the whole point of their browser to allow them to spy on you?
GrapheneOS is security first, but not so privacy focused in terms of their browser. In fact, they state that explicitly in the usage guide:
The only reason they dont recommend firefox is because it adds attack surface (of course, every app you use, adds some attack surface) and it dont have pre-site process isolation. This is NOT a privacy feature, but a exploit protection feature. Until a exploit has been discovered, with or without isolation, websites cannot interfere with each other.
Read about their browser and web browsing recommendations here: https://grapheneos.org/usage#web-browsing
Their Vanadium is, in fact, middle of the road in terms of data isolation and don't have any tracker blocker or fingerprint resistant. It is a tradeoff they made between privacy and usablity. If you want to read more: https://divestos.org/pages/browsers
I personally do agree with them that the "privacy theater" approach is not a long term solution, and we need more principled approach to privacy with proper threat model. However, currently, without more substantial research, messy privacy theater unfortunately seems to be the way to go; just like most corporations do use a anti-virus, even when they are not the way to archive "decent security".
GrapheneOS has a tendency to market their security/privacy choices as arbitrary to its users, probably to make them easier to understand. This is unfortunately enhanced by several GrapheneOS YouTubers.
Many times recommendations from GrapheneOS are strictly better than they competition, sometimes their advantage are not necessarily strict, but a tradeoff. I believe for Vanadium, their recommendation leans towards later.
Personally, I use grapheneOS with Mull.