(no title)
616c | 2 years ago
Is there empirical data on this? I think many in the security industry believe this. I ironically use FF if we can accept personal beliefs since I believe people attack the Chrome sandbox as a badge of honor and I can use containers to isolate state to different personas. That said also anecdata bullshit take on my part.
tptacek|2 years ago
(2) The fact that people attack Chrome as a badge of honor is a reason to use it, not to avoid it. It's why exploits for Firefox would be cheaper.
(3) I don't think my take is spicy at all? I haven't refreshed it in a few years, but when last I did, I don't think I talked to anybody on either side of browser security who felt that Firefox outclassed Chrome (I got a long, valuable Slack thread from a FF security person that I wish I'd saved that built a claim that FF was approaching parity with Chrome architecturally). I have spicy takes, to be sure, but I think I'm giving you a pretty mainstream take from software security land.
(4) Even if you believed Firefox and Chrome (or Chrome and Safari) were at parity, it makes a great deal of sense to standardize browsers, for the reasons I gave previously. The right way to think of your browser "fleet" is as multiple single points of failure; diversity isn't helping you at all. This is one of those "put all your eggs in one basket and guard it" situations.
I don't have any particular personal reason to love Chrome. I'm a Mac person, so I guess the best outcome for me would be for Safari to be perceived as the best browser. Certainly my batteries would last longer! Every couple of years I talk to people about what the landscape looks like; if I ever get different answers, I'll be sure to update my take.
616c|2 years ago