top | item 45550367

(no title)

LucasOe | 4 months ago

I wish the article would talk a bit more about security. Here's what the GrapheneOS project has to say about Firefox [1]:

> Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.

[1]: https://grapheneos.org/usage

discuss

jeroenhd|4 months ago

If you're someone who's taking GrapheneOS' thread model into account, a locked down native browser is definitely better.

Chrome has a whole bunch of cool security tricks that definitely outshine many other browsers, but I find it all rather inconsequential when the using Chrome leads to such a terrible, privacy-hostile experience.

9029|4 months ago

While I still use Firefox on desktop, on Android I recently switched from Firefox mobile to Brave out of security concerns and frustrations with performance. It has built-in tracker, query param and ad blocking, and is recommended by the GrapheneOS people as a decent alternative to their Vanadium browser [0]. Additionally, I have a gut feeling a Brave user blends in a bit better with its default ad blocking vs say a Firefox user with extensions and filter lists of their choice, but this might be negligible.

On the other hand the affiliate, crypto and AI shit in Brave are quite disgusting tbh, but at least they can be disabled. I also miss Firefox sync a bit.

[0] https://grapheneos.social/@GrapheneOS/111966258971400137

stogot|4 months ago

Does Chromium have the same security features?

lollobomb|4 months ago

I use Graphene OS and I like it a lot, but 1) I have the feeling that, with Android's Decree coming, they are counting their days left to live. Unfortunately they built an amazing OS on very shaky foundations, it's not their fault, it's the mobile OS ecosystem that sucks. And 2) They (or, better, their benevolent dictator) tend to be very silly when it comes to threat modeling, as in "my way is the only one that makes sense". Personally, I prefer to use a browser like Firefox that allows me to block every annoying ads and to customize my experience as I want, rather than a super-secure fully isolated browser like Vanadium that a) does not replace Chrome anyway for many websites that require strong attestations (e.g. Wise's verification works on GOS with Chrome but not with Vanadium), and b) it's still based on Chromium, so still built on shaky Google foundations. With Mozilla's questionable choices over time, I keep my fingers crossed for Ladybird or Servo, or similar.

xvv|4 months ago

> they are counting their days left to live

The Graphene team has seemingly partnered with an OEM, who is releasing binary security patches for them already (with source code available after embargo lifts). Hardware does not seem too far away at this point either.

Sophira|4 months ago

While I don't disagree that Google are going to be targetting GrapheneOS and other OSes, the decree you're referring to only applies to "certified Android devices" - devices which run a Google-vetted version of Android and that come with Google Play pre-installed. OSes like GrapheneOS are not currently affected by this, as any device running it is not a "certified Android device" by definition.

This is not a reason to sit idly back, of course. GrapheneOS is in danger, as you say - it's just not necessarily from this particular decree.

Groxx|4 months ago

by "decree" do you mean developer verification, or something else? because verification won't affect them (or any other fork) even slightly

GeekyBear|4 months ago

Given the sheer amount of malware being served up by the ad networks, not running an ad blocker seems like a major risk factor.

Government agencies have been recommending everyone use an ad blocker for years now.

LucasOe|4 months ago

There are Chromium-based apps that block ads by default, like Brave and Vanadium.

Edit: It should be mentioned however, that the blocklist for Vanadium is pretty small.

attendant3446|4 months ago

True, but what are the alternatives? Bloated Brave? Bare Chromium without a proper adblock (I mean unlock of course)? Firefox is still the best browser there is, even with these flaws.

t0bia_s|4 months ago

Better than Firefox are hardened forks, IronFox (Android) and LibreWolf (desktop).

https://github.com/ironfox-oss/IronFox

https://librewolf.net/

attendant3446|4 months ago

Took me too long to notice autocorrect. Unlock is uBlock, obviously.

1vuio0pswjnm7|4 months ago

"Avoid Gecko-based browsers..."

Links built from source on Termux does not use Gecko

Attack surface is smaller than GrapheneOS browser based on Google Chromium

https://web.archive.org/web/20250503001331if_/http://links.t...

No Javascript, no ads, no pixel tracking, etc.

Imagine a browser where the user can actually read and edit the source code and compile it themselves, in seconds

How many users read the Firefox or Chrome/Chromium-based browser source code and compile it themselves

Not every use of the www requires a large, complex graphical web browser. It's useful to have browsers that are suited for non-commercial uses such as text retrieval

jamienicol|4 months ago

isolatedProcess is being worked on, for what it's worth: https://bugzilla.mozilla.org/show_bug.cgi?id=1565196

hxorr|4 months ago

Firefox android doesn't allow opening local file:// HTML files due to their poor sandboxing / security (I don't remember the specifics)

I like the browsing experience a lot but there are a few rough edges for sure.

bogwog|4 months ago

Just serve them through any http server on termux! Works as you'd expect, but on FF you need to manually add the http:// prefix in the URL bar if you navigate to an IP address like 127.0.0.1. Not sure why it doesn't figure that out by itself.