this post was submitted on 04 Nov 2024
207 points (97.7% liked)

Privacy

32442 readers
702 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I made this post, outlining my verdict about whether or not Chromium is more secure than Firefox. At the very end of the post, I noted "GrapheneOS did not respond to my requests for a comment."

Well, after weeks with no reply, they finally responded. I don't plan to do any more research about this topic, but this information is still incredibly valuable. Keep in mind the questions I asked the GrapheneOS team were created before I had done much research about the topic. Here are the questions and GrapheneOS's replies:

Does Firefox have isolation between tabs?

incomplete

Is Firefox's implementation of tab isolation as secure as Chromium's?

no, it's incomplete and their sandbox is significantly weaker across all platforms, but it varies based on platform

Firefox uses Fission to isolate embedded content from the main website. Is Fission used for tab isolation as well?

it's incomplete

Is Fission the main cause of concern about Firefox's security?

there are many ways in which it's less secure than Chromium, but the weak sandbox particularly that's entirely not implemented on Android is one of the main issues

Are there other reasons why Chromium is more secure than Firefox, besides Fission?

Chromium uses full garbage collection for a lot of the C++ objects, has much more hardened memory allocators for native allocation, has the V8 sandbox as another layer of security missing in Firefox before the OS sandbox, has much more fuzzing, auditing, etc. and much more modern exploit mitigations implemented too

Firefox is far behind in nearly every way and laid off a lot of their security people

Isolation of embedded content is important to prevent Spectre and Meltdown exploits, but is this actually something that an everyday user will be majorly affected by? It seems that, unless you are logging in through embedded content, there is far less risk associated with this from an everyday standpoint. Again, more security is obviously better, but is this as big of an issue as it's made out to be?

yes it impacts users because browser vulnerabilities are widely exploited in the wild and the OS sandbox is one of the main defenses against it, as is the V8 sandbox feature entirely missing in Firefox

Google heavily monitors for browser exploits and catches a lot of it happening in the wild

Mozilla / Firefox has little visibility into it

therefore, it's much more widely reported for Chrome but does not mean it isn't happening with Firefox regularly

Is Firefox less secure on Linux (besides Qubes, Tails, etc.) than other desktop operating systems?

Tails is not a hardened OS at all, that's a misconception about it, and it has nearly all the problems of desktop Linux

Firefox on desktop Linux has weaker sandboxing than elsewhere

on Android they haven't even implemented a content sandbox, although the OS provides an app sandbox around it as a whole but that's not the same thing

In which ways are Fission less secure than Chromium's Site Isolation?

it's not even completed yet, the issue is still open since not everything is isolated yet and there are known ways out

Does Brave provide the same privacy against fingerprinting as the Tor Browser?

Tor Browser's anti-fingerprinting is greatly overestimated and does not really work with JavaScript enabled, which it is for most users

Brave's is not strictly better or worse

neither anti-fingerprinting approach works well

Could you provide good resources for my article about the state of Firefox security on Android?

no, but it is awful, they don't even implement any content sandbox let alone site isolation, and have almost no exploit mitigations or anything implemented

Would it be easy for a developer to create a fork of Firefox for Android that uses isolatedProcess?

no, but it's easy for them to do it relative to doing it elsewhere

Would using isolatedProcess in Firefox fix isolation issues? If not, what would still need done?

no, but it would allow them to provide a content sandbox on Android and partial site isolation to the extent they implement it overall

Is there tab isolation for Firefox on Android? Is this as secure as Chromium's?

there's an incomplete implementation, and no, it's not nearly as secure aside from being incomplete

all 28 comments
sorted by: hot top controversial new old
[–] [email protected] 119 points 1 month ago (2 children)

While Firefox doesn't seem very well managed at all right now, I feel like I have to use it. If every browser uses chromium then it seems to me Google has the power to dictate how the web works, which I do not want. I just really want there to be other browser engines out there.

[–] [email protected] 25 points 1 month ago (1 children)

I use Firefox as I actually like it more, except for the lack of Chrome-style tab groups (in development). But it does seem like it's mismanaged and I wonder what that means for it in upcoming years.

[–] [email protected] 9 points 1 month ago

I agree, it's my favourite. Just seems its behind on security and dark times ahead as well as a terrible ceo.

[–] [email protected] 15 points 1 month ago

This concept is very understated. We need more options.

[–] [email protected] 47 points 1 month ago* (last edited 1 month ago) (1 children)

Great work. They haven't commented on this matter for some time now and its good to see an updated comment on this issue.

I use Graphene OS, but do use Mull. I also use Vanadium and base Chromium. Each for different uses. Mull for general browsing (I have many extensions, but I feel a bit more secure by running NoScript).

Vanadium is for when I need more functionality, and raw Chromium for inspecting responsive design of my own sites.

The GrapheneOS community is a great asset to the Android ecosystem, and their mentality has always seemed to be security above all else (even above privacy), which is a voice that is needed in any organization.

Again, thanks for doing this investigation.

[–] [email protected] 5 points 1 month ago (1 children)

I really wish I could use Vanadium as my main browser, but two downsides are really noticeable: a) adblocking is not as good as with Ublock Origin (for example, on TVTropes the ads themselves were removed but not the HTML elements they used to be in) and b) the multiple-choice search engine turned out to be quite important for me. So a Firefox fork it is.

[–] [email protected] 2 points 1 month ago (1 children)

Use Cromite. Fully open source, adblocking, and security hardened. See this browser table for conparisons: https://divestos.org/pages/browsers

[–] [email protected] 1 points 1 month ago (1 children)

It says the content blocker there is "Basic + Adblock Plus", and Adblock Plus is known for its not-so-great reputation (like whitelisted "acceptable ads") compared to UBO.

[–] [email protected] 1 points 1 month ago* (last edited 1 month ago) (1 children)

It does not use adblock plus lists directly. The lists are hosted by Cromite. uBlock Origin is not available for any android chromium browser (other than kiwi I guess). The adblocker works well from my tests. I recommend adding filterlists from https://divested.dev/pages/dnsbl

[–] [email protected] 1 points 1 month ago (1 children)

Ah, okay. I just wanted Vanadium because it came with the OS, but if I were to install another anyway - I am content with a FF fork, where Ublock Origin is indeed available. I was just very surprised that Vanadium did not block the giant element that has "Ad" in its html name...

[–] [email protected] 1 points 1 month ago
[–] [email protected] 18 points 1 month ago (1 children)

So use what browsers? Chrome sounds more secure (I didn't read previous post), yet I don't want an advertising company looking at my browsing habbits, nor supporting them dominating the browser market share and have a powerful influence on every web standards.

[–] [email protected] 18 points 1 month ago* (last edited 1 month ago)

Chrome sounds more secure

Chromium is not the same as Chrome. I highly suggest reading the previous posts.

yet I don’t want an advertising company looking at my browsing habbits

There are more privacy respecting options such as ungoogled-chromium and Brave (which can be configured to minimize data collection and bloat).

In the end, the choice is yours.

[–] [email protected] 17 points 1 month ago

That's interesting. Always good to be able to make informed choices

[–] [email protected] 10 points 1 month ago* (last edited 1 month ago) (1 children)

WASM disabled and uBlock Origin with third-party frames blocked. Try that in chromium, who's more secure now?

Btw, since i used the Magisk webview switcher and then removed it and bromite (since it didn't had cromite, which is actively maintained), Mull gets used for webview.

[–] [email protected] 9 points 1 month ago (1 children)

Why WASM? It seems to me that the attack surface of WASM is negligible compared to JavaScript (and IIUC disabling JavaScript will also disable WASM).

Third-party frames is definitely a good way to reduce your attack surface though. Ad embeds are often used to distribute exploits.

[–] [email protected] 2 points 1 month ago* (last edited 1 month ago)

Why WASM?

I misunderstood the bit about C++ as wasm.

[–] [email protected] 10 points 1 month ago

Very informative , thank you so much

[–] [email protected] 5 points 1 month ago (2 children)

Regarding tab isolation etc, do you know if in about:config setting the storage partitioning (by site, proxy, eyc) and/or disabling automatic storage access makes a difference? There are options for strict site isolation in there, too, but I don't know if toggling one thing will break another.

Also, don't containers on FF on Linux do that? browser.discovery.containers.enabled
privacy.usercontext.enabled

[–] [email protected] 3 points 1 month ago (1 children)

I do not know, sorry. Someone who does know is free to answer this, otherwise you could try researching using some of the sources listed in my previous post, or contact some knowledgeable people such as the GrapheneOS team, Mozilla, etc.

[–] [email protected] 5 points 1 month ago* (last edited 1 month ago)

BTW, thanks for these posts.

Sadly moz Dev is ... Difficult to find info about things other than the function and how to call it. The source is all there, and some things are buried so deep in some topic or obscure inaccessible part of their site. But practical functionality and actual results of use are difficult to determine on my lonesome.

I use the tests on https://librewolf.net/docs/testing/ to do some things, but there are just so many unknowns.

Thanks again.

[–] [email protected] 0 points 1 month ago

Fx* on Linux