This is a wonderful read 
9 Likes
This is what I expect from all of these new Chromium and Firefox forks.
Stick with proven options instead of chasing the new thing and new “cool” UI.
6 Likes
Honestly not surprising. As the saying goes, with a browser comes great responsibility. I don’t get why people jump on the boat of some smaller browser project without a dedicated security team.
3 Likes
Floorp and Zen are some recent examples, everyone just jumped on the hype train when those came out.
2 Likes
Smaller? They seem on-par with most of the popular forks (Brave, Vivaldi etc)? The Browser Company raises $50M at a $550M valuation | TechCrunch / (mirror).
tbf, Arc is all-in on the cloud+AI thing (adding new security vulns) which some of the volunteer-maintained forks won’t have money for (thankfully, enough).
Lessons… on recommending products / services because they “work well” but not actually pay attention to what they do versus whatever they say in their marketing including privacy policies (which has become another form of just that).
4 Likes
This is exactly what a hype is. Says pretty much nothing about the actual size of the company.
For the record, Arc was never recommended on PG.
3 Likes
I meant to point out that the position that something “works well” might not mean it means well, especially in terms of privacy, regardless of public claims (“gdpr”, “military-grade encryption”) or private assurances (“personally recieved guarantees via email”, “world-class experts”, etc).
To be pedantic: The default position of defending existing recommendations as “accurate” (when questioned) & the irony of putting “incompetence” [1] in the title on coverage of a security & privacy breach of a service / product not recommended by PG, is probably lost on some.
1 Like
It’s the sickness of our age imo. Looks before the function. People are first interested in the looks of something, rather than its functions. This is also why people use closed-source terminals like Warp (see issue) that require a login and are sketchy as hell
Because these web browsers provide useful features not present in the parent browser. Floorp provides webapps for instance, which is a very useful feature that isn’t provided in upstream FF.
1 Like
Brave has PWA support, if you use PWAs, then you probably stay logged into your accounts, and Brave will be a more secure option.
Yes, and there are many reasons on why Brave (and other chromium browsers) are unsuitable for some. Specially linux users.
Which reasons?
Manifest v2 deprecation, the fact that it is constantly broken if you use the native wayland version (it defaults to x11/xwayland), unfriendliness towards smaller screen resolutions
1 Like
That’s actually good, using MV2 extensions isn’t a good idea even if you trust the developer of the extension.
Even though I use Firefox on my Linux machine, I still use uBO Lite and not regular uBO.
Why? Got an article on this?
We recommend keeping extensions to a minimum: they have privileged access within your browser, require you to trust the developer, can make you stand out, and weaken site isolation. For those interested, here is an ongoing series on the basics of browser extension security by Wladimir Palant.
This list covers privacy and security related extensions only. While we believe these are the very best of the best, this can be subjective depending on your needs. We are also not saying you have to use all these extensions.
MV3 extensions don’t need invasive permissions, one example is uBlock Origin Lite.
1 Like
the bountry awarded was a whopping 2k, unbelievable for such a huge fuck up.
1 Like
Yeah, it’s pretty cringe, with bounties like that, it’s almost like they don’t even want people to penetration test their browser.
While it’s true that privileged access should be kept at a minimum, many of the features of uBO cannot be replicated without privileged access.
I don’t think that’s true. Vimium is mv3 and it injects its javascript into web pages. That’s pretty privileged, I’d say.
1 Like
Without giving it a permission to read and modify?