Focusing on market share it’s a wrong approach. 3% is still 10s of millions. Brave hasn’t even 1% and is an amazing browser.
3 Likes
Let’s face it, most people use Firefox to support the underdog, because of ideology or because Chromium is their scary boogyman that’s spying on them. Most are also not aware of all the security shortcomings of Firefox, especially on mobile.
When considering the above and the fact that Brave is a new browser whem compared to Firefox, in my eyes, Brave’s 1% and Firefox’s 3% are comparable because people use Brave because it’s an amazing browser, not to support an underdog or their ideology.
3 Likes
That’s really not true. I see many people still using Firefox and they are not privacy enthusiasts. Remember, while Firefox overall market share is 4%, it’s Desktop market share still is around 10%.
Firefox does some things better than Chrome, like extension support, PDF anotation, customization, etc.
5 Likes
Sacrificing security to allow MV2 extensions isn’t doing better than Chromium, in fact, it’s a disservice to Firefox users.
At least Brave has protected their MV2 support behind a toggle, and it’s only supported for a few selected extensions instead of keeping MV2 support like Firefox did.
1 Like
Firefox allows users to make their own choice. If you prefer a locked-down browser that’s your choice.
And the extension supoort isn’t even about MV2 or MV3. MV2 on Firefox is more powerful than Chromium’s.
See Why uBo works best on Firefox
BTW, if you are so concerned about security, then you should know that a) Firefox has a strict review policy where they manually review your extension b) No unverified (unsigned) extension are allowed on Firefox, contrary to Brave/Chromium where there are no checks when you sideload.
And Firefox has MV3 support, so if you prefer those, you are free to use them.
9 Likes
You can choose not use untrusted extensions. You don’t have to install any extension. Don’t need to exaggerate the situation in all threads.
7 Likes
How are those who aren’t educated on this topic capable of making their own choice? Millions of people use extensions and don’t even know what is MV2 or MV3.
I also don’t agree that Firefox kept MV2 support to allow users to make their own choice, they just don’t really care that much about security, as indicated by the fact that they haven’t made any progress with Fission or isolatedProcess on Android for over six years. While it’s not as bad on desktop, Firefox is still far away from being on par with Chromium’s security.
What Chromium did is improved security for all people that use extensions, even for those who don’t know what is MV2 or MV3 and aren’t aware of the security risks.
Moving to MV3 is still far from being enough, but at least it’s a step in the right direction to improve the security of extensions.
By that logic, Android is also locked down because apps can’t just gain full access to your OS, like MV2 extensions can gain full access to your browser.
The fact that extensions are more powerful on Firefox isn’t an advantage. This is like saying that Linux is better because you can install apps that have full root access to your PC, while Android apps are sandboxed, so they’re a lot less powerful.
MV2 extensions having as much access as they do is not okay, the same way all the apps having root access aren’t okay either. That’s why MV3 and flatpaks are a thing.
So you’re telling me that Firefox audits the code of all the extensions and then checks all code changes and commits? I highly doubt so.
I do.
Just because I trust an extension or an app doesn’t mean that it should have far more access than it needs.
That’s just your opinion, if you’re fine with MV2 extensions and think that they’re not a problem, then go ahead and use them.
1 Like
I am pretty sure we should let people make their own choice, and not make the decision for them because they are not “educated” enough.
They do care, and they are working on fission for Android.
But their market share on Android is very small (unlike Brave, Google, etc) so that’s not their priority.
While your statement seem convincing, I disagree. The problem with MV3 is not that it requires extension to go trough APIs, is that it just outright bans fetching of any resources. Imagine if you had to update your VPN/DNS app on Android every time there is a filter update because the app can’t fetch the updated lists…
4 Likes
That’s why a good default is better for uneducated people. No one can say that these people don’t exist, and they are the most vanerable, probably they’re the majority of the internet users too.
Contradiction? The bottom line is security is not Firefox’s focus, especially on mobile.
This is actually a good behavior, security-wise. Imagine if any extension can fetch unknown resources on the fly…
Letting people who don’t know anything about MV2 or MV3 choose is like letting kids do all the things that are currently not allowed, like buying alcohol. It doesn’t matter that they don’t yet know what’s good or bad for them and lack the experience as long as they get to choose, right?
The majority of people don’t know what MV2 and MV3 are and couldn’t care less until their passwords or credit card details get stolen by a malicious extension and it’s too late.
Those who are not educated can vote, marry, have a kid, and so on. So, who will decide on who is educated or not? 
First, your analogy is wrong. You can’t compare adults to kids. I believe on individual responsibility, not deciding for people what’s best for them.
Plus, most people don’t evem know extensions are a thing. So those who know have at least some idea of how it works. And remember that MV3 will not eliminate malicious extensions. And guess what ? Malicious extensions on Chrome can freely be downloaded, and as AFAIK with no checks of the extension safety. This isn’t the case with Firefox.
It’s NOT unknow ressources. It’s either updating existimg resources, or allowimg an user to add their own resources (like custom filters).
BTW, MV3 extensions can still request to see webpage content, so I guess those “uneducated” ppl will just click yes https://www.eff.org/deeplinks/2019/07/googles-plans-chrome-extensions-wont-really-help-security
2 Likes
“Uneducated people” will install malware, malicious apps, anyways, not extensions.
1 Like
I guess Google care so much about security that they let plenty of malicious apps on their App Store, financial scams in Youtube, etc.
Let’s get real here.
3 Likes
Do you really expect them to audit every single app and video? It only takes a little bit of common sense to understand that this is completely unrealistic.
But what they can do and have done is make all of those malicious apps powerless by using the concept of least privilege. By default, apps on Android don’t have any sensitive permissions, and Android’s permission control is the best on the market.
Can’t compare that to Firefox MV2 extensions, where the concept of least privilege is unheard of.
MV3 isn’t a silver bullet, but at least it’s a step in the right direction. Firefox hasn’t taken any steps to improve extension security, and if you think that they really audit the code of every single extension and update, then common.
No other browser can be customized to the degree that Firefox can. Even before the MV2 deprecation on Chromium, I preferred it. It is mostly a better browser overall, in my opinion. Chrome/Brave’s new UI design also looks really bad in resolutions smaller than 1080p.
afaik at least they check the extensions that are recommended, which is much better than what Google is doing (which is nothing, malware is rampant even in verified extensions).
Also, malicious extensions aren’t nearly as big of a deal considering that uneducated users will happily install malware with full admin/root rights, thus giving it full and persistent compromise of the entire system and not just the browser. The only way to prevent this from ever happening is by taking the android approach and also completely disabling any sensitive permission from ever being granted (e.g. no screen recording ever allowed, no displaying over apps etc) but nobody wants that.
1 Like
So, the video says Mozilla is going advertisements path and it is good, because AI is bad. Wut? Also he talks 3 minutes about own Nebula video service service with subscription. Lol.
1 Like
What AI are you even talking about?