Mull (Android Browser) + Criteria Change

2 posts were merged into an existing topic: Cromite (Bromite fork)

Personally, I’m already frustrated that Brave is recommended before Firefox, whether on PCs or smartphones, especially in view of the various scandals that have occurred in the past. Firefox is the ‘only’ browser that isn’t based on Chronium and that’s doing more and more to improve security and privacy.

Yes, it would be interesting to add other browsers and Mull is one of them.

What scandals exactly?
How does this impact the security and privacy of brave?

Honestly, I can’t listen to this old nonsense anymore…

badness enumeration

Isn’t it the same with DNS blocking or VPNs with such functionality? They’re also based on blacklists.

In my opinion: Mulch and Vanadium may have some extra security benefits, but without a built-in content blocker, it just doesn’t make sense to recommend them as a privacy browser. Yes, you can use DNS-based blocking but it won’t ever be as good (e.g. impossibility of blocking first-party ads/trackers; also in my experience you’ll end up seeing lots of “disable your adblocker” banners which doesn’t happen with uBlock Origin).

Major flaw that affected who? Everyone used and highly recommended F-Droid for years, and everyone was happy until that one article came up and everyone did a 180°, and instead of recommending F-Droid, they started to recommend avoiding it.

Last time I checked, F-Droid still has an excellent track record. The only major issue is delayed updates, but most sensitive apps have their own F-Droid repositories. Examples of those apps are Cake Wallet, Monerujo, Bitwarden, SimpleX, Bromite, Mull, and Mulch, all of which have their own repositories.

There are also almost 200 reproducible builds, and that number will probably increase faster and faster. Everyone can find a list of apps that have reproducible builds on the F-Droid Git repository.

How many people who downloaded apps that didn’t have their own F-Droid repository, didn’t have a reproducible build, etc. were seriously affected by the fact that F-Droid signs apps and provides delayed updates? How many people were compromised because of this? I will wait for a number and an example.

What are the chances of someone getting compromised because of F-Droid signing apps or having slightly delayed updates? Pretty slim.

What are the chances of someone being compromised by a zero-day or zero-click vulnerability? Pretty slim.

Now, what are the chances of someone visiting a malicious or infected website when browsing the web? I personally browse a lot, so for me, the chances are pretty high.

Why would I pick a browser that is generally less secure, lacks per-site process isolation, doesn’t have a WebView implementation, and also bypasses or cripples a fair bit of the AOSP and GrapheneOS hardening work for apps? I would rather pick a browser that comes bundled with the most secure mobile operating system whose developers have security as their top priority and also has extra hardening and security features on top of chromium which is already pretty secure.

Now about Vanadium not being recommended because of a lack of built-in content filtering:

If built-in content filtering makes that much of a difference vs. just using something like NextDNS, then why do Google or GrapheneOS developers not have built-in content filtering in their browsers?

(Before someone says, “Google doesn’t have built-in content filtering because it would hurt their advertising business,” I want to point out that Google could whitelist themselves and only filter out malware or malicious ads.)

I completely agree.

Criteria shouldn’t be changed out of desperation for more options. Projects should adapt to PG’s criteria, not vice versa.

The best example is how many changes and improvements @amilich and his team made to fit PG’s criteria to be recommended in the email providers section.

GrapheneOS has claimed they plan to add content blocking support to Vanadium in the future, see here.

I know. There is also an GitHub issue opened on Dec 31, 2018.

If built-in content filtering made that much of a difference compared to DNS-based filtering in terms of security, I think they would have implemented it in 5+ years.

(Also, while built-in content filtering can block more types of ads, it is limited to the browser, and it takes more CPU and battery to do the same thing.)

Mull logo is ugly asf. I saw someone made a damn cool logo and contributed to the project but the founder didn’t get it tho

This reason alone should make Firefox or any Gecko browser a not recommend browser on Android, as it’s insecure by design.

I have nothing much to add here. I didn’t know before that Firefox lacks this very important feature on Android that has been implemented like forever everywhere. I’m glad I read this thread, thanks.

@privacyyy
Please link where they posted the actual raw files and licensed its use.
Two designers have made proposals, they haven’t contributed them.

I’m not a company nor have I received million dollar grants like GrapheneOS or CalyxOS to pay for such proposals.

I know I’m contributing to the derailing, but I like the current logo. It’s groovy.

I will like to say that Brave fixed the VPN enabled by default issue .Brave seems to always fix the privacy issues. I understand people don’t want to support the Chromium monopoly but

1. This isn’t FOSS privacy guides, so it is irrelevant.
2. If Mozilla just matched Brave’s privacy protection by default, we wouldn’t be talking about this. Millions more will be using it, => more revenue => money to improve Gecko.
   3)If Mozilla foccused on making Gecko a match for Chromium performance-wise we wouldn’t be here. Why hasn’t there be a single novel browser built on Gecko in the last decade ? There is a reason Edge, Brave, Arc are all built on Chromium.

Which they themselves created to begin with

Your point? Those who are worried about a Chromium monopoly arent generally concerned with Mozilla’s wellbeing but rather about the consequences of that for the open web/open standards

Librewolf, Floorp, Ghostery, Thorium (android), Midori, Mullvad Browser, Mull…

Its thinking long term as opposed to immediate term. I suppose long term thinking is irrelevant if you dont plan to inhabit this planet much longer and dont care about everyone else who will

True.

Can Gecko really survive without Mozilla ?

Most aren’t novel and are just forks. (Librewolf, Ghostery, Mull, etc.)
Mullvad is essentially a Tor fork. But I can agree it is novel as it brings fingerprint resistance browser to TOR level.
Midori seem to not be reliable yet : their website display their phone number as (123) 456-7890. Floorp doesn’t even blocks mixed content by default so aslo dubious support.

So one novel browser in 10 years versus dozens of Chromium browsers.

I understand the point that FF Gecko might be inherently better privacy wise, but the fact is that Chromium has been chosen by the industry. No one forced Microsoft, Graphene OS, … to choose Chromium over Gecko. The fact is that it is better.

Probably not. The point is that you made it seem as if those who worry about a Chromium monopoly perceive saving Mozilla/FF as the end goal and not the means. It doesn’t otherwise make sense to point to Mozilla’s obvious mistakes in order to declare it unworthy of being saved.

Sure, now we somehow went from three, of which only one actually started out being Chromium based, to dozens of “novel” browsers based on Chromium. Care to enumerate?

Correlation does not mean causation, being a better avenue to be quickly profitable or having a viable product is not the same as being technically superior

I don’t like Firefox but why not proposing Mull on Android with a warning as long as the GeckoView sandboxing is not implemented.

However it should be a danger (red color) and not just a warning (amber color).
In my opinion, this is not just a little privacy problem but a well-known for years big security issue.

There is no Mullvad Browser on Android.

Thank you I made a mistake on the browser name.