Revise statements on Gecko browsers (Android) to make security shortcomings clear

I just want to know whether or not I’m at risk, and what risks, in relation to the security issues raised about Firefox.

And in the midst of that I vented about all the topics on the same subject that have been raised over and over again.

I took the opportunity to give my point of view as a user of the site.

I can’t maintain a high standard of conversation because it’s beyond my capacity to do so. Unfortunately, I lack knowledge, so I’m giving the point of view of a mere user, as well as bringing what I considered useful, based on personal discussions.

The forum is a place for high-level conversations, which is why I rarely comment here. Because I lack the ability to be part of these discussions.

I lack skills in linguistics, rhetoric, computer science, internet security and other things. I can only contribute these personal points raised about everything I’ve read so far about this problem with Gecko-based browsers.

Sorry about that, I won’t get involved anymore.

I didn’t take it personally, I just don’t want to detract from the topic any further. Besides, I just wanted to raise practical real-life issues by bringing the recommendations here to people where I live, considering that the site’s target audience is the average person.

Technical and theoretical discussion is always extremely important, but so should knowing the end-user’s side of the story.

I stopped using Firefox on Android after learning about the site and I’m waiting for the discussions to find out whether or not I should go back, considering that I have a personal history with website hijacking problems, etc.

I also don’t know the technical terms for what happened here, so I put it under the “hijacking” umbrella, in this case of a malicious site invading another legitimate site and using it as a zombie, or something similar.

Once again, I’m sorry to get involved, and I’m going off topic. It wasn’t intentional.

The discussions on the forum affect real people in real life, who may find themselves in situations with a low threat model or a high threat model, but it is precisely those in the low threat model who make the most common mistakes, silly and otherwise, through carelessness, lack of knowledge, etc.

Thanks for the discussions in this forum.

I think the current situation is fine, with Mull as a recommended browser and the warning box. The most important arguments have been mentioned already.

One thing I’d like to add is that when you use Firefox or a Firefox-based browser on desktop, you might want to use it on mobile as well, to sync your bookmarks and tabs etc. So it’s good to know that instead of the standard Firefox app you can use a hardened and fully free version like Mull.

In my opinion, without much rabbit hole, the most simple / complete answer there is for you is here in the posts of Daniel Micay:
https://www.reddit.com/r/GrapheneOS/comments/bg03np/browsers/
And there is nothing more simple than just installing Brave for mobile, and on desktop. Because of sync capabilities as well as Chromium Base.
Bear in mind that you should disable telemetry:
https://www.privacyguides.org/en/mobile-browsers/#recommended-brave-configuration
Don’t block scripts, it will break too much!
And select upgrade connection to HTTPS connections must use HTTPS.
At a bear minimum the last suggestion (upgrade connections).
If you have further questions just open a separate thread and link to this one with your questions and users will be glad to assist you

Just some ~29 steps to get rid of the junk:

• Brave Shields & privacy > Block trackers & ads > Aggressive
• Brave Shields & privacy > Upgrade connections to HTTPS > Require all connections to use HTTPS (strict)
• Brave Shields & privacy > Block Fingerprinting > Fingerprinting blocked (strict, may break sites)
• Brave Shields & privacy > Prevent fingerprinting via language settings > Enabled
• Brave Shields & privacy > Allow Facebook logins and embedded posts > Disabled
• Brave Shields & privacy > Allow Twitter embedded tweets > Disabled
• Brave Shields & privacy > WebRTC IP handling policy > Disable non-proxied UDP
• Brave Shields & privacy > Allow sites to check if you have payment methods saved > Disabled
• Brave Shields & privacy > Unstoppable Domains > Resolve Method > Disabled
• Brave Shields & privacy > Ethereum Name Service > Resolve Method > Disabled
• Brave Shields & privacy > Ethereum Name Service > ENS offchain lookup > Disabled
• Brave Shields & privacy > Solana Name Service > Resolve Method > Disabled
• Brave Shields & privacy > IPFS Gateway > Disabled
• Brave Shields & privacy > Allow privacy-preserving product analytics > Disabled
• Brave Shields & privacy > Automatically send diagnostic reports > Disabled
• Brave Shields & privacy > Automatically send daily usage ping to Brave > Disabled
• Brave News > Disabled
• Brave Wallet > Default Ethereum wallet > None
• Brave Wallet > Default Solana wallet > None
• Brave Wallet > Display Web3 notifications > Disabled
• Brave Leo > Show autocomplete suggestions in address bar > Disabled
• Site settings > Protected content > Blocked
• Media > Widevine DRM > Disabled
• Appearance > Brave Rewards icon > Disabled
• Appearance > Brave Ads > Disabled
• New Tab Page > Show Background Images > Disabled
• New Tab Page > Show Sponsored Images > Disabled
• New Tab Page > Show Top Sites > Disabled
• Brave Rewards > Show Ads when Brave is not in use > Disabled

Thanks @SkewedZeppelin
Just showes how long I haven’t used it, I was under the impression it’s just 3 - 5 settings to turn off the telemetry, disregarding the upgrades to tracking and fingerprinting.
But wow, yeah that’s alot of c.ap to disable.
Still don’t see a alternative for everyday users on mobile wanting Chromium Base

Cromite?

27 posts since yesterday and still I do not think much new information has been added to this thread.

Yes it does, because I strongly believe this is true for regular consumers:

Unless there is an indication that this is a real-world problem for people, removing Gecko-based browsers simply because theoretical vulnerabilities could exist makes no sense to me. If my mother began to use Firefox Android, for example, the actual risk that it would impose seems extraordinarily tiny. I think this is the case even for someone who randomly clicks links. We aren’t talking about severity exclusively when we’re considering risk, but likelihood as well.

Until it becomes likely that a regular person would be threatened by this, the things that Mozilla could improve with Firefox are still not blockers to recommending Firefox in general basically.

However, I will happily consider a proposal/PR which adds a more detailed explanation of what the concerns are, especially a PR which answers this question succinctly:

I think giving users a choice, and spelling out any potential real world problems is something that we should do, and I think the current page does well for privacy/security concerns.

Something that seems to be missed on the current Mull page is that some websites break due to the changes Mull does for privacy and security reasons. I know that Pixiv.net doesn’t work (EDIT: By that I mean you can’t see images/posts on the site) on Mull, but does work on Fennec/Firefox for Android and all Chromium browsers I have tested. Don’t know of any other sites, but I do believe it is due to Canvas access

@gregandcin
please see the list of known workarounds: Broken - DivestOS Mobile
particularly this one:

• Mull has stripped referrers. This often breaks loading of images on websites with hotlink protection. Navigate to about:config and change network.http.referer.XOriginPolicy from 2 to 1, this is however a privacy risk.

canvas issues show up as checkerboard or yellow/green lines.

Thanks, looks like I missed that. I still think something like that should be mentioned on Mull’s info panel on PG so that users like me might not be caught off guard if something breaks.

EDIT: That specific change didn’t fix the site, so I’ll keep looking

Well, to be fair, many of these are not mandatory for a relatively private and secure experience.

Erm. Getting your cookies and other browser data stolen, because it is a lot easier to exploit Firefox than Chromium are real-world problems for people. I know people whose browser got exploited, and it had real consequences.

I agree with @jonah. I am an MS 365 admin in two small startups. I am not a security expert. However, I have not seen or heard any incident caused by the lack of per-site isolation of Firefox so far. However, downloading malware or falling into phishing, not using MFA and etc. are the most common problems I saw. So, preaching around this issue has become an obsession for some people, especially under the influence of GOS guys. This is a fringe issue.

Deriving from the NIST’s cybersecurity framework, I had prepared this table for my managers when doing a simple cybersecurity risk assessment for my organisations.
You can apply the rules, and you will see that it is low-level risk.

image1362×344 33.9 KB

Edit:

How can they let sb steal your browser data? That should be real question we need to ask. If they fall into phishing easily, then per-site isolation won’t save you in many situations.

With all that said, it’s better to continue using a Chronium browser or you can use a Gecko browser, I’ve tested Mull and I don’t like it, it’s far too restrictive, I’d rather go back to FF.

Privacy Guides recommends two mobile operating systems: GrapheneOS and DivestOS.

GrapheneOS comes with Vanadium, which is a browser that I strongly recommend. It’s a browser that is good right now and will be even better in the future. You can read more about its current state and future plans here.

There is already a PR opened for adding Vanadium: (Can’t add more then two links in one post.)

DivestOS comes with Mulch, which is a browser that is similar to Vanadium. One big advantage that Mulch has over Vanadium is that you can use it on other Android operating systems, not just DivestOS.

Mulch currently doesn’t have the adblocking implementation that Vanadium introduced recently, but the developer says that he could probably include it, but there is no ETA: Mulch (Android Browser) - #8 by SkewedZeppelin

We also have Brave, but it has a downside, which is that you need to disable a good amount of junk.

And there is also Cromite, but it seems that it has some kind of issue with licencing or something.

As far as Gecko-based browsers go, PG recommends Tor Browser, which is the only browser that can offer you anonymity.

So why the hell recommend another browser with inferior security when we already have 3–5 good options? Apart from idelogical reasons and nonsense like “Google is bad, which means that Chromium-based browsers are bad, we should use Firefox.”

The only justification for a Gecko-based browser to be a recommendation and not an anti-recommendation is that “there is no evidence that this is an issue in the real world.”

But where is the evidence that this isn’t an issue for most people? So far, people have provided factual and technical information on the security issues of Gecko-based browsers, and the response that they got was: I think that this is not an issue for most people.

The percentage of people using Gecko-based browsers on Android is really small compared to the percentage of people using Chromium-based browsers. We should also consider that only a small number of vulnerabilities that are used in the wild are actually caught being used in the wild. Which leads to the conclusion that these two points alone make the logic of “It’s not the issue unless it’s abused in the real world” completely flawed in this scenario.

A post was merged into an existing topic: F-Droid (FOSS Android App Store)

Incorrect, but it is not in fact my job to restate previous discussions you’ve missed, so that will be left as an exercise to the reader.

Also simply not true, seeing as we say when we recommend F-Droid and link people to a specific version of F-Droid to download directly on the site.

Both of your posts are completely off-topic.

Could you please move the post about F-Droid to F-Droid topic? I edited it to fit that topic. The post indeed doesn’t belong in here.

What? This has nothing to do with phishing. I have been talking about browser exploitation the whole time in this thread.

Also why is everyone suddenly talking just about site isolation again? It’s by far not the only problem. The main problem is that it does not even have a proper internal sandbox to begin with and that exploit mitigations are weaker. No sandbox implies no meaningful site isolation, because site isolation needs to be enforced by sandboxing each site.

This is also my impression of the whole discussion. Thank you for speaking that out.

That is indeed a major problem.