You could say the same thing about Arkenfox or Librewolf as neither is doing any original privacy/security work, and instead rely on the work done by Firefox and Tor. But as for Zen, it’s just a really nice browser to use and actually has better privacy by default than standard Firefox, since it doesn’t include Mozilla’s telemetry, which you would otherwise have to disable. I also think that especially now with the whole Mozilla controversy people are more willing to try different Firefox forks that don’t force you to accept Mozilla’s new terms.
2 Likes
So your reason for liking it is because it looks good and has marginally better privacy compared to FF. Got it. Even though its much worse than those other projects you mentioned.
People could just use the arc browser and benefit more from chromium security at this point.
That’s not the only reason I use it. Zen also has an excellent feature where you can combine workspaces with containers to compartmentalize your browsing, which I particularly like. Also, people have other reasons for using certain browsers that don’t necessarily have to do with privacy, and I think that’s okay. While Zen isn’t as privacy-oriented as Firefox + Arkenfox or Mullvad Browser, I think it offers a great balance between privacy and usability. Judging from your comments, it’s probably not for you, but that doesn’t mean that people who might be interested shouldn’t try it.
2 Likes
Judging from your comments, it’s probably not for you, but that doesn’t mean that people who might be interested shouldn’t try it.
Yeah i agree. Im just saying the average privacy enjoyer should probably not use it.
No thanks
This falw doesn’t have anything to do with engine security. Arc is still trash don’t get me wrong.
You really can’t (in my opinion). The Arkenfox project is a template and a guide, not a fork. It very intentionally isn’t a browser, it doesn’t intend or pretend to be a browser, and it very intentionally stuck with upstream Firefox. It is a method of managing Firefox settings more systematically, and a configuration template with strong defaults for Firefox. Arkenfox = Firefox with different defaults, not a fork.
With that said, I’d agree with your comparison between Librewolf and Zen, I think they fall into the same broad category (though Zen has less focus on privacy, and Librewolf has no focus on UI or features). I don’t believe PG should recommend either, but that doesn’t mean nobody should use them, nor that PG should recommend against using them unless there are concrete reasons to do so.
TL;DR I think Zen should neither be a recommendation nor an anti-recommendation. Use it if you want.
4 Likes
I would like to remind you that PG already recommends Firefox with basic hardening, and since you can do the same with Zen Browser, I fail to see a reason why an average person interested in privacy should avoid it. Should people also avoid Firefox? There are definitely even more privacy-focused options, but they each come with their own drawbacks. Also, there are other ways you can harden your browser like using uBlock Origin with medium mode that is much more effective than the default easy mode.
Fair enough. I have used Arkenfox myself, so I know that it isn’t a fork or a browser. I was only trying to argue that Arkenfox in itself doesn’t offer any new privacy or security features that wouldn’t already be available in Firefox, so in some ways making a comparison possible. I still understand your point of view though.
1 Like
Why people even consider using a browser like this? Bromium, Mull, Vanadium, Kiwi? All of them are discontinued after all. Neither of them could work with passkeys. How you guys trust some unknown guy behind such big and important thing like browser?
You should really try to get your facts right before commenting. By Bromium, do you mean Bromite? Cromite is a fork that has replaced it, which PG also recommends. Vanadium hasn’t been discontinued and supports passkeys. I think you need google play services for them to work though.
Also, while some browsers forks that are only maintained by a single or few people could get discontinued more easily, it doesn’t necessarily happen. I would say that if you choose to use one of these forks, you should pay attention that it gets updated regularly and hasn’t been discontinued.
5 Likes
Should people also avoid Firefox?
y e s
Customizing Ublock also fucks up Firefox’s non-existant fingerprinting resistance.
1 Like
Since Firefox can’t combat against advanced fingerprinting anyway, I don’t see a big problem hardening uBlock Origin. In fact, using it in medium mode reduces so much attack surface that I think the trade-off is worth it. If you’re more concerned about fingerprinting, I would suggest that you use Tor or Mullvad Browser that are the only browsers that can defend against advanced fingerprinting.
But this thread isn’t about Firefox or fingerprinting, so I would keep the conversation focused on Zen here.
3 Likes
You’re right. Firefox and Zen both fail at one of the most important protections.
Anything less than running the Tor Browser in Whonix on a hardened host OS is gonna require you to make privacy or security compromises somewhere. I mean even with that setup, you’re still making compromises somewhere. The average person is unwilling or unable to do that, so that’s why some people will recommend browsers like Brave and Firefox.
They have their own strengths and weaknesses but simply dismissing Firefox outright because it doesn’t have excellent fingerprinting protection out of the box feels like a slippery slope. Where do we draw the line at “good enough” protection when it comes to recommending a usable browser to the general public?
2 Likes
There is not one thing in Firefox which makes it worth choosing over Brave. Its one of the worst options for privacy. Im not saying you need to use Tails to be private. Its the common PG mindset to take small steps towards good privacy. Firefox is a a step sideways at best, and its only an improvement if you’re coming from a privacy invasive browser like opera/edge etc. Even then, its debatable if its worth to throw out security for moderately less spying.
1 Like
There are certainly downsides to Brave which you don’t get with Firefox. Personally I don’t think there’s a clear winner for everyone, it comes down to what you personally value and want to prioritize. For example:
- Brave includes Web3 bloat which likely worsens privacy and security. There’s also a bunch of additional qualms some may have with promoting Web3.
- Brave is downstream from Chromium and can be delayed from updates for several hours or longer. Other Chromium-based browsers can be even worse.
- Chromium/Brave lacks a decent alternative to Firefox’s Multi-Account Containers, which I find quite useful.
- Using Chromium-based browsers (like Brave) increases its market share which in turn can indirectly strengthen Google’s influence on the web, its browsers, and potentially anything based on it. It also weakens web browser diversity and the only independent alternative to big tech engines like Google’s Chromium and Apple’s WebKit.
I seriously doubt that. But feel free to share your reasoning for why popular alternatives like Chrome and Edge wipe the floor with Firefox when it comes to respecting user privacy. Or if you’re excluding the most popular competitors which most people are coming from, perhaps Firefox isn’t literally one of the worst options.
- See the first section of my comment.
- Most people are coming from privacy-invasive browsers. I recall hearing about how Brave’s anti-fingerprinting is better than Firefox’s out of the box, but is it good enough to defeat fingerprinting or at least rival the Tor Browser? If not, why is Brave good enough to recommend? This takes us back to my original point, there isn’t a clear line for what should be “good enough” to recommend the average user.
I can’t seem to find it now but I recall reading a thread on here about whether Firefox should be recommended at all since its sandboxing is apparently weaker than Chromium’s on desktop. I remember Jonah pointing out that it hasn’t been demonstrated that Firefox users are more likely to be compromised than Chromium users.
It doesn’t mean that the sandboxing point should be disregarded, it just means that things are more nuanced. When it comes to making a browser recommendation to the average user, the point that they’ll be much more secure using a Chromium-based browser just doesn’t seem to play out in the real world. I’d say this isn’t dissimilar to the situation with desktop Linux.
Anyways, we’ve gotten off-course from the original thread and I don’t wanna drag it on so I think I’ll let you have the final say. I understand the Brave > Firefox perspective and with the exception of promoting Chromium and Web3, I’d mostly agree with you. I just disagree that “Firefox is the worst, Brave is infinitely better in every regard”. It’s complicated, there’s pros and cons to both and many considerations to make when recommending a browser for the average person.
5 Likes
First of all, sorry if i come off as mean.
Second of all for the mods: this is on-topic because whenever we say Firefox, its applicable to Zen too. It concers Zen just as much.
- Brave includes Web3 bloat which likely worsens privacy and security. There’s also a bunch of additional qualms some may have with promoting Web3.
I don’t know what basis PG has for this claim and I don’t believe its true. None of the regular brave users turn these off, so if its state is detectable by a site, then its actually backwards thinking to disable them.
They are opt-in features which are entirely passive.
- Brave is downstream from Chromium and can be delayed from updates for several hours or longer.
Brave historically had a very good track record with timely updates.
Other Chromium-based browsers can be even worse.
Same can be said for FF forks. I specifically choose Brave because they are consistant and quick. This doesn’t concern them as much.
- Chromium/Brave lacks a decent alternative to Firefox’s Multi-Account Containers, which I find quite useful.
Chromium Profiles are much stronger.
- Using Chromium-based browsers (like Brave) increases its market share which in turn can indirectly strengthen Google’s influence on the web, its browsers, and potentially anything based on it. It also weakens web browser diversity and the only independent alternative to big tech engines like Google’s Chromium and Apple’s WebKit.
Not a privacy issue.
Or if you’re excluding the most popular competitors which most people are coming from, perhaps Firefox isn’t literally one of the worst options.
I clearly state that this applies if you’re coming from an invasive browser. I could have worded it like “One of the worst options for privacy seeking induvidials.”
but is it good enough to defeat fingerprinting or at least rival the Tor Browser?
Its a complex subject. It has some areas where its worse than TB, with the potential to be better. Tor’s strength comes from all people being part of the same network and components looking similar between users, etc. Brave cant implement all of these features because they have a big audience and they dont want to break stuff with missing fonts, no JS, letterboxing etc.
Chromium upstream wants to add a bunch of anti fingerprinting features eventually which would potentially outperform Tor’s in some ways but they are stalled at the moment by the Google monopoly lawsuit. They don’t want to make changes that could make it seem like they are working against sites to give Chrome and therefore Google an unfiar advantage.
Jonah pointing out that it hasn’t been demonstrated that Firefox users are more likely to be compromised than Chromium users.
Nothing against him, but thats an unfalsifiable statement. Why would they know they get to know that were hacked? We cant even have data on this. The fact that by all metrics the chromium sandbox is working better is all we have.
I think I’ll let you have the final say.
Thanks for the conversation. I get your point and forgive me if i sounded a bit too judging/combative. It was a pleasant discussion all considered.
3 Likes
It is not my statement. What I have said in the past is that there isn’t really evidence that Firefox users have experienced more security issues in the real world than Chromium users, which is true, but it’s a different statement.
7 Likes
Thanks for clarifying. I agree there is no data on this unfortunately.
It’s all good! So long as we have good intentions I can respect it.
Fair enough. Staff haven’t stepped in yet and you made some good points so I’d like to clarify a few things.
The main issue for me is that it seems to be unnecessary added attack surface.
I thought Brave supported Web3 out of the box, hence why PG recommends you disable it? I haven’t used Brave’s defaults in a while and I’m too lazy to reset and test it so I’ll have to take your word for it if you insist otherwise.
I agree it's probably not a big issue with Brave.
I’m too lazy to check myself so I was going off of the word of members in the Brave community. It’s a small point but it felt worth mentioning if we’re gonna have a long discussion about all the little pros and cons to Brave, Firefox, and other Chromium-based browsers.
I misunderstood your position to be that various Chromium-based alternatives would be preferable over Firefox, but I see now you’re specifically only advocating for Brave.
But also impractical to use as an alternative to Multi-Account Containers, at least for me. Especially if you need to repeat all these steps to optimize your privacy and security.
For an individual, this wouldn't be a privacy issue in the short-term. I'd say it's tangentially related as a collective concern in the long-term.
The links to Google and Apple I include cover just some of the privacy abuses those companies engage in. Generally speaking, I’d argue we should avoid strengthening companies hostile to privacy when possible. That could include avoiding a Google Chromium and Apple WebKit duopoly which heavily leans towards almost being a Google monopoly.
For now, the Tor Browser seems to be much better (privacy-wise) than the others. But because it’s not very usable, it makes sense to recommend a more usable browser that is still meaningfully better than Chrome/Edge/whatever. Exactly where you draw the line for what is “good enough” is difficult. I still uphold that there are advantages Firefox has over Brave.
Apologies, I slightly misremembered the quote. The gist of it was the same imo, that being the security benefits of Chromium don’t seem to improve outcomes in the real world. Maybe Jonah would still disagree with my framing of it so you can treat my interpretation of it as my opinion since it’s a point I’m bringing up.
I'd be surprised if there was literally no way to try and test real-world browser security?
I’ve seen little “browser security tests” that try to demonstrate how browsers handle malicious websites. In case they’re typically not accurate enough, could they be improved to at least be somewhat useful? I’m not an expert so I’m out of my lane here.
Either way I still agree Chromium has more secure sandboxing, I was just pointing out that this security benefit might not be a deal breaker for the average person in the real world.
None of my points taken on their own are a slam dunk in favour of Firefox over Brave. I was just pointing out some of the cons of Brave/Chromium and showing some of Firefox’s pros, ultimately to make the point that Brave is not definitively the best choice for everyone in every regard.
I think we all can reasonably assume that Firefox users are experiencing less security issues than Chromium users IRL due to the fact that it only has 2.63% market share.
The only advantage of Firefox IMO is the ability to easily deploy/modify configs using user.js.
I misunderstood your position to be that various Chromium-based alternatives would be preferable over Firefox, but I see now you’re specifically only advocating for Brave.
Well at least anything chromium based thats well maintained and not blatant spyware. Chromium itself for example.