I think that this is a valid and understandable opinion to draw from this data. Here’s a quote I like to reference about situations like this from an article on “juice jacking” attacks:
“At a high level, if nobody can point to a real-world example of it actually happening in public spaces, then it’s not something that is worth stressing about for the general public,” Mike Grover, a researcher who designs offensive hacking tools and does offensive hacking research for large companies, said in an interview. “Instead, it points to viability only for targeted situations. People at risk of that, hopefully, have better defenses than a nebulous warning.”
I think that this is true and broadly applicable. Therefore, when people discuss Firefox, I will point out that there are not really any real-world examples of people being compromised because of Firefox, which is just a true statement to my knowledge.
However, like you just pointed out, that does not mean a risk doesn’t exist. People are free to make an educated decision about whether the risk is likely to affect them and choose Chromium or Firefox accordingly. Chromium is theoretically more secure against attacks.
Therefore I would not agree with the statement that Firefox users aren’t more likely to be compromised than Chromium users, but I would agree with your statement that the risk probably doesn’t matter for the average person, because despite Firefox’s risk being higher than Chromium’s, the likelihood in both cases still seems extremely small
I think that this is true and broadly applicable. Therefore, when people discuss Firefox, I will point out that there are not really any real-world examples of people being compromised because of Firefox , which is just a true statement to my knowledge.
There is no real world exames of people getting hacked on /e/ OS either. I think its important even for noobs to assess the risks.
Firefox has 2.63% marketshare and Chromium has at least 80%.
So this reminds of people measuring how much security issues Windows and Linux desktop had and then marking Linux as a winner while in reality Windows is substantially more secure.
Firefox is obejctively less secure than Chromium browsers, especially on mobile. Then we also have Mozilla doing dumb stuff with their ToS and decisions.
You got me!
That literally makes my argument. I evaluate based on the technical merits not the soft sience.
You dont have a specific example of any more /e/ devices getting hacked than GOS ones. That doesn’t make /e/ secure or better, just like with firefox.
Both e rom and ff have historically bad security.
I’ve been using Zen Browser for a few days, and it’s honestly great. I find workspaces and split-screen tabs to be very useful.
I see that the post has been rejected, but does it even need to be recommended? It’s a Firefox fork, so you can harden it with Arkenfox, which is still recommended on this site.
I guess the issue is that because the browser is in beta, it’s not as secure as Firefox, but I’m sick of Mozilla, so personally, I’m willing to accept the trade-off
Privacy Guides’ main priority is recommending products, services, and practices which better protect people’s privacy. It seems they try to have some balance with usability and security as well. The main selling point of Zen over Firefox seems to be that they offer a different UI/UX which isn’t a privacy benefit over Firefox.
Just because something isn’t recommended by Privacy Guides doesn’t necessarily make it a bad option, it just isn’t currently an ideal option for what PG prioritizes. If you do stray from their recommendations, do so understanding that researching the privacy-related risks, pros, and cons become your personal responsibility if that’s something you care about.
This might be a good reason for some to avoid Zen Browser but it’s really up to your values and threat model. Another thing I’d look into is how quick Zen Browser manages to push Firefox updates in their browser. It’s not uncommon for downstream projects to have large delays in receiving security updates which could be a serious security concern.
Assuming you’re referring to the recent Mozilla controversy, I haven’t seen the Privacy Guides team comment on whether they think this is a privacy issue or not. While many are jumping on the anti-Mozilla bandwagon, it’s also worth hearing some differing perspectives:
I’m not saying Zen should be recommended. On the contrary, I don’t think Zen needs to be recommended. It’s a firefox fork that you can harden yourself, which is already recommended. The difference would probably be the security updates.
I understand giving Mozilla the benefit of the doubt, but their ToS is all that matters, and their communication is incredibly vague. And they’re also slow to implement new features. So even without the Mozilla controversy, there aren’t many reasons for me to use Firefox over Brave, Zen, or Mullvad. It’s just that the controversy makes me trust them less as a company.
you were presented with a real-world situation where /e/ is less effective
Its literally the same logic i was using when i claimed in the real-world Firefox sandbox is weaker therefore: Firefox < Chrome
You just selectively dismiss my reasoning for some arbitrary reason even though it matches your counter exactly.
The standard you want from people to prove FF sucks wouldnt even allow them to criticize ANYthing until they dont have soft sience social studies that show that X amount of people were affected to back it up?
So yes hypothetically Firefox is shit compared to Chrome the same way /e/ is compared to GOS. This is based on measurable metrics.
But in Jonah’s world we should dismiss the problems until we dont have self reports from hacked people.
But Jonah is exempt from this of course and his supported claim can be true without any studies.
You making a false equivalence with /e/ and Firefox..
Because Cellebrite is a real-world threat people face. I don’t really understand why this is difficult to understand, to be honest. What is the real-world threat facing Firefox users?
It’s exactly like I already said: You can criticize things all you want, but you can’t argue that regular people should actively worry about the problems you’re criticizing, if there is zero evidence that anyone has ever been impacted by these issues. The security problems Firefox has are academically interesting in the sense that Firefox developers should consider and fix them, but they simply aren’t reasons to recommend everyone stop using Firefox. That’s a whole separate issue.
I don’t really understand why this is difficult to understand, to be honest.
Because i wouldn’t expect your entire point depending on a bogeyman being out there.
I need you to understand that firefox is even worse than if your device had Cellebrite support because any site is able to exploit firefox’s weaknesses regardless of, if its being actively done or not. While with cellebrite its a private vulnerability and you need to be specifically targeted.
This argument is flawed, because it hinges on Windows being “substantially more secure” being a fact, when it is not.
We can also talk about this falsehood you dropped.
The problem is that there are many psuedo-security-experts out there making claims like “any site is able to exploit firefox’s weaknesses” without a shred of evidence to support their claims.
You were the one who claimed i was a “psuedo-security-expert” when i didnt even say i was an expert to begin with. Avoided responding to my counter and told me to GTFO.
If you could “educate” me on what i said was bad faith, id appreciate it.
I should clarify, I am referring to a general problem of psuedo-security-experts on Reddit/HN/etc. making bold claims that are then repeated by others. I’m not saying you are one of them or that this is an original claim you’ve come up with, I’m saying this is an often repeated argument you will see from people who are claiming to be experts without providing evidence to back up their claims.
The only issue here is that those claims are not being dug into enough by the community, and are simply taken at face value. There are many easily debunked resources about Firefox, Linux, Android, etc. that are nonetheless commonly shared in these forums and others as if they are gospel, which I think is unfortunate.
For readers unfamiliar with the phrase, PoC stands for Proof of Concept and means that if you are banging a drum about a security vulnerability you should also have a proof of concept in hand.
Well like I said, I think you are guilty of repeating these arguments that others have made, and taking them at face value. I would just encourage you to really consider the scope and practicality of these issues in more depth, instead of taking someone else’s word for it.
And if you can’t really evaluate this on your own, then maybe you shouldn’t be acting as their spokesperson here.
