this post was submitted on 03 Apr 2024
28 points (88.9% liked)
Privacy
31975 readers
242 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No, not as a general statement. Read the comment again
Maybe you should elucidate why you think this is the case, Rather than replying dismissively.
Frankly, I don't trust what you say because you only make a claim - you don't back it up with any explanation.
Check your hubris.
I too am curious about the real world implications of this lack of process isolation.
I am not sure but Firefox desktop (gecko) and mobile (fenix) are separate projects. I think they share a lot of code though.
So a browser renders webpages, CSS, Javascript and nowadays even Webassembly and WebGL stuff.
If you stick to HTML and CSS you are way more secure, Javascript is way more attack surface, and JIT+Webassembly where about 50% of Microsoft Edges security vulnerabilities.
So if you disable WebGL and JIT+Webassembly by default the attack surface is way lower. But there are websites, especially good stuff like Tuta doing in-browser encryption over advanced quantum resistant protocols, that require JIT. GrapheneOS Vanadium now has a toggle to enable JIT for some sites, Edge Desktop has too afaik (dont use it but its likely the most secure browser on Windows), Chrome-ium desktop allows a policy where you can list JIT exceptions.
Firefox desktop and mobile both likely allow blocking wasm and jit in about:config but no GUI toggle yet. Torbrowser in "very secure mode" also blocks JIT.
Coming to the engine, Chrome-ium focuses a lot on sandboxing, while using C and C++ for like everything.
Firefox has the rendering engine completely rewritten in Rust.
Assuming that most sandbox escapes come from memory issues, firefoxes sandbox doesnt have to be as secure if they simply dont have memory issues as they use Rust.
Firefox Desktop uses Seccomp filters for every process (restricting syscalls the processes can make) and separates processes using unprivileged user namespaces for every process (I think they call that fission). Firefox Flatpak can only use seccomp filters but the processes are not isolated from another, which is why you should probably use a system install (binary, .deb, .rpm, ...).
You can sandbox system installed apps using bubblejail and allow access to the syscalls needed to create user namespaces. But it is pretty complicated and incomplete in my experience, even though I dont know why.
On Android firefox still uses the engine in Rust afaik, but Android has a very different model how to isolate apps. Also only Chrome-ium can isolate every process strongly on Android, yet. It is totally possible but Mozills doesnt seem to care.
At the same time to be honest I never had a security vulnerability in Firefox affect me, my entire life.
It is important to protect activists and people that "StAtE ActOrS" want to target, so those people should use the most secure browser possible.
The problem is simply that we have no privacy respecting variant on the desktop, that also has quick CI/CD updates. Ungoogled Chromium often lacks behind on Updates (and dont mention Thorium please).
This could be done by people that know how to build such a pipeline on Gitlab, Github etc. and apply all the ungoogle patches to the browser, hardening the build and creating .RPM packages every few days. There just is nobody currently doing that.
Pinging the people in this thread (another advantage of commenting and not just liking). Plase see the changes in the above comments.