I hope Firefox succeeds, as I like the idea of not concentrating yet more power in few hands, but, on OpenBSD, I use Iridium (Chromium derivative), so I see these benefits, and am wondering what Firefox would add for me, privacy- and security-wise:
1) Iridium doesn't send info to Google like Chrome does (or that is the idea);
2) It is easier (last I checked) than with Firefox to leave some config tabs open so I can quickly turn on/off javascript, images, and/or cookies for those sites where I need them (by exception list or temporary exception, and easy to manage it without a mouse once the tab is open; separately, I do change the search engine also, and create search keywords), and
3) OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not (plus I browse under a different user than I do other things with high confidence there will not be a privilege escalation; also they say the pledge/unveil support is easier to implement in Chrome/Iridium than in Firefox because of the cleaner separations of concerns in the code organization (my wording; though they have probably also put pledge/unveil in FF also for all I know),
4) Maybe the security of Chrome/Iridium benefits from Google's bug bounties, more than what Firefox has done (ie, the security track record of each, frequency of major holes over, say, the last 1-3 years). I don't really know but I'm glad they try.
Given those things, what are the remaining biggest reasons I might prefer Firefox? (I am aware of OBSD removing DNS-over-HTTP from Firefox, indicating that is a choice that should be made by the user at the system level instead).
> Given those things, what are the remaining biggest reasons I might prefer Firefox?
Iridium seems to be quite outdated - the latest release that's listed on the website is from April. Given that there have been multiple critical security issues fixed since then - with some of them allowing for arbitrary code execution (https://www.cisecurity.org/advisory/multiple-vulnerabilities...) - I personally would consider using Iridium too risky.
I currently limit its use to an account on my computer that doesn't do the things where I care as much about security (and limit JS use), and the pledge/unveil OBSD stuff prevent it from reading or writing in directories not explicitly named as allowed. Still, you make a good point and I plan to think about it.
Maybe the question is which is more risk: a local and limited compromise to a low-privilege account on OBSD, or sharing more info with Google (sounds like Google is the lower risk maybe -- hard to say...). (On the other hand, it is becoming easier to upgrade packages on OBSD between releases and so if Iridium started releasing more often it could take advantage of that--but that is just speculative.)
> 2) It is easier (last I checked) than with Firefox to leave some config tabs open so I can quickly turn on/off javascript, images, and/or cookies for those sites where I need them (by exception list or temporary exception, and easy to manage it without a mouse once the tab is open; separately, I do change the search engine also, and create search keywords), and
I wouldn't want to switch everything on/off manually. I use the uMatrix extension which allows you to enable disable cookies, images, Javascript, iframes, etc. for each domain separately, and configure the exceptions permanently or temporarily. I have JS disabled by default, and enable it only for trusted sites or temporarily. Even on the sites I trust, Google Analytics scripts, etc. are disabled.
Thanks. I have been avoiding extensions & plugins in browsers because of how they increase the attack surface (including some that get new maintainers) with perhaps less code review. That may or may not have a significant risk level in a given case, hard for me to say. But do you know if there is a way to make exeption lists for this things in FF w/o any extensions? (built-in in chrome, so that one aspect is convenient)
I open a new tab, and with Alt-E then S bring up the Settings, scroll to the end and click Advanced. Then click Content Settings, and there are areas in there for images, javascript, and cookies where one can set permanent exceptions as well as on/off settings. I don't see it for iframes. Am I misunderstanding anything?
> what are the remaining biggest reasons I might prefer Firefox?
Neither Firefox nor Chromium let you reassign hotkeys without recompiling, and while Firefox's defaults could use some tweaking, Chromium's default keybindings are insane and counter-productive.
Of course, Mozilla's organization is in shambles atm so Firefox has been getting worse in many regards, even if its speed has caught up with Chrome.
> It is easier (last I checked) than with Firefox to leave some config tabs open
Not sure when you last checked, but about:config is its own tab.
Instead of changing the search engine, Firefox lets you define multiple search engines and choose between them with the cursor or tab key before searching.
> OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not
Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding? Also, most Linux distributions offer their own compiled version of Firefox, because ultimately it can be forked like Chromium, which really removes much of the differences you've described.
> Maybe the security of Chrome/Iridium benefits from Google's bug bounties, more than what Firefox has done
Maybe. But you can't really infer much from that data point. I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.
> Not sure when you last checked, but about:config is its own tab.
It was last I checked also, but felt awkward to use, and then you have to know what settings to look for, as opposed to having them in the UI (all can be easily overcome, but it is a little more work i think, maybe not enough to matter for some use cases or if I just forced myself to get used to it).
Is it possible to define ongoing exception lists there? How easy? And how many options to they allow for cookies (always, never, save until exit, ...)?
> Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding?
I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.
> I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.
about:preferences is a tab now, too. Cookie options could be maybe a wee bit more complex, however an addon will make up the difference.
> I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.
On a properly configured distribution, these things should all just work out of the box.
Honestly, barring the update frequency issues pointed out by another user, the OpenBSD Chromium experience is probably on par with the FF experience on major Linux distros.
Which Linux distributions configure any browsers (reliably, by default, without me having to know extra stuff) so that it cannot read or write files from any directories the user has access to (allowing, say, only /tmp and ~/Downloads and ~/.cache or the like), and so that if it makes inappropriate system calls (any except those on a whitelist) they fail?
As a longtime (and grateful) Debian user, I remain impressed with OpenBSD's relative lack of privilege escalation bugs in the base system, and "only 2 remote holes in the default install [since about 1996]": we can have different views of course but their constant auditing and general approach to correctness and security over adding features does make me feel better. :) Not trying to start a flamewar though (that would be bad; I fear I might be talking like a fanboy now...).
I certainly don't meant to claim that Linux is more secure than OpenBSD. OpenBSD's security is better in several respects. I'm just trying to keep this about the browsers themselves.
I think this is among the best reasons I've heard in this discussion to avoid Chrome. The other reasons to not use firefox (at least for me on OBSD for now, given that pledge/unveil support for FF are still in progress, and no way I know to use exception lists for images/cookies/javascript without an external plugin), might still outweigh it.
> 3) OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not (plus I browse under a different user than I do other things with high confidence there will not be a privilege escalation; also they say the pledge/unveil support is easier to implement in Chrome/Iridium than in Firefox because of the cleaner separations of concerns in the code organization (my wording; though they have probably also put pledge/unveil in FF also for all I know),
Tree Style Tab [1]. That is the main reason I am on Firefox. My screen is wider than it is tall, so I can make use of this by displaying the tabs on the side. It is 'tree style' which means that it is nested. This allows me to have child tabs of say, hn for reading all of the different articles. This can be easily collapsed, expanded or removed altogether.
I thought of another way to put a reason I am not quite moving to FF yet: If I change my habits around browser use, over to FF, then switch platforms, I again get DNS-over-HTTP (or DoH) which I think I don't want the browser to decide for me, preferring to make that decision at the user or system level as I have done with my non-expert use of DNSSEC on my desktop, which is at the system level. Sending all DNS queries to a single location is another concentration of power. Or, is DoH user-configurable in FF?
So, summarizing, pros/cons as I see them for my usage:
Iridium/Chromium pros:
- ability to create exception lists by domain for JS, images, cookies is built in in a way I know of, without adding plugins or extensions that might get less code review or bought by a malicious maintainer w/o my knowledge (maybe rare, but has been reported for some).
- if I switch platforms and continue with my current usage habits I am not forced into DoH (yet?).
- has pledge/unveil support (limiting risk today on a platform I trust more to do that right, with fewer privilege escalation bugs etc and less complexity/knowledge required than SELinux etc. (many fewer zero-days at the OS level).
Firefox pros:
- avoids mononoculture (a big one).
- Maybe has fewer zero-day bugs than Chromium or the older Iridium (at the user and application level only).
- will probably have OBSD pledge/unveil support in the next OBSD release or sooner.
- Does not send metrics (or other tracking) to Google in the current version (true? I actually don't know, I might have read some accusation that I didn't investigate)? (Does not apply when comparing to Iridium, but that seems to lag Chromium bugfixes by some months.)
I plan to think about weighting these for myself. Corrections welcome on whatever I have missed or forgotten. Thanks much for the discussion.
2) It is easier (last I checked) than with Firefox to leave some config tabs open so I can quickly turn on/off javascript, images, and/or cookies for those sites where I need them (by exception list or temporary exception, and easy to manage it without a mouse once the tab is open; separately, I do change the search engine also, and create search keywords), and
3) OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not (plus I browse under a different user than I do other things with high confidence there will not be a privilege escalation; also they say the pledge/unveil support is easier to implement in Chrome/Iridium than in Firefox because of the cleaner separations of concerns in the code organization (my wording; though they have probably also put pledge/unveil in FF also for all I know),
4) Maybe the security of Chrome/Iridium benefits from Google's bug bounties, more than what Firefox has done (ie, the security track record of each, frequency of major holes over, say, the last 1-3 years). I don't really know but I'm glad they try.
Given those things, what are the remaining biggest reasons I might prefer Firefox? (I am aware of OBSD removing DNS-over-HTTP from Firefox, indicating that is a choice that should be made by the user at the system level instead).