> what are the remaining biggest reasons I might prefer Firefox?
Neither Firefox nor Chromium let you reassign hotkeys without recompiling, and while Firefox's defaults could use some tweaking, Chromium's default keybindings are insane and counter-productive.
Of course, Mozilla's organization is in shambles atm so Firefox has been getting worse in many regards, even if its speed has caught up with Chrome.
> It is easier (last I checked) than with Firefox to leave some config tabs open
Not sure when you last checked, but about:config is its own tab.
Instead of changing the search engine, Firefox lets you define multiple search engines and choose between them with the cursor or tab key before searching.
> OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not
Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding? Also, most Linux distributions offer their own compiled version of Firefox, because ultimately it can be forked like Chromium, which really removes much of the differences you've described.
> Maybe the security of Chrome/Iridium benefits from Google's bug bounties, more than what Firefox has done
Maybe. But you can't really infer much from that data point. I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.
> Not sure when you last checked, but about:config is its own tab.
It was last I checked also, but felt awkward to use, and then you have to know what settings to look for, as opposed to having them in the UI (all can be easily overcome, but it is a little more work i think, maybe not enough to matter for some use cases or if I just forced myself to get used to it).
Is it possible to define ongoing exception lists there? How easy? And how many options to they allow for cookies (always, never, save until exit, ...)?
> Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding?
I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.
> I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.
about:preferences is a tab now, too. Cookie options could be maybe a wee bit more complex, however an addon will make up the difference.
> I don't know fully, but for any of those I definitely have to think more, as the user, and there is (probably?) more room for error due to complexity.
On a properly configured distribution, these things should all just work out of the box.
Honestly, barring the update frequency issues pointed out by another user, the OpenBSD Chromium experience is probably on par with the FF experience on major Linux distros.
Which Linux distributions configure any browsers (reliably, by default, without me having to know extra stuff) so that it cannot read or write files from any directories the user has access to (allowing, say, only /tmp and ~/Downloads and ~/.cache or the like), and so that if it makes inappropriate system calls (any except those on a whitelist) they fail?
As a longtime (and grateful) Debian user, I remain impressed with OpenBSD's relative lack of privilege escalation bugs in the base system, and "only 2 remote holes in the default install [since about 1996]": we can have different views of course but their constant auditing and general approach to correctness and security over adding features does make me feel better. :) Not trying to start a flamewar though (that would be bad; I fear I might be talking like a fanboy now...).
I certainly don't meant to claim that Linux is more secure than OpenBSD. OpenBSD's security is better in several respects. I'm just trying to keep this about the browsers themselves.
Neither Firefox nor Chromium let you reassign hotkeys without recompiling, and while Firefox's defaults could use some tweaking, Chromium's default keybindings are insane and counter-productive.
Of course, Mozilla's organization is in shambles atm so Firefox has been getting worse in many regards, even if its speed has caught up with Chrome.
> It is easier (last I checked) than with Firefox to leave some config tabs open
Not sure when you last checked, but about:config is its own tab.
Instead of changing the search engine, Firefox lets you define multiple search engines and choose between them with the cursor or tab key before searching.
> OpenBSD adds pledge/unveil system calls from the browser, to prevent it from reading/writing files where it should not
Anything this offers over Linux containers / AppArmor / SELinux+permissions on a theoretical level, implementation nonwithstanding? Also, most Linux distributions offer their own compiled version of Firefox, because ultimately it can be forked like Chromium, which really removes much of the differences you've described.
> Maybe the security of Chrome/Iridium benefits from Google's bug bounties, more than what Firefox has done
Maybe. But you can't really infer much from that data point. I don't have any citation on hand (one would be welcome) but AFIAK Firefox typically has had less major 0-days than Chrome in the past, due to Chromium team's "move fast, break things, and don't communicate" policy.