Honestly, I find that in many cases I would trust an anonymous random Joe more than a company because they can be more mission driven and limited in their ambition than a growth driven tech company. Firefox keeps trying to push advertising while keeping it private, trying to get people to subscribe to a VPN subscription. Google actively undermines adblocking extensions with Manifest v3 and Web Integrity API. Edge tries to monetize your browsing data by trying to randomly sign your browser in your Microsoft account and sync your bookmarks, history, and passwords to their cloud and keep trying to get you to use their chatbot. There are several more examples.
> Honestly, I find that in many cases I would trust an anonymous random Joe more than a company because they can be more mission driven and limited in their ambition than a growth driven tech company.
If it is a random Joe and not, say, a malicious effort of a major government posing as one. That's the problem.
I hate this “I can’t trust open source” mentality. Open source contributors automatically getting labeled as malware is insane. I’d rather trust an individual contributor over large corporate interests any day of the week. And don’t act like the same thing can’t happen to corporate software
I use open source for the vast majority of things I do, but I'm still very selective about what I run. It's not an open source thing -- I also don't go out and grab random closed source executables from people I've never heard of.
People are distrusting unknown software from unknown devs, not open source software.
Yes, and that same issue stands for extensions that are essential for making the browser usable. Who uses Firefox without uBlock? I won't use a browser that lacks a feature rich vertical tabs solution and that requires me to use sidebery with Firefox. That essentially forces me to trust a host of extension creators that I know nothing about. Yes, source can be reviewed, but I don't have the chops to do it and it doesn't seem like there is a non-profit organization that is taking that on (why doesn't EFF?)
Personally I do try to limit the amount of them I run, stick with recommended and take at least a glance at the source from time to time, but it would not defend against version updates or good efforts to obfuscate bad code.
I do feel at least somewhat confident that for recommended extensions with substantial usage the internet would surface funny business quite quickly.
But yes, I would love for some independent third party to have some review program! Unfortunately it's not clear how it would be funded.
Not only that, trustworthy extensions normally have serious well-known developers behind them which decreases the risk of stumbling into something malicious.
To this date not a single extension which has been marked as recommended by Mozilla was found to contain malware.
Google on the other hand while being 1000 times richer has none of it.
and we wouldn't need any trust if banks just used a real protocol that we could implement in 5 minutes, instead of a thing made for rendering magazines in real time.
> but the poor non programmer user wouldn't be able to do this
Yeah, and we know it's relatively common for open source projects to end up with malicious code in them unless the project has maintainers that can be trusted.
I have LibreWolf installed and I use it from time to time (although I prefer Brave), but I don't have that much trust in project as is. I think if it had sponsorship and could afford to pay a few reputable pro-privacy developers to maintain the project then there's less risk, but as it stands is anyone honestly looking through all the source code to validate their pro-privacy claims? And even if they did, could you trust them or their releases?
There are far more eyes on firefox and it's hardened forks, then on a random/obscure piece of software (sorry, I have no idea what exact malware you're referencing).
Most often the developers are some random anonymous Joes without CVs or anything proving they have reputation at stake.
Thank you, but no thank you. Even if the official Firefox "leaks" something it's well controlled and well known.
What do these browsers do? I've no idea.