A little admiration of how easy UI customization is on Firefox, and how shitty Chromium looks.

  • @Pantherina@feddit.deOP
    link
    fedilink
    98 months ago

    I am also pretty sure Firefox is equally if not more secure than Chromium. They just got some really bad reputation for not sandboxing everything.

    • Para_lyzed
      link
      fedilink
      38 months ago

      The only issue they have with sandboxing is on Android, as they have yet to implement per-site process isolation despite it being present on desktop Firefox and Chromium Android for many years now. I’ve been tracking the development of Project Fission on Android (Firefox’s per-site process isolation) for years now and it still isn’t even ready for testing. Additionally, Firefox Android does not use Android’s isolatedProcess flag for sandboxing, which is another area in which it is behind Chrome. For that reason, I cannot recommend Firefox on Android, and instead recommend Cromite (fork of Bromite after its development was abandoned) which is based on Chromium.

      • @ferralcat@monyet.cc
        link
        fedilink
        38 months ago

        Firefox shipped sandboxing on Android years ago (before chrome) and then removed it. I’m not sure you gain much from it on Android. It eats up ram making performance crap on cheap phones and apps already run in their own app user context to isolate what they can access.

        • Para_lyzed
          link
          fedilink
          18 months ago

          If you’re referencing an isolatedProccess implementation, the benefit is that each site is isolated in its own process, and any exploit would only have access to its own process (the data that the site sees anyways) without further escape (kernel exploit or meltdown, for instance). Without this isolation flag, sites are not sandboxed from each other or from the browser’s process itself, meaning an exploit could access any data from any other active site or from the browser’s process (such as accessing browser settings, bookmarks, history, or the built-in browser password manager). This has a massive implication on security. I’m unaware of the sandboxing you mentioned before Chrome, so I can’t comment on that, but you gain a lot of security from proper per-site process isolation. Yes, the app lives inside its own sandbox, but there’s plenty of data within that sandbox that you may not want a site to access, hence the importance of the isolatedProcess flag.

      • @Pantherina@feddit.deOP
        link
        fedilink
        18 months ago

        Yes very poorly true. The lack of any sync makes other mobile browsers hard to use for me though. Often start stuff on mobile, and continue on a real browser on Laptop.