For a time it was Fennic for addon support but now that Firefox mobile has addons are there better alternatives? Those of you on android, what’s your go to?
Mull, but use the DivestOS repository. F-droid also builds it but too much delayed.
I use Firefox cause it’s easier to get people to switch to something that’s already in every app store.
IMO, standard Firefox is pretty OK, so I’d rather use that than some weird derivative that has more chances of security issues, breakage, or development halt.
Yup. So many of these “alternative” browsers have very questionable security practices. At the very minimum they don’t have a staffed team to respond to zero-day exploits. But often they also make large changes without too much consideration for security or disable security features when they get in the way of features. I hate saying “use on of the big boys” but for most users their browser is likely their largest attack surface by an order of magnitude, it’s job is literally to download an execute untrusted code and the API surface is huge. It takes real resources and careful development to develop and maintain a browser, and there are very few organizations that I would trust to do this.
So unless you have a strong reason I would highly recommend sticking to one of the major browsers.
Mull (from the DivestOS developers)
But nowadays I’m using a Chromium based browser on my phone because Firefox on Android doesn’t support process isolation
+1 for Mull.
And yeah, on Android unfortunately you gotta choose between privacy (Firefox/Mull) or security (Chromium).
It would be great to hear the implication of that
Here you can find a good explanation on that.
It would still need an Android system/kernel exploit to further escape the system sandbox. It is an important hardening feature, but the browser isn’t completely insecure without it
So what? You can go back to firefox for that reasoning unless you are a very very high target
Did you read the sentence before that? A malicious website could read data from other websites(opened in different tabs), and also passwords stored in the browser, etc… There is no additional system exploit needed for that
Yes. It doesn’t apply to me. I am no very high target.
What @silent_squirrel@feddit.de mentioned does not require a targetted attack.
