@Aluminium @Frankel
Wow, such a gargantuan amount of BS. I mean, I usually reply to comments even if I consider them to be stupid, but your stuff is making even me weary.
> The blog link has some issues, stop spamming people with it every time someone dares question the glory that is Google/Brave.
Well, if you can’t refute any of the blog’s contents, of course the next best thing you can do is to attack superficial aspects like a private blog not meeting scientific criteria. Kind reminder that this is a private blog, and I don’t really think you are interested in these criteria either, it’s just the best you’ve got at this point.
I think the content of the blog is sufficient ot inform the vast majority of users of the actual security of browsers, and even though it repeatedly comes up even in Firefox forums and the FF subreddit, nobody has come up with a credible refutation of the actual content. It’s pretty telling.
And Chromium (and therefore Brave) being more secure than Firefox has nothing to do with any supposed “glory†(LOL). It’s either more secure, or it isn’t. I want to discuss the facts and not “gloryâ€.
> The citations are not properly done in any recognizable format. Many of the references are from twitter feeds, not research papers.
It’s a private blog, what do you expect? Nevertheless, a research paper would tell you the same thing. We both know it.
> Many of the people quoted work for Firefox competitors.
How does this render the information incorrect? If it was incorrect, you could refute it. Silly mudslinging and looking for excuses on your part.
> He also does not disclose any conflicts of interest he may have personally.
He is a developer of Whonix. Do you know what Whonix is? Hint: Whonix has to use Tor, and the Tor Browser Bundle. The Tor Browser Bundle is based on Firefox. So if anything, madaidan should be biased towards Firefox.
> He does not disclose his methodology, all his conclusions are theoretical. A credible researcher would disclose such things.
It’s a private blog. And I think you are looking for excuses because you can’t actually refute anything he says in reality.
> He also seems to think sandboxes are the be-all and end-all of security.
No, you should actually read the article. While he discusses the sandbox, it is not all the only point he discusses. Silly strawman of yours.
> I get Chrome has a majority of the market, like IE did back many years ago, but IE did not have nearly as many 0-days in its heyday.
IE in its heyday also supported below 10% of the web standards Chromium supports today. If you don’t support anything, this reduces the attack surface of course. Invalid comparison.
> I disagree with his and your assertion that browser mono-culture is a good thing just because it has a sandbox.
In the end, I just let the better product win. That’s it. If Firefox can’t compete then it is and should be on its way out. And that Firefox is less secure than Chromium has nothing to do with browser monoculture, what does Chromium have to do with the base security of Firefox’s code? Answer: Nothing.
Chromium is open source and has to remain so due to licensing requirements (and because it benefits from outside contributions). Anyone can base their browser on it. I don’t see a problem with it being the dominant browser. Chromium derivatives are like Android ROMs and so far, as far as phones are concerned, we have managed without Linux phones (which is what Firefox is in the browser world by comparison). There is simply no reason for Linux phones to exist when Custom ROMs exist. So it is with Firefox.
> I think the author is too short on details but just for fun, here is a link saying that Firefox is the most secure browser because of its sandbox.
Nice Firefox ad, however, madaidan addresses this in his blog and the current sandbox implementation is still inferior to Chromium’s implementation. I wouldn’t outright call the content of the article you posted fake news, because Firefox got better than it was before, but the headline is definitely misleading at least.
> Here is another link explaining the importance of knowing who is supporting security researchers to come up with their conclusions and why methodology and full disclosure is important.
Again, you are discussing about the person of the security researcher… Why? Just address the points he raises if you think you can. And as I said, since he is a Whonix dev, if anything, he should be biased towards Firefox. I also doubt that a project as respected as Whonix would promote Google (they don’t, actually, they are discussing the Chromium open source base, not Google Chrome).
> The original Mandalorian link is from 2020, two years ago. He makes the exact same rants about sandboxes as he does now.
Mandalorian? Really? Trolling the nickname of the Whonix dev because you have zero arguments to offer against him, that’s fairly pathetic. And yes, in his “rant†(calling factual information a rant, LOL again) he stated the same thing in 2020 and is still stating it now because the problem STILL PERSISTS. Why change it when it’s still true?
> Your past posts used the same criteria, albeit with a different conclusion
No, I never post superficial comparisons.
> Use a better researched, less biased source. The German source has less reason to be biased.
How is it badly researched? How is it biased (if anything, he should be biased towards Firefox because that’s what Tor uses)? You can’t answer these questions yourself.
And the BSI report you posted is not a source in my opinion. It is superficial trash. As I said, they look at some criteria, e.g. “Does the browser have a sandbox?â€. If there is a sandbox, then they check their checkbox and move on. They never compare the implementations themselves in any kind of depth, which is not surprising, since the “comparison†you’ve posted was undertaken by bureaucrats and not developers, and yes, it shows. Your source has neither credibility nor legitimacy because it totally lacks methodology, it lacks any kind of depth, it’s just a superficial checklist that you misleadingly post here.
@Frankel
Now that I’ve dealt with the Bs claims from @Aluminium, I can come to your uninformed nonsense.
> Lol, still falling for madaidan. Year old stale coffee and links to articles from 2015. Real dangerous stuff there!
The article was last updated on March 19th, 2022, but OK, whatever you say. If you want to bash the article at least get your facts straight.
> Reminder about real facts:
LOL, those are your facts? CVE counting, a method of amateurs that fails to account for the popularity of the software attacked and the actual severity of each given issue? Really? So you are telling me here, that Firefox with its meager 3% market share attracts less scrutiny and less interest from the bad guys than Chromium with its 80% market share? Is that your argument? If yes, then how is this related to the base security of the actual Firefox code? The more popular software will always have more CVE if the difference is as large as it is here, this proves nothing.
Your second “source†is gorhill’s Firefox promo piece where he says that the Firefox version of his extension is superior to the Chromium version of his extension. He ruminates the known fact that there are greater limits on what extensions can do on Chromium, which would include adblockers. The question is… A) What does that have to do with browser security? Like, at all? and B) Why should I care as a Brave user? Brave has an adblocker, I don’t need to care about the Chromium version of uBlock Origin and its limitations. The native adblocker of Brave does CNAME uncloaking, for example (which gorhill says his uBO on Chromium lacks). I don’t give a shit, because why would I?
Discussion about this post