because @mozilla thinks someone might be able to do harmful things with #WebUSB they do not want to add WebUSB to #firefox.
-
because @mozilla thinks someone might be able to do harmful things with #WebUSB they do not want to add WebUSB to #firefox.
I wonder if #mozilla has ever heard about the possibilities of JavaScript.
reference: https://mozilla.github.io/standards-positions/#webusb
-
because @mozilla thinks someone might be able to do harmful things with #WebUSB they do not want to add WebUSB to #firefox.
I wonder if #mozilla has ever heard about the possibilities of JavaScript.
reference: https://mozilla.github.io/standards-positions/#webusb
So I can not use @mozilla #firefox to install @GrapheneOS. I have to use a Google based browser or do it manually.
-
So I can not use @mozilla #firefox to install @GrapheneOS. I have to use a Google based browser or do it manually.
@txt_file @mozilla @GrapheneOS Or you could just use fastboot like a normal person
… https://grapheneos.org/install/cliI’m very glad Firefox doesn’t have this nonsense. I hope it stays this way. There’s always Chrome for those who want unnecessary bloat that doesn’t respect your privacy and security.
-
@txt_file @mozilla @GrapheneOS Or you could just use fastboot like a normal person
… https://grapheneos.org/install/cliI’m very glad Firefox doesn’t have this nonsense. I hope it stays this way. There’s always Chrome for those who want unnecessary bloat that doesn’t respect your privacy and security.
@js @txt_file @mozilla Firefox supports downloading and running native executables with a very basic warning about it. What's the advantage of not supporting explicitly choosing a USB device to use with WebUSB? Their approach of forcing users to use native applications is far less private and secure. Giving access to only USB is much better than running unsandboxed software on a desktop. There's not as much of a gap with an Android APK due to app sandboxing but it's still better to use a site.
-
@js @txt_file @mozilla Firefox supports downloading and running native executables with a very basic warning about it. What's the advantage of not supporting explicitly choosing a USB device to use with WebUSB? Their approach of forcing users to use native applications is far less private and secure. Giving access to only USB is much better than running unsandboxed software on a desktop. There's not as much of a gap with an Android APK due to app sandboxing but it's still better to use a site.
@js @txt_file @mozilla Firefox is the least secure of the mainstream browsers. On mobile, it completely lacks sandboxing for content. On desktop, it still lacks complete site isolation so the content sandbox fails to protect sites and browser data from a compromised renderer. It does not have modern exploit protections or comparable hardening to Safari or especially Chromium-based browsers. If you care about privacy and security, there are better cross-platform options than Firefox like Brave.
-
@js @txt_file @mozilla Firefox is the least secure of the mainstream browsers. On mobile, it completely lacks sandboxing for content. On desktop, it still lacks complete site isolation so the content sandbox fails to protect sites and browser data from a compromised renderer. It does not have modern exploit protections or comparable hardening to Safari or especially Chromium-based browsers. If you care about privacy and security, there are better cross-platform options than Firefox like Brave.
@GrapheneOS @txt_file @mozilla This is just not true. Firefox has sandboxing for content for what, 4 years now? -
@GrapheneOS @txt_file @mozilla This is just not true. Firefox has sandboxing for content for what, 4 years now?
@js @txt_file @mozilla It is completely true. Firefox has no sandboxing for content on mobile. On desktop, it lacks completed site isolation. The site isolation feature on desktop has been largely but not fully implemented, and for a security feature it needs to be finished without remaining holes to be working. Firefox on desktop sandboxes content but with a much weaker sandbox than Chromium which does not properly protect browser data or sites from each other, and is far easier to bypass.
-
@js @txt_file @mozilla It is completely true. Firefox has no sandboxing for content on mobile. On desktop, it lacks completed site isolation. The site isolation feature on desktop has been largely but not fully implemented, and for a security feature it needs to be finished without remaining holes to be working. Firefox on desktop sandboxes content but with a much weaker sandbox than Chromium which does not properly protect browser data or sites from each other, and is far easier to bypass.
@js @txt_file @mozilla Firefox finally implemented multi-process on mobile but still without any content sandbox implemented, let alone site isolation (site isolation means sandboxing sites from each other and the browser itself). Firefox is getting close to having completed site isolation on desktop, but it is not done. Their sandbox on desktop is also much weaker and easier to escape. It also has much weaker exploit protections and far less work on finding/fixing bugs. It's a very soft target.
-
@js @txt_file @mozilla It is completely true. Firefox has no sandboxing for content on mobile. On desktop, it lacks completed site isolation. The site isolation feature on desktop has been largely but not fully implemented, and for a security feature it needs to be finished without remaining holes to be working. Firefox on desktop sandboxes content but with a much weaker sandbox than Chromium which does not properly protect browser data or sites from each other, and is far easier to bypass.
@GrapheneOS @txt_file @mozilla I don’t know about mobile, so let’s exclude that from the discussion. As for desktop; what do you think is missing for full site isolation? It is forking a process per site and using a separate Linux namespaces for each site from what I remember. This is the one thing where you weaken Firefox security if you put Firefox itself into its own namespace (e.g. by using Flatpak), as namespace nesting for non-root users is not allowed by default. That is currently being worked on, though. -
@js @txt_file @mozilla Firefox finally implemented multi-process on mobile but still without any content sandbox implemented, let alone site isolation (site isolation means sandboxing sites from each other and the browser itself). Firefox is getting close to having completed site isolation on desktop, but it is not done. Their sandbox on desktop is also much weaker and easier to escape. It also has much weaker exploit protections and far less work on finding/fixing bugs. It's a very soft target.
-
@GrapheneOS @txt_file @mozilla I don’t know about mobile, so let’s exclude that from the discussion. As for desktop; what do you think is missing for full site isolation? It is forking a process per site and using a separate Linux namespaces for each site from what I remember. This is the one thing where you weaken Firefox security if you put Firefox itself into its own namespace (e.g. by using Flatpak), as namespace nesting for non-root users is not allowed by default. That is currently being worked on, though.
@js @txt_file @mozilla Having each process in a basic sandbox does not make them isolated from each other when they have access to browser data and other sites via the APIs provided to them. Site isolation is not a given based on implementing sandboxing for each process. Site isolation is something they have had to implement beyond that and it's not completed. They have separated sites into their own processes but it's not a free feature to block them accessing more than they should be able to.
-
@js @txt_file @mozilla Having each process in a basic sandbox does not make them isolated from each other when they have access to browser data and other sites via the APIs provided to them. Site isolation is not a given based on implementing sandboxing for each process. Site isolation is something they have had to implement beyond that and it's not completed. They have separated sites into their own processes but it's not a free feature to block them accessing more than they should be able to.
@js @txt_file @mozilla Having each process in their own sandbox but able to access data for every site and the browser is not an implementation of site isolation. Firefox is providing similar semantics that Chromium was providing prior to site isolation being fully completed. It's a much weaker sandboxing implementation though, so it's also a lot easier to escape.
Chromium had per-tab sandboxed processes from day 1 but it did not have site isolation until much later. It's not the same thing.
-
@js @txt_file @mozilla Having each process in their own sandbox but able to access data for every site and the browser is not an implementation of site isolation. Firefox is providing similar semantics that Chromium was providing prior to site isolation being fully completed. It's a much weaker sandboxing implementation though, so it's also a lot easier to escape.
Chromium had per-tab sandboxed processes from day 1 but it did not have site isolation until much later. It's not the same thing.
@js @txt_file @mozilla For years, people had the wrong impression that Chromium's per-tab processes were protecting sites from each other and browser data from sites. It was not the case. They had to switch to strictly putting each site context into their own process including for iframes, etc. and then had to enforce strict boundaries between them at an IPC level. The broker process has to enforce not being able to access anything the site shouldn't be able to access at an OS process level.
-
So I can not use @mozilla #firefox to install @GrapheneOS. I have to use a Google based browser or do it manually.
-
@tipjip actually no, it is not strange. If other vendors would provide 5 years of support _and_ upstreamed their drivers then @GrapheneOS would probably also support these devices. It seems that Google and Fairphone are the only companies that give such long support for devices.
@calyxos is available for Google phones and some Motorola phones and Fairphone.
-
@tipjip @txt_file @mozilla Firefox chooses not to support WebRTC despite the predecessor to it originating in FirefoxOS. Mozilla used to want to have highly functional web applications but moved away from wanting that and aligned with Apple's position of using native applications for those purposes. Firefox allows people to download and run a native executable with a tiny warning which gives access to everything on a desktop OS. What's wrong with providing only access to a specific USB device?
-
@tipjip actually no, it is not strange. If other vendors would provide 5 years of support _and_ upstreamed their drivers then @GrapheneOS would probably also support these devices. It seems that Google and Fairphone are the only companies that give such long support for devices.
@calyxos is available for Google phones and some Motorola phones and Fairphone.
@txt_file @tipjip CalyxOS is a non-hardened OS significantly rolling back privacy and security compared to the Android Open Source Project rather than improving it.
https://eylenburg.github.io/android_comparison.htm is a good starting point showing the substantial differences between them.
CalyxOS doesn't have similar security or support requirements for hardware and don't make the same use of Pixel hardware security features that we use. The non-Pixel devices they support don't meet basic security or support standards.
-
@txt_file @tipjip CalyxOS is a non-hardened OS significantly rolling back privacy and security compared to the Android Open Source Project rather than improving it.
https://eylenburg.github.io/android_comparison.htm is a good starting point showing the substantial differences between them.
CalyxOS doesn't have similar security or support requirements for hardware and don't make the same use of Pixel hardware security features that we use. The non-Pixel devices they support don't meet basic security or support standards.
@txt_file @tipjip Fairphone's devices have 1-2 month delays for partial security backports from launch. They do not have proper support from the beginning. They skip monthly and quarterly updates entirely, then ship the next yearly update over a year late. The delay gets longer over the lifetime of the device.
Providing a release from 2025 in 2027 is hardly providing 2 extra years of support compared to a device shipping it in 2025. However, that's how Fairphone portrays their support time.
-
@txt_file @tipjip Fairphone's devices have 1-2 month delays for partial security backports from launch. They do not have proper support from the beginning. They skip monthly and quarterly updates entirely, then ship the next yearly update over a year late. The delay gets longer over the lifetime of the device.
Providing a release from 2025 in 2027 is hardly providing 2 extra years of support compared to a device shipping it in 2025. However, that's how Fairphone portrays their support time.
@txt_file @tipjip Fairphone devices do not have proper long term support because they don't have proper support from day one and it significantly degrades over the lifetime of the device. Pixels get the latest monthly, quarterly or yearly release of Android when it comes out each month. Fairphone is providing the security backports to older releases instead, then catching up to a new initial yearly release after a year or more. That's really not comparable to iPhone or Pixel long term support.
-
@txt_file @tipjip Fairphone devices do not have proper long term support because they don't have proper support from day one and it significantly degrades over the lifetime of the device. Pixels get the latest monthly, quarterly or yearly release of Android when it comes out each month. Fairphone is providing the security backports to older releases instead, then catching up to a new initial yearly release after a year or more. That's really not comparable to iPhone or Pixel long term support.
@txt_file @tipjip Fairphone's devices have no secure element meaning none of the important features such as working disk encryption for users without a strong passphrase are available. They're other important security features too. They used publicly available private keys for signing on the Fairphone 4 so while supposedly having verified boot, it doesn't truly have it. Verified boot permitting publicly available keys isn't a real implementation and it's strange CalyxOS portrays it as one.
