Hacker News new | past | comments | ask | show | jobs | submit login

Your comment is the first time I've ever read someone recommending a browser over Firefox (when discussing security and privacy). I find it even more surprising because you're recommending possibly highly unstable Chrome/Chromium releases. I'd like to hear more from you and the HN community on this topic.

Firefox seems to be the only browser in which one can maintain privacy and security (e.g. all the privacy tweaks from privacytools.io). Chrome doesn't allow for most of the tweaks, for example WebRTC can't be disabled.




not to mention, many Chrome extensions are completely compromised by adware/malware and sniff your traffic. The only one I trust is uBlock Origin. Firefox addons have somehow managed to avoid this fate. Also, Firefox has the best security addon, NoScript.


Don't forget Policeman and uMatrix for alternative content and script blockers.


By the way, if one were already using uMatrix and NoScript, what benefit would Policeman provide?


Might I also add, Random Agent Spoofer, Decentraleyes, and Web of Trust


FWIW, uMatrix includes randomized user agent spoofing.


It doesn't appear to work properly. I read a thread on Gorhill's Github page and the whole thing seemed really convoluted. I activated the function but when I tested it my UA wasn't spoofed. Also, the list from which to choose/randomly assign is pretty short, though I think Gorhill made it so by design.


Chromium for security - for privacy it isn't great because aside from the WebRTC issue[0] it also doesn't respect proxy settings. You need to run it in a VM in an isolating proxy setup to avoid the privacy issues.

For privacy the Tor browser - but even then only in a VM because of the prevalence of exploits. Regular Firefox will just get you fingerprinted in any case.

> unstable Chrome/Chromium releases

The build site I linked to lets you switch between trunk/stable

[0] if you know what you're doing you can change the WebRTC route settings with this extension https://chrome.google.com/webstore/detail/webrtc-leak-preven...


For my own edification, can you elaborate on where/how Chromium beats Firefox on security.


The main difference is architectural. Chrome is sandboxed while Firefox isn't. There is an effort to re-architect Firefox now:

https://wiki.mozilla.org/Security/Sandbox

The second difference and a large advantage Google has is the security team they've put together to find and fix bugs. Google between project zero and engineering are probably the best team in the world. Firefox don't really have an equivalent.

Then there is the legacy code that Firefox is built on and the problems that had lead to. In Chrome a successful exploit requires the combination of 5-6 diff bugs/exploits to bypass all the controls and sandboxes, while in FF many straight forward bugs become exploits.

This is most reflected in two places: First the pwn2own contest where FF does poorly[0] and second in the price of 0day between Firefox and Chrome. The Chrome exploit price has never been less than $100k and at the moment $1M+ is being turned down, while OTOH Firefox started at $5-10k and at the moment is $25-30k and are common (common in a browser exploit sense).

The idea situation would be a Chromium fork that is built with the Firefox UI / extensions / settings / profiles etc. built on top of it. I've wanted to build this project for a long time and have a privacy/security specific browser but have never had the chance to do it. I hope at some point somebody does - it's really complicated today to recommend both a secure and private browser.

[0] http://www.extremetech.com/computing/178587-firefox-is-still...


Thanks




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: