>IronFox

Judging by the commit logs, the main two maintainers are one anonymous guy (nothing linking his profile to a real person) and some Chinese guy (is he a Chinese national or not?)

Although these may be perfectly well-meaning people, we can't just trust them to maintain something so critical as a web browser.

I fully respect peoples' right to anonymity, but such projects need at least one core maintainer to be an identifiable person, imo. Just to establish trust and accountability in case anything does happen.

I hope this is not taken the wrong way and that you understand what I'm getting at here.

>such projects need at least one core maintainer to be an identifiable person

You’ve been heard, and accordingly Google will now demand ID or boot them out of the Play Store!

Kidding, not until next year :)

If "being a Chinese national" is an argument for "not trustworthy", I'm sorry but "being an American national" also becomes an argument for "not trustworthy". By about 400% more (and I'm being nice).

It depends. Trust and security are not universal, they do and always have depended on your own security posture, priorities, and needs.

I'd say this is an issue anytime accountability cannot be expected.

I don't necessarily disagree but I was quite easily able to find more information about one of the devs: https://celenity.dev/about/

Yes it's not a name and face, but I can understand wanting to maintain separation between government identity and online identity

Here's another Ironfox dev: https://www.linkedin.com/in/itsaky/

I didn't see any others. I'm not quite clear where you're getting this idea that either of these people are PRC nationals either, or why that would really matter. The PRC is huge in the FOSS space, and it's not like I'm a huge fan of the country (I live in Taiwan) but credit where it's due.

I've been to Celenity's homepage and he seems like a privacy-conscious guy, and that's more than fine. From a user's perspective, the dilemma remains though.

When it comes to Chinese nationals, you can't expect them to be held accountable if they were to do something malicious. China hosts a lot of cyber crimimals who have had free reign for some 2 decades to target people online. Also, we don't even know who this guy really is, let alone his nationality, was Jia Tan a real name? Who knows.

Don't Americans get away with cybercrimes as well? For example, probably hacking Iranian nuclear power facilities, or American companies stealing lots of data of global users to sell, or American AI companies freely scanning copyrighted materials to train their models?

The US does espionage more overtly where they offer you some value before they take your data. That's the gambit being played to avoid diplomatic issues.

They also lobby politicians to betray their own nations in favour of US (corporate) interests.

Not to blame the victim here, but many times it's other countries fault for allowing themselves to be put in this predicament.

When it comes to China or Russia, those have already strained relationships with the US and the rest of the Western world and do not mind dirty tactics. There is nothing really holding them back from engaging in covert cyber warfare.

It's different types of threats that need to be dealt with differently.

> China hosts a lot of cyber crimimals

Like many countries in the world like US, EU states etc.

Every open source license I’ve seen clearly states that the licensed material comes without warranty and limits liability.

What sort of accountability can be gained by knowing someone’s identity in a case like that?

Social accountability, for one. Never underestimate shame as a motivating factor for humans. I'm generally in favor of protecting anonymity, so I'm not fully in agreement that this should be a hard requirement for a software project, but I can at least see the appeal of the idea.

Web browsers are also a rare class of software with high complexity and also high privilege (considering the data that typically passes through them), so perhaps higher scrutiny of this class of software is warranted.

Don't forget the shockingly high number of folks with a distorted sense of shame.

Imagine that you have a choice between two pieces of software. The developer of one of those pieces of software is Linus Torvalds. The developer of the other piece of software is Mikhail Vasiliev.

Which one do you choose?

The one that puts the source code online and it compiles on my computer.

And if both do that, have same features, work the same, etc., no other difference, then I'll take the smaller one - because the larger one most probably includes something I don't want, even if it's just bloat or inefficient code.

> Linus Torvalds

For me, he lost his credibility, when, with childish "historical" arguments, he choose to ban russian developers from the linux kernel. Can we still trust him to not insert a backdoor in the kernel, "to fight the russians" ?

The license will not protect the developer from law if they added a malicious backdoor.

How so? It's their program, who's to say what is a "malicious backdoor" versus an "intended useful feature"?

What's the difference between a backdoor and remote support access?

Reputation harm.

An anonymous individual might also have multiple anonymous accounts, for example. Without that anonymity, other projects might ban their contributions, and users might not use their software.

Many of the browsers you mentioned above are basically Firefox reskins with better settings out of the box.

I downloaded WebLibre out of curiosity and can say it's different from those other browsers. I've never seen a mobile browser that lets you run Tor-enabled private tabs, or mobile-friendly multi-account containers. The UI also bears nearly no semblance to Firefox (besides the rendering engine, only the extension management area reminds me of it).

Is it? They say it’s using Gecko + Mozilla Android Components. Which would probably make it similar to FF in many ways, but not a fork. I didn’t look further into it though (as I want FF, especially Mozilla sync)