I heard around the internet that Firefox on Android does not have Site Isolation built-in yet. After a little bit of research, I learned that Site Isolation on Android was added in Firefox Nightly, appearing to have been added sometime in June 2023. What I can’t find, though, is whether this has ever been added to any stable versions of Firefox yet. Does anyone know anything about this?
Update: After further research, it appears that Site Isolation is not currently a feature in stable version of Firefox on Android. I don’t know with certainty if their information is up-to-date, but GrapheneOS (A well-known privacy/security-focused fork of Android) does not recommend using Firefox-based browsers on Android due to it’s (apparently) lack of a Site Isolation feature. A snippet of what Graphene currently have to say about Firefox on Android/GrapheneOS from their usage guide page, is: “Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface.”
On a side-note, they also say about Firefox’s current Site Isolation on desktop being weaker, which I wasn’t aware of. “Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole.”
Removed by mod
Both things can be true. Firefox is less secure in the site isolation area, but that’s just a backup to the things Firefox is already doing. Firefox is still plenty secure, though it would be quite nice to have this feature.
I use Mull because it takes the best parts of Tor Browser and ships it through F-Droid. For those unaware, it’s basically Firefox with additional privacy settings enabled by default, and it syncs just fine with Firefox browsers.
Yes, don’t buy into FUD about Firefox being insecure, but also don’t misrepresent the value this feature brings. It’s not a must-have for me, but I do very much want it.
Removed by mod
If site isolation isn’t a critical security feature, why would Mozilla implement it and say that it is?
So Firefox for Android not having this feature makes it less secure than browsers that do, at least for this class of attack.
Tor Browser being built on Firefox shouldn’t imply that Firefox is more secure than anything else, it means Firefox is closest to its requirements, which are a lot more than security features. The two biggest reasons, from what I can glean, are:
Don’t get me wrong, Firefox absolutely is a secure browser (incl. Android), but it is missing certain security features vs Chromium-based browsers. Tor is more interested in privacy and anonymity than security (though security is still a priority), so pointing at them isn’t really a valid argument (it’s an appeal to authority at best).
Google is really interested in security, and not interested in privacy or anonymity, because being secure gets orgs interested, and orgs have valuable data and users. If your primary concern is security, you’ll probably be better off with Chromium browsers, and that seems to be where Micay is coming from. But if privacy and/or anonymity is your goal, Firefox is easier to configure to meet those goals, and it’s pretty secure too.
That’s why I use Firefox despite being fully aware of Firefox’s security limitations. I’m told per site isolation is in progress on Android, so that’s pretty cool.
Removed by mod
Yes, there are multiple ways to address a given problem, with different tradeoffs. I don’t know the specifics of per-site isolation, but I’m guessing it also protects against non-JS attacks like CSS or HTML-processing attacks, which could trigger those same Spectre/Meltdown-style attacks. That’s a pretty niche case, but hopefully it shows that even a good plan has potential holes.
Ideally, we could eat our cake and have it too, and hopefully Mozilla is working on that. In the meantime, you need to decide if you want something more configurable (Tor, you, and I seem to prefer this) and accept tradeoffs, or solve for the general case of scripting enabled (e.g. Chromium’s isolation). Micay isn’t wrong for his preference, and you and I aren’t wrong for ours.
That’s close to the truth, but it’s a system of degrees. You need enough security to make protecting privacy feasible. But they are separate goals, especially if adding Anonymity into the mix. For example:
But there’s a lot of overlap too. Really good privacy often requires pretty good security, especially depending on your threat model. Effective anonymity also requires good security and often provides good privacy. So it’s not necessarily wrong to say they’re extremely closely related, so I could see it being shortened to “no privacy without security” as a general rule of thumb.
I disagree on all accounts:
Instead of attacking them, I think it’s better to provide accurate information that they’re omitting. If you aggressively attack something, it puts people who like/support that thing on the defensive (relevant Louis Rossmann video, who you should like because he ripped into Daniel Micay as well). Instead, highlight the benefits of your proposed solution, and limit your criticism of other solutions to only those that negatively impact your target audience.
At least that’s my takeaway from various sources (laws of power, how to win friends and influence people, etc).
Yup, it’s not ready yet on Firefox, hence why I don’t use that experimental feature.
Well yeah, Google is an ad company, so they’re going to be slow in adopting things that make advertising less effective/gives them less data. I’m guessing they’ll implement it once they can effectively use first party cookies to serve ads (would require websites to help).
FPI isn’t really a security feature (login cookies and whatnot are first party and thus not sent to third parties), it’s a privacy feature. Google doesn’t particularly care about privacy, only security.
- Daniel Micay (im the linked mailing list thread)
it doesn’t seem like Micay had feuds previous to 2019 with Mozilla , though I was unable to find what he is referring to unfortunately .
Removed by mod
I’m not taking sides because I don’t currently have time or energy to look into the issues GrapheneOS and/or Micay may or may not have, but I will say that I don’t know how you could think (at least based on the information I referenced from Graphene in my post) that they are saying or implying to people that Firefox is less secure. They did say it was inherently less secure on Android, but not in general. They did say that the Site Isolation feature specifically is less secure even on Desktop, but they didn’t say that Firefox as a whole is inherently less secure, just that it currently is on Android. I can see how an average reader may interpret that as Firefox being less secure than Chromium as a whole, but that would simply be their own misinterpretation of what’s being said.
and “The moment anyone starts calling Firefox insecure, immediately become alert”. Why? Anything is capable of being insecure and Firefox equally so. At any given time, Firefox could have security vulnerabilities (as it does), so it’s quite ridiculous to automatically assume that anyone calling Firefox out for being insecure in some way is just Daniel Micay or his “minions”
“Micay and GrapheneOS, and fans/members associated like OP are well known for…”. Are you accusing me of being associated with Micay and GrapheneOS, or am I misunderstanding you?
Removed by mod