I am currently doing a deep dive into whether or not Chromium is more secure than Firefox, and I will make a very long and comprehensive Lemmy post outlining my findings with specific sources. I expected this to take a few days, maybe a week, but after finding out many of the claims for both sides give no real sources, I expect this to take a month or longer. I will be reaching out to multiple first-party sources (Mozilla, GrapheneOS, etc.) to get their detailed statements on the matter. I want to provide something that actually covers the full picture of the issue with up to date sources, to hopefully put this to rest for anyone who doesn’t want to do the research.
I’m making this post in case anyone wants to provide any extra resources they have about the issue. Do not fight about this issue in the comments, save that until after I am able to release my work. I’m tired of the constant back and forth about this with little to no direct sources. This means that my other project, Open Source Everything, will be put on pause. The FAQ section of that very project is what sparked this, because I realized the issue was far more complex than I outlined in there. (Don’t trust the information in the FAQ just yet: it is still in the works.)
As always, don’t just give blind support to this just because I am making promises, but if you feel your support is needed then by all means go for it.
If any of you want me to turn this post into an update log, let me know and I will.
Why don’t you look at the Brave browser. It is more secure and flat does not support any kind if advertising. Yeah, youtube music with no interruptions, ad block warnings, or paid subscription to sell you pirated music.
Beyond technicalities, there are social and political issues. Is it secure for the long term of humankind to use a browser which is one of the tentacles of one of the biggest conpanies in the world, which monopolizes the internet and relies on selling private people’s data?
I’d enjoy and update log personally.
“You can’t download more ram if you don’t see the ad”
A practical approach would be looking at CVEs for both, but more CVEs doesn’t necessarily mean something was more insecure before.
Secure from what exactly? You need to have a threat model here. For most personal use cases I’d argue that protection from adtech tracking is more important than e.g. sandboxing. Most people run into adtech continuously, but few people browse shady exploit-ridden sites.
In that case, Firefox us the clear winner. It supports manifest v2 for better adblocking, and it is the only mobile browser with extension support allowing you to use adblocking on mobile as well.
Secure from what exactly? You need to have a threat model here.
Which is funny, because developers use “secure” like this all the time as a way of scaring users into compliance for any changes they implement. If they voiced aloud what the actual threat was, they’d have to admit that often its the user’s freedom they’re afraid of. The user may do something stupid, therefore their ability to do it is dangerous for everyone.
They’d remove the front door on your home and call it more secure, all because some people don’t lock it.
they wouldnt remove your frontdoor, they would install their own lock to it and charge you for privilege of using it
first off, I have serious doubts that any one dude - or even a group of those for that matter - can ascertain the security of such a complex system; a browser is essentially an operating system, with all the layers and complexities that entails.
even if you’re somewhat successful in such an endeavor, I don’t really care if it potentially is. chromium comes from those shitmakers and I’m not willingly using anything they had their nasty fingers in. they threw one shovel of shit too many on the heap and they are now forever on my ignore list. if that means that I don’t get to access certain domains, sites, and/or apps - so be it, I’ll make do without.
deleted by creator
Are you a single person or a group of people? Do you have any credentials that you’d like to share that might give some context to your research?
Where is the quote in your bio from?
When you start studying a topic like this, you need to define some terms clearly. For example, if hackers grab your passwords, is that a breach in privacy, security or both? If Google is stalking you and knows your every move, desire and plan, what does that violate?
Once you have clear definitions for these things, it would be more helpful to see how different browsers compare on this scale.
I agree, and this is no easy task. For now, I am hoping I can gather information and let some of the pieces fall together before I can begin making hard decisions.
You are probably already aware of this, but it is worth noting that categorisation needn’t have hard boundaries, e.g. Lack of Privacy may not translate to lack of Security for everyone, but for example, a whistleblower, that can literally mean getting Boing’d
Ultimately, in terms of security, you’re likely to find that both are similarly good.
What makes Firefox desirable over Chrome is that it’s not beng developed by massive corporation that gets the majority of its profits selling user data and delivering targeted adverts.
The other thing that may act as a deciding factor is the “MacOS doesn’t have viruses” effect. Wherein that because firefox has such a small userbase in comparison to chromium, it’s far more profitable to find exploits in chromium.
Chrome excites arbitrary code from google.com (this wasn’t something widely known until recently and appears to effect all the chromium downstream browsers). This sort of back door and the design approach that made google do this means you can never really trust Chrome. The same issue with Firefox would be a bug, in chrome it’s a feature.
Chrome excites arbitrary code from google.com (this wasn’t something widely known until recently and appears to effect all the chromium downstream browsers).
I hadn’t heard about that. Can you link me to some info about it?
ungoogled chromium removes this
What makes Firefox desirable over Chrome is that it’s not beng developed by massive corporation that gets the majority of its profits selling user data and delivering targeted adverts.
This is a separate issue of being able to trust developers, which is not being covered here. Projects like ungoogled-chromium exist, after all. I will be inspecting the software as a whole, and not any future interference that may happen.
So you’re taking the best aspects of any fork you can find? Trust in the developers is an essential part of the question.
If a piece of software passes every audit in the whole world, but is developed and maintained by the NSA, you’d be stupid to leave your data with it.
It isn’t just about ungoogling things though. Having a monoculture in the browser space means that if Google makes a push to favor ads, say by removing certain extension support from their browser engine that everyone uses, then the entire internet suffers. It is effectively a monopoly.
Mozilla tries really hard sometimes to be unappealing, but there is value in not just letting Google have full control over the internet.
So you are saying this should make Firefox exempt from scrutiny when it comes to how its security compares to that of Chromium?
A mono culture is not secure.
Turning a blind eye is not secure.
I don’t think anyone is advocating for turning a blind eye to Mozilla. I think the argument being made is that a monoculture for browsers is a concern that can outweigh some blunders Mozilla makes.
I’m old enough to remember what a shit show ActiveX was for web security.
it’s majorly funded by google, it’s controlled opposition
It would be no suprise if chromium is more secure but Firefox is more private.
Leaking privacy isn’t secure.
it’s not beng developed by massive corporation that gets the majority of its profits selling user data and delivering targeted adverts.
No but it’s largely funded by one, now has “ad technology” and i wouldn’t be surprised if it gets bought by Google sooner or later.
A fork in the horizon…
This may be a useful starting point. A few years old now but well researched and referenced.
AFAIK, the main difference is that Firefox’s process isolation on Linux specifically is incomplete. They’re working on fixing that.
This is allegedly also true for Firefox on Android, which I will be investigating in this topic.
Yup, makes sense, since Android is also Linux
I personally don’t trust Google and Chrome enough to use it and I don’t like the Manifest V3 stuff, but I am interested to stay in the loop. Please post updates!
Let me save you a lot of time and effort:
- No, it isn’t.
Your findings will either be an incredibly lengthy wording of that, or they will simply be wrong. It’s not a complex question.
Ah yes, dismissing research before it even exists, based on personal belief. What a healthy attitude.
I don’t use chromium on Linux, because the times I tried it, I see that it is not easy to close it (its service is in the background with an icon in the tray) and I see that it consumes CPU, as if you are doing some activity, type of cryptocurrency mined or similar. I suppose it will be easy to check, but I prefer not to waste time on it and I use Firefox. I’m lately trying Librewolf
