I heard around the internet that Firefox on Android does not have Site Isolation built-in yet. After a little bit of research, I learned that Site Isolation on Android was added in Firefox Nightly, appearing to have been added sometime in June 2023. What I can’t find, though, is whether this has ever been added to any stable versions of Firefox yet. Does anyone know anything about this?

Update: After further research, it appears that Site Isolation is not currently a feature in stable version of Firefox on Android. I don’t know with certainty if their information is up-to-date, but GrapheneOS (A well-known privacy/security-focused fork of Android) does not recommend using Firefox-based browsers on Android due to it’s (apparently) lack of a Site Isolation feature. A snippet of what Graphene currently have to say about Firefox on Android/GrapheneOS from their usage guide page, is: “Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface.”

On a side-note, they also say about Firefox’s current Site Isolation on desktop being weaker, which I wasn’t aware of. “Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole.”

  • sugar_in_your_tea@sh.itjust.works
    link
    fedilink
    arrow-up
    4
    ·
    6 months ago

    If site isolation isn’t a critical security feature, why would Mozilla implement it and say that it is?

    Without Site Isolation, Firefox might load a malicious site in the same process as a site that is handling sensitive information. In the worst case scenario, a malicious site might execute a Spectre-like attack to gain access to memory of the other site.

    Despite existing security mitigations, the only way to provide memory protections necessary to defend against Spectre-like attacks is to rely on the security guarantees that come with isolating content from different sites using the operating system’s process separation.

    So Firefox for Android not having this feature makes it less secure than browsers that do, at least for this class of attack.

    Tor Browser being built on Firefox shouldn’t imply that Firefox is more secure than anything else, it means Firefox is closest to its requirements, which are a lot more than security features. The two biggest reasons, from what I can glean, are:

    • LTS release - means users are far more likely to report the same fingerprint and whatnot, and releases only need to be closely scrutinized on major releases; this is an anonymity feature, not a security feature
    • only needs a handful of patches to meet goals instead of a big reengineering - it says more about Firefox’s config options than security features

    Don’t get me wrong, Firefox absolutely is a secure browser (incl. Android), but it is missing certain security features vs Chromium-based browsers. Tor is more interested in privacy and anonymity than security (though security is still a priority), so pointing at them isn’t really a valid argument (it’s an appeal to authority at best).

    Google is really interested in security, and not interested in privacy or anonymity, because being secure gets orgs interested, and orgs have valuable data and users. If your primary concern is security, you’ll probably be better off with Chromium browsers, and that seems to be where Micay is coming from. But if privacy and/or anonymity is your goal, Firefox is easier to configure to meet those goals, and it’s pretty secure too.

    That’s why I use Firefox despite being fully aware of Firefox’s security limitations. I’m told per site isolation is in progress on Android, so that’s pretty cool.

    • TheAnonymouseJoker@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      6 months ago

      If site isolation isn’t a critical security feature, why would [Mozilla implement it and say that it is

      to rely on the security guarantees that come with isolating content from different sites

      Do you know the better method to defend against such attacks? Blocking 3rd party scripts and frames, and even 1st party on different levels. Firefox provides this function since you can actually use uBlock Origin, whereas you cannot use a script blocker on Chrome browsers at all on phone, and even on desktop I have not seen those addons in years. You can selectively put uBO on easy, medium, hard or nightmare modes. Medium mode takes care of these things.

      Another method to complement it is systemwide HOSTS ruleset (like Hagezi) or uBO filter rules for malware domain protection.

      From https://divestos.org/pages/browsers:

      The lack of per-site process isolation means a successful exploit is likely able to gain more access (to other site data/browser settings/passwords) without needing a second exploit. It would still need an Android system/kernel exploit to further escape the system sandbox. It is an important hardening feature, but the browser isn’t completely insecure without it assuming it is up-to-date and that you aren’t on the receiving end of targeted/zero-day attacks. Furthermore (in Chromium) with isolated renderer processes there is still some inherent attack surface of the main process that can allow a single exploit, just like in Firefox.

      People who fall for “Firefox insecure” propaganda are usually half educated on these topics and do not understand the broader level of system fortifications. They are just focused on maximising one particular tool or feature, ignoring how everything ultimately works in coherence.

      Google is really interested in security, and not interested in privacy or anonymity

      You made this point? Impressive, because not many do. However GrapheneOS/madaidan and “security” fanboys always claim that there is no privacy without security, and intentionally spread this fallacy everywhere. The only method to counter their malicious narrative is nullifying their advice and proposed/developed tools. And this is partly where my opposition towards them stems from — inventing fallacies and dogmas and spreading them everywhere.

      Fission has existed since many versions as experimental on Android, and I have tried it, but it causes bugs and crashes after using browser for a while.

      Firefox has process isolation, dFPI borrowed from Tor Project, JIT disabled, excellent content/tracker blocking, other features like editable user.js and ability to use uBO, and also does not intentionally leak metadata through WebRTC. FPI is not a thing on GrapheneOS’ Vanadium browser for example. Cromite is decent for a Chrome based browser, but none of them allow extensions. The only Chrome based browsers that allow extensions are Yandex and Kiwi browser, and Kiwi is open source, whereas Yandex has a ton of tracking.

      It is not a problem talking to most people about these things, but it fucking boils my blood when I encounter all this nonsense through people that originally stems from them, and it just does not stop. I have been trying to nip that bud for a very long time for this reason. They are de-educating people about digital privacy, security and anonymity for personal benefit.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        6 months ago

        Blocking 3rd party scripts and frames

        Yes, there are multiple ways to address a given problem, with different tradeoffs. I don’t know the specifics of per-site isolation, but I’m guessing it also protects against non-JS attacks like CSS or HTML-processing attacks, which could trigger those same Spectre/Meltdown-style attacks. That’s a pretty niche case, but hopefully it shows that even a good plan has potential holes.

        Ideally, we could eat our cake and have it too, and hopefully Mozilla is working on that. In the meantime, you need to decide if you want something more configurable (Tor, you, and I seem to prefer this) and accept tradeoffs, or solve for the general case of scripting enabled (e.g. Chromium’s isolation). Micay isn’t wrong for his preference, and you and I aren’t wrong for ours.

        there is no privacy without security

        That’s close to the truth, but it’s a system of degrees. You need enough security to make protecting privacy feasible. But they are separate goals, especially if adding Anonymity into the mix. For example:

        • secure, but not private or anonymous - Google services; you can’t get much better security than gmail, but it’s horrendous for privacy because Google’s reading your stuff; or a more tangible example, it’s like living in a bulletproof glass house
        • private, but not secure or anonymous - closing the blinds at your house, and not locking doors; nobody can see what you’re doing, but home ownership is public record and anyone can walk in
        • anonymous, but not secure or private - counter-protesting - they don’t know who you are, but everyone can see and hear you, and they can come beat you up

        But there’s a lot of overlap too. Really good privacy often requires pretty good security, especially depending on your threat model. Effective anonymity also requires good security and often provides good privacy. So it’s not necessarily wrong to say they’re extremely closely related, so I could see it being shortened to “no privacy without security” as a general rule of thumb.

        The only method to counter their malicious narrative is nullifying their advice and proposed/developed tools

        I disagree on all accounts:

        • I don’t think their narrative is malicious, I think it’s overly simplified, which is what you want in a sales pitch
        • nullifying their advice isn’t worthwhile, there’s more than one way to solve a problem, and different problems can look similar

        Instead of attacking them, I think it’s better to provide accurate information that they’re omitting. If you aggressively attack something, it puts people who like/support that thing on the defensive (relevant Louis Rossmann video, who you should like because he ripped into Daniel Micay as well). Instead, highlight the benefits of your proposed solution, and limit your criticism of other solutions to only those that negatively impact your target audience.

        At least that’s my takeaway from various sources (laws of power, how to win friends and influence people, etc).

        Fission has existed since many versions as experimental on Android, and I have tried it, but it causes bugs and crashes after using browser for a while.

        Yup, it’s not ready yet on Firefox, hence why I don’t use that experimental feature.

        dFPI

        Well yeah, Google is an ad company, so they’re going to be slow in adopting things that make advertising less effective/gives them less data. I’m guessing they’ll implement it once they can effectively use first party cookies to serve ads (would require websites to help).

        FPI isn’t really a security feature (login cookies and whatnot are first party and thus not sent to third parties), it’s a privacy feature. Google doesn’t particularly care about privacy, only security.

        • TheAnonymouseJoker@lemmy.ml
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          6 months ago

          Their narrative is malicious, I disagree. If it serves to destroy privacy and anonymity at the expense of them getting to control privacy community, and to help Google monopolise the open free web, it is malicious. Most of what he does stems from personal hatred beliefs, and his minions cheering him up.

          Instead of attacking them, I think it’s better to provide accurate information that they’re omitting. If you aggressively attack something, it puts people who like/support that thing on the defensive

          That approach (my guides and constant engagement with people is an endeavour towards that) does not work too well when you realise how much damage disinformation causes and how fast it spreads compared to facts. Trump is treated as a disease in USA due to this very reason, him claiming “China virus” needs to be cured using eating bleach, fentanyl, other people claiming to eat tidepods and all kinds of mentally deranged nonsense.

          The problem is, I am alone, and regardless of how legitimate my reasoning is, it just is not as “spicy” as what GrapheneOS trolls do. It is easier to tell people to consume junk food and buy stones for solving their life problems, rather than making them eat healthy, do exercise, yoga and meditation.

          After years of endlessly engaging with people trying to make them understand, there are not enough people listening to me. It may be best to let the privacy community be destroyed and run over by these Big Tech security clowns, so that any leftover privacy and anonymity endeavours suffer, because my tireless effort has been in vain. I do not care about convincing 2 people, I care about convincing everyone bar those few stubborn ones.

          I know very well that GrapheneOS mods/team and Daniel Micay keep a track on everything I write, and they will even read this. But I do not give a fuck. Maybe I should stop giving a fuck about privacy community, because that is what has been done to me. I may be the removed and the biggest loser in all of this.

          • sugar_in_your_tea@sh.itjust.works
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            If it serves to destroy privacy and anonymity at the expense of them getting to control privacy community

            Again, this seems blatantly false. Nothing GrapheneOS does destroys privacy or anonymity, they just prioritize security.

            And they don’t control “the privacy community,” they just control a few popular, privacy-oriented corners of the web. By its vary nature, you can’t control “the privacy community” because the privacy community is all about bucking control. In fact, “privacy community” is kind of an oxy-moron, privacy enthusiasts try to limit talking about themselves. If you pair privacy and anonymity, you’ll get discussions about solutions, but people probably won’t try to sell you on any one solution.

            GrapheneOS is a security-focused OS with strong privacy and anonymity features you can choose to use. Here’s their tagline from their webpage:

            The private and secure mobile operating system with Android app compatibility.

            That’s what they deliver, privacy and security, and they do both reasonably well. If you look at their FAQ, private or privacy appears about 60 times, secure or security appears over 100, and anonymous appears once. If you read their documentation, it’s clear that their focus is security first, privacy second, and that’s about it.

            They’re not the only game in town, but they do have the most effective marketing. If that gets people interested in security and privacy that otherwise wouldn’t, that’s a good thing! Like any org, I think they have flaws, but I think they’re generally a force for good.

            Trump is treated as a disease in USA due to this very reason, him claiming “China virus” needs to be cured using eating bleach, fentanyl, other people claiming to eat tidepods and all kinds of mentally deranged nonsense.

            Again, more inaccuracies. The FBI thinks COVID-19 likely came from a lab, so “China virus,” while inflammatory, isn’t necessarily too far from the truth. I doubt it was intentional, but that explanation seems more likely than the official explanation of “wet market.” The US was also likely complicit here since the CDC was likely helping fund “gain of function” research (compare recent Congressional investigations vs the original statements).

            Trump is problematic because he’s a narcissist that will say anything to get attention, regardless of the truth. But sometimes he says true things, if they benefit him (or he gets lucky; I doubt he researches much).

            After years of endlessly engaging with people trying to make them understand, there are not enough people listening to me.

            Why are you making this about you? We were talking about the technical merits of various policies, but you seem to keep bringing up Daniel Micay and yourself. I don’t see how either is relevant.

            I honestly don’t care too much about you (no offense intended) or Daniel Micay, I care about technical merits of apps and hardware. I’m reasonably technical, so I think I can do a decent job judging for myself which products fit what I want, and I recommend them accordingly. I’ll often point out if a project has toxic leadership, but a good product is a good product.

            So if you want to engage with me, it’ll be on a technical level with no personal attacks.

            • TheAnonymouseJoker@lemmy.ml
              link
              fedilink
              arrow-up
              1
              arrow-down
              1
              ·
              6 months ago

              If it serves to destroy privacy and anonymity at the expense of them getting to control privacy community

              Again, this seems blatantly false. Nothing GrapheneOS does destroys privacy or anonymity, they just prioritize security.

              They do, though. This is like denying sun rises from the east. If their focus is diverting every person possible away from Firefox onto Chrome browsers for Micay’s personal agenda cloaked in wishy washy “security” spaghetti, then it is. If their focus is diverting every privacy seeker towards “GrapheneOS+Pixel” being best, which is dogma by the way, then they are indeed harming privacy community. If their focus is propagandising people into using Google Play Services and Google account in the name of security, and calling F-Droid insecure, then yes, they are intentionally harming privacy and anonymity initiatives.

              And they don’t control “the privacy community,”

              That is because I am in their way. And 2 years ago they tried to get rid of me by creating faux propaganda about me to scare Lemmy admins into getting rid of me.

              You may go check the June 2022 Lemmy RCMP fiasco section here https://old.reddit.com/r/privatelife/comments/13teoo9/

              I archived the Lemmy thread so people can see to what levels GrapheneOS mods/heads can stoop to control the privacy community.

              GrapheneOS is a security-focused OS with strong privacy and anonymity features you can choose to use. Here’s their tagline from their webpage:

              Yes I can also tag the Anom phone or Freedom Phone taglines. Snake oil or scam products often carry these taglines. I want to verify intent and motives of the developer behind the product, because that is what Ken Thompson, co-creator of Unix and C told us in 1980s. Micay is malicious, and so his agenda and motives will carry into what he modifies/creates, or may already have. I can also quote taglines of closed source internet connecting products that claim to respect privacy and security.

              They’re not the only game in town, but they do have the most effective marketing.

              And how do they have effective marketing? Turns out it is well crafted propaganda. Instructions exist for GrapheneOS fans/members/team to carry out this cardinal task for their little church. https://imgur.com/a/fpcsIL2

              Again, more inaccuracies. The FBI thinks COVID-19 likely came from a lab, so “China virus,” while inflammatory, isn’t necessarily too far from the truth.

              If you care so much about the narrative, then the official narrative of global doctors and professionals, who congregated under the COVID-19 Commission, will be of more interest to you. They concluded after 2 years of investigation that USA labs are more likely to be the origin of virus than China labs. Are you going to still toe the FBI and Washington propaganda, or acknowledge something different?

              Why are you making this about you? We were talking about the technical merits

              Firstly, there is no merit to GrapheneOS. This AOSP fork is mostly a rebranding of AOSP features and kdrag0n’s project put on top of AOSP. It is a deep rabbit hole. I did a dissertation of what it is over a year ago. https://i.imgur.com/pQHoq84.jpg

              Secondly, if you missed this https://imgur.com/a/fpcsIL2 , you may want to go through it.

              Thirdly, if you think that project has even the slightest of merit, here is a litmus test. Go question or criticise them on their forums. If you did it on popular places like Telegram, Lemmy, Reddit, they will note you and your account down, as instructed in the propaganda instructions I showed above. Any questioning or criticism of this snake oil product will result in an instant ban, and further questioning may result in internet wide harassment, bullying and witch hunting.

              I honestly don’t care too much about you (no offense intended) or Daniel Micay, I care about technical merits of apps and hardware. I’m reasonably technical, so I think I can do a decent job judging for myself

              I think this is enough for me to see you blindly believe in GrapheneOS propaganda, and are so sincere about it, you will never even try to think otherwise.

              Here is a clip for folks like you who find it tough to consider other possibilities. Do go through it. Might end up liking the movie even. https://www.youtube.com/watch?v=rhr3TzEknzY

              • sugar_in_your_tea@sh.itjust.works
                link
                fedilink
                arrow-up
                2
                ·
                6 months ago

                And how do they have effective marketing? Turns out it is well crafted propaganda.

                Propaganda can be good or bad depending on your perspective, and a lot of effective marketing could be categorized as propaganda.

                Proton, for example, uses propaganda about freedom and privacy in their marketing, yet they’re actually selling a suite of services for email, data storage, VPN, etc. That’s true for pretty much every privacy-oriented product and service.

                I’m not all that interested in deciding what counts as propaganda, I’m interested in the details of products and how effective the marketing is at getting people interested in those products.

                They concluded after 2 years of investigation that USA labs are more likely to be the origin of virus than China labs.

                They were coooerating together. US labs collaborated with Chinese labs to do research. I don’t think it getting out was intentional by any party, but the right heavily implies it to fit their anti-China narrative and the left downplay it to fit their “China isn’t so bad” narrative. As is the case most of the time, the truth is probably in the middle.

                Go question or criticise them on their forums.

                That is not a litmus test of technical merit, that’s a litmus test of how big their ego is. That’s irrelevant.

                • TheAnonymouseJoker@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  6 months ago

                  Propaganda can be good or bad depending on your perspective, and a lot of effective marketing could be categorized as propaganda.

                  I’m not all that interested in deciding what counts as propaganda

                  Then you may not be fit for preaching GrapheneOS as a good thing either. But you are doing it. You are willfully trying to muddy the clear waters to try and make me thing GrapheneOS is a good project, even though 5 years of my investigation says otherwise.

                  As is the case most of the time, the truth is probably in the middle.

                  Never has been the case. Centrism is as valid as economic “middle class”, both of which do not exist and are invented pigeonhole boxes. Centrists are just sheep skin wearing future sellouts.

                  Go question or criticise them on their forums.

                  That is not a litmus test of technical merit, that’s a litmus test of how big their ego is. That’s irrelevant.

                  That’s all I needed to know. You are scared of checking their technical merit. You are scared of critical thinking and reality, and want to remain comfortable with delusional worldview shaped by others. I will use a phrase for you, “ambiguity aversion”. It describes your thought process regarding GrapheneOS very well.