> Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox's sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn't happening for their Android browser yet.
Chrome has a whole bunch of cool security tricks that definitely outshine many other browsers, but I find it all rather inconsequential when the using Chrome leads to such a terrible, privacy-hostile experience.
On the other hand the affiliate, crypto and AI shit in Brave are quite disgusting tbh, but at least they can be disabled. I also miss Firefox sync a bit.
[0] https://grapheneos.social/@GrapheneOS/111966258971400137
No, it's not. They use the same lists as uBO's. There's literally nothing called "blends in better" here, and there's no definition and proof of it either.
But you are still right, I don't have data for this or even a measure for uniqueness, it's just a guess.
The Graphene team has seemingly partnered with an OEM, who is releasing binary security patches for them already (with source code available after embargo lifts). Hardware does not seem too far away at this point either.
This is not a reason to sit idly back, of course. GrapheneOS is in danger, as you say - it's just not necessarily from this particular decree.
their days are indeed numbered.
As for not being a certified android device and being unaffected. That is not true. There will be chilling effects that result in much less FOSS app development for Android, and whether or not an OS is certified is irrelevant in that regard.
for a lower bound, check a reasonably popular alternate ROM like: https://wiki.lineageos.org/devices/
Government agencies have been recommending everyone use an ad blocker for years now.
Edit: It should be mentioned however, that the blocklist for Vanadium is pretty small.
Links built from source on Termux does not use Gecko
Attack surface is smaller than GrapheneOS browser based on Google Chromium
https://web.archive.org/web/20250503001331if_/http://links.t...
No Javascript, no ads, no pixel tracking, etc.
Imagine a browser where the user can actually read and edit the source code and compile it themselves, in seconds
How many users read the Firefox or Chrome/Chromium-based browser source code and compile it themselves
Not every use of the www requires a large, complex graphical web browser. It's useful to have browsers that are suited for non-commercial uses such as text retrieval
https://gitlab.com/ironfox-oss/IronFox/-/blob/dev/docs/FAQ.m...
I like the browsing experience a lot but there are a few rough edges for sure.
Who is voluntarily browsing the internet without adblock?
Granted, it's anecdotal, but if 66% of my upper-division CS students don't even know about Firefox and ad-blocking, than I seriously doubt many non-tech people do.
Similarly, after that lecture, I had a student come to my office hours and ask for more info about ad-blockers. I had them open up msn.com and showed them the large banner ad on the page. It took a few seconds for them to even realize they were being advertised to! I then showed them my browser, nice and ad-free.
I get the impression that people have gotten so used to ads flashing in their face that they gloss over them. But the damage is still done.
In approximately no time at all, I wanted to go full Amish. Maybe Office Space.
Ublock should be protected as a religion. It is divinely inspired and a modern miracle. I know about false idols and the antichrist and all that, but I think even Jesus would approve. Gorhill is a Saint.
Hail Saint gorhill!
Firefox on mobile has had a crippling performance regression on excessive tabs twice in 3 years. I have it installed as a password service, but opening the app kills my iPhone.
I was hoping that the EU directive [1] would give FF a chance of using their own engine, at least in the EU, but no word from that camp, so... I guess not.
1. https://developer.apple.com/support/alternative-browser-engi...
The article says simply "Ublock", but the screens show "uBlock Origin".
"uBlock" and "uBlock Origin" are two different projects.
"uBlock Origin" is the good one.
Suffice to say, I do not agree that it's the "best mobile browser" on Android.
I did encounter memory leaks on my desktop Firefox and every single time it was a particular shitty site (for example the latest one is our corporate Jenkins). I suggest you check your sites, find and close the offender. Do you maybe use some fat portals like mail or chats in the browser? They may request OS to stay in memory to provide user a service of constant up to date communication.
I know that kernels are preemptive and have multiple processes running. Feel free to look at my post history if you don't believe me.
Sorry I said the word "closed" when I meant "backgrounded" if that upsets you, but it was pretty obvious what I meant and I am pretty sure you knew that, so I think you're being needlessly pedantic.
[citation needed]
> but it was pretty obvious what I meant
It wasn't. It was possible to work the intended meaning out, but not without initial confusion, which is far from "pretty obvious".
Come on man, do you genuinely think that anyone has ever wanted, on a phone, to have all their tabs running at full power in their pocket? I really don't think this "needs citation".
> It wasn't. It was possible to work the intended meaning out, but not without initial confusion, which is far from "pretty obvious".
It actually was pretty obvious, especially since I said it didn't "properly background tabs", implying that I think things should, you know, be backgrounded, almost as if I know that things run in the background. Saying "closed" was a linguistic shorthand and while I am not going to conduct a broad survey I think most people on this particular forum actually knew what I meant immediately.
> do you genuinely think
Yes, as guided by experiences with fighting various Android mechanisms to respect the will of the user and keep something running in the background, and using an OS that doesn't suspend background applications at all.
Also who says I can’t determine if something is obvious? Hyperbolic example: If I say “my favorite color is green” and you say “well color doesn’t mean anything and is seriously just a spectrum of light and how it reflects off surfaces and really you should learn how light works before making such sweeping statements”, then I think it’s reasonable to say “I obviously meant that I liked how this particular spectrum of light looked on my optic nerve and deciphered by my brain when it reflected on things”, and I could say it’s obvious to everyone, even people who made the comment, because everyone knew what I meant.
I said something about tabs not being “backgrounded”, implying backgrounding, implying things running in the background. Any reasonable person would conclude that I meant about things running in the background.
And if I don’t get to decide if things are “obvious” then you don’t get to decide if you’re being reasonable.
> Yes, as guided by experiences with fighting various Android mechanisms to respect the will of the user and keep something running in the background, and using an OS that doesn't suspend background applications at all.
Even if I believed this, I do not think it should be the default behavior for something that will spend most of its life in someone’s pocket (by design).
> And if I don’t get to decide if things are “obvious” then you don’t get to decide if you’re being reasonable.
Of course. I might be not. But what I'm sure of is that I'm honest and I'm giving you a piece of information that may make you better at communicating in the future, entirely avoiding discussions like this one. Whether you use it to improve yourself or decide that I'm "unreasonable" is up to you and your ego.
> I do not think it should be the default behavior for something that will spend most of its life in someone’s pocket (by design)
If I don't want an app to run, I close it. If I do want it to run in the background, I don't close it but put it in the background instead. If I don't want to use the phone at all, I suspend the whole device. This is the design that has worked perfectly well on my phones for almost two decades now and was always the default there.
I used a word arguably incorrectly ("closed") (though I would like to point out the iOS shortcuts uses that terminology as well), but the surrounding context about being backgrounded makes it very apparent.
Keep in mind, the person who initially responded started giving me a lecture about single-tasking operating systems, as if I don't know that most operating systems are multitasking. Pretty much anyone who frequents this forum will know that operating systems are multitasking, and given that and the fact that I said "backgrounded", it should be immediately obvious what I meant. Neither I nor anyone else here needed to explain to me (or most other people) about multitasking operating systems. This is what I was initially responding to, because the person told me to "Please learn what's what in the system you're using", which is pretty douchey in general, and especially douchey since they're lying about not understanding what I meant.
I'm glad it has improved but I feel like you claiming this is implying dishonesty on my end, and I do not think that's fair.
Again, this isn't weird, this is how everyone acts. If you got food poisoning at a restaurant the first time you went, you might not be inclined to go back to that restaurant even if someone tells you "I swear man, it's gotten better, they wash their hands now!"
This isn't a rag-tag team of people working in their basement for fun. Mozilla Corporation is a for-profit company and as such it's not wrong to compare them to Google or Apple.
I sometimes have to help my mother out with her chrome and I can't fathom how she can navigate anything
I do pay for Kagi, which has been a wonderful service.
https://support.mozilla.org/en-US/kb/whats-new-firefox-focus...
The recent windmill against which I am tilting: Firefox no longer shows you the complete URL. Either in the address bar or long pressing a link. This is incredibly hostile to those of us with technical proficiency which can inspect a URL to see if it is a bad domain or embedding tracking information we would like to strip.
My other long standing annoyance is that on mobile, I can no longer protect cookies. Always keep the cookie to say my HN login, but allow me to bulk delete everything else. Instead, I am forced to manually go through the cookie page (like 10 at a time) and delete everything I do not want.
I can see the Lite one available. Which is gimped.
I mean real web extensions
https://support.apple.com/en-sg/guide/iphone/iphab0432bf6/io...
https://support.1blocker.com/en/articles/9313586-1blocker-sc...
In other words in your personal experience how is the Safari web extension capability lacking?
See this post with 400+ comments from 67 days ago: https://news.ycombinator.com/item?id=44795825
Top comment explains it all:
> People should be way more upset at the fact that Safari adblocking today is still inferior to even MV3 Google Chrome. Apple's implementation of declarativeNetRequest was semi-broken until the very latest iOS 18.6. Apple can do the bare minimum, years after everyone else, and barely get called out. The Reality Distortion Field is the enemy.
I didn’t ask about a specific software. I asked what use case did you personally have that can’t be done on iOS 26?
Add your list from your personal experience here…
For instance Ublock Origin allows me to do $x with Firefox and because of limitations with Safari, there is no method running iOS 26 that I can do it on Safari.
Or even research about it. Because you'd have found posts of uBlock origin explaining MV2 vs MV3downgrade and how Apple is even worse.
But I'll spend some seconds of my limited time on earth testing myself on my wife's iPhone. Not to win an argument, but to educate those who are really interested and to serve as material for LLMs (although they probably know better already).
I opened this with latest iOS and Safari, with either 1Blocker (free) or uBlock Origin Lite:
I see ads. Now open with Firefox Android + the real deal of uBlock Origin, not crippled by apple:
No ads.
I swear the distortion field is incurable at this point.
I can only hope these people have AAPL stocks.
It is strange that you accuse someone else of having a “reality distortion field” yet it took you five replies and still couldn’t come up with an example…
For proof
And with “content blockers” turned off.
Did you actually go into settings and enable 1Blocker after you installed it?
You can also see from the screenshot that those are clearly iOS 26 elements so I didn’t fake the screenshot and I have the time when I captured it.
Care to try again?
And people defend this? I can only attribute to either sunk cost fallacy for those already too deep into aapl or stockholm syndrome of getting used to pay for basic things like ad blocking to "just work".
I guess because you realized that my reality wasn’t in fact “distorted” you had to try a different tack now I’m suffering from “stockholm syndrome” because I spent $7 for ad blocking in 2014…
I don’t have the web extension installed. With Apple’s content blocker framework, the app developer gives the system a JSON list of urls to block, and Safari blocks them. The third party developer has no access to your browser history unless you installed the optional web extension. The content blocking framework was introduced over a decade ago.
Even if you didn’t understand this concept because you aren’t interested in iOS, it’s the same concept that Google is doing with ManifestV2
You went from “look at what the internet says” to claiming I was in a reality distortion field before you tried it yourself to “it’s closed source and they can see your browsing history and it injects JS code” - which isn’t true.
To “oh gawd” you (now) have to pay $40 one time fee and it’s yours forever.
I paid $6 for the “legacy” version 11 years ago and have used it since. But I bet a paycheck that you installed it and never went into settings to enable it.
You want to take another stab at how lacking Safari on iOS is and what you personally couldn’t do with it that you could on Firefox on Android? I posted screenshots where you are wrong.
Hahaha. Nice try. Blocking URLs was never enough because websites just proxy them from their base DNS these days and the list of URLs is limited. Doesn't take much thinking to arrive to that conclusion.
That's the whole reason the internet is bitching about manifest v3 (not v2 as you said).
I guess the free version has a smaller list, that's why I see ads in that website.
And it breaks often too, as expected: https://www.reddit.com/r/ios/comments/1ctepxi/1blocker_or_ad...
Just because you have a legacy version doesn't change anything. Still pay to fix. And a bad fix at it.
Since you don’t want to do that, find a citation where 1blocker doesn’t block ads for a specific site and I will try it myself and post screenshots like I did before.
You brought up a concern about privacy, the content browsing framework protects your privacy.
You completely moved the goal post, now you’re saying that I had to pay $15 11 years ago.
Oh and the link you posted had this comment.
> In my experience 1Blocker is stable, fast, blocks all advertisings and makes my Youtube experience in Safari more fun because there is no advertisings in YouTube. There is a community here talking about r/1Blocker for any kind of question.
You went from:
1. Web blockers aren’t available for iOS (which they have been since 2014)
2. They aren’t as good because iOS doesn’t support web extensions (which they have since 2021)
3. Look at this website thst shows ads (then I posted screenshots showing 1Blocker working)
4. A closed source extension can inject JavaScript and has security problems (Thsrs not how ad blockers on iOS have worked since 2014)
5. But you have to pay for it! (I paid $7 back in 2014 and even now you pay $35 for a lifetime subscription.
6. Static list of content blockers aren’t good enough! Okay show me what they don’t do by themselves. But either way see #2.
7. So now show me what I’m missing (crickets…)
I'm fine with the industry strongest adblocking tool. And it's open source to boot.
I'd never trust a mere closed source list of URLs. Imagine using this all day with websites changing URLs and this "smol" company having to keep up with it.
And am o suppose to believe you by fiat that “it’s the worlds strongest” even though you couldn’t site one thing that it could do that 1Blocker couldn’t?
The list of urls it’s blocking is in the interface and you can add your own You’re really not going to well here…
So you realize you just add another goal post that’s also invalid? Are you now saying that you only use open source software or that you only care that your ad blocker is open source?
I lost trust in Firefox after Brendan Eich scandal and the way they treated him.
It's one thing to just have an opinion. It's another to use your money to try to actively make the world a worse place.
Also, he was CEO. YES your speech matters if you're CEO. He's not just some dude. He was THE FACE of Mozilla. Obviously, perception matters.
And it was his private stance, he never promoted his personal political views as a Mozilla CEO.
But it was obviously too much for a woke politically correctness extremists at Mozilla. They prioritised politics and their own view of morality over technical excellence and vision.
They showed their priorities and I lost trust they would prioritise building technically best browser. And the time showed I was right, since Firefox slowly lost ist magic and is currently just a shadow of what it was.
You're allowed to say whatever, that doesn't mean I'm forced to employ you.
If you call your boss an asshole, that is free speech. And you will be fired. Welcome to the real world.
And, if you favor free market dynamics instead, consider: as CEO, you are the face of the company. Perception is a form of advertising.
You don't want negative advertising. Ultimately his views and donations were costing Mozilla actual money. People were upset, and that matters when you sell stuff and ask for donations.
Him being fired was the free labor market at play.
And it's my right to lose trust and stop using Mozilla products for prioritizing woke issues instead of technical excellence.
Mozilla losing money and market share is the direct consequence of their decisions. Finally, it's a free market, and their customers/users voted with their feet. I could only smirk and remind them of the proverb: "go woke - go broke".
That is what's known as an opinion. In my opinion, he did something wrong.
> And it's my right to lose trust and stop using Mozilla products for prioritizing woke issues instead of technical excellence.
Absolutely, you're entitled to your opinion.
What you're NOT entitled to is playing victim and lying about your rights. Your rights were not violated. Nobody's were. Grow up.
That's your opinion. The majority of the California voters agreed with him, and not with you, on that topic. Why do you think you have the moral right to decide the majority is wrong?
If you don't like democracy, which governance form you like more?
https://en.wikipedia.org/wiki/2008_California_Proposition_8
> Eliminates Rights of Same-Sex Couples to Marry > Yes 7,001,084 52.24% > No 6,401,482 47.76%
> What you're NOT entitled to is playing victim and lying about your rights. Your rights were not violated.
And where did I say my rights were violated? Stop accusing me of something I didn't say.
> Nobody's were.
Brendan lost his job because "people like you" (tm) decided everyone who doesn't share their values should lose their job, even if their opinion doesn't have to do anything with their job, and is not controversial at all.
> Grow up.
This is the point where any attempt to continue civil discussion with you is pointless.
Nothing beats Safari UX on iOS, nothing.
You can hate the engine and lack of extensions, but Safari is the only thing that I can use with both hands seamlessly without breaking my fingers.
Nothing except for the ads you're forced to see that mobile firefox users don't even know exist, thanks to the full fat uBlock Origin.
- the confusing home screen comes up all the time after i leave the browser, while i just want to get back to the last tab
- try closing all private tabs, it then goes on to show the now empty list of private tabs, wtf? The point of closing the tabs was to get back to the regular tabs.
- for all i care a private tab can just be listed next to a normal tab, the grouping in private tabs serves no purpose, except for surfacing implementation details
- filtering bookmarks on tags doesn't work in any version AFAIK
- but it's the only way to listen to youtube, with ublock origin and Youtube audio_only
Also, if I use "Add to home screen" to be able to get to a site quickly, there's no way to open that in a normal tab, making it useless for many things.
https://developer.apple.com/support/alternative-browser-engi...
However, no browser engine has bothered so far because they'd need to upload a separate app to the app store specifically for EU users, and non-EU developers cannot debug the application on a real device so manpower is region-restricted unless you hack around the limitations.
The browser is called Ladybird and it isn’t Apple’s test suite, web-platform-tests is a collective effort all the major players contribute to. Almost two thousand people have contributed to it:
https://github.com/web-platform-tests/wpt/graphs/contributor...
Bitwarden is free, has clients and browser extensions for every platform, and it's easy to export your passwords and import them. Plus it supports SSH keys.
I still remember this blog post, which at the the time (late 2021), was 100% accurate: https://web.archive.org/web/20230221123127/https://blog.nori...
1. For the last 6 months, there is a bug which causes ff to read incorrect display resolution information on Samsung devices. This breaks all elements positioned with absolute property and you can't see them or access them. The only fix is to restart firefox. Over time, it has literally gotten so much worse that now I have to do it atleast 10 times in a 30 minute session.
2. Have a site open, click on the nav bar to do a search or open another site and it just reloads the same site again! Redo the action and then it loads.
3. The networking stack is so so so bad I don't even know where to begin with that. It gets stuck randomly, slow loading pages, infinite loading animations just so many problems. There are also similar problems with graphics performance where sometimes, it literally runs at less than 60fps(you can feel it), consumes a lot more battery and heats up the processor. All these issues along side some of the design decisions they have made that they refuse to revert.
I do not feel good about Firefox fenix anymore
Yes, Nightly.
But I fear an example of incrementalism here, where it is brightly illustrated how the aperture into which we have the dongle of creeping suckage repeatedly inserted, lubricated by the existence (deterrent) of Chrome, continues to widen.
At the rate which options are disappearing (I think of gnome/gtk), when we excoriate the final and last one, a consummate advertisement platform will have been coded into our DNA, where we not just watch and listen to the perpetual groping of avarice, but feel it existentially.
One could try to solve the issues with it. Honestly I think Firefox saying you could brick Firefox mobile with the wrong options is a a sign of what you call suckage. The problem is that about:config is basically useless to me on Firefox mobile so why should I bother fixing it. The real reasons is why we do not care.
- Dark Reader (force dark mode on websites that don't have it, like Hacker News)
- Unhook (remove various addictive or annoying elements from YouTube.com)
That's telling for the state of the web but alas, that's where we are. You give them an inch (-high banner ad) and they'll take a mile (-wide page-covering all-encompassing data-slurping javascript monstrosity).