Our new officially-supported repository allows users of the F-Droid client to install the browser and receive automatic updates without requiring Google Play.
I don’t use Brave, still with the more insecure Android Firefox variant (Firefox for Android is subpar in security), but I am glad Brave do want to expand here and for many users it is for sure the best option.
No need to insult, whether you agree or not with them. If it is open, it is open and everything else should be secondary and for individual to choose on their own. Go Brave! Hope many more come too.
I have used FF based browsers for a long time and still do. I recently saw this from the GrapheneOS developers, which kinda freaks me out and has me considering switching to a Chromium based browser:
Chromium-based browsers like Vanadium provide the strongest sandbox implementation, leagues ahead of the alternatives. It is much harder to escape from the sandbox and it provides much more than acting as a barrier to compromising the rest of the OS. Site isolation enforces security boundaries around each site using the sandbox by placing each site into an isolated sandbox… Browsers without site isolation are very vulnerable to attacks like Spectre…
Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android. This is despite the fact that Chromium semantic sandbox layer on Android is implemented via the OS isolatedProcess feature, which is a very easy to use boolean property for app service processes to provide strong isolation with only the ability to communicate with the app running them via the standard service API. Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole. The sandbox has been gradually improving on the desktop but it isn’t happening for their Android browser yet.
EDIT: I really hope Ladybird turns out to be amazing.
Feel free to freak out. That doesn’t worry me at all. I guess you prefer getting tracked and monetized over having a little weaker security in hypothetical problem areas…
You know, I’ve worked with, and helped people with issues on primarily Windows, but also Mac and Linux, since the 90s, and I can’t remember one single time, where the problem were bases on this kind of vulnerability. So please, do live in a hypothetical world - I’ll stick with what works and keeps me from being monetized.
Funniest thing is, I read this after learning Chrome had a zero-day exploit, Brave might not even have the patch yet 😆
To be fair, on sites like privacytests.org Brave seems to pass more tests than default Firefox, but these tests don’t take extensions into accounts. Extensions wouldn’t add much to Brave since it’s a chromium browser, but Firerox should have better results with ublock alone…and then there are forks and ways to harden Firefox on top of that.
And of course it’s not taken into account how sus Brave is, if I remember right Brave search has already been caught spying on its users (and used word play to pretend it was open-source) and then there’s also the crypto scam. Passing most of the security/privacy tests won’t help if the browser is spying and exploiting you.
Cool, fuck Brave tho
I don’t use Brave, still with the more insecure Android Firefox variant (Firefox for Android is subpar in security), but I am glad Brave do want to expand here and for many users it is for sure the best option. No need to insult, whether you agree or not with them. If it is open, it is open and everything else should be secondary and for individual to choose on their own. Go Brave! Hope many more come too.
Oh, so where is Firefox subpar? Please elaborate?
I have used FF based browsers for a long time and still do. I recently saw this from the GrapheneOS developers, which kinda freaks me out and has me considering switching to a Chromium based browser:
https://grapheneos.org/usage#web-browsing
EDIT: I really hope Ladybird turns out to be amazing.
Feel free to freak out. That doesn’t worry me at all. I guess you prefer getting tracked and monetized over having a little weaker security in hypothetical problem areas…
You know, I’ve worked with, and helped people with issues on primarily Windows, but also Mac and Linux, since the 90s, and I can’t remember one single time, where the problem were bases on this kind of vulnerability. So please, do live in a hypothetical world - I’ll stick with what works and keeps me from being monetized.
Funniest thing is, I read this after learning Chrome had a zero-day exploit, Brave might not even have the patch yet 😆
To be fair, on sites like privacytests.org Brave seems to pass more tests than default Firefox, but these tests don’t take extensions into accounts. Extensions wouldn’t add much to Brave since it’s a chromium browser, but Firerox should have better results with ublock alone…and then there are forks and ways to harden Firefox on top of that.
And of course it’s not taken into account how sus Brave is, if I remember right Brave search has already been caught spying on its users (and used word play to pretend it was open-source) and then there’s also the crypto scam. Passing most of the security/privacy tests won’t help if the browser is spying and exploiting you.