I heard around the internet that Firefox on Android does not have Site Isolation built-in yet. After a little bit of research, I learned that Site Isolation on Android was added in Firefox Nightly, appearing to have been added sometime in June 2023. What I can’t find, though, is whether this has ever been added to any stable versions of Firefox yet. Does anyone know anything about this?

Update: After further research, it appears that Site Isolation is not currently a feature in stable version of Firefox on Android. I don’t know with certainty if their information is up-to-date, but GrapheneOS (A well-known privacy/security-focused fork of Android) does not recommend using Firefox-based browsers on Android due to it’s (apparently) lack of a Site Isolation feature. A snippet of what Graphene currently have to say about Firefox on Android/GrapheneOS from their usage guide page, is: “Avoid Gecko-based browsers like Firefox as they’re currently much more vulnerable to exploitation and inherently add a huge amount of attack surface.”

On a side-note, they also say about Firefox’s current Site Isolation on desktop being weaker, which I wasn’t aware of. “Even in the desktop version, Firefox’s sandbox is still substantially weaker (especially on Linux) and lacks full support for isolating sites from each other rather than only containing content as a whole.”

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      arrow-up
      2
      ·
      5 months ago

      If it serves to destroy privacy and anonymity at the expense of them getting to control privacy community

      Again, this seems blatantly false. Nothing GrapheneOS does destroys privacy or anonymity, they just prioritize security.

      And they don’t control “the privacy community,” they just control a few popular, privacy-oriented corners of the web. By its vary nature, you can’t control “the privacy community” because the privacy community is all about bucking control. In fact, “privacy community” is kind of an oxy-moron, privacy enthusiasts try to limit talking about themselves. If you pair privacy and anonymity, you’ll get discussions about solutions, but people probably won’t try to sell you on any one solution.

      GrapheneOS is a security-focused OS with strong privacy and anonymity features you can choose to use. Here’s their tagline from their webpage:

      The private and secure mobile operating system with Android app compatibility.

      That’s what they deliver, privacy and security, and they do both reasonably well. If you look at their FAQ, private or privacy appears about 60 times, secure or security appears over 100, and anonymous appears once. If you read their documentation, it’s clear that their focus is security first, privacy second, and that’s about it.

      They’re not the only game in town, but they do have the most effective marketing. If that gets people interested in security and privacy that otherwise wouldn’t, that’s a good thing! Like any org, I think they have flaws, but I think they’re generally a force for good.

      Trump is treated as a disease in USA due to this very reason, him claiming “China virus” needs to be cured using eating bleach, fentanyl, other people claiming to eat tidepods and all kinds of mentally deranged nonsense.

      Again, more inaccuracies. The FBI thinks COVID-19 likely came from a lab, so “China virus,” while inflammatory, isn’t necessarily too far from the truth. I doubt it was intentional, but that explanation seems more likely than the official explanation of “wet market.” The US was also likely complicit here since the CDC was likely helping fund “gain of function” research (compare recent Congressional investigations vs the original statements).

      Trump is problematic because he’s a narcissist that will say anything to get attention, regardless of the truth. But sometimes he says true things, if they benefit him (or he gets lucky; I doubt he researches much).

      After years of endlessly engaging with people trying to make them understand, there are not enough people listening to me.

      Why are you making this about you? We were talking about the technical merits of various policies, but you seem to keep bringing up Daniel Micay and yourself. I don’t see how either is relevant.

      I honestly don’t care too much about you (no offense intended) or Daniel Micay, I care about technical merits of apps and hardware. I’m reasonably technical, so I think I can do a decent job judging for myself which products fit what I want, and I recommend them accordingly. I’ll often point out if a project has toxic leadership, but a good product is a good product.

      So if you want to engage with me, it’ll be on a technical level with no personal attacks.

        • sugar_in_your_tea@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          ·
          5 months ago

          And how do they have effective marketing? Turns out it is well crafted propaganda.

          Propaganda can be good or bad depending on your perspective, and a lot of effective marketing could be categorized as propaganda.

          Proton, for example, uses propaganda about freedom and privacy in their marketing, yet they’re actually selling a suite of services for email, data storage, VPN, etc. That’s true for pretty much every privacy-oriented product and service.

          I’m not all that interested in deciding what counts as propaganda, I’m interested in the details of products and how effective the marketing is at getting people interested in those products.

          They concluded after 2 years of investigation that USA labs are more likely to be the origin of virus than China labs.

          They were coooerating together. US labs collaborated with Chinese labs to do research. I don’t think it getting out was intentional by any party, but the right heavily implies it to fit their anti-China narrative and the left downplay it to fit their “China isn’t so bad” narrative. As is the case most of the time, the truth is probably in the middle.

          Go question or criticise them on their forums.

          That is not a litmus test of technical merit, that’s a litmus test of how big their ego is. That’s irrelevant.