gettie (
arc) 
getimiskon
1
0
1
pixl_xip 
pixl_xip@pleroma.envs.net
2
0
2
@pixl_xip @getimiskon it’s firefox without any of the improvements to its security architecture in over the past decade.
2
0
2
@Seirdy @getimiskon @pixl_xip oh right i remember this one reddit post by one of the contributors
i’ll see if i can find it
1
0
0
@Seirdy @getimiskon @pixl_xip okay nvm i’m pretty sure linking it publically may cause harassment
0
0
0
gettie ( arc)
getimiskon
And no, unfortunately WebKit-based browsers have issues that break some of the websites i use.
I know it's not the best browser, but do i have a better choice? Not really.
@pixl_xip
1
0
0
librewolf is peak comfy especially with the simple tab groups plugin (my daily driver)
but looks like another ff fork has hit the block and it looks interesting
https://github.com/zen-browser/desktop
2
0
1
gettie ( arc)
getimiskon
1
0
1
Theory_of_𝓯𝓻𝓮𝓪𝓴𝔂
theorytoe@ak.kyaruc.moealso it is the first browser that ive seen properly nail vertical tabs
1
0
1
gettie ( arc)
getimiskon
1
0
1
@getimiskon @pixl_xip given that it has the worst community (full of bigots), the worst security (no sandboxing or site isolation, barely any security research, dependent on backports), the worst accessibility (accessibility features removed), the worst open-source citizen (making legal threats to downstream projects), and the worst support for web standards when compared with the other three browser engines I can’t in good conscience recommend it to anyone.
Other alternative engines like Servo are more independent, have less toxic communities, don’t actively remove accessibility features, aren’t hostile to basic mitigations like sandboxing and site isolation, and don’t threaten downstream projects.
1
0
0
@getimiskon @pixl_xip if you never enable the following features and run it in a sandbox that offers proper isolation from the rest of your system I suppose it’s not too risky:
- JS, wasm, and JIT.
- all third party content, especially iframes, framesets, the
embedelement, and scripts (for cross site attacks). - multimedia.
- features that have been known to be vulnerable in Firefox before being rewritten or sandboxed (graphite font rendering, mathml, audio support on windows and linux, X11 support, printing, GPU acceleration).
- PCRE JIT.
- any independently implemented web platform features without any security research or fuzzing (web components and wasm again come to mind).
- remote fonts.
If you stub out all the parts we know are burnt, you’re left with the rest which is a significant improvement at least. But at that point, you’ve traded so much usability for attack surface reduction that you may as well use the Tor Browser’s “Safest” security level.
1
0
0
1
0
1
@pixl_xip @getimiskon TUI browsers should use an actual HTTP client library instead of rolling their own buggy ones IMO. Take a look at CVEs for w3m; one guy tried fuzzing it but quit because it was just that bad. I’m glad that at least Edbrowse uses libcurl, but I doubt lynx’ HTTP(S) stack is nearly as robust.
If it’s making HTTPS requests and parsing untrusted markup while positioning itself as something ready for browser-grade work, it needs to be continuously fuzzed, sandboxed, and welcoming to community research and contribution.
1
0
2
1
0
0
@pixl_xip @getimiskon Personally I use w3m in a bubblewrap sandbox to pipe HTML email into, but I’m thinking about switching w3m out for Pandoc.
0
0
1