I’m looking for an android browser to open webapps isolated from my general browsing

I’ve been using Mull as disposable browsing and brave for login into places (shopping, social), but I don’t like that if I want to stay logged it also keeps history record. I think it would happen with any browser I use, right? Any suggestions?

  • rollingflower@lemmy.kde.social
    link
    fedilink
    arrow-up
    17
    arrow-down
    8
    ·
    edit-2
    7 months ago

    There are 2 answers to this.

    Security

    From a security point, Firefox on Android does not isolate processes and not even itself in a good way (I will try and search up the exact reason, its some modern Android feature that Firefox supposedly does not use).

    So we should assume that Firefox is less secure on mobile.

    You should not use it, but use Cromite or Brave, Vanadium on GrapheneOS. Note that most FOSS “privacy browsers” that have a download size of under 100MB will use the system webview and also not be able to isolate processes.

    Usability/Privacy

    I use Mull and Librewolf on my Devices.

    Use Mull, disable keeping history (but do not enable “delete cookies”) and use “Cookie Autodelete” to replicate what Firefox desktop can. You set it to delete all cookies, but you visit sites where you want to stay logged in, open the popup and whitelist only them. You “outsource” the cookie cleaning to the addon, as FF mobile doesnt have this feature.

    screenshot of the addon

    I do it like that on mobile and desktop, delete all cookies and only keep those where you want to stay logged in.

    On Mull also install UBlock origin. If you want security and an opt-in approach, install NoScript too and set “default” to not allow any javascript. You will need to “unbreak” every site you visit.

    This approach will spare you of hundreds of embedded javascripts on websites, and you manually allow only what seems okay. (You mostly never know if it really is, as Javascript is often obfuscated). This is good for privacy and security.

    the theory behind this

    Adblockers and malware scanners use “badness enumeration” which means “allow everything but block a, b and c”. This is fundamentally flawed, as malware can easily change “how it looks” (encode and decode again, or use randomized obfuscation) and with ads you will always have to keep track of changes.

    The list of malware and ad sites will grow and grow, slowing down machines and consuming tons of processes.

    Noscript and the cookie approach are the opposite, you block everything and the list you keep is only as big as the stuff you want.

    Please also read the more detailed words on some points, but note that I am not an Expert

    I am not sure but Firefox desktop (gecko) and mobile (fenix) are separate projects. I think they share a lot of code though.

    So a browser renders webpages, CSS, Javascript and nowadays even Webassembly and WebGL stuff.

    If you stick to HTML and CSS you are way more secure, Javascript is way more attack surface, and JIT+Webassembly where about 50% of Microsoft Edges security vulnerabilities.

    So if you disable WebGL and JIT+Webassembly by default the attack surface is way lower. But there are websites, especially good stuff like Tuta doing in-browser encryption over advanced quantum resistant protocols, that require JIT. GrapheneOS Vanadium now has a toggle to enable JIT for some sites, Edge Desktop has too afaik (dont use it but its likely the most secure browser on Windows), Chrome-ium desktop allows a policy where you can list JIT exceptions.

    Firefox desktop and mobile both likely allow blocking wasm and jit in about:config but no GUI toggle yet. Torbrowser in “very secure mode” also blocks JIT.

    Coming to the engine, Chrome-ium focuses a lot on sandboxing, while using C and C++ for like everything.

    Firefox has the rendering engine completely rewritten in Rust.

    Assuming that most sandbox escapes come from memory issues, firefoxes sandbox doesnt have to be as secure if they simply dont have memory issues as they use Rust.

    Firefox Desktop uses Seccomp filters for every process (restricting syscalls the processes can make) and separates processes using unprivileged user namespaces for every process (I think they call that fission). Firefox Flatpak can only use seccomp filters but the processes are not isolated from another, which is why you should probably use a system install (binary, .deb, .rpm, …).

    You can sandbox system installed apps using bubblejail and allow access to the syscalls needed to create user namespaces. But it is pretty complicated and incomplete in my experience, even though I dont know why.

    On Android firefox still uses the engine in Rust afaik, but Android has a very different model how to isolate apps. Also only Chrome-ium can isolate every process strongly on Android, yet. It is totally possible but Mozills doesnt seem to care.

    At the same time to be honest I never had a security vulnerability in Firefox affect me, my entire life.

    It is important to protect activists and people that “StAtE ActOrS” want to target, so those people should use the most secure browser possible.

    The problem is simply that we have no privacy respecting variant on the desktop, that also has quick CI/CD updates. Ungoogled Chromium often lacks behind on Updates (and dont mention Thorium please).

    This could be done by people that know how to build such a pipeline on Gitlab, Github etc. and apply all the ungoogle patches to the browser, hardening the build and creating .RPM packages every few days. There just is nobody currently doing that.

    • TheAnonymouseJoker@lemmy.ml
      link
      fedilink
      arrow-up
      8
      ·
      7 months ago

      From a security point, Firefox on Android does not isolate processes and not even itself in a good way, so it is a total security mess. You should not use it, but use Cromite or Brave, Vanadium on GrapheneOS. Note that most FOSS “privacy browsers” that have a download size of under 100MB will use the system webview and also not be able to isolate processes.

      Can you elaborate on this without quoting GrapheneOS propaganda? This FUD about Firefox security risks enforcement of rules.

        • TheAnonymouseJoker@lemmy.ml
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          7 months ago

          If you are parroting this nonsense without knowing, it seems even worse. Firefox is not insecure, it is revengeful propaganda invented by Daniel Micay (GrapheneOS). He invented and pushes that agenda to promote Google Chromium based browsers due to this. https://lists.torproject.org/pipermail/tor-dev/2019-August/013995.html

          Tor Project avoids Chromium base for both desktop and mobile browsers for multiple reasons, one of them being security. Chromium is incredibly leaky, insecure and anti-anonymity. https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs

          Retract your statement, considering your comment is the top comment on this post.

          • rollingflower@lemmy.kde.social
            link
            fedilink
            arrow-up
            1
            arrow-down
            1
            ·
            edit-2
            7 months ago

            I am not parrotting their Propaganda, see my other, longer comment. I attached it to the top one now, and changed the catchy phrasing.

            See this GrapheneOS Discuss thread where they deleted or have hidden my comment.

            But as you seem to not have read the probably more detailed other comment, please do so.

            I dont know what you want to tell me with the “mail thread about hating tom” as I have no idea what I just read.

            I guess the beginning of the conversation and especially Tom Ritters mail here most useful.

            • TheAnonymouseJoker@lemmy.ml
              link
              fedilink
              arrow-up
              4
              arrow-down
              1
              ·
              edit-2
              7 months ago

              It is interesting that GrapheneOS community wholeheartedly recommends Brave, claims Flatpak security is bad, claims Firefox security is bad, claims Google things are good and so on. Looks like a cult to me, and one that should not have a place on Lemmy. Probably belongs to Reddit or some toilet paper forum, since 4chan has far higher standards than Reddit. They have their alternative facts about security, which will not be allowed here.

              I read your other comment, which was not exactly informative and based in reality. It stems from the nonsense agenda GrapheneOS desires to propagate about Firefox.

              Citing Tor Project website versus their tracker has zero differences, and anyone can follow through mailing lists.

              You will need to retract your statement, by the looks of it.

              • rollingflower@lemmy.kde.social
                link
                fedilink
                arrow-up
                3
                arrow-down
                1
                ·
                edit-2
                7 months ago

                I dont get that forum. They dont actually recommend Brave, only some “lower level” people do. Some people that parrot what the others say are often mods and take care of blocking everything. A post I made about that issue was also hidden, I can still see it and likely the mods.

                Especially bad if in the same thread misinformation posts are kept. But deleting them is also not fair, as they are partly right.

                claims Firefox security is bad, claims Google things are good and so o

                I understand that you have no time to write about that in detail, but they do. Apart from the Torbrowser thread I read nowhere about the key differences in sandboxing and site isolation.

                I also read nothing yet about how “leaky” Chromium is in terms of security. For sure Torbrowser doesnt accept it as it permanently contacts Google. But this is about security. I dont use Chromium anymore after finding out how much it pings Google using googerteller.

                But just saying they have superficial opinions like that is not fair.

                They have their alternative facts about security, which will not be allowed here.

                If you have sources that prove me wrong please add them. I asked Firefox Devs about the security of Flatpak Firefox, also because it seems they dont do anything against their “Firefox is insecure” reputation. For sure, big corps like Microsoft and Google are pushing Chromium, but they simply also add a lot of informative sources for research.

                It stems from the nonsense agenda GrapheneOS desires to propagate about Firefox.

                Bullshit. Please cite where this should be the case .

                and anyone can follow through mailing lists.

                Tbh today was the first day reading a mailing list and its very strange. Their tracker, and the duplicate of that are both nearly empty and have no info, the only info is from that mailing list.

                You will need to retract your statement

                So it seems you are a mod, and if you think I need to do that I want to have at least another mod look at this.

                I am critical of GrapheneOS, as clearly demonstrated, but your comment didnt disprove anything I said but you just ranted about how bad they are. I dont think this is very constructive.

                • TheAnonymouseJoker@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  4
                  ·
                  edit-2
                  7 months ago

                  mbananasynergy is a high level member in Graphene community, and is a mod at PrivacyGuides, a breeding ground for Graphene shills, as are many others. The one who locked thread also happens to parrot the same nonsense about Firefox, Chromium and Flatpak. Half the thread is filled with Brave recommendations, calling Firefox and Flatpak bad, and every single recommendation being a Chromium based browser. The agenda is clear.

                  I understand that you have no time to write about that in detail, but they do. Apart from the Torbrowser thread I read nowhere about the key differences in sandboxing and site isolation. I also read nothing yet about how “leaky” Chromium is in terms of security.

                  I have gone about it plenty of times, and it has been discussed to death in places like r/netsec, where one of the main propagators of this disinformation, madaidan, was debunked time and again. There is no longer a need to discuss it again, since both the FUD and alternative facts were invented and propagated by security charlatans.

                  https://web.archive.org/web/20220418212845/https://old.reddit.com/r/netsec/comments/i80uki/theymozilla_killed_entire_threat_management_team/g1703is/

                  https://web.archive.org/web/20220418213345/https://old.reddit.com/r/netsec/comments/i80uki/theymozilla_killed_entire_threat_management_team/g162g4r/?context=10000

                  It is not my problem that you choose to not read Tor Project page about Chromium browser leaks and issues.

                  Bullshit. Please cite where this should be the case .

                  Tor mailing list has been cited. You did not read.

                  I am critical of GrapheneOS, as clearly demonstrated, but your comment didnt disprove anything I said but you just ranted about how bad they are.

                  You recommended it and are not critical of it. Moreover, you wrote GPT style filler paragraphs about Firefox insecurity, misinformation that is up for a day now. No citations, and coincidentally GrapheneOS and Chromium browser recommendations. When it smells funny, it is funny.

                  So it seems you are a mod, and if you think I need to do that I want to have at least another mod look at this.

                  This is not Reddit, where closed source stuff and Big Tech stuff gets promoted or recommended, and even rules bended to allow it. Giving a heads up beforehand.

        • BearOfaTime@lemm.ee
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          7 months ago

          Maybe you should elucidate why you think this is the case, Rather than replying dismissively.

          Frankly, I don’t trust what you say because you only make a claim - you don’t back it up with any explanation.

          Check your hubris.

        • LWD@lemm.ee
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          7 months ago

          I too am curious about the real world implications of this lack of process isolation.

          • rollingflower@lemmy.kde.social
            link
            fedilink
            arrow-up
            3
            ·
            7 months ago

            I am not sure but Firefox desktop (gecko) and mobile (fenix) are separate projects. I think they share a lot of code though.

            So a browser renders webpages, CSS, Javascript and nowadays even Webassembly and WebGL stuff.

            If you stick to HTML and CSS you are way more secure, Javascript is way more attack surface, and JIT+Webassembly where about 50% of Microsoft Edges security vulnerabilities.

            So if you disable WebGL and JIT+Webassembly by default the attack surface is way lower. But there are websites, especially good stuff like Tuta doing in-browser encryption over advanced quantum resistant protocols, that require JIT. GrapheneOS Vanadium now has a toggle to enable JIT for some sites, Edge Desktop has too afaik (dont use it but its likely the most secure browser on Windows), Chrome-ium desktop allows a policy where you can list JIT exceptions.

            Firefox desktop and mobile both likely allow blocking wasm and jit in about:config but no GUI toggle yet. Torbrowser in “very secure mode” also blocks JIT.

            Coming to the engine, Chrome-ium focuses a lot on sandboxing, while using C and C++ for like everything.

            Firefox has the rendering engine completely rewritten in Rust.

            Assuming that most sandbox escapes come from memory issues, firefoxes sandbox doesnt have to be as secure if they simply dont have memory issues as they use Rust.

            Firefox Desktop uses Seccomp filters for every process (restricting syscalls the processes can make) and separates processes using unprivileged user namespaces for every process (I think they call that fission). Firefox Flatpak can only use seccomp filters but the processes are not isolated from another, which is why you should probably use a system install (binary, .deb, .rpm, …).

            You can sandbox system installed apps using bubblejail and allow access to the syscalls needed to create user namespaces. But it is pretty complicated and incomplete in my experience, even though I dont know why.

            On Android firefox still uses the engine in Rust afaik, but Android has a very different model how to isolate apps. Also only Chrome-ium can isolate every process strongly on Android, yet. It is totally possible but Mozills doesnt seem to care.

            At the same time to be honest I never had a security vulnerability in Firefox affect me, my entire life.

            It is important to protect activists and people that “StAtE ActOrS” want to target, so those people should use the most secure browser possible.

            The problem is simply that we have no privacy respecting variant on the desktop, that also has quick CI/CD updates. Ungoogled Chromium often lacks behind on Updates (and dont mention Thorium please).

            This could be done by people that know how to build such a pipeline on Gitlab, Github etc. and apply all the ungoogle patches to the browser, hardening the build and creating .RPM packages every few days. There just is nobody currently doing that.

            • rollingflower@lemmy.kde.social
              link
              fedilink
              arrow-up
              2
              ·
              7 months ago

              Pinging the people in this thread (another advantage of commenting and not just liking). Plase see the changes in the above comments.

  • GravitySpoiled@lemmy.ml
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    fennec is good. You can also use the normal browser for sites where you are logged in / trust. And the private tabs for anything else

    • rollingflower@lemmy.kde.social
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      There is a setting to open external links in a new tab.

      I would recommend to use “Cookie Autodelete” and whitelist the sites you trust, though.

    • lemmyrolinga@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      Sounds interesting, but I haven’t found much online about it yet (mostly ads) I’ll investigate. Thanks

    • lemmyrolinga@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      I might give it a try just out of curiosity… But I don’t think it’s what I was looking for. How is this better than Mull with UBlock and Privacy Badger?